Update RBAC to enable access to machineconfig object for the baremetal controller

[kirankt]

Some context: The Baremetal platform has a requirement to pass full ignition to the hosts prior to their deployment. We do this to go around the chicken-and-egg issue in situations where more advanced network configurations such as interfaces on vlans and/or bonds need to be configured before the node is deployed. We can access the machineconfigserver (MCS) from everywhere except within the pod network.

This PR updates the RBAC to enable the machine-api-controllers to gain access to machineconfig and machineconfigpool objects. This is done to enable the baremetal platform's controller, cluster-api-provider-baremetal (CAPBM) to fetch the rendered ignition from the machine-config-operator instead of the MCS. The CAPBM uses this ignition information to create a new secret which is then utilized by the baremetal-operator to build a config drive for booting the OS.

CAPBM PR openshift/cluster-api-provider-baremetal#127

[kirankt]

/retest

[kirankt]

/cc: @enxebre, @JoelSpeed

[elmiko]

/lgtm

[kirankt]

/retest

[michaelgugino]

/hold

[elmiko]

@kirankt #767 is removing the metal3 stuff from mao, do we still need to carry these permissions changes?

[kirankt]

@kirankt #767 is removing the metal3 stuff from mao, do we still need to carry these permissions changes?

Hi @elmiko . Yes this is needed because its related to the machine-controller for Baremetal (cluster-api-provider-baremetal) which now needs access to MachineConfig objects to create userData secrets per machine/node. Please see: openshift/cluster-api-provider-baremetal#127

Besides, the rbac changes is for machine-api-controllers clusterrole, which is solely managed by MAO and not the new Metal3 cluster-baremetal-operator.

This PR has nothing to do with removing metal3 stuff in MAO.

[michaelgugino]

/hold cancel

[michaelgugino]

/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: michaelgugino

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [michaelgugino]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kirankt]

/test e2e-aws-operator

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[hardys]

/retest

[kirankt]

/test e2e-aws
/test e2e-aws-upgrade

[openshift-merge-robot]

@kirankt: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-workers-rhel7	2470b47	link	/test e2e-aws-workers-rhel7
ci/prow/e2e-libvirt	2470b47	link	/test e2e-libvirt

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[hardys]

This was rebased after being previously approved/lgtm'd and is now passing CI, so re-adding the lgtm

/lgtm

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.