Bi-Gen opened a new pull request, #200: URL: https://github.com/apache/openserverless-task/pull/200
## Summary The deployer (admin-api builder) requires RBAC access to `secrets` and `pods` resources that are missing from the current `nuvolaris-wsku-role` definition. Mirrors apache/openserverless-operator#101 — keeping both copies of the file in sync. ## Added rules **Secrets** (full CRUD): - `build_service.py`: `create_registry_secret()` for docker registry auth, `get_secret()` to read registry credentials, `delete_secret()` to clean up after build **Pods and pods/log** (read-only): - `kube_api_client.py`: `get_pod_by_job_name()` to find the buildkit job pod, `stream_pod_logs()` to monitor build progress, `get_pod()` to check pod status ## Test plan - [x] Tested on k3s cluster (lorenzo1.hz.nuvolaris.dev) - [x] Without these permissions the builder fails with RBAC errors - [x] With these permissions: full deployer pipeline works (build, push, deploy) - [x] Cotemar pipeline (6 stages, custom runtime) deployed successfully - [x] Running in production for 3 weeks Related: nuvolaris/projects#409 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
