Updates webhook cluster role to work with Owner References #4269
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…forcement When running on Kubernetes platforms like OpenShift where the OwnerReferencesPermissionEnforcement is "on" we need to have additional ClusterRole rules added. In particular our knative tooling for our webhooks is assigning the OwnerRef of the (mutating/validating)webhookconfiguration resources to the tekton-pipelines namespace. We need to update the webhooks ClusterRole to allow "delete" for both `mutatingwebhookconfigurations` and `validatingwebhookconfigurations` as well as "update" for `namespaces/finalizers` for the tekton-pipelines namespace.
tekton-robot
added
the
release-note-none
tekton-robot
added
the
size/S
|
/kind bug |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: afrittoli The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
approved
|
/test pull-tekton-pipeline-integration-tests |
|
/lgtm |
nikhil-thomas
added a commit
to nikhil-thomas/tektoncd-operator
that referenced
this pull request
Oct 20, 2021
Add additional permissions to operator based on Pipelines v0.29.0 release. (new permissions from: tektoncd/pipeline pr tektoncd/pipeline#4269) Signed-off-by: Nikhil Thomas <[email protected]>
3 tasks
nikhil-thomas
added a commit
to nikhil-thomas/tektoncd-operator
that referenced
this pull request
Oct 20, 2021
Add additional permissions to operator based on Pipelines v0.29.0 release. (new permissions from: tektoncd/pipeline pr tektoncd/pipeline#4269) Signed-off-by: Nikhil Thomas <[email protected]> (cherry picked from commit ad74963)
This was referenced Oct 20, 2021
tekton-robot
pushed a commit
to tektoncd/operator
that referenced
this pull request
Oct 20, 2021
Add additional permissions to operator based on Pipelines v0.29.0 release. (new permissions from: tektoncd/pipeline pr tektoncd/pipeline#4269) Signed-off-by: Nikhil Thomas <[email protected]>
sm43
pushed a commit
to sm43/tektoncd-operator
that referenced
this pull request
Oct 25, 2021
Add additional permissions to operator based on Pipelines v0.29.0 release. (new permissions from: tektoncd/pipeline pr tektoncd/pipeline#4269) Signed-off-by: Nikhil Thomas <[email protected]>
tekton-robot
pushed a commit
to tektoncd/operator
that referenced
this pull request
Oct 26, 2021
Add additional permissions to operator based on Pipelines v0.29.0 release. (new permissions from: tektoncd/pipeline pr tektoncd/pipeline#4269) Signed-off-by: Nikhil Thomas <[email protected]>
vdemeester
added a commit
to vdemeester/tektoncd-operator
that referenced
this pull request
Oct 29, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
nikhil-thomas
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 2, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
nikhil-thomas
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 2, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
nikhil-thomas
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 2, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
nikhil-thomas
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 2, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
nikhil-thomas
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 3, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 11, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 15, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 16, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 17, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 18, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
nikhil-thomas
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 19, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 22, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 22, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 22, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 23, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 24, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 24, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
4 tasks
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Nov 24, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Dec 9, 2021
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Jan 20, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Jan 28, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Feb 1, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Feb 2, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
3 tasks
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Feb 5, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Feb 7, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Feb 9, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
May 17, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
May 23, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
May 25, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
concaf
pushed a commit
to openshift/tektoncd-operator
that referenced
this pull request
Sep 2, 2022
Backport tektoncd/pipeline#4269 to fix deployment of the webhook on OpenShift. Signed-off-by: Vincent Demeester <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When running on Kubernetes platforms like OpenShift where the OwnerReferencesPermissionEnforcement is "on" we need to have additional ClusterRole rules added. In particular the knative tooling for our webhooks is assigning the OwnerRef of the (mutating/validating)webhookconfiguration resources to the tekton-pipelines namespace.
Fixes #4258
Changes
We need to update the webhooks ClusterRole to allow "delete" for both
mutatingwebhookconfigurationsandvalidatingwebhookconfigurationsas well as "update" fornamespaces/finalizersfor the tekton-pipelines namespace.Submitter Checklist
As the author of this PR, please check off the items in this checklist:
functionality, content, code)
Release Notes