Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prow: allow deployment of kubernetes-external-secrets without roles/container.admin #2218

Open
spiffxp opened this issue Jun 15, 2021 · 16 comments
Open

Prow: allow deployment of kubernetes-external-secrets without roles/container.admin #2218

spiffxp opened this issue Jun 15, 2021 · 16 comments
Labels
area/infra Infrastructure management, infrastructure design, code in infra/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing.

Comments

@spiffxp
Copy link
Member

spiffxp commented Jun 15, 2021

Should be able to CRUD kubernetes resources without CRUD rights for the cluster

Some work has already been done toward this, to link in later
@spiffxp
Copy link
Member Author

spiffxp commented Jun 30, 2021

/area prow
/area cluster-infra
/sig testing
/wg k8s-infra
/priority important-longterm

@k8s-ci-robot k8s-ci-robot added area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/infra Infrastructure management, infrastructure design, code in infra/ sig/testing Categorizes an issue or PR as relevant to SIG Testing. wg/k8s-infra priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Jun 30, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Jun 30, 2021

#2190 setup a custom container.deployer role

But that apparently still isn't sufficient: #2190 (comment)

@spiffxp spiffxp mentioned this issue Jun 30, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Jul 16, 2021

/milestone v1.23

@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Jul 16, 2021
@spiffxp spiffxp mentioned this issue Jul 30, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Jul 30, 2021

It seems like creating RBAC-related resources is the sticking point here. I suspect container.admin is by default given a Kubernetes role that allows it to do so, but custom roles maybe not so much?

@spiffxp spiffxp mentioned this issue Jul 30, 2021
Closed
@spiffxp
Copy link
Member Author

spiffxp commented Jul 30, 2021

/milestone v1.22
If I can't figure out what's preventing the custom role I'm going to add back container.admin for now to unblock auto-deploys

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.23, v1.22 Jul 30, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Aug 3, 2021

/milestone v1.23

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.22, v1.23 Aug 3, 2021
This was referenced Aug 6, 2021
Merged
Merged
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Aug 6, 2021

Went back to roles/container.admin for now

@spiffxp
Copy link
Member Author

spiffxp commented Sep 29, 2021

/remove-priority important-longterm
/priority backlog
/milestone clear

@k8s-ci-robot k8s-ci-robot added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Sep 29, 2021
@k8s-ci-robot k8s-ci-robot removed this from the v1.23 milestone Sep 29, 2021
@k8s-ci-robot k8s-ci-robot added sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. and removed wg/k8s-infra labels Sep 29, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 28, 2021
@ameukam
Copy link
Member

ameukam commented Jan 3, 2022

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 3, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 3, 2022
@ameukam
Copy link
Member

ameukam commented Apr 4, 2022

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 4, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 3, 2022
@ameukam
Copy link
Member

ameukam commented Jul 4, 2022

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 4, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 2, 2022
@ameukam
Copy link
Member

ameukam commented Oct 3, 2022

/remove-lifecycle stale
/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Oct 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/infra Infrastructure management, infrastructure design, code in infra/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spiffxp @ameukam @k8s-ci-robot @k8s-triage-robot