-
Notifications
You must be signed in to change notification settings - Fork 384
Adding rbac definition for v1 api endpoint. #1284
Conversation
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems cool to me. I'll try and remember to test it in the morning.
charts/catalog/templates/rbac.yaml
Outdated
@@ -127,7 +135,7 @@ items: | |||
resources: ["endpoints"] | |||
resourceNames: ["service-catalog-controller-manager"] | |||
verbs: ["get","update"] | |||
- apiVersion: rbac.authorization.k8s.io/v1beta1 | |||
- apiVersion: rbac.authorization.k8s.io/v1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
variable for this one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Not sure if rbac isn't on on jenkins or the variable assignment trick isn't working.
|
@MHBauer It looks unrelated to RBAC on Jenkins. Jenkins is able to successfully create RBAC roles, it just won't enforce them 100% at the moment. This error is from Helm, so something must be off with the variable assignment. |
I did not get any rbac objects created on a 1.8 cluster.
Do not know how to debug this. |
I do not see the output I expect in Jenkins either. Example with the chart as it currently exists:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not know what needs to change, but this does not work as it is.
I wonder if .Has is matching This is why semver is awesome... Let me look into that direction. |
If that's the case, it's definitely a helm bug. |
I am following the steps here: https://github.com/kubernetes-incubator/service-catalog/blob/master/docs/install-1.7.md But get stuck at this step:
|
This should work now. The do not merge tag can be removed. Thanks! |
For rbac v1 issue, I duplicated the v1beta1 definition of rbac endpoints.
I am not sure this is how the bug wanted this solved. Please let me know if this is off base. The other option is to wrap each definition with something like:
But usage of this does tends to wrap the file with
{{- if .Values.rbac.enabled }}
see traekif for an example.