Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add optional rbac.secrets value to give GET/LIST/WATCH on Secrets #790

Merged
merged 3 commits into from
May 1, 2024
Merged

feat: add optional rbac.secrets value to give GET/LIST/WATCH on Secrets #790

merged 3 commits into from
May 1, 2024

Conversation

ashokkumar-srinivas
Copy link
Contributor

@ashokkumar-srinivas ashokkumar-srinivas commented Oct 4, 2023
edited by thesuperzapper
Loading

What issues does your PR fix?

  • N/A

What does your PR do?

Currently, if a user wants to allow airflow Pods to read Secret resources, they must set rbac.enabled to false and provision their own Role/RoleBinding.

This PR adds the following values:

  • rbac.secrets (default: false)
    • If true, the RBAC Role used by airflow Pods will be allowed to GET/LIST/WATCH on Secret resources

Checklist

For all Pull Requests

@ashokkumar-srinivas ashokkumar-srinivas changed the title modified role template to allow SA to read k8s secrets in airflow ns feat: modified role template to allow SA to read k8s secrets in airflow ns Oct 4, 2023
@ashsrinivas-deloitte
modified role template to allow SA to read k8s secrets in airflow ns
3cd11df 
Signed-off-by: Ashok Kumar Srinivas <94833956+ashsrinivas-deloitte@users.noreply.github.com>
@ashsrinivas-deloitte
feat: modified role template to allow SA to read k8s secrets in airfl…
ab37685 
…ow ns

Signed-off-by: Ashok Kumar Srinivas <94833956+ashsrinivas-deloitte@users.noreply.github.com>
@stale Stale
Copy link

stale bot commented Dec 15, 2023

This issue has been automatically marked as stale because it has not had activity in 60 days.
It will be closed in 7 days if no further activity occurs.

Thank you for your contributions.

Issues never become stale if any of the following is true:

  1. they are added to a Project
  2. they are added to a Milestone
  3. they have the lifecycle/frozen label

@stale stale bot added the lifecycle/stale lifecycle - this is stale label Dec 15, 2023
@thesuperzapper thesuperzapper added this to the airflow-8.9.0 milestone May 1, 2024
@stale stale bot removed the lifecycle/stale lifecycle - this is stale label May 1, 2024
@thesuperzapper thesuperzapper changed the title feat: modified role template to allow SA to read k8s secrets in airflow ns feat: add optional rbac.secrets value to give GET/LIST/WATCH on Secrets May 1, 2024
@thesuperzapper
cleanup changes
cb659ab 
Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com>
thesuperzapper
thesuperzapper approved these changes May 1, 2024
View reviewed changes
Copy link
Member

@thesuperzapper thesuperzapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ashokkumar-srinivas sorry for the extreme delay, but I have pushed a small cleanup to the PR in cb659ab

We will include this in the next version of the chart!

@thesuperzapper thesuperzapper added the status/ready-to-merge status - this will be merged into next release label May 1, 2024
@thesuperzapper thesuperzapper merged commit a9513df into airflow-helm:main May 1, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thesuperzapper thesuperzapper thesuperzapper approved these changes

Assignees
No one assigned
Labels
status/ready-to-merge status - this will be merged into next release
Projects
None yet
Milestone
airflow-8.9.0
Development

Successfully merging this pull request may close these issues.
3 participants
@ashokkumar-srinivas @thesuperzapper @ashsrinivas-deloitte