Skip to content

feat(850): remove kro permissions and create a small guide to update their permissions if necessary#1750

Merged
Skarlso merged 14 commits into
open-component-model:mainfrom
matthiasbruns:feat/850_remove_kro_permissions
Feb 11, 2026
Merged

feat(850): remove kro permissions and create a small guide to update their permissions if necessary#1750
Skarlso merged 14 commits into
open-component-model:mainfrom
matthiasbruns:feat/850_remove_kro_permissions

Conversation

@matthiasbruns

@matthiasbruns matthiasbruns commented Feb 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What this PR does / why we need it

This PR removed the legacy built-in controller rbac for kro. We are not depending on kro anymore, so we should not require this permission for our controllers at all.
Since multiple test rely on kro, I have added a testing rbac to inject more permissions than the ones we need for the controller to work.

The goals of this PR are:

  • require a minimum set of permissions for the controller to work
  • revisit testing permissions - admin-role seems to overpowered and does not help documenting the permisions needed for each example
  • update documentations for end users that covers the new rbac requirements
  • make sure helm is updated as well

Which issue(s) this PR fixes

Fixes: open-component-model/ocm-project#850

@matthiasbruns
feat(850): start removing kro
dc4ffc9 
On-behalf-of: SAP <matthias.bruns@sap.com>
Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@github-actions github-actions Bot added kind/feature new feature, enhancement, improvement, extension size/s Small labels Feb 10, 2026
matthiasbruns and others added 2 commits February 10, 2026 12:37
@matthiasbruns
Merge branch 'main' into feat/850_remove_kro_permissions
531d0ba
@matthiasbruns
feat: remove kro from default rbac
807afae 
On-behalf-of: SAP <matthias.bruns@sap.com>
Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns

matthiasbruns commented Feb 10, 2026

Copy link
Copy Markdown
Contributor Author

open tasks for tomorrow

  • update docs and provide proper guides for rbac setup
  • fine tune rbac testing setup

matthiasbruns and others added 2 commits February 10, 2026 19:35
@matthiasbruns
Merge branch 'main' into feat/850_remove_kro_permissions
824e955
@Skarlso
fix: removed the unused permission and provided a little guide to con…
160a881 
…figure custom permissions

On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@github-actions github-actions Bot added the size/m Medium label Feb 11, 2026
@Skarlso
added words to the words list
2556a6a 
On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@github-actions github-actions Bot added the component/github-actions Changes on GitHub Actions or within `.github/` directory label Feb 11, 2026
@Skarlso Skarlso changed the title feat(850): start removing kro feat(850): remove kro permissions and create a small guide to update their permissions if necessary Feb 11, 2026
@Skarlso
adding another word to the word list
94a7d68 
On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@Skarlso
remove admin permissions, add deployments for the ApplySet to the hac…
b980524 
…k/rbac.yaml setup

On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@Skarlso
update the documentation as well around custom rbac
2097f33 
On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Skarlso
Skarlso reviewed Feb 11, 2026
View reviewed changes
Comment thread kubernetes/controller/docs/getting-started/custom-rbac.md Outdated
@Skarlso Skarlso marked this pull request as ready for review February 11, 2026 09:59
@Skarlso Skarlso requested a review from a team as a code owner February 11, 2026 09:59
fabianburth
fabianburth reviewed Feb 11, 2026
View reviewed changes
Comment thread kubernetes/controller/docs/getting-started/custom-rbac.md Outdated
fabianburth
fabianburth reviewed Feb 11, 2026
View reviewed changes
Comment thread kubernetes/controller/docs/getting-started/custom-rbac.md Outdated
fabianburth
fabianburth reviewed Feb 11, 2026
View reviewed changes

@fabianburth fabianburth left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only nits in the documentation, but generally, very helpful and understandable! Good job!

Skarlso and others added 3 commits February 11, 2026 11:40
@Skarlso @fabianburth
Update kubernetes/controller/docs/getting-started/custom-rbac.md
fe6a681 
Co-authored-by: Fabian Burth <fabian.burth@sap.com>
Signed-off-by: Gergely Bräutigam <skarlso777@gmail.com>
@Skarlso
wording for the deployer
3bc9770 
On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@Skarlso
Merge branch 'main' into feat/850_remove_kro_permissions
7e9eddc
morri-son
morri-son reviewed Feb 11, 2026
View reviewed changes
Comment thread kubernetes/controller/docs/getting-started/custom-rbac.md Outdated
@morri-son

morri-son commented Feb 11, 2026

Copy link
Copy Markdown
Contributor

Has everything in that is required. Easy to read and understand. I like it!

@Skarlso
fix syntax for core
2962036 
On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@Skarlso Skarlso merged commit 7c41b4a into open-component-model:main Feb 11, 2026
21 checks passed
@matthiasbruns matthiasbruns deleted the feat/850_remove_kro_permissions branch February 12, 2026 05:54
morri-son pushed a commit to morri-son/open-component-model that referenced this pull request Feb 18, 2026
@matthiasbruns @Skarlso
@fabianburth @morrison-sap
feat(850): remove kro permissions and create a small guide to update …
9dc274c 
…their permissions if necessary (open-component-model#1750)

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gergely Bräutigam <skarlso777@gmail.com>
Co-authored-by: Fabian Burth <fabian.burth@sap.com>
Co-authored-by: Gergely Bräutigam <gergely.brautigam@sap.com>
Signed-off-by: Gerald Morrison (SAP) <gerald.morrison@sap.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Skarlso Skarlso Skarlso left review comments

@fabianburth fabianburth fabianburth approved these changes

@morri-son morri-son morri-son approved these changes

Assignees

No one assigned

Labels

component/github-actions Changes on GitHub Actions or within `.github/` directory kind/feature new feature, enhancement, improvement, extension size/m Medium size/s Small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove kro permissions from deployer controller

4 participants

@matthiasbruns @morri-son @Skarlso @fabianburth