Skip to content

Commit 45c9842

Browse files
lukasmetznerlukasmetzner
authored
refactor: rename ClusterRoleBinding (#1060)
Keeping the same ClusterRoleBinding name causes issues when migrating to the new HCCM version, as the `roleRef` field is immutable. By changing the ClusterRoleBindings name, the migration is seamless for Helm users. Manifest users have to perform an additional cleanup step after the `helm upgrade`.
1 parent fb201c8 commit 45c9842

5 files changed

Lines changed: 15 additions & 5 deletions

File tree

chart/.snapshots/default.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,9 @@ rules:
8484
kind: ClusterRoleBinding
8585
apiVersion: rbac.authorization.k8s.io/v1
8686
metadata:
87-
name: "system:hcloud-cloud-controller-manager"
87+
# The prefix ":restricted" originates from removing the cluster-admin role from HCCM.
88+
# Renaming the ClusterRoleBinding makes the migration easier for users.
89+
name: "system:hcloud-cloud-controller-manager:restricted"
8890
roleRef:
8991
apiGroup: rbac.authorization.k8s.io
9092
kind: ClusterRole

chart/.snapshots/full.daemonset.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,9 @@ rules:
8484
kind: ClusterRoleBinding
8585
apiVersion: rbac.authorization.k8s.io/v1
8686
metadata:
87-
name: "system:hcloud-cloud-controller-manager"
87+
# The prefix ":restricted" originates from removing the cluster-admin role from HCCM.
88+
# Renaming the ClusterRoleBinding makes the migration easier for users.
89+
name: "system:hcloud-cloud-controller-manager:restricted"
8890
roleRef:
8991
apiGroup: rbac.authorization.k8s.io
9092
kind: ClusterRole

chart/templates/clusterrolebinding.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,9 @@
22
kind: ClusterRoleBinding
33
apiVersion: rbac.authorization.k8s.io/v1
44
metadata:
5-
name: "system:{{ include "hcloud-cloud-controller-manager.name" . }}"
5+
# The prefix ":restricted" originates from removing the cluster-admin role from HCCM.
6+
# Renaming the ClusterRoleBinding makes the migration easier for users.
7+
name: "system:{{ include "hcloud-cloud-controller-manager.name" . }}:restricted"
68
roleRef:
79
apiGroup: rbac.authorization.k8s.io
810
kind: ClusterRole

deploy/ccm-networks.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,9 @@ rules:
8484
kind: ClusterRoleBinding
8585
apiVersion: rbac.authorization.k8s.io/v1
8686
metadata:
87-
name: "system:hcloud-cloud-controller-manager"
87+
# The prefix ":restricted" originates from removing the cluster-admin role from HCCM.
88+
# Renaming the ClusterRoleBinding makes the migration easier for users.
89+
name: "system:hcloud-cloud-controller-manager:restricted"
8890
roleRef:
8991
apiGroup: rbac.authorization.k8s.io
9092
kind: ClusterRole

deploy/ccm.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,9 @@ rules:
8484
kind: ClusterRoleBinding
8585
apiVersion: rbac.authorization.k8s.io/v1
8686
metadata:
87-
name: "system:hcloud-cloud-controller-manager"
87+
# The prefix ":restricted" originates from removing the cluster-admin role from HCCM.
88+
# Renaming the ClusterRoleBinding makes the migration easier for users.
89+
name: "system:hcloud-cloud-controller-manager:restricted"
8890
roleRef:
8991
apiGroup: rbac.authorization.k8s.io
9092
kind: ClusterRole

0 commit comments

Comments
 (0)