Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure namespace exists as part of RBAC reconciliation #48480

Merged
merged 1 commit into from
Jul 5, 2017

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Jul 4, 2017

reconciliation can race with the controller that creates the namespaces containing the bootstrap roles. if it loses, it gets a NotFound error trying to create the namespaced role/rolebinding.

Fixes kubernetes/kubeadm#335

RBAC role and role-binding reconciliation now ensures namespaces exist when reconciling on startup.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 4, 2017
@k8s-github-robot k8s-github-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 4, 2017
@liggitt liggitt force-pushed the namespace-reconcile branch from d1edcff to f047ab3 Compare July 4, 2017 23:16
@liggitt
Copy link
Member Author

liggitt commented Jul 4, 2017

cc @kubernetes/sig-auth-pr-reviews @kubernetes/sig-auth-bugs
fyi @luxas

@k8s-ci-robot k8s-ci-robot added sig/auth Categorizes an issue or PR as relevant to SIG Auth. kind/bug Categorizes issue or PR as related to a bug. labels Jul 4, 2017
@liggitt liggitt added release-note Denotes a PR that will be considered when it comes time to generate release notes. cherrypick-candidate and removed release-note-label-needed labels Jul 4, 2017
@liggitt liggitt force-pushed the namespace-reconcile branch from f047ab3 to d5730f4 Compare July 4, 2017 23:24
@k8s-cherrypick-bot
Copy link

Removing label cherrypick-candidate because no release milestone was set. This is an invalid state and thus this PR is not being considered for cherry-pick to any release branch. Please add an appropriate release milestone and then re-add the label.

@luxas
Copy link
Member

luxas commented Jul 5, 2017

Thanks @liggitt!

/lgtm

So basically this makes the Role(Binding) bootstrapping wait until the namespace exists?
That is, until the controller-manager has created the necessary namespace...

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 5, 2017
@deads2k
Copy link
Contributor

deads2k commented Jul 5, 2017

You suck at vacation.

/approve

@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, liggitt, luxas

Associated issue: 335

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 5, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 48480, 48353)

@k8s-github-robot k8s-github-robot merged commit b12314e into kubernetes:master Jul 5, 2017
@luxas
Copy link
Member

luxas commented Jul 5, 2017

@liggitt Ping me on the cherrypick as well and I'll lgtm

@caesarxuchao caesarxuchao added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jul 6, 2017
k8s-github-robot pushed a commit that referenced this pull request Jul 7, 2017
…0-upstream-release-1.6

Automatic merge from submit-queue

Automated cherry pick of #48480

Cherry pick of #48480 on release-1.6.

#48480: Ensure namespace exists as part of RBAC reconciliation
k8s-github-robot pushed a commit that referenced this pull request Jul 8, 2017
…0-upstream-release-1.7

Automatic merge from submit-queue

Automated cherry pick of #48480

Cherry pick of #48480 on release-1.7.

#48480: Ensure namespace exists as part of RBAC reconciliation
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.7" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants