New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
STOR-1065: Rework sidecar bindings to bind common ClusterRoles #186
STOR-1065: Rework sidecar bindings to bind common ClusterRoles #186
Conversation
@mpatlasov: This pull request references STOR-1065 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
PR openshift/cluster-storage-operator#379 publishes builiding blocks of sidecar ClusterRoles. Now, manila csi driver operator may compose its sidecars ClusterRoles from those building blocks. This PR also moves permissions for `leases` resource from ClusterRole to per-namespace Role (`assets/rbac/lease_leader_election_role.yaml`).
41fa778
to
1836b23
Compare
@mpatlasov: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
subjects: | ||
- kind: ServiceAccount | ||
name: manila-csi-driver-controller-sa | ||
namespace: openshift-manila-csi-driver | ||
roleRef: | ||
kind: ClusterRole | ||
name: manila-external-provisioner-role |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Incidentally, does something somewhere handle cleaning up the old roles?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for review, @mdbooth , appreciated!
This PR cleaned up old roles. E.g, it deleted assets/rbac/provisioner_role.yaml
which published manila-external-provisioner-role
. This role was specific for manila operator, so with this PR applied we don't have either manila-external-provisioner-role
or corresponding binding.
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mdbooth, mpatlasov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
PR openshift/cluster-storage-operator#379 publishes builiding blocks of sidecar ClusterRoles. Now, manila csi driver operator may compose its sidecars ClusterRoles from those building blocks.
This PR also moves permissions for
leases
resource from ClusterRole to per-namespace Role (assets/rbac/lease_leader_election_role.yaml
).