-
Notifications
You must be signed in to change notification settings - Fork 859
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
karmadactl
: Add the reserved label karmada.io/system
to resources created by the join
command
#4620
Conversation
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #4620 +/- ##
==========================================
+ Coverage 28.26% 28.27% +0.01%
==========================================
Files 632 632
Lines 43589 43612 +23
==========================================
+ Hits 12319 12332 +13
- Misses 30372 30382 +10
Partials 898 898
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✨
@chaunceyjiang: GitHub didn't allow me to request PR reviews from the following users: a7i. Note that only karmada-io members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
041387b
to
f5ab5cf
Compare
8869850
to
a98f20c
Compare
Hi @chaunceyjiang, can you help take a review again? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks~
/LGTM
/cc @XiShanYongYe-Chang PTAL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/cc @RainbowMango
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/assign
Another PR I missed :( :( I'll look at it ASAP.
a98f20c
to
c4e5a5e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
Forced pushed to solve conflicts and updated release-notes.
22d9f6c
to
901c878
Compare
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: grosser, RainbowMango The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
karmada.io/managed
label to all credentials resources901c878
to
d8db353
Compare
@XiShanYongYe-Chang no rush, but should be ready for your review |
OK, thanks~ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks~
d8db353
to
a523d5f
Compare
Signed-off-by: Amir Alavi <amiralavi7@gmail.com>
a523d5f
to
284dd27
Compare
karmadactl
: Add the reserved label karmada.io/managed
to resources created by the join
command
karmadactl
: Add the reserved label karmada.io/managed
to resources created by the join
commandkarmadactl
: Add the reserved label karmada.io/system
to resources created by the join
command
/retest |
Thanks~ |
/lgtm |
/hold cancel |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Follow-up to #3262
Adds the well-known "karmada.io/managed" label to resources created by karmada controllers
We need a way to bypass creation of some ClusterRole/Rolebindings by our OPA Gatekeeper and we don't have a consistent label to select on. When we join a cluster via push command, it creates ClusterRole/ClusterRoleBinding that are too open (
*
and*
) which is by default blocked by our opa-gatekeeper policies. This allows us to bypass it by the karmada managed label.Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: