-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛Remove invalid ClusterRoleBinding from CertManager #2931
🐛Remove invalid ClusterRoleBinding from CertManager #2931
Conversation
Not sure where to keep the cert-manager yaml. It could also go into the top level |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wfernandes thanks!
overall LGTM to me. Only one minor nit to check if it is possible to skip the copy step
This PR will be a great first step to then adding PSP for cert-manager, once this is done you'd just need to re-generate this yaml with the PSP stuff turned on. |
Related Issue (this would make doing this issue for cert-manager much easier): #2934 |
d8e31fc
to
6d9c7e5
Compare
@fabriziopandini I moved the cert-manager manifest under |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wfernandes thanks! the PR is ok for me!
/approve
I leave to @vincepri final world on the PR/the asset location
/assign @vincepri @wfernandes, one additional question. what is the plan for existing clusters? to provide instruction to the users about how to manually delete the invalid role binding or are we planning to make clusterctl to delete it automatically? |
That's a good point. We could add some documentation about it. I can make a note of deleting the ClusterRoleBinding in the Release Notes. |
Also... |
Removes the cert-manager-leaderelection ClusterRoleBinding from cert-manager v0.11.0 manifest
6d9c7e5
to
65b5a88
Compare
+1 to relnotes/docs for removing the bogus binding from existing clusters. |
This should be tracked by an issue |
@ncdc I added my release notes in the description of my PR. Let me know if I should make any changes to that. |
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fabriziopandini, ncdc, wfernandes The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Removes the cert-manager-leaderelection ClusterRoleBinding from
cert-manager v0.11.0 manifest
What this PR does / why we need it:
To get velero backup working we needed to get rid of dangling ClusterRoleBinding
cert-manager-leaderelection
from cert-manager v0.11.0. This PR stores a local copy of the cert-manager v0.11.0 release manifest which has been edited with the CRB removed and bindata regenerated.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #2928
Release Notes
cert-manager-leaderelection
ClusterRoleBinding from being installed duringclusterctl init
. For existing clusters, thecert-manager-leaderelection
ClusterRoleBinding needs to be manually removed if running into issues regarding Removes leaderelection ClusterRoleBinding cert-manager/cert-manager#2207