Generating permissions into permissions instead of clusterPermissions #6100
Comments
|
@theishshah I can look into this |
|
hi @stanislavulrych You can achieve what you want by setting an arbitrary namespace in the kubebuilder rbac annotations. For example, if you want an operator to be able to create statefulsets and pods at the namespace level, it would look like shown below: Notice I have namespace set to While doing this will allow the cluster roles to be made to be roles, they would not be added to Full path should take the pattern, |
|
Hi @OchiengEd, thank you for the answer. I have tried that and it really generates I just do not understand, why these permissions are not added to |
|
@stanislavulrych Not sure of the reason for this behavior. At this time, the issue has been marked as a bug and I believe Jesus will be looking into why the decision was made to have it as a separate file before any action can be taken. |
|
hey @stanislavulrych, are you completely blocked by this issue? If so, will it be possible for you to manually edit the |
|
@tlwu2013 so far, I am building the operators without any manual steps, which is the reason why I opened this issue - it is possible to edit the CSV manually, however, you might understand that it somehow complicates the automated pipelines for the build. |
|
/unassign jmrodri |
|
Hi Everyone! There's any idea on continue the work on this issue? The other idea is to add a Any other idea on this? |
|
Operator SDK should already handle this automatically if you have a |
|
Hi everyone and @joelanford , in the later versions of operator-sdk, the documentation was greatly improved (thanks everyone involved for that!). By properly following the instructions in and https://sdk.operatorframework.io/docs/building-operators/golang/crds-scope/ I solved the problem of generating permissions instead of clusterpermissions. There is now really nothing to be added to those steps and the description is very informative. As described in the above, there is one manual step needed:
However, since Thus,I am closing this. |
Type of question
Open question
Question
The permissions for the go based operator are generated from kubebuilder annotations in controllers code. By default, the permissions are generated into
(csv).spec.install.spec.clusterPermissionsWhat did you expect to see?
I would like to have the permissions listed in
(csv).spec.install.spec.permissionsIs there a way how to modify the kubebuilder annotations to do so?
Environment
Operator type:
Kubernetes cluster type:
OpenShift
$ operator-sdk versionoperator-sdk version: "v1.23.0", commit: "1eaeb5adb56be05fe8cc6dd70517e441696846a4", kubernetes version: "1.24.2", go version: "go1.18.5", GOOS: "linux", GOARCH: "amd64"$ go version(if language is Go)go version go1.18.7 linux/amd64$ kubectl versionClient Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"04ad1b56880418de7bd6feb9ff37a8518fbc1a0e", GitTreeState:"clean", BuildDate:"2022-05-12T09:52:02Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}The text was updated successfully, but these errors were encountered: