system-upgrade-controller icon indicating copy to clipboard operation
system-upgrade-controller copied to clipboard
verified publisher icon rancher

fix: system-upgrade-controller-drainer: add missing delete permission for pods in clusterrole

Open damdo opened this issue 1 year ago • 4 comments

fix: system-upgrade-controller-drainer: add missing delete permission for pods in clusterrole

Fixes #319

damdo avatar Jul 21 '24 13:07 damdo

cc. @brandond @SISheogorath

damdo avatar Jul 21 '24 13:07 damdo

cc. @jiaqiluo @bfbachmann

damdo avatar Jul 24 '24 18:07 damdo

I install the system-upgrade-controller via a Helm chart. Then apply the plan via ArgoCD which triggers the upgrade rollout.

damdo avatar Jul 26 '24 13:07 damdo

Hey @damdo - thanks for the PR, I was doing that manually though.But adding delete permissions has a (I think) unwanted effect - pod with a job itself is being killed during/after drain phase.

marcinbojko avatar Aug 10 '24 06:08 marcinbojko

Ahh.. I see. The controller itself does not delete pods, but the kubectl drain command does - and it runs with the controller's serviceaccount rbac.

brandond avatar Aug 29 '24 16:08 brandond