Closed pmalek closed 8 months ago
This adds RBAC rules for listing namespaces. There's not way to detect if user has objects from particular API group present in the cluster so this can only be conditional on the presence of Gateway API CRDs in the cluster.
This could potentially be added (by refactoring) to https://github.com/Kong/charts/blob/72650f5768dde1867812fab42e863de7db60f80f/charts/kong/templates/controller-rbac-resources.yaml#L10-L18 but KIC doesn't need to list namespaces when users do not use Gateway API (and specifically namespace selectors).
Related controller-runtime issue describing why we need those permissions: https://github.com/kubernetes-sigs/controller-runtime/issues/1156
Fixes #790
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
main
What this PR does / why we need it:
This adds RBAC rules for listing namespaces. There's not way to detect if user has objects from particular API group present in the cluster so this can only be conditional on the presence of Gateway API CRDs in the cluster.
This could potentially be added (by refactoring) to https://github.com/Kong/charts/blob/72650f5768dde1867812fab42e863de7db60f80f/charts/kong/templates/controller-rbac-resources.yaml#L10-L18 but KIC doesn't need to list namespaces when users do not use Gateway API (and specifically namespace selectors).
Related controller-runtime issue describing why we need those permissions: https://github.com/kubernetes-sigs/controller-runtime/issues/1156
Which issue this PR fixes
Fixes #790
Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
mainbranch.