Bug 1796412: cluster-reader is unable to view machine resources

[Danil-Grigorev]

Added cluster-reader permissions to cluster-autoscaler cluster-role

[enxebre]

this clusterRole has more permissions than the cluster reader should have.
We need to create one particular clusterRole reader for it, e.g https://github.com/openshift/cloud-credential-operator/blob/aa07b32fc3440d30bc90af636ca9ccd62e70c58a/manifests/00_clusterreader_clusterrole.yaml

[enxebre]

this does not seem related to this PR, please let's drop it.

[Danil-Grigorev]

@JoelSpeed going to include the autogen fix for crds in another pr, as I agree it is out of scope

[alexander-demicev]

Is this required? @enxebre I remember you introduced preserveUnknownFields: false intentionally

[alexander-demicev]

I see the comment below now

[enxebre]

this does not seem related to this PR, please let's drop it.

[enxebre]

is there any docs we can refer here for this label?

[Danil-Grigorev]

Under already created aggregation rule this ClusterRole will be combined with cluster-reader list of permissions, according to https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles

[enxebre]

/retest
/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enxebre

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [enxebre]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[enxebre]

/retest

[JoelSpeed]

/lgtm

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[enxebre]

/bugzilla refresh

[openshift-ci-robot]

@enxebre: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@Danil-Grigorev: This pull request references Bugzilla bug 1796412, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.5.0) matches configured target release for branch (4.5.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1796412: cluster-reader is unable to view machine resources

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@Danil-Grigorev: All pull requests linked via external trackers have merged: openshift/cluster-autoscaler-operator#149. Bugzilla bug 1796412 has been moved to the MODIFIED state.

In response to this:

Bug 1796412: cluster-reader is unable to view machine resources

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.