Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add permission RBAC to access endpoints #2728

Merged
merged 2 commits into from
Jul 17, 2023
Merged

Add permission RBAC to access endpoints #2728

merged 2 commits into from
Jul 17, 2023

Conversation

aswinsuryan
Copy link
Contributor

@aswinsuryan aswinsuryan commented Jul 16, 2023
edited
Loading

With OVN IC submariner operator needs read access to endpoints to understand the OVN topology

Fixes: submariner-io/enhancements#191

@aswinsuryan
Add premission RBAC to access endpoints
2622c81 
With OVN IC submariner operator needs read access to endpoints
to understand the current topology

Signed-off-by: Aswin Suryanarayanan <[email protected]>
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr2728/aswinsuryan/ovn-rbac
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@aswinsuryan aswinsuryan marked this pull request as ready for review July 16, 2023 03:55
@tpantelis
Copy link
Contributor

With OVN IC submariner operator needs read access to endpoints to understand the OVN topology

Can you explain why? And why not EndpointSlices?

@aswinsuryan
Copy link
Contributor Author

aswinsuryan commented Jul 17, 2023
edited
Loading

@tpantelis This for OVN, ovn creates endpoints without a service if IC is enabled in multiple nodes per zone configuration. No endpoints will be created if it is in single zone per node configuration. We need this information to decide how we should connect to ovndb

Since the number of endpoints will be less than number of nodes , I don't think they will have plan to move to endpoint slices. If they move in future , we will have to update too.

@aswinsuryan
Copy link
Contributor Author

This will be used by #2726

@nyechiel nyechiel added the ready-to-test When a PR is ready for full E2E testing label Jul 17, 2023
@tpantelis tpantelis changed the title Add premission RBAC to access endpoints Add permission RBAC to access endpoints Jul 17, 2023
@dfarrell07
Copy link
Member

E2E (1.25, ovn) timed out, re-running.

@dfarrell07 dfarrell07 mentioned this pull request Jul 17, 2023
Merged
@skitt skitt merged commit 325a5b8 into submariner-io:devel Jul 17, 2023
38 checks passed
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr2728/aswinsuryan/ovn-rbac]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skitt skitt skitt approved these changes

@tpantelis tpantelis tpantelis approved these changes

@yboaron yboaron yboaron approved these changes

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@sridhargaddam sridhargaddam Awaiting requested review from sridhargaddam sridhargaddam is a code owner

Assignees
No one assigned
Labels
ready-to-test When a PR is ready for full E2E testing
Projects
No open projects
Submariner 0.16
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update the Submariner-operator to remove network-pulgin syncer deployment
7 participants
@aswinsuryan @submariner-bot @tpantelis @dfarrell07 @skitt @yboaron @nyechiel