Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default release namespace for namespaced rbac #579

Merged
merged 20 commits into from
Sep 4, 2024
Merged

Default release namespace for namespaced rbac #579

merged 20 commits into from
Sep 4, 2024

Conversation

ashleywang1
Copy link
Contributor

@ashleywang1 ashleywang1 commented Aug 22, 2024
edited by solo-changelog-bot bot
Loading

Description

In https://github.com/solo-io/gloo-mesh-enterprise/pull/17198, we added Pods, ConfigMaps, and Secrets to the DashboardInputSnapshot, which caused the gloo-mesh-ui to begin reading all of these resources from all namespaces in the mgmt-cluster. We intended to only allow these resources to be read from the 'gloo-mesh' namespace, but the NamespacedRbac requires you to pass in glooUi.namespacedRbac values in order to activate that feature.

By default, we want to set the glooUi.namespacedRbac.resources values, and no glooUi.namespacedRbac.namespaces value. Then we want to make a skv2 change so that if glooUi.namespacedRbac.namespaces is empty but glooUi.namespacedRbac.resources is not, we default to the Release.Namespace.
BOT NOTES:
resolves https://github.com/solo-io/gloo-mesh-enterprise/issues/15739

@solo-changelog-bot
Copy link

Issues linked to changelog:
https://github.com/solo-io/gloo-mesh-enterprise/issues/15739

@ashleywang1 ashleywang1 added the work in progress This pr is still being worked on label Aug 22, 2024
@conradhanson
Copy link
Contributor

Instead of altering these templates, why don't we just set defaults in GME's gloo-platform helm chart? Default being the 3 resources we need along with the release namespace for glooUi.namespacedRbac.

@ashleywang1 ashleywang1 removed the work in progress This pr is still being worked on label Aug 30, 2024
@ashleywang1
Copy link
Contributor Author

Instead of altering these templates, why don't we just set defaults in GME's gloo-platform helm chart? Default being the 3 resources we need along with the release namespace for glooUi.namespacedRbac.

We can't set the release namespace by default in the gloo-platform helm chart - see https://github.com/solo-io/gloo-mesh-enterprise/issues/15739#issuecomment-2313169671

jehawley
jehawley previously approved these changes Aug 30, 2024
View reviewed changes
@ashleywang1 ashleywang1 requested a review from jehawley September 4, 2024 14:00
conradhanson
conradhanson approved these changes Sep 4, 2024
View reviewed changes
Copy link
Contributor

@conradhanson conradhanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@ashleywang1 ashleywang1 removed the request for review from jehawley September 4, 2024 22:24
@soloio-bulldozer soloio-bulldozer bot merged commit 4f24776 into main Sep 4, 2024
3 checks passed
@soloio-bulldozer soloio-bulldozer bot deleted the ashleywang1/default-release-namespace-for-namespaced-rbac branch September 4, 2024 22:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josh-pritchard josh-pritchard josh-pritchard approved these changes

@conradhanson conradhanson conradhanson approved these changes

@jehawley jehawley jehawley left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ashleywang1 @conradhanson @jehawley @josh-pritchard