flink-kubernetes-operator icon indicating copy to clipboard operation
flink-kubernetes-operator copied to clipboard

Published 20 hours ago verified publisher icon apache

[FLINK-35937] RBAC cleanup

Open timsn opened this issue 6 months ago • 0 comments

What is the purpose of the change

In further research and testing with Kyverno I figured out that some apiGroups seem to be invalid and I removed them with this PR.

It seems that the "extensions" apiGroups does not exist on our recent cluster (Kubernetes 1.29.4). I'm not sure but it might be related to these deprecation notices: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#deployment-v116

Same holds for the "finalizers" resources. They do not seem to exist anymore and lead to problems with our deployment. So I also removed them.

To complete the verb list I also added "deleteCollections" where applicable.

Ref: https://issues.apache.org/jira/projects/FLINK/issues/FLINK-35310

Brief change log

  • Remove "invalid" RBAC apiGroups and resouces
  • Replace another occurence of wildcard ("*") verbs with the actual verbs

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

  • Dependencies (does it add or upgrade a dependency): no
  • The public API, i.e., is any changes to the CustomResourceDescriptors: no
  • Core observer or reconciler logic that is regularly executed: no

Documentation

  • Does this pull request introduce a new feature? no
  • If yes, how is the feature documented? not applicable

Please take a look and validate if my changes regarding the extensions and finalizers make sense to you.

timsn avatar Jul 31 '24 09:07 timsn