Move service operator RBAC from runtime bindata to OLM bundle by dprince · Pull Request #1965 · openstack-k8s-operators/openstack-operator · GitHub
Skip to content

Move service operator RBAC from runtime bindata to OLM bundle#1965

Open
dprince wants to merge 1 commit into
openstack-k8s-operators:mainfrom
dprince:rbac_olm
Open

Move service operator RBAC from runtime bindata to OLM bundle#1965
dprince wants to merge 1 commit into
openstack-k8s-operators:mainfrom
dprince:rbac_olm

Conversation

@dprince

@dprince dprince commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Instead of applying service operator ClusterRoles, ClusterRoleBindings, Roles, RoleBindings, and ServiceAccounts at runtime via bindata, generate them during sync-bindata.sh and stage them into the OLM bundle at bundle build time. This removes the need for the openstack-operator to hold wildcard clusterrole/clusterrolebinding permissions and narrows the remaining role/rolebinding RBAC to specific verbs.

Instead of applying service operator ClusterRoles, ClusterRoleBindings,
Roles, RoleBindings, and ServiceAccounts at runtime via bindata, generate
them during sync-bindata.sh and stage them into the OLM bundle at
bundle build time. This removes the need for the openstack-operator to
hold wildcard clusterrole/clusterrolebinding permissions and narrows
the remaining role/rolebinding RBAC to specific verbs.
@openshift-ci openshift-ci Bot requested review from abays and stuggi July 1, 2026 13:25
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@openshift-ci openshift-ci Bot added the approved label Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

OpenStackControlPlane CRD Size Report

Metric Value
CRD JSON size 350002 bytes (342KB)
Base branch size 350002 bytes
Change +0.00%
Status yellow — growing
Threshold reference
Color Range Meaning
🟢 green < 300KB Comfortable
🟡 yellow 300–400KB Growing
🟠 orange 400–750KB Concerning
🔴 red > 750KB Approaching 1.5MB etcd limit (cut in half to allow space for update)

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@dprince: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/openstack-operator-build-deploy-kuttl-4-18 b0d86fb link true /test openstack-operator-build-deploy-kuttl-4-18

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@centosinfra-prod-github-app

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant