search

lensapp / lens

Lens - The way the world runs Kubernetes
https://k8slens.dev/
MIT License
22.53k stars 1.47k forks source link

Disable the Release Rollback Action and Charts Tab under Apps #1812

Open reddog335 opened 3 years ago

reddog335 commented 3 years ago

What would you like to be added: It would be nice to have the option to disable the Rollback action for a Release and also disable the Charts tab under Apps.

image

image

Why is this needed: We only allow K8 objects to be created in our K8 clusters via our Jenkins pipeline. The RBAC in the K8 cluster prevents developers from creating K8 objects. We need to disable the rollback action for a release as the developers do not have the necessary RBAC to perform a rollback. Lens currently allows them to initiate a rollback but the rollback gets hung in the "pending-rollback" state (due to lack of needed RBAC permissions). It would also be nice to have the option to disable the Charts tab under Apps so our developers are not under the impression they can deploy a Helm chart from Lens.

Environment you are Lens application on:

Nokel81 commented 3 years ago

What are the RBAC permissions for this, since Helm is separate to Kube we would still need to query kube for them?

I have a feeling that it would update, but I might be wrong.

reddog335 commented 3 years ago

Thanks for the reply @Nokel81 Below is the RBAC for the developer role. The developer role RBAC is limited intentionally, it's essentially read-only with a few perks. I'm just asking for a disable checkbosHelm Rollback Action

developer-rbac

Nokel81 commented 3 years ago

Thanks for the info, but I am having trouble figuring out which of those restrictions would need to be lifted in order for such rollbacks to be permitted.

Once I have that it should be pretty easy to check if the cluster doesn't have that and then hide/disable the rollback button. Is it just generally "update" permissions on most items?

reddog335 commented 3 years ago

@Nokel81 I'll perform some testing and let you know the exact one(s). I believe it's update on deployments but will verify.

reddog335 commented 3 years ago

@Nokel81 At a minimum, the user will need the patch verb on the deployment resource. Depending on what other resources are part of the helm release (i.e configmap, cronjob, etc.), the user will also need either the create or patch verb depending on the resource. If the user doesn't have the patch verb defined for the deployment resource the rollback button should be hidden/disabled. If it's not too much trouble, I'd suggest a similar check for displaying the Charts tab. If the user does not have the create verb on the deployment resource, hide/disable the Charts tab entirely. I really appreciate your help on this, thank you!

deployments.apps [] [] [patch]

hridyeshpant commented 1 year ago

Do we have any update on this? I am using K8 job with backoffLimit: 0 and restartPolicy: Never, but helm is performing rollback whenever the job fails to last successful K8 job. We don't want to run the previous K8 job to run. Any workaround to disable rollback via chart