feat(kubernetes)!: simplified Kubernetes client access for toolsets #483
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manusa
force-pushed
the
feat/access-control
branch
from
ed3059a to
11def02
Compare
manusa
force-pushed
the
feat/access-control
branch
from
11def02 to
4b07dcc
Compare
manusa
force-pushed
the
feat/access-control
branch
5 times, most recently
from
c649cc3 to
06c35b0
Compare
Signed-off-by: Calum Murray <cmurray@redhat.com>
Signed-off-by: Calum Murray <cmurray@redhat.com>
Signed-off-by: Marc Nuri <marc@marcnuri.com>
manusa
force-pushed
the
feat/access-control
branch
2 times, most recently
from
2eafcbc to
820cfd2
Compare
lyarwood
reviewed
Nov 21, 2025
| cfg *rest.Config | ||
| kubernetes.Interface | ||
| discoveryClient discovery.CachedDiscoveryInterface | ||
| dynamicClient *dynamic.DynamicClient |
There was a problem hiding this comment.
What about using dynamic.Interface to allow mocking with k8s.io/client-go/dynamic/fake in tests?
Member
Author
There was a problem hiding this comment.
yup, good catch.
Wanted to switch to interfaces as much as possible, this one remained.
It won't be me who uses mocks for that though.
manusa
force-pushed
the
feat/access-control
branch
from
820cfd2 to
113922b
Compare
manusa
changed the title
manusa
force-pushed
the
feat/access-control
branch
from
113922b to
2fb6a8e
Compare
Cali0707
reviewed
Nov 21, 2025
pkg/kubernetes/pods.go
Outdated
| ) | ||
|
|
||
| // Default number of lines to retrieve from the end of the logs | ||
| // DefaultTailLines default number of lines to retrieve from the end of the logs |
Collaborator
There was a problem hiding this comment.
nit: DefaultTailLines is the default number of lines ...
manusa
force-pushed
the
feat/access-control
branch
from
2fb6a8e to
461c02b
Compare
Signed-off-by: Marc Nuri <marc@marcnuri.com>
manusa
force-pushed
the
feat/access-control
branch
from
461c02b to
970fd25
Compare
Member
Author
|
Took a little longer than expected but I think that this should be ready now. If merging the PR, do Rebase and merge as there are two commits I want to preserve in isolation in case we need to rollback. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Supersedes closes #472
Supersedes closes #473
Supersedes closes #474
Built on top of the changes proposed by @Cali0707 on #473
Should simplify things for #386 and others
This was one of the original plans when implementing the denied resources (#132), but never had the chance to visit appropriately.
Thanks to the work that Calum got started in #473, I think that with the additional changes, we provide robust, resilient access to all client APIs while ensuring that denied resources are not exposed.
If needed this can be decomposed into 2 different pull requests, one for the access control and another for the Kubernetes client set simplification.