Closed chr15p closed 5 months ago
Hi @chr15p. Thanks for your PR.
I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test
on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test
label.
I understand the commands that are listed here.
@chr15p WDYT about creating sub-directories (master, worker, prune etc') under config/rbac ? will make it a little bit clearer to understand which roles/sa relevant for which component
I've moved the components into their own subdirectories of rbac, and the parts needed for the operator itself (manager and leader_election role/sa etc) into a core
directory so hopefully its a little more obvious what files are used be what.
I have also removed the namePrefix:
and hardcoded all the names to start with nfd- to be less confusing. Everything in my test setup is working and labels are being applied by the new controller and all the object names look good so I think I've caught all the name changes.
Lastly I've synced the clusterroles/roles with the helm charts.
Squished the commits and reworded the commit message to cover all the changes.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: ArangoGutierrez, chr15p, marquiz
The full list of commands accepted by this bot can be found here.
The pull request process is described here
This will set up the various service accounts, roles and rolebindings needed by the new (refactored) controller. These will all be applied at install (
make deploy
) time. For clarity the current manager setup (config/rbac/role.yaml
androle_binding.yaml
) are renamed, and each account is broken into its own set of files.If applied before the new controller is made live the old controller will overwrite any changes here at reconcile time and continue to work (or at least will continue to be as broken as it is now...) so this PR can be applied safely without the refactor being completed.