Skip to content
This repository has been archived by the owner on Jul 30, 2021. It is now read-only.

checkpointer: update image and drop permissions from ClusterRole to Role #778

Closed
wants to merge 1 commit into from
Closed

checkpointer: update image and drop permissions from ClusterRole to Role #778

wants to merge 1 commit into from

Conversation

ericchiang
Copy link
Contributor

@ericchiang ericchiang commented Nov 17, 2017
edited

The checkpointer now only watches pods in kube-system (#774), so it
doesn't need cluster wide permissions.

/assign @dghubble

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 17, 2017
@ericchiang ericchiang changed the title checkpointer: update and drop permissions from ClusterRole to Role checkpointer: update image and drop permissions from ClusterRole to Role Nov 17, 2017
@ericchiang
Copy link
Contributor Author

coreosbot run e2e checkpointer

dghubble
dghubble approved these changes Nov 17, 2017
View reviewed changes
Copy link
Contributor

@dghubble dghubble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be able to drop the old TODO: https://github.com/kubernetes-incubator/bootkube/blob/master/pkg/asset/internal/templates.go#L447

@dghubble
Copy link
Contributor

I meant for that to be a comment, but lgtm on green.

@ericchiang
checkpointer: update image and drop permissions from ClusterRole to Role
d11a928 
The checkpointer now only watches pods in kube-system (#774), so it
doesn't need cluster wide permissions.
@ericchiang
Copy link
Contributor Author

ericchiang commented Nov 17, 2017
edited

TODO dropped

@ericchiang
Copy link
Contributor Author

@dghubble I built the checkpointer image https://quay.io/repository/coreos/pod-checkpointer?tab=tags

This seems like it might be a real bug or an issue with the test

[1885717.463307] golang[5]: === RUN   TestCheckpointerUnscheduleCheckpointer
[1886374.516081] golang[5]: --- FAIL: TestCheckpointerUnscheduleCheckpointer (657.05s)
[1886374.519511] golang[5]: 	checkpointer_test.go:212: Failed to verify checkpoint: unable to ls "/etc/kubernetes/checkpoint-secrets/bootkube-e2e-58fcd56c-testcheckpointerunschedulecheckpointer", error: Process exited with status 2
[1886374.519933] golang[5]: 		stdout:
[1886374.520211] golang[5]: 		stderr: ls: cannot access '/etc/kubernetes/checkpoint-secrets/bootkube-e2e-58fcd56c-testcheckpointerunschedulecheckpointer': No such file or directory

@ericchiang
Copy link
Contributor Author

The tests deploy pods into namespaces that aren't kube-system.

Going to modify the tests to look for existing configmaps and secrets we know are deployed into kube-system. e.g the kube-apiserver and kubeconfig-in-cluster secrets.

@dghubble
Copy link
Contributor

Are we still waiting on this for bootkube v0.9.0?

@diegs diegs mentioned this pull request Dec 5, 2017
Merged
@diegs
Copy link
Contributor

diegs commented Dec 11, 2017

Commit was merged in #784

@diegs diegs closed this Dec 11, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dghubble dghubble dghubble approved these changes

Assignees

@dghubble dghubble

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ericchiang @dghubble @diegs @k8s-ci-robot