Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make RBAC post-start hook conditional on RBAC authorizer being used #43813

Merged
merged 2 commits into from
Mar 31, 2017
Merged

Make RBAC post-start hook conditional on RBAC authorizer being used #43813

merged 2 commits into from
Mar 31, 2017
+34 −9

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Mar 29, 2017
edited
Loading

Makes the RBAC post-start hook (and reconciliation) conditional on the RBAC authorizer being used

Ensures we don't set up unnecessary objects.

RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 29, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@k8s-github-robot k8s-github-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 29, 2017
@liggitt
Copy link
Member Author

liggitt commented Mar 29, 2017

cc @kubernetes/sig-auth-pr-reviews

@k8s-github-robot k8s-github-robot added release-note-label-needed release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Mar 29, 2017
@ericchiang
Copy link
Contributor

I'm not an approver, but seems reasonable to me.

@liggitt liggitt force-pushed the conditional-post-start-hook branch from 21b1a58 to 552c3d3 Compare March 29, 2017 16:18
@deads2k
Copy link
Contributor

deads2k commented Mar 29, 2017

Seems like it would be better to provide a generic way to skip a poststarthook (they're already named) and drive that instead.

@liggitt liggitt force-pushed the conditional-post-start-hook branch from 552c3d3 to 259ae0e Compare March 31, 2017 01:41
@liggitt
Copy link
Member Author

liggitt commented Mar 31, 2017

Seems like it would be better to provide a generic way to skip a poststarthook (they're already named) and drive that instead.

Done, PTAL

@liggitt liggitt force-pushed the conditional-post-start-hook branch from 259ae0e to 890894a Compare March 31, 2017 03:30
@deads2k
Copy link
Contributor

deads2k commented Mar 31, 2017

/lgtm
/release-note-none

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Mar 31, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, liggitt

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 31, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 91c03b0 into kubernetes:master Mar 31, 2017
@k8s-ci-robot
Copy link
Contributor

@liggitt: The following test(s) failed:

Test name Commit Details Rerun command
Jenkins non-CRI GCE e2e 890894a link @k8s-bot non-cri e2e test this

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@liggitt liggitt added this to the v1.6 milestone Mar 31, 2017
@liggitt liggitt mentioned this pull request Mar 31, 2017
Merged
@liggitt liggitt added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Mar 31, 2017
@liggitt liggitt deleted the conditional-post-start-hook branch March 31, 2017 18:43
k8s-github-robot pushed a commit that referenced this pull request Apr 8, 2017
Merge pull request #43920 from liggitt/automated-cherry-pick-of-#4381…
1f0d085 
…3-upstream-release-1.6

Automatic merge from submit-queue

Automated cherry pick of #43813

Cherry pick of #43813 on release-1.6.

#43813: Allow disabling specific post-start hooks

Avoids populating RBAC objects if the RBAC authorizer is not being used

```release-note
RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled.
```
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.6" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

mintzhao pushed a commit to mintzhao/kubernetes that referenced this pull request Jun 1, 2017
Merge pull request kubernetes#43920 from liggitt/automated-cherry-pic…
d888b8b 
…k-of-#43813-upstream-release-1.6

Automatic merge from submit-queue

Automated cherry pick of kubernetes#43813

Cherry pick of kubernetes#43813 on release-1.6.

kubernetes#43813: Allow disabling specific post-start hooks

Avoids populating RBAC objects if the RBAC authorizer is not being used

```release-note
RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled.
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.6
Development

Successfully merging this pull request may close these issues.
7 participants
@liggitt @k8s-reviewable @ericchiang @deads2k @k8s-github-robot @k8s-ci-robot @k8s-cherrypick-bot