Add user-facing role definitions for Envoy Gateway and Gateway API #4532
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #4532 +/- ##
==========================================
- Coverage 65.72% 65.45% -0.27%
==========================================
Files 211 211
Lines 31669 31858 +189
==========================================
+ Hits 20813 20854 +41
- Misses 9656 9759 +103
- Partials 1200 1245 +45 ☔ View full report in Codecov by Sentry. |
|
@evankanderson Thanks for adding this. The |
| rules: | ||
| - apiGroups: ["gateway.networking.k8s.io", "gateway.envoyproxy.io"] | ||
| resources: ["*"] | ||
| verbs: ["create", "update", "patch", "delete"] |
There was a problem hiding this comment.
Should the edit role also be able to view(get list watch) the resources?
There was a problem hiding this comment.
Should we also allow deletecollection ?
There was a problem hiding this comment.
Good points! Added.
|
Updated, sorry for the delay! |
evankanderson
force-pushed
the
add-viewer-editor
branch
2 times, most recently
from
0997956
to
2c9a80b
Compare
Signed-off-by: Evan Anderson <[email protected]>
Signed-off-by: Evan Anderson <[email protected]>
Signed-off-by: Evan Anderson <[email protected]>
evankanderson
force-pushed
the
add-viewer-editor
branch
from
2c9a80b
to
5468f84
Compare
|
... and fixed whatever happened with merges and DCO that made the DCO-bot mad. |
What type of PR is this?
feat: Add admin/edit/view namespaced rolebindings for gateway.networking.k8s.io and gateway.envoyproxy.io resources
What this PR does / why we need it:
Adds cluster roles which aggregate to the built-in user-facing cluster roles to allow users with namespace-level
admin,edit, orviewpermissions to view the appropriate Gateway API resources.Which issue(s) this PR fixes:
I didn't open an issue, but with the default helm chart install and
viewon a namespace, I get the following error:Release Notes: Yes