-
Notifications
You must be signed in to change notification settings - Fork 39.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move CSI RBAC Role definitions from kubernetes/kubernetes to external repos #69379
Comments
@saad-ali: There are no sig labels on this issue. Please add a sig label by either:
Note: Method 1 will trigger an email to the group. See the group list. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Going through v1.13 labeled issues and pinging/putting priority labels I assume this is low priority - can be removed from the milestone if it doesn't make it /priority backlog |
@saad-ali is this still in scope for 1.13? I dont see any associated PR(s) here. is priority/backlog right for this issue? If so since we are nearing code slush for 1.13 next Friday 11/9 and Code freeze in 2 weeks, can you please move this out of 1.13 if it isnt criitical? thanks |
@pohly can you update the latest status on this, and also reference any prs already merged or in-flight? |
The builtin rules are still there, but are going to be declared as "deprecated" in the 1.13 release notes and instead external RBAC definitions are getting used (see #69868). Updating all those external RBAC definitions is in progress. Some upstream repos have them already, some don't (external-snapshotter). I also found (a bit late unfortunately) that the existing rules don't pass kubectl validation. I now have the following PRs pending:
This blocks updating the kubernetes-csi/docs. |
@marpaia for the appropriate Release notes updates for this change. @pohly we are nearing Code slush (11/9) and Code freeze (11/16) pretty rapidly. Do you think all the 3 pending PRs and Docs can be wrangled by then? Also if you want this to be in 1.13, plz update the priority to important-soon for it to be mergeable once in code slush. |
@AishSundar the remaining tasks are being done outside kubernetes core. All kubernetes core work has been completed. |
@AishSundar The three PRs mentioned above have been merged outside k/k, so this has been done for tracking purposes. Closing this. /close @pohly I suppose kubernetes-csi/docs can be updated now ^^ @marpaia re:release notes, see above post and #69868 just to be sure |
@nikopen: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
RBAC Roles for external CSI components (external-provisioner, external-attacher, etc.) are defined in https://github.com/kubernetes/kubernetes/blob/master/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go#L462 and pre-installed on k8s
What you expected to happen:
#68819 (comment):
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
kubectl version
):uname -a
):The text was updated successfully, but these errors were encountered: