Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore cluster role permissions to read services when Istio sources are enabled #2415

Merged
merged 1 commit into from
Dec 14, 2021
Merged

Restore cluster role permissions to read services when Istio sources are enabled #2415

merged 1 commit into from
Dec 14, 2021

Conversation

haines
Copy link
Contributor

@haines haines commented Nov 4, 2021

I totally forgot to check whether the Istio sources relied on any of the core APIs in #2413 😳

Turns out that they need to have read permissions on services as well as the Istio custom resources.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 4, 2021
@stevehipwell
Copy link
Contributor

@haines I think endpoints and services should be permissioned together for simplicity and due to the way K8s is architected. I'm also happy to have my mind changed if you haver an alternate view?

@haines haines force-pushed the helm-chart-cluster-role-permissions branch from 3a6d2a5 to 381f4b5 Compare November 4, 2021 11:05
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 4, 2021
@haines
Copy link
Contributor Author

haines commented Nov 4, 2021

Fine by me @stevehipwell - updated 🙂

@stevehipwell
Copy link
Contributor

/approve

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 4, 2021
@stevehipwell
Copy link
Contributor

@Raffo I'll leave LGTM to you again, but let me know if you want a different process for these?

/assign @Raffo

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 12, 2021
@haines haines force-pushed the helm-chart-cluster-role-permissions branch from 381f4b5 to 4b4f11a Compare November 12, 2021 22:59
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 12, 2021
@stevehipwell
Copy link
Contributor

@Raffo do you want to take a look and add the LGTM?

@haines
Copy link
Contributor Author

haines commented Nov 26, 2021

@Raffo could you please take a look?

@stevehipwell
Copy link
Contributor

/approve

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 13, 2021
@stevehipwell
Copy link
Contributor

@haines could you rebase and remove the changes to Chart.yaml so these changes can be released with the changes in #2468 and potential a version update in a subsequent PR?

@haines haines force-pushed the helm-chart-cluster-role-permissions branch from 4b4f11a to 53ab904 Compare December 14, 2021 11:05
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 14, 2021
@haines
Copy link
Contributor Author

haines commented Dec 14, 2021

@stevehipwell rebase done - I'm happy to create a follow-up PR with a version bump and changelog in the chart once this is merged, unless you'd rather do it.

Should that PR also include an application version bump to 0.10.2? The thing that makes me hesitate is that the release is marked as a pre-release in GitHub.

@stevehipwell
Copy link
Contributor

@haines I'm waiting to hear back about the v0.10.2 release so I'll be creating a PR to release this tomorrow once I've heard back.

@stevehipwell
Copy link
Contributor

/approve

@stevehipwell
Copy link
Contributor

@Raffo could you take a look and add a LGTM if you're happy?

@Raffo
Copy link
Contributor

Raffo commented Dec 14, 2021

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 14, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: haines, Raffo, stevehipwell

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit c57e00d into kubernetes-sigs:master Dec 14, 2021
@stevehipwell stevehipwell mentioned this pull request Dec 15, 2021
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@njuettner njuettner Awaiting requested review from njuettner

@stevehipwell stevehipwell Awaiting requested review from stevehipwell

Assignees

@Raffo Raffo

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@haines @stevehipwell @Raffo @k8s-ci-robot