Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Updates the RBAC role permissions for KIC v2. Supersedes #364. New PR since the upstream permissions have changed a ton since #364 started and because I used a different update strategy.
Added the v2 leader election permissions alongside the v1 permissions in the same role, as v2 uses a new leader election system built into controller-runtime. There is some overlap, but trying to consolidate them in the chart will make any future updates harder. If they remain separated, you can just replace whichever block changed with the new version from upstream.
Replaced the entire ClusterRole permission set (which granted access to Ingresses and such) from v1 with the v2 permissions. The v2 permissions are a superset of the v1 permissions, so there doesn't appear to be any reason to maintain separate versions. Note that the v2 permissions do have a slightly different structure. They do not group resources in the same API group and equal permission sets together; see the example at #364 (comment)
Which issue this PR fixes
(optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged)Related to Kong/kubernetes-ingress-controller#1352
Special notes for your reviewer:
This includes the change from Kong/kubernetes-ingress-controller#1584. That should be merged imminently.
This does not include permissions necessary to add finalizers. KIC 2.0.0-alpha.2 still attempts to add those, and will fail without them. We have removed finalizers from next but have not yet released alpha.3.
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
next
branch and targetsnext
, notmain
[kong]
)