Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the capability to use RoleBindings instead of ClusterRoleBindings #841

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add the capability to use RoleBindings instead of ClusterRoleBindings #841

wants to merge 5 commits into from
+60 −24

Conversation

nilushancosta
Copy link
Contributor

Description

This PR introduces a new key to the Helm values named useRoleBindings which when set to true creates Kubernetes RoleBindings instead of ClusterRoleBindings

Issues Resolved

Closes #831

Check List

  • Commits are signed per the DCO using --signoff
  • Unittest added for the new/changed functionality and all unit tests are successful
  • Customer-visible features documented
  • No linter warnings (make lint)

If CRDs are changed:

  • CRD YAMLs updated (make manifests) and also copied into the helm chart
  • Changes to CRDs documented

Please refer to the PR guidelines before submitting this pull request.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@nilushancosta
Copy link
Contributor Author

@swoehrl-mw would you be able to have a look at this PR?

swoehrl-mw
swoehrl-mw requested changes Oct 11, 2024
View reviewed changes
Copy link
Collaborator

@swoehrl-mw swoehrl-mw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it makes more sense to have the ClusterRoleBinding and the RoleBinding in the same file (without the -crb in the filename to make it more generic) and use an if-else-end construct.

@nilushancosta
Copy link
Contributor Author

I think it makes more sense to have the ClusterRoleBinding and the RoleBinding in the same file (without the -crb in the filename to make it more generic) and use an if-else-end construct.

@swoehrl-mw I changed it as requested

swoehrl-mw
swoehrl-mw requested changes Oct 18, 2024
View reviewed changes
charts/opensearch-operator/templates/opensearch-operator-manager-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-cluster-rolebinding
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-cluster-rolebinding
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-rolebinding

Name should stay the same as it is now, IMO it is also not a problem if rolebinding and clusterrolebinding are named the same

charts/opensearch-operator/templates/opensearch-operator-proxy-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-cluster-rolebinding
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-cluster-rolebinding
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-rolebinding

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swoehrl-mw swoehrl-mw swoehrl-mw requested changes

@idanl21 idanl21 Awaiting requested review from idanl21 idanl21 is a code owner

@dbason dbason Awaiting requested review from dbason

@prudhvigodithi prudhvigodithi Awaiting requested review from prudhvigodithi prudhvigodithi is a code owner

@jochenkressin jochenkressin Awaiting requested review from jochenkressin jochenkressin is a code owner

@pchmielnik pchmielnik Awaiting requested review from pchmielnik pchmielnik is a code owner

@salyh salyh Awaiting requested review from salyh salyh is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Engineering Effectiveness Board
Status: 👀 In review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[PROPOSAL] Add the capability to use RoleBindings instead of ClusterRoleBindings
2 participants
@nilushancosta @swoehrl-mw