helm: add volumeattributesclasses RBAC to ctrlplugin ClusterRoles#496
Open
Diaoul wants to merge 1 commit into
Open
helm: add volumeattributesclasses RBAC to ctrlplugin ClusterRoles#496Diaoul wants to merge 1 commit into
Diaoul wants to merge 1 commit into
Conversation
Author
|
☝️ Claude lied here, I did not try the fix but I'm fairly confident it will work. |
Collaborator
|
@Diaoul Thanks for the changes, can you please fix the DCO failure |
PR ceph#401 added volumeattributesclasses to config/csi-rbac/ manifests but missed the helm chart templates. The csi-resizer sidecar (v2.0.0+) watches VolumeAttributesClass resources and logs errors repeatedly when the permission is absent. Add the missing storage.k8s.io/volumeattributesclasses get/list/watch rule to the rbd, cephfs, and nfs ctrlplugin ClusterRole templates, matching the upstream config/csi-rbac sources. Fixes ceph#495 Signed-off-by: Antoine Bertin <antoine@bertin.io>
Diaoul
force-pushed
the
fix/helm-volumeattributesclasses-rbac
branch
from
93fbe08 to
f4ad4ec
Compare
Author
|
@Madhu-1 should be good now |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
PR #401 added
volumeattributesclassestoconfig/csi-rbac/manifests but missed the helm chart templates underdeploy/charts/ceph-csi-drivers/templates/. As a result, the deployed ClusterRoles are missing the permission and thecsi-resizersidecar (v2.0.0+) logs errors repeatedly:Tracked in #495.
Fix
Add the missing
storage.k8s.io/volumeattributesclassesget/list/watchrule to therbd,cephfs, andnfsctrlplugin ClusterRole helm templates, matching the existing entries inconfig/csi-rbac/.Testing
Verified the generated ClusterRole includes
volumeattributesclassesand errors stop after applying the fix.