-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃尡 Updates CAPV manager cluster role #1529
馃尡 Updates CAPV manager cluster role #1529
Conversation
This patch does the following two things: - Adds an aggregration rule for the CAPV manager role which can be used to add permissions to the manager role on the fly. External clients such as addons providers for CPI/CSI can use this label to add permissions to the manager dynamically, thereby reducing the need to hardcode these permissions in CAPV. - It also cleans up the patch files to add the CAPI and KCP aggregation labels to the CAPV manager role Signed-off-by: Sagar Muchhal <muchhals@vmware.com>
b23f3f8
to
f0a3999
Compare
/lgtm |
1 similar comment
/lgtm |
/test pull-cluster-api-provider-vsphere-apidiff-main |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: srm09 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
What this PR does / why we need it:
This patch adds an aggregration rule for the CAPV manager role which can be used to add permissions to the CAPV manager ClusterRole on the fly. External clients such as addons providers for CPI/CSI can use this label to add permissions to the manager dynamically, thereby reducing the need to hardcode these permissions in CAPV.
It also cleans up the patch files to add the CAPI and KCP aggregation labels to the CAPV manager role.
Which issue(s) this PR fixes:
Fixes #1526
Fixes #1523
Special notes for the reviewer:
The aggregation rule will help the clients creating ProviderServiceAccount objects to add the permissions specified in the
spec.Rules
field to the CAPV manager ClusterRole. Without these permissions, the CAPV manager fails to create the role and role binding during the reconciliation of theProviderServiceAccount
object.Release note: