✨ Generate role binding based on generated role #839
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Welcome @Anddd7! |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @Anddd7. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Anddd7 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
size/L
Signed-off-by: Anddd7 <[email protected]>
Anddd7
force-pushed
the
generate-role-binding
branch
from
11272ce to
bd103d1
Compare
Anddd7
changed the title
|
/retitle ✨ Generate role binding based on generated role |
|
@Anddd7: Re-titling can only be requested by trusted users, like repository collaborators. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Anddd7
changed the title
| }, | ||
| ObjectMeta: metav1.ObjectMeta{ | ||
| Name: fmt.Sprintf("%sbinding", roleName), | ||
| Namespace: role.Namespace, |
There was a problem hiding this comment.
Hi, I just got into the issue you refer to in this PR. Is the kustomize namespace replacement considered here? If I manually generate a role like this in my case, the namespace would be replaced with the one set in the main kustomization.yaml file.
There was a problem hiding this comment.
This 'controller-tools' is mainly used to parse the annotations of kubebuilder and generate the manifest, no kustomization.
Ref the kubebuilder, it do have kustomization, https://github.com/kubernetes-sigs/kubebuilder/blob/master/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/kustomization.go.
If we want to overwrite the namespace, i prefer to use an additional config of https://kubectl.docs.kubernetes.io/references/kustomize/builtins/#_namespacetransformer.
There was a problem hiding this comment.
Are you stating that you would change how the namespace is set by the projects consuming controller-runtime (kube-builder, operator-sdk, ...) as a follow-up that uses something like unsetOnly: true and setRoleBindingSubjects: allServiceAccounts?
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
Generate
RoleBindingorClusterRoleBindingbased on the generated roles.In kubebuilder.role_binding.go#L44, it initilized the rolebinding as a static template which only contains ClusterRoleBinding. So we need to edit it manually and it's not auto-updated if you add
Roleinstead ofClusterRole.fix #760
(BTW, in
kubebuilder.role_binding.go#L44, there are several labels generated in template. To keep consistent with other resources, do we need to add it for role/role_binding as well?(One solution is using
kustomize#LabelTransformerorkustomize#patches, which only changes the yaml templates