wip: feat: document required permissions#5725
wip: feat: document required permissions#5725wcrum wants to merge 1 commit intokubernetes-sigs:mainfrom
Conversation
Co-Authored-By: stefanSpectro <154267435+stefanspectro@users.noreply.github.com>
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
kind/documentation
k8s-ci-robot
added
do-not-merge/release-note-label-needed
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Welcome @wcrum! |
|
Hi @wcrum. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
needs-ok-to-test
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5725 +/- ##
=======================================
Coverage 52.83% 52.84%
=======================================
Files 278 278
Lines 29610 29610
=======================================
+ Hits 15645 15647 +2
+ Misses 13148 13146 -2
Partials 817 817 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
5 participants
What type of PR is this?
/kind documentation
What this PR does / why we need it:
Currently CAPZ does not have any documentation on minimally required permissions for clusters provisioned statically or dynamically for both IaaS and AKS Clusters.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Addresses #5426
Special notes for your reviewer:
Other CAPI Providers document or have ways to document required permissions, but all of them seem to be "statically" generated in nature.
https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/f885d926ee16ad1eb13d2f36c5ffa744cd63a029/cmd/clusterawsadm/cmd/bootstrap/iam/iam_doc.go#L31-L87
CAPA does this by having a specific command in which takes an Array and converts it into a blog that is AWS IAM ready.
TODOs:
Release note: