Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Risk Mitigation] Create cleanup script for removing redundant ClusterRoleBinding which were previously labeled with managed-by: reconciler #558

Open
1 task
tobiscr opened this issue Dec 6, 2024 · 0 comments
Open
1 task

[Risk Mitigation] Create cleanup script for removing redundant ClusterRoleBinding which were previously labeled with managed-by: reconciler #558

tobiscr opened this issue Dec 6, 2024 · 0 comments
Assignees
@VOID404
Labels
area/control-plane Related to all activities around Kyma Control Plane kind/feature Categorizes issue or PR as related to a new feature.

Comments

@tobiscr
Copy link
Contributor

tobiscr commented Dec 6, 2024
edited
Loading

Description

After migration from provisioner to KIM is completed, we have to remove redundant ClusterRoleBindings which were initially managed by reconciler (marked by the managed-by: provisioner label).

This is the follow-up action of #556 to remove replaced ClusterRoleBindings.

Before the deletion of a ClusterRoleBinding happens, following conditions have to be fulfilled:

  1. Check if an equivalent ClusterRoleBinding exists which is managed by KIM:
    • if YES -> delete CRB and we are done
    • if NO -> go ahead with step 2
  2. If not ClusterRoleBinding exists which is managed by KIM, check in RuntimeCR if the referenced User in CRB is still member of the administrator list.
    • If NO -> delete CRB and we are done
    • if YES -> should never happen! FAILURE case, report error to @kyma-project/framefrog team.

AC:

  • redundant / outdated ClusterRoleBinding with label managed-by: provisioner are removed from SKR if one of the conditions is fulfilled:
    • the same ClusterRoleBinding is provided by KIM
    • the referenced User in the CRB is no longer an administrator (not member of administrator list in RuntimeCR)

Reasons

Remove redundant ClusterRoleBindings from SKRs.

Attachments
@tobiscr tobiscr added kind/feature Categorizes issue or PR as related to a new feature. area/control-plane Related to all activities around Kyma Control Plane labels Dec 6, 2024
@VOID404 VOID404 self-assigned this Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VOID404 VOID404

Labels
area/control-plane Related to all activities around Kyma Control Plane kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@VOID404 @tobiscr