Add rbacApiVersion and use separate resources instead of a list #2609
Conversation
k8s-ci-robot
added
cncf-cla: yes
charts/catalog/values.yaml
Outdated
| @@ -9,6 +9,7 @@ useAggregator: true | |||
| ## If true, create & use RBAC resources | |||
| ## | |||
| rbacEnable: true | |||
| rbacApiVersion: v1 | |||
There was a problem hiding this comment.
should be rbac.authorization.k8s.io/v1
|
/test pull-service-catalog-xbuild |
| @@ -9,6 +9,7 @@ useAggregator: true | |||
| ## If true, create & use RBAC resources | |||
| ## | |||
| rbacEnable: true | |||
| rbacApiVersion: rbac.authorization.k8s.io/v1 | |||
There was a problem hiding this comment.
In rbac.yaml the apiVersion is set by {{template "rbacApiVersion" . }} because of that this variable will never be taken into account and it could be misleading, so what is the purpose of it?
And also how this is solving the problem described in #2602?
I've executed locally such command with helm client version v2.10.0
helm template --name=catalog --namespace=default ./catalog
and the apiVersion param was still empty as expected.
There was a problem hiding this comment.
I agree, I don't think we can do this here. I agree that we should start defaulting to the v1 version.
There was a problem hiding this comment.
You should also remove the rbacApiVersion definition from the _helpers.tpl file
There was a problem hiding this comment.
I tested that and it's working. LGTM
I was able to install the Service Catalog using this command
helm template ./charts/catalog --name core --namespace default | kubectl apply -f -
But one minor thing. I saw that the #2606 was merged. And those PRs are slightly overlapping. Here we using version from values.yaml file and in merged PR there was used the {{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}.
IMHO it could be unified. After merging this PR, for RBAC we will use the direct version from values.yaml and for APIService we will version based on Capabilities.
@MHBauer gives approve for #2606, so probably he has a broader view of the whole subject.
duglin
force-pushed
the
issue2602
branch
2 times, most recently
from
abd91e3 to
e2bc464
Compare
k8s-ci-robot
added
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
|
/test pull-service-catalog-integration |
1 similar comment
|
/test pull-service-catalog-integration |
Closes kubernetes-retired#2602 See kubernetes-retired#2602 for more info Signed-off-by: Doug Davis <[email protected]>
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jberkhahn The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/lgtm |
…rnetes-retired#2609) Closes kubernetes-retired#2602 See kubernetes-retired#2602 for more info Signed-off-by: Doug Davis <[email protected]>
Closes #2602
See #2602 for more info
Signed-off-by: Doug Davis [email protected]
ping @kramvan1