New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update RBAC to enable access to machineconfig object for the baremetal controller #766
Update RBAC to enable access to machineconfig object for the baremetal controller #766
Conversation
/retest |
/cc: @enxebre, @JoelSpeed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/retest |
/hold |
Hi @elmiko . Yes this is needed because its related to the machine-controller for Baremetal (cluster-api-provider-baremetal) which now needs access to MachineConfig objects to create userData secrets per machine/node. Please see: openshift/cluster-api-provider-baremetal#127 Besides, the rbac changes is for machine-api-controllers clusterrole, which is solely managed by MAO and not the new Metal3 cluster-baremetal-operator. This PR has nothing to do with removing metal3 stuff in MAO. |
/hold cancel |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: michaelgugino The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test e2e-aws-operator |
/retest Please review the full test history for this PR and help us cut down flakes. |
10 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
8 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest |
/test e2e-aws |
@kirankt: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This was rebased after being previously approved/lgtm'd and is now passing CI, so re-adding the lgtm /lgtm |
/retest Please review the full test history for this PR and help us cut down flakes. |
Some context: The Baremetal platform has a requirement to pass full ignition to the hosts prior to their deployment. We do this to go around the chicken-and-egg issue in situations where more advanced network configurations such as interfaces on vlans and/or bonds need to be configured before the node is deployed. We can access the machineconfigserver (MCS) from everywhere except within the pod network.
This PR updates the RBAC to enable the machine-api-controllers to gain access to machineconfig and machineconfigpool objects. This is done to enable the baremetal platform's controller, cluster-api-provider-baremetal (CAPBM) to fetch the rendered ignition from the machine-config-operator instead of the MCS. The CAPBM uses this ignition information to create a new secret which is then utilized by the baremetal-operator to build a config drive for booting the OS.
CAPBM PR openshift/cluster-api-provider-baremetal#127