Skip to content

Add rbac for ironic-operator creating namespaces#696

Open
steveb wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
steveb:gc-rbac
Open

Add rbac for ironic-operator creating namespaces#696
steveb wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
steveb:gc-rbac

Conversation

@steveb
Copy link
Copy Markdown
Collaborator

@steveb steveb commented Mar 31, 2026
edited
Loading

Describe your changes

The graphical consoles feature will create the namespace openstack-ironic-consoles which Ironic will use to create the graphical console pods.

To do this, ironic-operator needs rbac rules to create and manage (not delete) namespaces. This is proposed as a standalone change because it needs to be packaged in the openstack-operator bundle before ironic-operator can use it.

For precedence of this change, openstack-operator has the ability to manage every aspect of namespaces: https://github.com/openstack-k8s-operators/openstack-operator/blob/main/config/rbac/role.yaml#L27-L32

Jira: OSPRH-20211

Checklist before requesting a review

  • I have performed a self-review of my code and confirmed it passes tests
  • Performed pre-commit run --all
  • Tested operator image in a test/dev environment. It can be CRC via install_yamls or a hotstack instance (optional)
  • Verified that no failures present in logs(optional):
    • ironic-operator-build-deploy-kuttl
    • podified-multinode-ironic-deployment

@openshift-ci openshift-ci bot requested review from abays and hjensas March 31, 2026 22:09
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 31, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: steveb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@steveb
Add rbac for ironic-operator creating namespaces
b690672 
The graphical consoles feature will create the namespace
openstack-ironic-consoles which Ironic will use to create the graphical
console pods.

To do this, ironic-operator needs rbac rules to create and manage (not
delete) namespaces. This is proposed as a standalone change because it
needs to be packaged in the openstack-operator bundle before
ironic-operator can use it.

Jira: OSPRH-20211
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Apr 1, 2026

@steveb: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/precommit-check b690672 link true /test precommit-check
ci/prow/ironic-operator-build-deploy-kuttl b690672 link true /test ironic-operator-build-deploy-kuttl

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@stuggi
Copy link
Copy Markdown
Contributor

stuggi commented Apr 1, 2026

wondering what's the architecture/need is to use a dedicated namespace for the console deployment. iiuc from checking the related pr, its gonna be one per ctlplane deployment namespace. so far we kept all deployments for a ctlplane of an env in a single namespace.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abays abays Awaiting requested review from abays

@hjensas hjensas Awaiting requested review from hjensas

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

approved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@steveb @stuggi