helm: Grant the cilium-operator pod:delete permissions by default #32597
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cilium-operator requires the pod:delete permission to manage [core|kube]dns pods that are managed by cilium.
These pods are only managed by cilium if disableEndpointCRD is false.
disableEndpointCRD
is false by default, but the operator doesn't get the permission unless you explicitly setdisableEndpointCRD
to false. This is very unintuitive; I would expect that setting something tofalse
that isfalse
by default should be a noop.This PR simply removes the explicit
hasKey
check and leaves the key value checks in, which should be the only ones that matter anyway.Looks like this check was originally introduced in f612c97 which I think had the right idea – this permission should only exist when delete is needed – but it shouldn't require a user to explicitly re-set a default.
Before this change, with default values:
After this change, with default values:
Explicitly setting
disableEndpointCRD
totrue
removes thedelete
permission.description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: <commit-id>
tag, thenplease add the commit author[s] as reviewer[s] to this issue.