Move service operator RBAC from runtime bindata to OLM bundle#1965
Move service operator RBAC from runtime bindata to OLM bundle#1965dprince wants to merge 1 commit into
Conversation
Instead of applying service operator ClusterRoles, ClusterRoleBindings, Roles, RoleBindings, and ServiceAccounts at runtime via bindata, generate them during sync-bindata.sh and stage them into the OLM bundle at bundle build time. This removes the need for the openstack-operator to hold wildcard clusterrole/clusterrolebinding permissions and narrows the remaining role/rolebinding RBAC to specific verbs.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dprince The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
OpenStackControlPlane CRD Size Report
Threshold reference
|
|
@dprince: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Build failed (check pipeline). Post ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 19m 15s |
Instead of applying service operator ClusterRoles, ClusterRoleBindings, Roles, RoleBindings, and ServiceAccounts at runtime via bindata, generate them during sync-bindata.sh and stage them into the OLM bundle at bundle build time. This removes the need for the openstack-operator to hold wildcard clusterrole/clusterrolebinding permissions and narrows the remaining role/rolebinding RBAC to specific verbs.