Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep cloud-controller-manager's ClusterRoleBinding on deletion #501

Merged
merged 1 commit into from
Feb 21, 2022
Merged

Keep cloud-controller-manager's ClusterRoleBinding on deletion #501

merged 1 commit into from
Feb 21, 2022

Conversation

rfranzke
Copy link
Member

@rfranzke rfranzke commented Feb 19, 2022
edited
Loading

How to categorize this PR?

/area usability
/kind bug
/platform aws

What this PR does / why we need it:
With #467, a new ClusterRoleBinding for the cloud-controller-manager was added which is deployed in case the token requestor is enabled.

When the ControlPlane resource gets deleted then this ClusterRoleBinding will also be deleted. However, when the shoot-system-components chart contains resource the cloud-controller-manager operates on then it gets locked out and looses the needed permissions.

In this case, there is no such example yet, however, it could be introduced tomorrow and we should be resilient against it. As an example: provider-azure is deploying load balancer Services and deleting them without the ClusterRoleBinding is not possible.

Consequently, let's keep the resource in the system to ensure cloud-controller-manager is working as expected (we do this similarly also in other critical control plane components (example).

On the way, the name of the resource was fixed (there is no providerName value in the chart).

Release note:

NONE

@rfranzke rfranzke requested review from a team as code owners February 19, 2022 17:25
@gardener-robot gardener-robot added area/usability Usability related kind/bug Bug platform/aws Amazon web services platform/infrastructure needs/review Needs review size/xs Size of pull request is tiny (see gardener-robot robot/bots/size.py) labels Feb 19, 2022
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 19, 2022
@gardener-robot-ci-2 gardener-robot-ci-2 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Feb 19, 2022
dkistner
dkistner approved these changes Feb 21, 2022
View reviewed changes
Copy link
Member

@dkistner dkistner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/milestone v1.34
/lgtm

@gardener-robot gardener-robot added this to the v1.34 milestone Feb 21, 2022
@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review labels Feb 21, 2022
@dkistner dkistner merged commit 2a1155e into gardener:master Feb 21, 2022
@rfranzke rfranzke deleted the fix/ccm branch February 21, 2022 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkistner dkistner dkistner approved these changes

Assignees
No one assigned
Labels
area/usability Usability related kind/bug Bug needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) platform/aws Amazon web services platform/infrastructure reviewed/lgtm Has approval for merging size/xs Size of pull request is tiny (see gardener-robot robot/bots/size.py)
Projects
None yet
Milestone
v1.34
Development

Successfully merging this pull request may close these issues.
5 participants
@rfranzke @dkistner @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot