-
Notifications
You must be signed in to change notification settings - Fork 404
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor kyma roles #3473
Refactor kyma roles #3473
Conversation
/test pre-master-kyma-gke-integration |
/test pre-master-kyma-gke-upgrade |
Good job, but as you expected the number of roles exploded, which makes it a lot more difficult to manage. How about we split the definition into multiple files, separated by ApiGroups (istio, k8s, kyma) to reduce the size of a single file? |
064ac53
to
2d8ecc6
Compare
apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
kind: ClusterRole | ||
metadata: | ||
name: kyma-crd-list |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might me more useable as kyma-crd-view
, with list, get
verbs. List alone seems lacking
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed the name, but I don't want to change actual verb - this is only refactoring PR. Changes/fixes/improvements will be introduced in a separate PR.
"helm.sh/hook-weight": "0" | ||
rules: | ||
- apiGroups: | ||
- "applicationconnector.kyma-project.io" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about set all kyma apiGroups as a helm variable? This will allow to modify the list in one place when a new one is introduced
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point - I'll extract common groups to a helm value.
/test pre-master-kyma-integration |
/test pre-master-kyma-gke-upgrade |
1 similar comment
/test pre-master-kyma-gke-upgrade |
/test pre-master-kyma-integration |
/test pre-master-kyma-gke-integration |
/test pre-master-kyma-gke-central-connector |
/test pre-master-kyma-gke-upgrade |
/test pre-master-kyma-gke-central-connector |
/test pre-master-kyma-integration |
/retest |
Description
Refactor three main kyma cluster roles (
kyma-admin
,kyma-view
,kyma-edit
) so that each role only aggregates other roles.Purpose: improving maintainability of roles.
Note: This PR should not introduce any new permissions nor modify existing ones, it's just refactoring.
Related issue(s)
See also #2896