search

tinkerbell / rufio

Kubernetes Controller for BMC Interactions
Apache License 2.0
36 stars 16 forks source link

Making cluster wide read default for Secrets #63

Closed pokearu closed 2 years ago

pokearu commented 2 years ago

Description

Making cluster wide read default for Secrets and removed secrets namespaced read role. Currently the default manifest generated does not work, due to secrets read permissions.

E0830 19:14:39.783530       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.23.0/tools/cache/reflector.go:167: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:rufio-system:rufio-controller-manager" cannot list resource "secrets" in API group "" at the cluster scope

Now by default Rufio runs Cluster scoped and users can modify the permissions to have Rufio run on a namespaced scope.

Why is this needed

This is a potential solution to #62

How Has This Been Tested?

make release-manifests
kubectl apply -f manifest.yaml
codecov-commenter commented 2 years ago

Codecov Report

Merging #63 (25c19f7) into main (6e30e70) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main      #63   +/-   ##
=======================================
  Coverage   59.11%   59.11%           
=======================================
  Files           4        4           
  Lines         318      318           
=======================================
  Hits          188      188           
  Misses         98       98           
  Partials       32       32

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more