This is an automated email from the ASF dual-hosted git repository.
kaihsun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git
The following commit(s) were added to refs/heads/master by this push:
new e30641a SUBMARINE-804. Modify the apiGroup field in rbac.yaml
e30641a is described below
commit e30641a145b384e52df511c3b7a9c2fa4e30f59b
Author: Kai-Hsun Chen <[email protected]>
AuthorDate: Sun Apr 25 11:27:44 2021 +0800
SUBMARINE-804. Modify the apiGroup field in rbac.yaml
### What is this PR for?
As shown in
[rbac.yaml:83](https://github.com/apache/submarine/blob/2faebb8efd69833853f62d89b4f1fea1b1718148/helm-charts/submarine/templates/rbac.yaml#L83),
the value of apiGroup is "".
However, the value of apiGroup in all of the following examples is
"rbac.authorization.k8s.io".
Ref1: [Kubernetes official
guide](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#clusterrolebinding-example)
Ref2:
[kube-lego](https://github.com/jetstack/kube-lego/blob/master/examples/gce/lego/cluster-role-binding.yaml)
(Github Star: 2.2k)
Ref3:
[redis-operator](https://github.com/spotahome/redis-operator/blob/b3dad57f5c4c94fe48824deacf391ab82232b3d5/charts/redisoperator/templates/rbac.yaml#L100)
(Github Star: 672)
### What type of PR is it?
[Improvement]
### Todos
### What is the Jira issue?
https://issues.apache.org/jira/browse/SUBMARINE-804
### How should this be tested?
### Screenshots (if appropriate)
* (apiGroup = "") `kubectl describe clusterrolebinding submarine-server`
<img width="793" alt="without_change"
src="https://user-images.githubusercontent.com/20109646/115979711-04ebe280-a5ba-11eb-94f2-3d271278955a.png";>
* (apiGroup = rbac.authorization.k8s.io) `kubectl describe
clusterrolebinding submarine-server`
<img width="807" alt="rbac"
src="https://user-images.githubusercontent.com/20109646/115979646-b0486780-a5b9-11eb-8652-98c9d0f1b4a7.png";>
With these two figures, the value of apiGroup seems to have no effect on
ClusterRoleBinding submarine-server. Nevertheless, I have never seen any
project use "" as the value of ClusterRole apiGroup.
### Questions:
* Do the license files need updating? No
* Are there breaking changes for older versions? No
* Does this need new documentation? No
Author: Kai-Hsun Chen <[email protected]>
Signed-off-by: Kai-Hsun Chen <[email protected]>
Closes #565 from kevin85421/SUBMARINE-804 and squashes the following
commits:
2b900c9e [Kai-Hsun Chen] SUBMARINE-804. Modify the apiGroup field in
rbac.yaml
---
helm-charts/submarine/templates/rbac.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/helm-charts/submarine/templates/rbac.yaml
b/helm-charts/submarine/templates/rbac.yaml
index 1fc6526..4cefce9 100644
--- a/helm-charts/submarine/templates/rbac.yaml
+++ b/helm-charts/submarine/templates/rbac.yaml
@@ -80,4 +80,4 @@ subjects:
roleRef:
kind: ClusterRole
name: "{{ .Values.submarine.server.name }}"
- apiGroup: ""
+ apiGroup: rbac.authorization.k8s.io
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
![https://user-images.githubusercontent.com/20109646/115979711-04ebe280-a5ba-11eb-94f2-3d271278955a.png"](https://user-images.githubusercontent.com/20109646/115979711-04ebe280-a5ba-11eb-94f2-3d271278955a.png"){kind=link}
![https://user-images.githubusercontent.com/20109646/115979646-b0486780-a5b9-11eb-8652-98c9d0f1b4a7.png"](https://user-images.githubusercontent.com/20109646/115979646-b0486780-a5b9-11eb-8652-98c9d0f1b4a7.png"){kind=link}