Skip to content

feat(gateway): Add ServiceAccount for RBAC configuration to Gateway CRD#33

Merged
edenreich merged 8 commits intomainfrom
claude/issue-32-20250729-1205
Jul 29, 2025
Merged

feat(gateway): Add ServiceAccount for RBAC configuration to Gateway CRD#33
edenreich merged 8 commits intomainfrom
claude/issue-32-20250729-1205

Conversation

@edenreich
Copy link
Copy Markdown
Collaborator

@edenreich edenreich commented Jul 29, 2025
edited
Loading

Implements #32 - Add serviceAccount configuration for Gateway CRD with automatic RBAC setup.

Changes

  • Add ServiceAccountSpec with create and name fields
  • Implement automatic ServiceAccount, Role, and RoleBinding creation
  • Grant A2A service discovery permissions across namespaces
  • Update deployment to use configured service account
  • Add serviceAccountName to Gateway status
  • Support custom service account names and disable creation option
  • Include example configurations for RBAC usage

Generated with Claude Code

@claude @edenreich
feat(gateway): Add ServiceAccount RBAC configuration to Gateway CRD
1ef91ec 
- Add ServiceAccountSpec with create and name fields
- Implement automatic ServiceAccount, Role, and RoleBinding creation
- Grant A2A service discovery permissions across namespaces
- Update deployment to use configured service account
- Add serviceAccountName to Gateway status
- Support custom service account names and disable creation option
- Include example configurations for RBAC usage

Co-authored-by: Eden Reich <edenreich@users.noreply.github.com>
@edenreich
Copy link
Copy Markdown
Collaborator Author

edenreich commented Jul 29, 2025

@claude CI and Tests are failing. Can you look into it? did you foget to run task generate or task manifests ?

@claude
Copy link
Copy Markdown
Contributor

claude bot commented Jul 29, 2025
edited
Loading

Claude finished @edenreich's task —— View job

CI Failures Fixed ✅

I've successfully investigated and resolved the CI failures:

Todo List:

  • Check CI status and analyze failure logs
  • Run task generate to regenerate DeepCopy methods for API changes
  • Run task manifests to regenerate CRDs and RBAC manifests
  • Commit any generated file changes
  • Fix unit test failure with missing namespace
  • Commit test fix and verify CI passes

Issues Resolved:

  1. ✅ "Dirty state" CI failure: Missing generated files after API changes

    • Solution: Ran task generate and task manifests to regenerate:
      • api/v1alpha1/zz_generated.deepcopy.go - DeepCopy methods for ServiceAccount fields
      • config/crd/bases/core.inference-gateway.com_gateways.yaml - CRD schema with new fields

  2. ✅ Unit test failure: RBAC reconciliation failing on missing namespace

    • Root cause: Test configures A2A ServiceDiscovery with Namespace: "test-namespace" but namespace doesn't exist
    • Solution: Added namespace creation/cleanup to the failing test in gateway_controller_test.go:504

Results:

The ServiceAccount RBAC feature is now properly integrated with correct generated files and passing tests!

claude bot and others added 2 commits July 29, 2025 12:22
@claude @edenreich
chore(generate): Update generated files for ServiceAccount RBAC feature
a6ace18 
- Regenerate DeepCopy methods for ServiceAccount spec fields
- Update CRD schema with serviceAccount spec and serviceAccountName status

Co-authored-by: Eden Reich <edenreich@users.noreply.github.com>
@claude @edenreich
fix(test): Create test-namespace for A2A service discovery RBAC test
63501ce 
The RBAC reconciliation creates Role in the A2A ServiceDiscovery namespace.
The test was failing because "test-namespace" didn't exist when the controller
tried to create the Role for A2A discovery permissions.

Co-authored-by: Eden Reich <edenreich@users.noreply.github.com>
edenreich
edenreich commented Jul 29, 2025
View reviewed changes
edenreich
edenreich commented Jul 29, 2025
View reviewed changes
edenreich added 5 commits July 29, 2025 15:07
@edenreich
refactor(gateway): Keep it simple - one complete example
38cf866 
Signed-off-by: Eden Reich <eden.reich@gmail.com>
@edenreich
refactor(gateway): Simplify RBAC reconciliation logic by removing red…
1fce807 
…undant comments

Signed-off-by: Eden Reich <eden.reich@gmail.com>
@edenreich
refactor(gateway): Remove redundant comments in role and role binding…
68f1d1f 
… reconciliation

Signed-off-by: Eden Reich <eden.reich@gmail.com>
@edenreich
fix(gateway): Don't use default service account
b5c20fe 
Signed-off-by: Eden Reich <eden.reich@gmail.com>
@edenreich
refactor(test): Remove unnecessary comments in A2A service discovery …
d4c2fac 
…test

Signed-off-by: Eden Reich <eden.reich@gmail.com>
@edenreich edenreich changed the title feat(gateway): Add ServiceAccount RBAC configuration to Gateway CRD feat(gateway): Add ServiceAccount for RBAC configuration to Gateway CRD Jul 29, 2025
@edenreich edenreich merged commit dda8cc6 into main Jul 29, 2025
5 checks passed
@edenreich edenreich deleted the claude/issue-32-20250729-1205 branch July 29, 2025 16:22
@edenreich edenreich linked an issue Jul 29, 2025 that may be closed by this pull request
[FEATURE] RBAC - Add a service account to the Gateway CRD #32
Closed
4 tasks
ig-semantic-release-bot bot added a commit that referenced this pull request Jul 29, 2025
@ig-semantic-release-bot
chore(release): 🔖 0.12.0 [skip ci]
b6f5c4d 
## [0.12.0](v0.11.1...v0.12.0) (2025-07-29)

### ✨ Features

* **gateway:** Add ServiceAccount for RBAC configuration to Gateway CRD ([#33](#33)) ([dda8cc6](dda8cc6))

### ♻️ Improvements

* **a2a:** Remove A2A_SERVICE_DISCOVERY_ENDPOINTS environment variable ([#34](#34)) ([987171c](987171c)), closes [#29](#29)
* **controller:** Rename ENABLE_AUTH environment variable to AUTH_ENABLE ([#30](#30)) ([86fe434](86fe434)), closes [#28](#28)
* **gateway:** Rename ENABLE_TELEMETRY to TELEMETRY_ENABLE ([#31](#31)) ([adbaefc](adbaefc)), closes [#26](#26)

### 🔨 Miscellaneous

* **deps:** Bump the go_modules group across 1 directory with 2 updates ([#24](#24)) ([76d5a51](76d5a51))
@ig-semantic-release-bot
Copy link
Copy Markdown
Contributor

ig-semantic-release-bot bot commented Jul 29, 2025

🎉 This PR is included in version 0.12.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] RBAC - Add a service account to the Gateway CRD

1 participant

@edenreich