Revert "Remove rbac instruction for GKE" #8990
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit a65a859.
google-cla
bot
added
the
cla: yes
istio-testing
added
the
size/S
|
So why did we think it was safe to remove these before? Mostly curious since we removed these in November... Do we need to add any caveats here about when this step is needed? |
|
The original PR was sent by a new contributor and approved by someone who doesn't use GKE (I assume). I don't see anything suggesting it was ever safe to remove - although I am not an RBAC expert. I suspect the default permissions gives the owner of the cluster admin access, but if you are in a cluster not in your own project its needed? |
smawson
approved these changes
Feb 16, 2021
Hah, I did not look close enough, didn't see my name there... |
istio-testing
added a commit
that referenced
this pull request
Feb 25, 2021
* Update customize prom scraping instruction. (#8976) * Update customize prom scraping instruction. * Update content/en/docs/ops/integrations/prometheus/index.md Co-authored-by: Sven Mawson <sven@google.com> Co-authored-by: Sven Mawson <sven@google.com> * IstioCon blog post (#8984) Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> * s/service-apis/gateway-api/ (#8988) * Update index.md * Update index.md * Revert "remove rbac instruction (#8442)" (#8990) This reverts commit a65a859. * Update observability best practices (#8897) * Update observability best practices * Fix linting issue * Try and clarify prometheus install * Update content/en/docs/ops/best-practices/observability/index.md Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> * Move to observability page Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> * Add doc about how to work around missing metric expiry. (#8948) * Add doc about how to work around missing metric expiry. * address comment. * lint * add spelling change * fix * Update content/en/faq/metrics-and-logs/telemetry-v1-vs-v2.md Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com> Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com> * Add initial security best practices documentation (#8952) * Clarify Prometheus TLS settings. (#8962) * Clarify Prometheus TLS settings. * Update content/en/docs/ops/integrations/prometheus/index.md Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * Update content/en/docs/ops/integrations/prometheus/index.md Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * Update content/en/docs/ops/integrations/prometheus/index.md Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * Automator: update common-files@master in istio/istio.io@master (#8997) * Automator: update istio.io@ reference docs (#8998) * Automator: update istio.io@ reference docs (#9004) * Make attribute gen yaml file valid. (#9000) * Fix the client IP addresses for the authz ingress task (#9002) * Fix link to Configuration title (#9009) Signed-off-by: Radim Hrazdil <rhrazdil@redhat.com> * Automator: update istio.io@ reference docs (#9019) * Automator: update istio@ test reference (#9021) * Use istio-ecosystem wasm extensions repo in extensibility concept page. (#9018) * add a troubleshooting guide for multicluster (#8957) * add a troubleshooting guide for multicluster * fix meta * fix meta * address review comments * shift weight * rel link * lint * fix link * hard to tell what our mdlint customizations are... * fix mc guide link * add more context to high-level issues * cleanup phrasing * Remove fixed limitation warning (#9034) This issue no longer exists, I verified via the code and tested it myself as well. * Fixed "are is" to "are" and addressed an incorrect link (#9035) * fixing a typo * changed the link to go directly to canary upgrades page * Automator: update istio.io@ reference docs (#9036) * fix circuit breaker task (#9022) * fix circuit breaker task * gen * Add documentation for Analysis messsage IST0134 ServiceEntryAddresses… (#9020) * Add documentation for Analysis messsage IST0134 ServiceEntryAddressesRequired Signed-off-by: zufardhiyaulhaq <zufardhiyaulhaq@gmail.com> * Apply suggestions from code review Co-authored-by: Ram Vennam <rvennam@us.ibm.com> * Update content/en/docs/reference/config/analysis/ist0134/index.md Co-authored-by: Ram Vennam <rvennam@us.ibm.com> Co-authored-by: Ram Vennam <rvennam@us.ibm.com> * Add blog for zero configuration Istio (#9025) * Add blog for zero configuration Istio The intent here is to show off what Istio provides out of the box, to attempt to counteract some of the reputation Istio has gotten for being over complicated/requiring too many CRDs. * fix links * Address comments * Fix examples for newer kubectl (#9045) * Fix istio.io tests when moving to later kubectl (#9046) * Automator: update istio.io@ reference docs (#9047) * Ignore error on first kiali apply (#9048) * Ignore some errors (#9049) * Fix syntax on local rate limiting (#9044) * Add cross references to virtual machine docs (#8913) * Add cross references to virtual machine docs * Sven's suggestions * Update content/en/docs/ops/diagnostic-tools/virtual-machines/index.md Co-authored-by: Sven Mawson <sven@google.com> Co-authored-by: Sven Mawson <sven@google.com> * update authz troubleshoot common problems (#9043) * update authz troubleshoot common problems * update * Add out-of-mesh server metadata info into telemetry v2 faq. (#9017) * Add out-of-mesh server metadata info into telemetry v2 faq. * Update content/en/faq/metrics-and-logs/telemetry-v1-vs-v2.md Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * reword Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> * Release notes for 1.7.8 (#9054) * Announce EOL for Istio 1.7 (#9005) * Release notes for 1.7.7 * Update content/en/news/releases/1.7.x/announcing-1.7.7/index.md Co-authored-by: Brian Avery <bavery@redhat.com> * update * update * Announce EOL for Istio 1.7 * delay to 02-25 * Delete index.md Co-authored-by: Brian Avery <bavery@redhat.com> Co-authored-by: Pengyuan Bian <bianpengyuan@google.com> Co-authored-by: Sven Mawson <sven@google.com> Co-authored-by: Istio Automation <istio-testing-bot@google.com> Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> Co-authored-by: craigbox <craigbox@google.com> Co-authored-by: John Howard <howardjohn@google.com> Co-authored-by: jacob-delgado <jacob.delgado@volunteers.acasi.info> Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com> Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> Co-authored-by: lei-tang <32078630+lei-tang@users.noreply.github.com> Co-authored-by: Radim Hrazdil <32546791+rhrazdil@users.noreply.github.com> Co-authored-by: Steven Landow <steven@stlcomputerservices.com> Co-authored-by: Kang-Bae <59033920+Kang-Bae@users.noreply.github.com> Co-authored-by: masquee <okayanz@outlook.com> Co-authored-by: Zufar Dhiyaulhaq <zufardhiyaulhaq@gmail.com> Co-authored-by: Ram Vennam <rvennam@us.ibm.com> Co-authored-by: Ryan Baker <ryan.baker@c2fo.com> Co-authored-by: Yangmin Zhu <ymzhu@google.com> Co-authored-by: Jimmy Chen <28548492+JimmyCYJ@users.noreply.github.com> Co-authored-by: Brian Avery <bavery@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reverts #8442
Fixes istio/istio#29483