Skip to content

Update deployment and rbac to work at a cluster level #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update deployment and rbac to work at a cluster level #43

wants to merge 2 commits into from

Conversation

@etsauer
Copy link
Collaborator

@etsauer etsauer commented Jun 18, 2019

mathianasj
mathianasj reviewed Jun 21, 2019
View reviewed changes
Copy link
Collaborator

@mathianasj mathianasj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like how you split up the roles so that it restricts what it needs to run the operator in the namespace the container is running and what it needs to perform its tasks against routes and secrets

deploy/role.yaml
- watch
- create
- update
- apiGroups:
Copy link
Collaborator

@mathianasj mathianasj Jun 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also need to include this one so it can update existing routes

- apiGroups:
  - "route.openshift.io"
  resources:
  - routes/custom-host
  verbs:
  - update

deploy/role.yaml
metadata:
name: cert-operator-local
rules:
- apiGroups:
Copy link
Collaborator

@mathianasj mathianasj Jun 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and these

  - apiGroups:
    - extensions
    resources:
    - replicasets
    - deployments
    verbs:
    - "get"
  - apiGroups:
    - monitoring.coreos.com
    resources:
    - servicemonitors
    verbs:
    - "get"
    - "create"
  - apiGroups:
    - extensions
    resources:
    - deployments/finalizers
    resourceNames:
    - cert-operator
    verbs:
    - "update"

@etsauer
Copy link
Collaborator Author

etsauer commented Jul 9, 2019

@mathianasj made the recommended changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mathianasj mathianasj mathianasj left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@etsauer @mathianasj