-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow permissions to put the leases in the trust-manager namespace, not the trust namespace #225
Allow permissions to put the leases in the trust-manager namespace, not the trust namespace #225
Conversation
…ot the trust namespace Signed-off-by: Thomas Spear <tspear@conquestcyber.com>
…nents Signed-off-by: Thomas Spear <tspear@conquestcyber.com>
Hi @tspearconquest. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: Thomas Spear <tspear@conquestcyber.com>
/ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @tspearconquest. I think we should do this, but it probably deserves special attention in the release notes for our next release. As we change namespace of the leader election lease for some users, that might allow multiple trust-manager controllers to run for a short while.
Co-authored-by: Erik Godding Boye <egboye@gmail.com> Signed-off-by: tspearconquest <81998567+tspearconquest@users.noreply.github.com>
Sounds good. Is there anything I need to do in order to mention this in the release notes, or will it be taken care of in the release? |
/lgtm |
/cc @wallrj @SgtCoDFish @inteon I am tempted to approve this as well, but since my approver status is very fresh, I don't want to do anything wrong. 👼 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
Thanks for this - it makes sense to me. Really appreciate your involvement 😁
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: SgtCoDFish The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/cherrypick release-0.7 |
@erikgb: new pull request created: #263 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This pull request separates the lease permissions to their own role and role binding in the namespace where trust-manager will be installed. See #224 for more details.