From 44551d309f6ea6a1b8234741e04b581732eb4346 Mon Sep 17 00:00:00 2001 From: Ryan Zhang Date: Tue, 6 Sep 2022 00:55:44 -0700 Subject: [PATCH] disable serviceImport (#260) Co-authored-by: Ryan Zhang --- pkg/utils/apiresources.go | 7 +++++++ pkg/utils/common.go | 6 +++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/pkg/utils/apiresources.go b/pkg/utils/apiresources.go index 2e7bdbd99..548fb15f7 100644 --- a/pkg/utils/apiresources.go +++ b/pkg/utils/apiresources.go @@ -31,6 +31,12 @@ var ( Kind: "Node", } + serviceImportGVK = schema.GroupVersionKind{ + Group: NetworkingGroupName, + Version: "v1alpha1", + Kind: "ServiceImport", + } + // we use `;` to separate the different api groups apiGroupSepToken = ";" ) @@ -61,6 +67,7 @@ func NewDisabledResourceConfig() *DisabledResourceConfig { r.DisableGroup(coordv1.GroupName) r.DisableGroupVersionKind(corev1PodGVK) r.DisableGroupVersionKind(corev1NodeGVK) + r.DisableGroupVersionKind(serviceImportGVK) return r } diff --git a/pkg/utils/common.go b/pkg/utils/common.go index 745cb3814..043242661 100644 --- a/pkg/utils/common.go +++ b/pkg/utils/common.go @@ -56,6 +56,10 @@ const ( // PlacementFinalizer is used to make sure that we handle gc of placement resources PlacementFinalizer = "work.fleet.azure.com/placement-protection" ) +const ( + // NetworkingGroupName is the group name of the fleet networking + NetworkingGroupName = "networking.fleet.azure.com" +) var ( FleetRule = rbacv1.PolicyRule{ @@ -75,7 +79,7 @@ var ( } FleetNetworkRule = rbacv1.PolicyRule{ Verbs: []string{"*"}, - APIGroups: []string{"networking.fleet.azure.com"}, + APIGroups: []string{NetworkingGroupName}, Resources: []string{"*"}, } // LeaseRule Leases permissions are required for leader election of hub controller manager in member cluster.