-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(knative): Set a knative label in the namespace to allow sinkbinding injection (1.8.x) #111
fix(knative): Set a knative label in the namespace to allow sinkbinding injection (1.8.x) #111
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. It's important to remind to fix it properly upstream asap however :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM many thanks!
…ng injection https://issues.redhat.com/browse/ENTESB-19425 * Sets the bindings.knative.dev/include=true label to the namespace if ALL of the conditions are met: . Knative is installed and enabled in the namespace . There aren't any of these labels bindings.knative.dev/include, bindings.knative.dev/exclude in the namespace . The environment variable SINK_BINDING_SELECTION_MODE should be set to "inclusion" in "deploy/eventing-webhook" of "knative-eventing" namespace * Add the Role, RoleBindings permissions to allow handling of objects in "knative-eventing" * Allow uninstall of the knative-eventing roles,rolebindings * Set the app=camel-k label to 'addressable-resolver' role * Set the "bindings.knative.dev/include=true" label when creating the ksvc, this fix the pods being indefinitely created in a ping pong behavior
…ng in global operator mode Use proper operator namespace in the service account role binding subject for global operators. Was using empty global operator watch namespace before which caused errors in the cluster role binding. (cherry picked from commit 2ffdcfa)
2abf6bd
to
c7b65ea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just want to know why we need the additional permissions on knative routes and brokers. But that is nothing that prevents us from merging in order to get the new release build going.
Also I saw that you have fixed the knative addressable resolver role bindings as in main branch. so in theory we also would not need to add extra permissions on knative channels and inmemorychannels any more because this becomes obsolete with the addressable resolver role binding fix. But let's keep it this way and clean up a bit after the release.
@@ -26,6 +26,7 @@ rules: | |||
- serving.knative.dev | |||
resources: | |||
- services | |||
- routes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had cherry-picked this commit from the previous work on upstream main branch, and this just came along. Also, I had noticed missing permission for channels, so I thought this role fixed the issue.
@@ -38,6 +39,7 @@ rules: | |||
- eventing.knative.dev | |||
resources: | |||
- triggers | |||
- brokers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this?
Yesterday, while testing, I had noticed the addressable-resolver was not enough, but it could be that I missed some part.
That's good. Thanks for reviewing. |
https://issues.redhat.com/browse/ENTESB-19425
. Knative is installed and enabled in the IntegrationPlatform namespace
. There aren't any of these labels bindings.knative.dev/include, bindings.knative.dev/exclude in the IntegrationPlatform namespace
. The environment variable SINK_BINDING_SELECTION_MODE should be set to "inclusion" in "deploy/eventing-webhook" of "knative-eventing" namespace
namespace-label
flag inknative
trait to control if camel-k-operator should set the label.