Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClusterRole system:persistent-volume-provisioner replaced with a custom ClusterRole with the same contents minus permissions to access PVCs #292

Merged
merged 3 commits into from Mar 24, 2022
Merged

ClusterRole system:persistent-volume-provisioner replaced with a custom ClusterRole with the same contents minus permissions to access PVCs #292

merged 3 commits into from Mar 24, 2022

Conversation

mauriciopoppe
Copy link
Member

@mauriciopoppe mauriciopoppe commented Mar 23, 2022
edited

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind cleanup

What this PR does / why we need it:
The role has the same permissions minus the PVC rules because LVP doesn't interact with the PVC objects,

Summary:

  • 1st commit: add the custom ClusterRole in the e2e tests
  • 2nd commit : add the custom ClusterRole in the helm chart

Release note:

ClusterRole system:persistent-volume-provisioner replaced with a custom ClusterRole with the same contents minus permissions to access PVCs

@mauriciopoppe mauriciopoppe changed the title Add a custom ClusterRole replacing the system role ClusterRole system:persistent-volume-provisioner replaced with a custom ClusterRole with the same contents minus permissions to access PVCs Mar 23, 2022
@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Mar 23, 2022
@mauriciopoppe mauriciopoppe force-pushed the remove-pvc-rbac-rule branch 5 times, most recently from 8b46980 to 205d617 Compare March 24, 2022 04:31
@mauriciopoppe
Copy link
Member Author

/cc @msau42
/uncc @saad-ali @wongma7

All the e2e tests passed with the custom ClusterRole that doesn't have PVC rules

@k8s-ci-robot k8s-ci-robot requested review from msau42 and removed request for saad-ali and wongma7 March 24, 2022 05:18
@msau42
Copy link
Contributor

msau42 commented Mar 24, 2022

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 24, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mauriciopoppe, msau42

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 24, 2022
@k8s-ci-robot k8s-ci-robot merged commit 7845613 into kubernetes-sigs:master Mar 24, 2022
olivierlemasle added a commit to olivierlemasle/kubespray that referenced this pull request Nov 2, 2022
@olivierlemasle
Update local-volume-provisioner
2cde1f0 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf kubernetes-sigs/sig-storage-local-static-provisioner#292)
- Add nodeSelector to DaemonSet (following upstream)
@olivierlemasle olivierlemasle mentioned this pull request Nov 2, 2022
Merged
k8s-ci-robot pushed a commit to kubernetes-sigs/kubespray that referenced this pull request Nov 7, 2022
@olivierlemasle
Update local-volume-provisioner (#9463)
5d1fe64 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf kubernetes-sigs/sig-storage-local-static-provisioner#292)
- Add nodeSelector to DaemonSet (following upstream)
salifou pushed a commit to salifou/kubespray that referenced this pull request Nov 13, 2022
@olivierlemasle @salifou
Update local-volume-provisioner (kubernetes-sigs#9463)
2164e98 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf kubernetes-sigs/sig-storage-local-static-provisioner#292)
- Add nodeSelector to DaemonSet (following upstream)
enneitex pushed a commit to enneitex/kubespray that referenced this pull request Jan 25, 2023
@olivierlemasle @enneitex
Update local-volume-provisioner (kubernetes-sigs#9463)
6346c5b 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf kubernetes-sigs/sig-storage-local-static-provisioner#292)
- Add nodeSelector to DaemonSet (following upstream)
@mauriciopoppe mauriciopoppe deleted the remove-pvc-rbac-rule branch February 14, 2023 23:25
HoKim98 pushed a commit to ulagbulag/kubespray that referenced this pull request Mar 8, 2023
@olivierlemasle @HoKim98
Update local-volume-provisioner (kubernetes-sigs#9463)
6ec4b62 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf kubernetes-sigs/sig-storage-local-static-provisioner#292)
- Add nodeSelector to DaemonSet (following upstream)
nolimitkun pushed a commit to nolimitkun/kubespray that referenced this pull request Mar 19, 2023
@olivierlemasle @nolimitkun
Update local-volume-provisioner (kubernetes-sigs#9463)
f0ff284 
- Update and re-work the documentation:
  - Update links
  - Fix formatting (especially for lists)
  - Remove documentation about `useAlphaApi`,
    a flag only for k8s versions < v1.10
  - Attempt to clarify the doc
- Update to version 1.5.0
- Remove PodSecurityPolicy (deprecated in k8s v1.21+)
- Update ClusterRole following upstream
  (cf kubernetes-sigs/sig-storage-local-static-provisioner#292)
- Add nodeSelector to DaemonSet (following upstream)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msau42 msau42 Awaiting requested review from msau42

Assignees

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mauriciopoppe @msau42 @k8s-ci-robot