fix(knative): Set a knative label in the namespace to allow sinkbinding injection (1.8.x) #111
Conversation
…ng injection https://issues.redhat.com/browse/ENTESB-19425 * Sets the bindings.knative.dev/include=true label to the namespace if ALL of the conditions are met: . Knative is installed and enabled in the namespace . There aren't any of these labels bindings.knative.dev/include, bindings.knative.dev/exclude in the namespace . The environment variable SINK_BINDING_SELECTION_MODE should be set to "inclusion" in "deploy/eventing-webhook" of "knative-eventing" namespace * Add the Role, RoleBindings permissions to allow handling of objects in "knative-eventing" * Allow uninstall of the knative-eventing roles,rolebindings * Set the app=camel-k label to 'addressable-resolver' role * Set the "bindings.knative.dev/include=true" label when creating the ksvc, this fix the pods being indefinitely created in a ping pong behavior
…ng in global operator mode Use proper operator namespace in the service account role binding subject for global operators. Was using empty global operator watch namespace before which caused errors in the cluster role binding. (cherry picked from commit 2ffdcfa)
claudio4j
force-pushed
the
fix_knative_pods_prod-1.8x
branch
from
2abf6bd
to
c7b65ea
Compare
There was a problem hiding this comment.
LGTM, just want to know why we need the additional permissions on knative routes and brokers. But that is nothing that prevents us from merging in order to get the new release build going.
Also I saw that you have fixed the knative addressable resolver role bindings as in main branch. so in theory we also would not need to add extra permissions on knative channels and inmemorychannels any more because this becomes obsolete with the addressable resolver role binding fix. But let's keep it this way and clean up a bit after the release.
| @@ -26,6 +26,7 @@ rules: | |||
| - serving.knative.dev | |||
| resources: | |||
| - services | |||
| - routes | |||
There was a problem hiding this comment.
I had cherry-picked this commit from the previous work on upstream main branch, and this just came along. Also, I had noticed missing permission for channels, so I thought this role fixed the issue.
| @@ -38,6 +39,7 @@ rules: | |||
| - eventing.knative.dev | |||
| resources: | |||
| - triggers | |||
| - brokers | |||
Yesterday, while testing, I had noticed the addressable-resolver was not enough, but it could be that I missed some part.
That's good. Thanks for reviewing. |
https://issues.redhat.com/browse/ENTESB-19425
. Knative is installed and enabled in the IntegrationPlatform namespace
. There aren't any of these labels bindings.knative.dev/include, bindings.knative.dev/exclude in the IntegrationPlatform namespace
. The environment variable SINK_BINDING_SELECTION_MODE should be set to "inclusion" in "deploy/eventing-webhook" of "knative-eventing" namespace
namespace-labelflag inknativetrait to control if camel-k-operator should set the label.