🐛 use rbac.authorization.k8s.io/v1 for the auth proxy client

[joelanford]

This PR updates the metrics-reader ClusterRole scaffolded by the v3 Go plugin to use apiVersion rbac.authorization.k8s.io/v1 instead of the deprecated (since k8s 1.17) rbac.authorization.k8s.io/v1beta1.

All other template scaffolds are using rbac.authorization.k8s.io/v1. It seems that it was an oversight that caused this file to continue using rbac.authorization.k8s.io/v1beta1.

[joelanford]

Question: should this be backported to the v2 plugin? In v2, this also appears to be the only ClusterRole using rbac.authorization.k8s.io/v1beta1

[camilamacedo86]

Hi @joelanford,

It shows ok for me 👍

/approve

Question: should this be backported to the v2 plugin? In v2, this also appears to be the only ClusterRole using rbac.authorization.k8s.io/v1beta1

I do not think so. It would change the current behaviour of v2+, so by following the current approach we ough to push to only v3+
Could you please add in the title (only v3+), in POV it makes it easier for us to identify in the release notes that the change was applied only to v3+.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86, joelanford

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [camilamacedo86]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[joelanford]

@camilamacedo86 Since v2 is already scaffolding other RBAC resources with rbac.authorization.k8s.io/v1 (in fact ALL other RBAC resources use v1), to me this is a non-breaking backwards-compatible bug fix, and since this file is scaffolded during init, it will not have any effect on existing projects.

IMO, we should include this change for v2 as well.

[camilamacedo86]

Hi @joelanford,

@camilamacedo86 Since v2 is already scaffolding other RBAC resources with rbac.authorization.k8s.io/v1 (in fact ALL other RBAC resources use v1), to me this is a non-breaking backwards-compatible bug fix, and since this file is scaffolded during init, it will not have any effect on existing projects.

IMO, we should include this change for v2 as well.

I understand that ANY bug fixes can be addressed to v2+. However, the reviews have been very restrictive and in many scenarios, besides the change be only a bug fix was decided to be applied just to v3+ because changes the behaviour.

However, I checked here that the other scaffolds are using v1 api already. So, I agree with you that would be ok in this case we push the change to v2 as well.

@christopherhein @pwittrock @gabbifish wdyt? Are you ok with?

[christopherhein]

I’m good with this change, it’s easy enough and “non-breaking” so much as the functionality still works no matter what apiversion as long as your control plane supports it.

[joelanford]

It sounds like there's consensus to include this in the v2 plugin, so I'll update this PR to include this change there as well.

[estroz]

/lgtm