Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

align rbac #209

Merged
merged 4 commits into from
Nov 28, 2022
Merged

align rbac #209

merged 4 commits into from
Nov 28, 2022

Conversation

mcharriere
Copy link
Contributor

@mcharriere mcharriere commented Nov 25, 2022
edited
Loading

This PR:

  • Align clusterrole
  • Align clusterrolebinding

Towards giantswarm/roadmap#411

Checklist

  • Added a CHANGELOG entry

Testing

The instance of external-dns installed as part of Giant Swarm platform releases watches services in the kube-system namespace with annotations giantswarm.io/external-dns=managed and external-dns.alpha.kubernetes.io/hostname matching the clusters base domain. (You can find this in the deployments args --domain-filter value)

You can take this example Service, apply it to your cluster. Change the external-dns.alpha.kubernetes.io/hostname annotation to match your clusters base domain.

then:

  • Check external-dns logs for lines like Desired change: CREATE test.your.configured.domain.gigantic.io CNAME
  • Try to resolve the domain (https://www.dnstester.net/)
apiVersion: v1
kind: Service
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: test.your.configured.domain.gigantic.io
    external-dns.alpha.kubernetes.io/ttl: "60"
    giantswarm.io/external-dns: managed
  name: test-external-dns
  namespace: kube-system
spec:
  type: ExternalName
  externalName: www.giantswarm.io

For testing upgrades:

  • Create the service and check for creation
  • Upgrade
  • Delete the service and check for deletion

Default app on AWS releases

  • Fresh install works
  • Upgrade works

Default app on Azure releases

  • Fresh install works
  • Upgrade works

Optional app (KVM)

  • Fresh install works
  • Upgrade works

@mcharriere mcharriere marked this pull request as ready for review November 28, 2022 11:09
@mcharriere mcharriere requested a review from a team as a code owner November 28, 2022 11:09
@mcharriere mcharriere merged commit 0164bbf into master Nov 28, 2022
@mcharriere mcharriere deleted the align-rbac branch November 28, 2022 13:04
mnitchev pushed a commit that referenced this pull request Dec 7, 2022
@mcharriere @mnitchev
align rbac (#209)
b6ce960 
* Align clusterrole

* Align clusterrolebinding

* update schemas

* Add changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ubergesundheit ubergesundheit ubergesundheit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mcharriere @ubergesundheit