Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator: Add RBAC permission for CiliumNodeConfigs resource #22824

Merged
merged 1 commit into from
Dec 23, 2022
Merged

operator: Add RBAC permission for CiliumNodeConfigs resource #22824

merged 1 commit into from
Dec 23, 2022

Conversation

sayboras
Copy link
Member

This is to make sure that cilium operator is having update permission for the newly added CiliumNodeConfigs CRD, otherwise, we will have the below issue:

2022-12-21T05:29:34.477230831Z level=fatal msg="Unable to register CRDs" error="Unable to create custom resource definition: customresourcedefinitions.apiextensions.k8s.io \"ciliumnodeconfigs.cilium.io\" is forbidden: User \"system:serviceaccount:kube-system:cilium-operator\" cannot update resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the cluster scope" subsys=cilium-operator-generic

Relates: #22656
Signed-off-by: Tam Mach tam.mach@cilium.io

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Dec 21, 2022
@sayboras sayboras added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Dec 21, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Dec 21, 2022
@sayboras sayboras added area/helm Impacts helm charts and user deployment experience dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Dec 21, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Dec 21, 2022
@sayboras sayboras marked this pull request as ready for review December 21, 2022 05:46
@sayboras sayboras requested review from a team as code owners December 21, 2022 05:46
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.13.0-rc4 Dec 21, 2022
@sayboras
operator: Add RBAC permission for CiliumNodeConfigs resource
1a966a5 
This is to make sure that cilium operator is having update permission
for the newly added CiliumNodeConfigs CRD, otherwise, we will have the
below issue:

```
2022-12-21T05:29:34.477230831Z level=fatal msg="Unable to register CRDs" error="Unable to create custom resource definition: customresourcedefinitions.apiextensions.k8s.io \"ciliumnodeconfigs.cilium.io\" is forbidden: User \"system:serviceaccount:kube-system:cilium-operator\" cannot update resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the cluster scope" subsys=cilium-operator-generic
```

Relates: cilium#22656
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras sayboras force-pushed the tam/operator-rbac-nodeconfigs branch from 4b0c4d4 to 1a966a5 Compare December 22, 2022 04:26
@sayboras
Copy link
Member Author

The changes are only related to cilium operator RBAC, full CI is not required.

squeed
squeed approved these changes Dec 22, 2022
View reviewed changes
Copy link
Contributor

@squeed squeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice catch!

@joestringer joestringer added this to Needs backport from master in 1.13.0-rc5 Dec 22, 2022
@joestringer joestringer removed this from Needs backport from master in 1.13.0-rc4 Dec 22, 2022
@sayboras
Copy link
Member Author

All reviews are in, GHA jobs are all successful. Mark this ready to merge.

@sayboras sayboras added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 23, 2022
@joamaki joamaki merged commit c46eb0b into cilium:master Dec 23, 2022
@sayboras sayboras deleted the tam/operator-rbac-nodeconfigs branch December 23, 2022 10:14
@aditighag aditighag mentioned this pull request Jan 9, 2023
Merged
@aditighag aditighag added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 labels Jan 9, 2023
@aditighag aditighag added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels Jan 10, 2023
@joestringer joestringer moved this from Needs backport from master to Backport done to v1.13 in 1.13.0-rc5 Jan 24, 2023
@joestringer joestringer mentioned this pull request Jan 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@squeed squeed squeed approved these changes

@tommyp1ckles tommyp1ckles tommyp1ckles approved these changes

Assignees
No one assigned
Labels
area/helm Impacts helm charts and user deployment experience backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
No open projects
1.13.0-rc5
Backport done to v1.13
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@sayboras @gandro @squeed @tommyp1ckles @joamaki @aditighag