Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable RBAC Addon's in Node Mode #5925

Merged
merged 1 commit into from
Oct 12, 2018
Merged

Disable RBAC Addon's in Node Mode #5925

merged 1 commit into from
Oct 12, 2018

Conversation

gambol99
Copy link
Contributor

The current implementation applys the rbac addons regardless. When node authorization or bootstrap token are enabled this manifests is skipped. In regard to rollouts from RBAC -> Node, the process will be disable manifest, though the clusterrolebindings will remain. Once all the nodes have been upgraded to use Node authorization the administrator can delete the binding manually. As indicated by https://kubernetes.io/docs/reference/access-authn-authz/node/

@gambol99
Disable RBAC Addons
2a7e349 
The current implementation applys the rbac addons regardless. When node authorization is enable this manifests is skipped. In regard to rollouts from RBAC -> Node, the process will be disable manifest, though the clusterrolebindings will still exist. Once all the nodes have been upgraded to use Node authorization the administrator can delete the binding maunally.
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 12, 2018
@gambol99 gambol99 changed the title Disable RBAC Addons Disable RBAC Addon's in Node Mode Oct 12, 2018
@gambol99
Copy link
Contributor Author

/assign @justinsb

KashifSaadat
KashifSaadat reviewed Oct 12, 2018
View reviewed changes
upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
{
key := "rbac.addons.k8s.io"
version := "1.8.0"
// @check if node authorization or bootstrap tokens are enabled an if so we can forgo applying
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

an => and

@KashifSaadat
Copy link
Contributor

Looks good, will wait for another set of eyes to approve :)

@chrisz100
Copy link
Contributor

/lgtm

Looks good for me as well!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 12, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chrisz100, gambol99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 37fc1e3 into kubernetes:master Oct 12, 2018
@gambol99 gambol99 deleted the diable_rbac_addons branch February 22, 2019 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KashifSaadat KashifSaadat KashifSaadat left review comments

@chrisz100 chrisz100 Awaiting requested review from chrisz100

@rdrgmnzs rdrgmnzs Awaiting requested review from rdrgmnzs

Assignees

@justinsb justinsb

@chrisz100 chrisz100

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gambol99 @KashifSaadat @chrisz100 @k8s-ci-robot @justinsb