-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't add control-plane DNS permissions with UseServiceAccountIAM #11086
Don't add control-plane DNS permissions with UseServiceAccountIAM #11086
Conversation
Should not be needed; dns-controller should run on the control-plane node so there should not be a bootstrapping problem with the nodes. Reverts kubernetes#10529
cc @rifelpet I'm not quite sure what happened before; dns-controller should have had permissions to set up the DNS names, and it should run on the control-plane. |
/assign @rifelpet I think you have the best context here! |
I'm wondering if this would cause issues when enabling UseServiceAccountIAM on an existing cluster. Do you think this is significant enough of an issue to warrant addressing? |
I made the same change as part of #11088 If you run single-node CP and you roll the CP node, dns-controller is gone anyway. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense 👍🏻
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rifelpet The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Should not be needed; dns-controller should run on the control-plane
node so there should not be a bootstrapping problem with the nodes.
Reverts #10529