(yunikorn-release) branch master updated: [YUNIKORN-3032] Add explicit permission for storage.k8s.io/volumeattachments [ADDENDUM]

Mon, 03 Mar 2025 08:30:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

ccondit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/yunikorn-release.git


The following commit(s) were added to refs/heads/master by this push:
     new 5a32fbf  [YUNIKORN-3032] Add explicit permission for 
storage.k8s.io/volumeattachments [ADDENDUM]
5a32fbf is described below

commit 5a32fbf70a979d88646a131fd61a8beda9f05d37
Author: Craig Condit <[email protected]>
AuthorDate: Mon Mar 3 10:30:02 2025 -0600

    [YUNIKORN-3032] Add explicit permission for 
storage.k8s.io/volumeattachments [ADDENDUM]
---
 helm-charts/yunikorn/templates/rbac.yaml | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/helm-charts/yunikorn/templates/rbac.yaml 
b/helm-charts/yunikorn/templates/rbac.yaml
index be0ac54..fb24bec 100644
--- a/helm-charts/yunikorn/templates/rbac.yaml
+++ b/helm-charts/yunikorn/templates/rbac.yaml
@@ -18,8 +18,8 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: { { .Values.serviceAccount } }
-  namespace: { { .Release.Namespace } }
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/hook": pre-install
     "helm.sh/hook-weight": "0"
@@ -42,6 +42,8 @@ rules:
   - apiGroups: ["scheduling.k8s.io"]
     resources: ["priorityclasses"]
     verbs: ["get", "watch", "list"]
+  # Ensure permissions for volumeattachments as this was only added to the 
kube-scheduler role in v1.32.
+  # This is required here as long as we support executing on prior releases of 
Kubernetes.
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
     verbs: ["get", "watch", "list"]
@@ -81,8 +83,8 @@ metadata:
     "helm.sh/hook-weight": "2"
 subjects:
   - kind: ServiceAccount
-    name: { { .Values.serviceAccount } }
-    namespace: { { .Release.Namespace } }
+    name: {{ .Values.serviceAccount }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   name: yunikorn-scheduler
@@ -98,8 +100,8 @@ metadata:
     "helm.sh/hook-weight": "2"
 subjects:
   - kind: ServiceAccount
-    name: { { .Values.serviceAccount } }
-    namespace: { { .Release.Namespace } }
+    name: {{ .Values.serviceAccount }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   name: system:kube-scheduler
@@ -115,8 +117,8 @@ metadata:
     "helm.sh/hook-weight": "2"
 subjects:
   - kind: ServiceAccount
-    name: { { .Values.serviceAccount } }
-    namespace: { { .Release.Namespace } }
+    name: {{ .Values.serviceAccount }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   name: system:volume-scheduler
@@ -132,8 +134,8 @@ metadata:
     "helm.sh/hook-weight": "2"
 subjects:
   - kind: ServiceAccount
-    name: { { .Values.serviceAccount } }
-    namespace: { { .Release.Namespace } }
+    name: {{ .Values.serviceAccount }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: Role
   name: yunikorn-scheduler


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to