Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reintroduce gardener.garden.identity to Helm chart values for ControllerInstallations #4021

Merged
merged 2 commits into from
May 11, 2021
Merged

Reintroduce gardener.garden.identity to Helm chart values for ControllerInstallations #4021

merged 2 commits into from
May 11, 2021

Conversation

rfranzke
Copy link
Member

How to categorize this PR?

/area open-source security
/kind regression
/priority 2

What this PR does / why we need it:
8df5927 in #3941, released with g/g@v1.22.0, removed the gardener.garden.identity value from the values passed to Helm charts rendered during the ControllerInstallation reconciliation.
The value was already deprecated with #2851 a long time ago (~8 months). Unfortunately, crucial Gardener extensions were still not adapted (see gardener/external-dns-management#176), hence, we have to reintroduce the value and keep it for a couple of releases.
On the way, the SeedAuthorizer was extended to allow the gardenlet reading the garden namespace.

Special notes for your reviewer:
/squash
/cc @MartinWeindel @mandelsoft

After approved and merged, I'll open a backporting PR for the release-v1.22 branch.

Release note:

The `.gardener.garden.identity` value (deprecated with v1.11.0, removed with v1.22.0) is added again and will be passed to the Helm chart values of `ControllerInstallation`s. It's still deprecated and planned to be removed in a future version, hence, Gardener operators have to make sure to update affected provider extensions accordingly.

@rfranzke rfranzke requested a review from a team as a code owner May 11, 2021 06:30
@gardener-robot gardener-robot added area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related area/security Security related kind/regression Bug that hit us already in the past and that is reappearing/requires a proper solution merge/squash priority/2 Priority (lower number equals higher priority) size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels May 11, 2021
@MartinWeindel MartinWeindel mentioned this pull request May 11, 2021
Merged
MartinWeindel
MartinWeindel reviewed May 11, 2021
View reviewed changes
Copy link
Member

@MartinWeindel MartinWeindel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested successfully together with gardener/external-dns-management#176 on local dev environment

ialidzhikov
ialidzhikov approved these changes May 11, 2021
View reviewed changes
Copy link
Member

@ialidzhikov ialidzhikov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@ialidzhikov ialidzhikov merged commit 54c4009 into gardener:master May 11, 2021
@rfranzke rfranzke deleted the garden-identity branch May 11, 2021 09:23
@rfranzke rfranzke mentioned this pull request May 11, 2021
Merged
ialidzhikov pushed a commit that referenced this pull request May 11, 2021
@rfranzke
[release-v1.22] Automated cherry pick of #4021: Reintroduce `gardener…
ba8c7bc 
….garden.identity` to Helm chart values for ControllerInstallations (#4024)

* Revert "Remove deprecated gardenNamespace UID from ControllerInstallation values"

This reverts commit 8df5927.

* Enhance SeedAuthorizer to allow gardenlet reading garden NS
krgostev pushed a commit to krgostev/gardener that referenced this pull request Apr 21, 2022
@rfranzke
Reintroduce gardener.garden.identity to Helm chart values for Contr…
3d40b7b 
…ollerInstallations (gardener#4021)

* Revert "Remove deprecated gardenNamespace UID from ControllerInstallation values"

This reverts commit 8df5927.

* Enhance SeedAuthorizer to allow gardenlet reading garden NS
krgostev pushed a commit to krgostev/gardener that referenced this pull request Jul 5, 2022
@rfranzke
Reintroduce gardener.garden.identity to Helm chart values for Contr…
8a78ff8 
…ollerInstallations (gardener#4021)

* Revert "Remove deprecated gardenNamespace UID from ControllerInstallation values"

This reverts commit 8df5927.

* Enhance SeedAuthorizer to allow gardenlet reading garden NS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MartinWeindel MartinWeindel MartinWeindel left review comments

@ialidzhikov ialidzhikov ialidzhikov approved these changes

Assignees
No one assigned
Labels
area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related area/security Security related kind/regression Bug that hit us already in the past and that is reappearing/requires a proper solution priority/2 Priority (lower number equals higher priority) size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@rfranzke @MartinWeindel @ialidzhikov @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot