fix: Add RBAC permission to patch events #660
Conversation
| @@ -38,6 +38,9 @@ | |||
| - The default Kubernetes cluster domain name is now fetched from the kubelet API unless explicitly configured. | |||
| - This requires operators to have the RBAC permission to get nodes/proxy in the apiGroup "". The helm-chart takes care of this. | |||
| - The CLI argument `--kubernetes-node-name` or env variable `KUBERNETES_NODE_NAME` needs to be set. The helm-chart takes care of this. | |||
| - The operator helm-chart now grants RBAC `patch` permissions on `events.k8s.io/events`. | |||
There was a problem hiding this comment.
I think this should mention why.
"...because our operators now support deduplicating similar events" (or whatever the explanation is)
And I think we can remove the "future" statement.
There was a problem hiding this comment.
Something like this?
"We think products should normally not generate events, but in case they are, there is a good chance that they not only create them, but also patch them to aggregate errors (error happened 10 times over the last 5 minutes)"
This raises the question: Why don't you check this individually for every product? And the honest answer is: We don't want to right before a release. This is the reason I added the future hint
There was a problem hiding this comment.
I'm also happy to not explain all this and only use
The operator helm-chart now grants RBAC
patchpermissions onevents.k8s.io/events.
This applies to the operator and the product ClusterRole
And call it a day
Needed since stackabletech/operator-rs#938
Not 100% sure why the product needs this, but it was this way before.