-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: impersonate KGO RBACs with make _run
#740
base: main
Are you sure you want to change the base?
Conversation
make run
db236e0
to
5a75aff
Compare
@pmalek I've addressed both of your comments. Now the target copies the KUBECONFIG into a tmp folder, and sets the new context. Such a TMP_KUBECONFIG is used in _run. Also, the impersonation is a prerequisite to _run. |
make run
make _run
5a75aff
to
74209ec
Compare
Signed-off-by: Mattia Lavacca <[email protected]>
74209ec
to
1029a53
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor whitespace nit. Otherwise 👍
Co-authored-by: Patryk Małek <[email protected]>
Signed-off-by: Mattia Lavacca <[email protected]>
@@ -497,20 +497,28 @@ webhook-certs-dir: | |||
_ensure-kong-system-namespace: | |||
@kubectl create ns kong-system 2>/dev/null || true | |||
|
|||
TMP_DIR := $(shell mktemp -d) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just realized this: this will cause a new temp dir to be created every time make
is called right? Can we put this into impersonate-kgo
to prevent this?
What this PR does / why we need it:
When running
make run
, a new context that uses the KGO RBACs is set and used. This way,make run
will allow us to properly test with the actual KGO RBACs, instead of using the admin user.Which issue this PR fixes
Fixes #
Special notes for your reviewer:
PR Readiness Checklist:
Complete these before marking the PR as
ready to review
:CHANGELOG.md
release notes have been updated to reflect significant changes