Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ClusterRole): Add RBAC rule to allow access to LimitRange #588

Conversation

Bhargav-InfraCloud
Copy link
Contributor

@Bhargav-InfraCloud Bhargav-InfraCloud commented Jan 15, 2024

Provide a description of what has been changed

Allow keda-operator to access the LimitRange resources in the cluster. The operator requires this to validate whether the default limits are available on the container in case of using CPU/memory triggers.

This is to sync the chart with changes in kedacore/keda#5377

Checklist

Relates to kedacore/keda#5348

Allow keda-operator to access the LimitRange resources in the cluster.
The operator requires this to validate whether the default limits are
available on the container in case of using CPU/memory triggers.

Signed-off-by: Bhargav Ravuri <bhargav.ravuri@infracloud.io>
@Bhargav-InfraCloud Bhargav-InfraCloud changed the title WIP: feat(ClusterRole): Add RBAC rule to allow access to LimitRange feat(ClusterRole): Add RBAC rule to allow access to LimitRange Jan 16, 2024
@Bhargav-InfraCloud Bhargav-InfraCloud marked this pull request as ready for review January 16, 2024 09:13
@Bhargav-InfraCloud Bhargav-InfraCloud requested a review from a team as a code owner January 16, 2024 09:13
@tomkerkhove
Copy link
Member

@JorTurFer What do you think about this PR? I don't have much RBAC experience, unfortunately

@JorTurFer
Copy link
Member

@JorTurFer What do you think about this PR? I don't have much RBAC experience, unfortunately

It's okey IMO. Let's wait until this question is okey and if it's, this is too

@tomkerkhove tomkerkhove merged commit 7cf99c4 into kedacore:main Jan 17, 2024
37 checks passed
@JorTurFer
Copy link
Member

JorTurFer commented Jan 17, 2024

We have merged this without the feature: kedacore/keda#5377

@Bhargav-InfraCloud
Copy link
Contributor Author

Thanks @JorTurFer @tomkerkhove :-)

JorTurFer pushed a commit to guicholeo/keda that referenced this pull request Jan 18, 2024
…acore#588)

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
JorTurFer added a commit that referenced this pull request Jan 30, 2024
…uing KEDA TLS certificates (#530)

* feat(keda): ✨ Allow providing own cert-manager issuer in TLS certificate

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* docs(keda): 📝 Generate Helm docs

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix(keda): 🐛 Inject CA from cert-manager Certificate when providing own Issuer

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* refactor(keda): ♻️ Refactor values format

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* revert(keda): ⏪ Revert unnecessary auto-formatting

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore: Improve the CI on PRs to be more efficient (#540)

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix(http-add-on): Refactor the chart for next version (#523)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* feat(add-on): Supporting streamInterval configuration (#541)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore(add-on): Ship Release 0.6.0 (#543)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore: update versions in README.md (#546)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* feat: update crd to allow vault secret to handle write operation (#548)

Signed-off-by: Loïs Postula <lois@postu.la>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix the svc name of webhook to avoid breaking istio (#551)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Show only logs with a severity level of ERROR or higher in the stderr (#506)

Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Support profiling for keda components (#549)

Signed-off-by: yuval weber <yuval199985@gmail.com>
Signed-off-by: unknown <yuval199985@gmail.com>
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix TriggerAuthentication - added configuration for validation webhook (#553)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix: Declare missing port in KEDA operator (#552)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Allow image registry override for all keda components (#557)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* docs: Clarify that contributors do not have to ship Helm chart (#573)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* add  disable-compression arg for both operator and metrics-server (#554)

Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* feat: Introduce CloudEventSources CRD and adding ClusterName parameter (#572)

* Add CloudEventSources Crd and ClustetName Parameter

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Update

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Update

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Update keda/values.yaml

Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Fix

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Update

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Revert unnecessary update

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

---------

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* store 2.12.1 package at `main` (#577)

Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix: restore http-add-on chart 0.6.0 indexing (#579)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix(add-on): Use 'main' tag for KEDA installation during CI (#582)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* set securityContext for http-add-on chart (#561)

Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix http-add-on operator resources (#567)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix http-add-on verbosity configuration (#568)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore: Adjust RBAC with code (#585)

* chore: Adjust RBAC with code

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>

* fix typo

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>

---------

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix: Don't recreate CA with 8 months until it expires (#586)

Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* feat(ClusterRole): Add RBAC rule to allow access to `LimitRange` (#588)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* remove not required insecureSkipTLSVerify (#564)

Signed-off-by: Frank Kloeker <f.kloeker@telekom.de>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Update templates/webhooks deployment (#590)

Align deployment for extraVolumes and extraVolumesMount for fix problem Error: YAML parse error on keda/templates/webhooks/deployment.yaml: error converting YAML to JSON: yaml: line 96: did not find expected key

Signed-off-by: ferndem <39851927+ferndem@users.noreply.github.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix Prometheus metrics handling for the operator. (#555)

The current state of the Helm chart is slightly confusing, because:
- There's no easy way to really disable prometheus metrics --
  `--enable-prometheus-metrics` defaults to true anthe current code
  either emits `--enable-prometheus-metrics=true` or nothing at all
  (making it `true` once again).
- The `http` container port is actually a `metrics` port (by convention
  from .e.g. webhook), but is present regardless of whether Prometheus
  metrics are enabled or not. To make it less confusing, this PR
  proposes renaming it.

Signed-off-by: Milan Plzik <milan.plzik@grafana.com>
Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix Remove app.kubernetes.io/instance label in crd (#556)

Signed-off-by: choisungwook <kgg1959@naver.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Support crd-specific annotations (#584)

* support crd-specific annotations

Signed-off-by: Adam Walford <adamw@speechmatics.com>

* update readme

Signed-off-by: Adam Walford <adamw@speechmatics.com>

* update docs using helm-docs

Signed-off-by: Adam Walford <adamw@speechmatics.com>

---------

Signed-off-by: Adam Walford <adamw@speechmatics.com>
Co-authored-by: Adam Walford <adamw@speechmatics.com>
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Add ciliumnetworkpolicies (#558)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Add tlsConfig for ServiceMonitor (#591)

Co-authored-by: guicholeo <leo.sanchez@resideo.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Release 2.13.0 (#593)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix: Ship v2.13.1 with missing RoleBinding (#595)

Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore(add-on): Apply HTTP Add-on changes on Helm chart (#598)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore(add-on): Release v0.7.0 (#599)

Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* refactor: Unify cert-manager annotations

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

---------

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>
Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
Signed-off-by: Loïs Postula <lois@postu.la>
Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com>
Signed-off-by: yuval weber <yuval199985@gmail.com>
Signed-off-by: unknown <yuval199985@gmail.com>
Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Signed-off-by: Frank Kloeker <f.kloeker@telekom.de>
Signed-off-by: ferndem <39851927+ferndem@users.noreply.github.com>
Signed-off-by: Milan Plzik <milan.plzik@grafana.com>
Signed-off-by: choisungwook <kgg1959@naver.com>
Signed-off-by: Adam Walford <adamw@speechmatics.com>
Co-authored-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>
Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Co-authored-by: Loïs Postula <lois@postu.la>
Co-authored-by: Roy Gao <137811914+congzhegao@users.noreply.github.com>
Co-authored-by: Adarsh Verma <113962919+Adarsh-verma-14@users.noreply.github.com>
Co-authored-by: yuval weber <yuval199985@gmail.com>
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Co-authored-by: Radek Fojtik <68660951+radekfojtik@users.noreply.github.com>
Co-authored-by: Quentin Bisson <quentin.bisson@gmail.com>
Co-authored-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com>
Co-authored-by: Frank Kloeker <eumel@arcor.de>
Co-authored-by: Andrew <35912177+aballman@users.noreply.github.com>
Co-authored-by: Bhargav Ravuri <bhargav.ravuri@infracloud.io>
Co-authored-by: ferndem <39851927+ferndem@users.noreply.github.com>
Co-authored-by: Milan Plžík <4592597+mplzik@users.noreply.github.com>
Co-authored-by: choisungwook <sungwook0724@lguplus.co.kr>
Co-authored-by: Adam Walford <34867732+awalford16@users.noreply.github.com>
Co-authored-by: Adam Walford <adamw@speechmatics.com>
Co-authored-by: guicholeo <leo.sanchez@resideo.com>
Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com>
@Bhargav-InfraCloud Bhargav-InfraCloud deleted the br_add_rbac_access_for_limitrange branch March 11, 2024 18:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants