Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Making cluster wide read default for Secrets #63

Merged
merged 1 commit into from
Aug 31, 2022
Merged

Making cluster wide read default for Secrets #63

merged 1 commit into from
Aug 31, 2022

Conversation

pokearu
Copy link
Contributor

@pokearu pokearu commented Aug 30, 2022
edited
Loading

Description

Making cluster wide read default for Secrets and removed secrets namespaced read role. Currently the default manifest generated does not work, due to secrets read permissions.

E0830 19:14:39.783530       1 reflector.go:138] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:rufio-system:rufio-controller-manager" cannot list resource "secrets" in API group "" at the cluster scope

Now by default Rufio runs Cluster scoped and users can modify the permissions to have Rufio run on a namespaced scope.

Why is this needed

This is a potential solution to #62

How Has This Been Tested?

make release-manifests
kubectl apply -f manifest.yaml

@pokearu pokearu force-pushed the rufio-manager-manifest branch from e43d130 to 25c19f7 Compare August 30, 2022 19:42
@codecov-commenter
Copy link

codecov-commenter commented Aug 30, 2022
edited
Loading

Codecov Report

Merging #63 (25c19f7) into main (6e30e70) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main      #63   +/-   ##
=======================================
  Coverage   59.11%   59.11%           
=======================================
  Files           4        4           
  Lines         318      318           
=======================================
  Hits          188      188           
  Misses         98       98           
  Partials       32       32

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@pokearu pokearu force-pushed the rufio-manager-manifest branch from 25c19f7 to ce81e56 Compare August 31, 2022 19:04
@pokearu pokearu requested a review from chrisdoherty4 August 31, 2022 19:05
@pokearu pokearu force-pushed the rufio-manager-manifest branch from ce81e56 to a643ab9 Compare August 31, 2022 19:05
@pokearu pokearu changed the title Adding --kube-namespace flag to the default manifest generated Making cluster wide read default for Secrets Aug 31, 2022
@pokearu pokearu added the ready-to-merge Mergify: Ready for Merging label Aug 31, 2022
@mergify mergify bot merged commit c67834a into tinkerbell:main Aug 31, 2022
@chrisdoherty4 chrisdoherty4 mentioned this pull request Aug 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisdoherty4 chrisdoherty4 chrisdoherty4 approved these changes

Assignees
No one assigned
Labels
ready-to-merge Mergify: Ready for Merging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pokearu @codecov-commenter @chrisdoherty4