Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RBAC] Remove permission for Deployments #339

Merged
merged 1 commit into from
Aug 16, 2018
Merged

[RBAC] Remove permission for Deployments #339

merged 1 commit into from
Aug 16, 2018

Conversation

surajssd
Copy link
Contributor

Habitat spec v1beta1 needed to do CRUD on Deployments so it had
permissions on the Kubernetes Deployments resource.

Now that it's support is removed no more operations of Deployments
are done. Hence this commit removes the permission to Deployments.

@surajssd surajssd changed the title [RBAC] Remove permission for Deployments [WIP] [RBAC] Remove permission for Deployments Aug 16, 2018
@surajssd
[RBAC] Remove permission for Deployments
da8aede 
Habitat spec `v1beta1` needed to do CRUD on Deployments so it had
permissions on the Kubernetes Deployments resource.

Now that it's support is removed no more operations of Deployments
are done. Hence this commit removes the permission to Deployments.

Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>
@surajssd surajssd force-pushed the surajssd/fix-rbac-permissions-drop-deployments branch from 78e4a64 to da8aede Compare August 16, 2018 09:09
@surajssd surajssd changed the title [WIP] [RBAC] Remove permission for Deployments [RBAC] Remove permission for Deployments Aug 16, 2018
@surajssd surajssd requested a review from krnowak August 16, 2018 10:07
krnowak
krnowak approved these changes Aug 16, 2018
View reviewed changes
Copy link
Contributor

@krnowak krnowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LFAD.

@krnowak krnowak merged commit cdb59ec into habitat-sh:master Aug 16, 2018
@krnowak krnowak deleted the surajssd/fix-rbac-permissions-drop-deployments branch August 16, 2018 15:35
@irvingpop
Copy link

@surajssd @krnowak FWIW, this change bit me today - because the habitat-operator container definition is still 0.7.2, but the example configs changed. I fixed it by checking out the 0.7.2 tag from git and then reapplying.

for future travelers, this error loops forever:

E0910 19:29:59.107469       1 reflector.go:205] github.com/habitat-sh/habitat-operator/pkg/controller/v1beta1/controller.go:127: Failed to list *v1beta1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:default:habitat-operator" cannot list deployments.apps at the cluster scope: Unknown user "system:serviceaccount:default:habitat-operator"
E0910 19:30:00.109488       1 reflector.go:205] github.com/habitat-sh/habitat-operator/pkg/controller/v1beta1/controller.go:127: Failed to list *v1beta1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:default:habitat-operator" cannot list deployments.apps at the cluster scope: Unknown user "system:serviceaccount:default:habitat-operator"

@surajssd
Copy link
Contributor Author

@irvingpop we are making a new release and this should be fixed, because you will be able to pull the latest image, tracked in #355

@krnowak
Copy link
Contributor

krnowak commented Sep 11, 2018

That's #228 and #231.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krnowak krnowak krnowak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@surajssd @irvingpop @krnowak