Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

inject rbac for coordinator to enable logs/exec #1637

Closed
wants to merge 1 commit into from

Conversation

Congrool
Copy link
Member

@Congrool Congrool commented Aug 6, 2023

What type of PR is this?

/kind feature

What this PR does / why we need it:

Currently, kubectl logs to poolcoordinator cannot work because the apiserver in pool-coordinator is not authorized to access the kubelet server, in other words it cannot get sub-resources proxy/logs. This pr will inject relative rbac rule to enable the apiserver to access the kubelet server.

The proposal in origin PR #1384 was deprecated for problems in offline scenario.

Which issue(s) this PR fixes:

Fixes #1176

other Note

The way we do the injection is that: the leader yurthub should try to create the relative rbac rules for openyurt:yurt-coordinator:apiserver after winning the election. It will start a goroutine to create the rbac rules which will retry on faile. This goroutine will exit only when the rbac is created successfully or the leader changes.

@openyurt-bot openyurt-bot added the kind/feature kind/feature label Aug 6, 2023
@openyurt-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Congrool
To complete the pull request process, please assign rambohe-ch
You can assign the PR to them by writing /assign @rambohe-ch in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openyurt-bot openyurt-bot added the size/L size/L: 100-499 label Aug 6, 2023
@sonarcloud
Copy link

sonarcloud bot commented Aug 6, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
1.4% 1.4% Duplication

@codecov
Copy link

codecov bot commented Aug 6, 2023

Codecov Report

Attention: Patch coverage is 0% with 57 lines in your changes are missing coverage. Please review.

Project coverage is 51.04%. Comparing base (237fe8f) to head (3d80028).
Report is 194 commits behind head on master.

Files Patch % Lines
pkg/yurthub/yurtcoordinator/coordinator.go 0.00% 57 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master    #1637      +/-   ##
==========================================
+ Coverage   50.93%   51.04%   +0.11%     
==========================================
  Files         137      218      +81     
  Lines       16029    26403   +10374     
==========================================
+ Hits         8164    13477    +5313     
- Misses       7126    11679    +4553     
- Partials      739     1247     +508     
Flag Coverage Δ
unittests 51.04% <0.00%> (+0.11%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link

stale bot commented Nov 4, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Nov 4, 2023
@rambohe-ch rambohe-ch removed the wontfix label Nov 8, 2023
Copy link

stale bot commented Feb 6, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Feb 6, 2024
@stale stale bot closed this Feb 13, 2024
@rambohe-ch rambohe-ch reopened this Feb 20, 2024
@stale stale bot removed the wontfix label Feb 20, 2024
Copy link

sonarcloud bot commented Feb 20, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarCloud

idea Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint

Copy link

stale bot commented May 20, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label May 20, 2024
@stale stale bot closed this May 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature kind/feature size/L size/L: 100-499 wontfix
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] kubectl logs to pool-coordinator needs rbac
3 participants