(yunikorn-release) branch master updated: [YUNIKORN-3032] Add explicit permission for storage.k8s.io/volumeattachments (#189)

Mon, 03 Mar 2025 08:00:42 -0800 

This is an automated email from the ASF dual-hosted git repository.

ccondit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/yunikorn-release.git


The following commit(s) were added to refs/heads/master by this push:
     new 9ca32bc  [YUNIKORN-3032] Add explicit permission for 
storage.k8s.io/volumeattachments (#189)
9ca32bc is described below

commit 9ca32bc82cf8c1dcfbe3e523c26bbb1099ae956e
Author: Craig Condit <[email protected]>
AuthorDate: Mon Mar 3 09:58:35 2025 -0600

    [YUNIKORN-3032] Add explicit permission for 
storage.k8s.io/volumeattachments (#189)
    
    Closes: #189
---
 helm-charts/yunikorn/templates/rbac.yaml | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/helm-charts/yunikorn/templates/rbac.yaml 
b/helm-charts/yunikorn/templates/rbac.yaml
index dc1d987..c461358 100644
--- a/helm-charts/yunikorn/templates/rbac.yaml
+++ b/helm-charts/yunikorn/templates/rbac.yaml
@@ -18,8 +18,8 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.serviceAccount }}
-  namespace: {{ .Release.Namespace }}
+  name: { { .Values.serviceAccount } }
+  namespace: { { .Release.Namespace } }
   annotations:
     "helm.sh/hook": pre-install
     "helm.sh/hook-weight": "0"
@@ -42,6 +42,11 @@ rules:
   - apiGroups: ["scheduling.k8s.io"]
     resources: ["priorityclasses"]
     verbs: ["get", "watch", "list"]
+  # Ensure permissions for volumeattachments as this was only added to the 
kube-scheduler role in v1.32.
+  # This is required here as long as we support executing on prior releases of 
Kubernetes.
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "watch", "list"]
   - apiGroups: [""]
     resources: ["pods"]
     verbs: ["get", "watch", "list", "create", "patch", "update", "delete"]
@@ -78,8 +83,8 @@ metadata:
     "helm.sh/hook-weight": "2"
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.serviceAccount }}
-    namespace: {{ .Release.Namespace }}
+    name: { { .Values.serviceAccount } }
+    namespace: { { .Release.Namespace } }
 roleRef:
   kind: ClusterRole
   name: yunikorn-scheduler
@@ -95,8 +100,8 @@ metadata:
     "helm.sh/hook-weight": "2"
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.serviceAccount }}
-    namespace: {{ .Release.Namespace }}
+    name: { { .Values.serviceAccount } }
+    namespace: { { .Release.Namespace } }
 roleRef:
   kind: ClusterRole
   name: system:kube-scheduler
@@ -112,8 +117,8 @@ metadata:
     "helm.sh/hook-weight": "2"
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.serviceAccount }}
-    namespace: {{ .Release.Namespace }}
+    name: { { .Values.serviceAccount } }
+    namespace: { { .Release.Namespace } }
 roleRef:
   kind: ClusterRole
   name: system:volume-scheduler
@@ -129,8 +134,8 @@ metadata:
     "helm.sh/hook-weight": "2"
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.serviceAccount }}
-    namespace: {{ .Release.Namespace }}
+    name: { { .Values.serviceAccount } }
+    namespace: { { .Release.Namespace } }
 roleRef:
   kind: Role
   name: yunikorn-scheduler


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to