-
Notifications
You must be signed in to change notification settings - Fork 40.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
select an RBAC version for kubefed it knows how to speak #50537
Conversation
Thanks! To clarify the clientset that kubefed is using needs to know about these versions (for ex: be able to convert internal Role struct to v1.Role struct). kubefed does not have any version specific logic, right? |
@@ -285,27 +288,47 @@ func getRBACVersion(discoveryclient discovery.CachedDiscoveryInterface) (*schema | |||
return nil, fmt.Errorf("Couldn't get clientset to create RBAC roles in the host cluster: %v", err) | |||
} | |||
|
|||
// These are the RBAC versions we can speak | |||
knownVersions := map[schema.GroupVersion]bool{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a generic problem we need to solve for all API resources that kubefed creates.
Filed #50540
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you do discovery the same way for other resources, and work with internal versions and expect to be able to convert to the server's preferred version?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we try to discover group versions for other resources. However, we do work with internal versions the same way, but that doesn't qualify to this list I guess.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So at other places, we assume that the server supports a specific version (like extensions/v1beta1.Deployments?). Why not do the same here?
Whenever we will add a new version, we will likely miss adding it here anyways.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably because kubefed tried to support clusters with only alpha or only beta RBAC. I'm not opposed to fixing the version to v1beta1 for now, and moving to v1 later when v1beta1 is deprecated, though I'd keep this PR and the associated pick small, then change approaches going forward in 1.8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doing it as a follow up sgtm
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, nikhiljindal Associated issue: 50534 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Exactly, it's all about the conversion. Your choices are either to work with external versions (like kubectl does when it just passes through a manifest given to it with |
/test all [submit-queue is verifying that this PR is safe to merge] |
@liggitt: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Unrelated unit test failure. /retest |
Automatic merge from submit-queue (batch tested with PRs 50537, 49699, 50160, 49025, 50205) |
Commit found in the "release-1.7" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
kubefed tries to speak whatever version of RBAC the server has, regardless of whether it knows about that version or not. the version discovery it does has to select a version both it and the server speak.
related to #50534