kubernetes-sigs
update deployment for 1.31
https://github.com/kubernetes/kubernetes/pull/125163 is making the drivers responsible for publishing ResourceSlices and getting the ResourceClaim. The example driver needs to be updated to work with that change.
Furthermore, we need to demonstrate how apiserver access can be limited. See https://github.com/kubernetes/kubernetes/blob/master/test/e2e/dra/test-driver/deploy/example/plugin-permissions.yaml.
We also should document that deployments are expected to limit access to admin access as in https://github.com/kubernetes/kubernetes/blob/master/test/e2e/dra/test-driver/deploy/example/admin-access-policy.yaml
Some relevant documentation:
- https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#additional-metadata-in-pod-bound-tokens (provides the correlation with the node, if I am not mistaken)
/unassign
For some reason, I may not have time to complete this task. If I am free and the task still needs volunteers, I will come back to claim it. sorry for the delay @pohly
should we close this based on https://github.com/kubernetes-sigs/dra-example-driver/pull/50 ?
Yes. Closed by https://github.com/kubernetes-sigs/dra-example-driver/pull/53
Actually, let's reopen this, as not all all of the criteria that @pohly mentions in the issue has been fulfilled. That is to say that basic support for 1.31 has been merged (i.e. it is functional), but it doesn't check all of the boxes that @pohly has for being done the "right" way.
I agree, let's add at least the RBAC rules. I've updated the description with more recent links.