-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added PV GET api rule to external-provisioner #65070
Added PV GET api rule to external-provisioner #65070
Conversation
/assign @liggitt |
Should also be cherrypicked to 1.11 |
/lgtm |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: davidz627, liggitt, msau42 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
assigning this to the 1.11 milestone so that it has some hope of merging. However, you need to get a lead from sig-storage to approve-for-milestone, because they need to support this. /milestone v1.11 |
/assign @saad-ali |
/status approved-for-milestone |
[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process @davidz627 @liggitt @msau42 @saad-ali Pull Request Labels
|
We need this since external cloud providers to work properly! |
/test all [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
xref ##65129 All downgrade-cluster-parallel tests seem to be breaking post this change |
no, there was one green job after this merged. at first glance, the break seems more related to a test-infra change - kubernetes/test-infra#8358 |
Automatic merge from submit-queue. Add RBAC policy rules for csi-external-provisioner and csi-external-attacher Adds RBAC Policy rules for `csi-external-provisioner` and `csi-external-attacher` so that CSI drivers can bind to these cluster roles on every version of k8s where CSI is Beta or above. These roles were added in 1.11 but never cherrypicked back to 1.10. The roles originally added as a part of a larger change here: #61866 I could not do a direct cherry-pick because some of the RBAC primitives changed and there was also a fix applied on top with this PR: #65070 The fix has been included in this commit. /kind enhancement /sig storage /cc @msau42 /assign @liggitt @MaciekPytel ```release-note NONE ```
Adds the PV GET API rule to the system:external-provisioner cluster role. It is required because the provisioner does a GET here:
https://github.com/kubernetes-incubator/external-storage/blob/master/lib/controller/controller.go#L1121
Fixes #65058
/sig storage
/kind bug
/priority critical-urgent
/cc @msau42 @sbezverk