Skip to content

fix: add bind and escalate verbs to RBAC for Helm chart installation#62

Merged
vrdc-sap merged 4 commits into
kyma-project:mainfrom
vrdc-sap:vr-add-bind-and-escalate-rbac
May 27, 2026
Merged

fix: add bind and escalate verbs to RBAC for Helm chart installation#62
vrdc-sap merged 4 commits into
kyma-project:mainfrom
vrdc-sap:vr-add-bind-and-escalate-rbac

Conversation

@vrdc-sap
Copy link
Copy Markdown
Collaborator

@vrdc-sap vrdc-sap commented May 27, 2026

Description

Changes proposed in this pull request:

  • ...
  • ...
  • ...

Related issue(s)

@vrdc-sap vrdc-sap requested a review from dusglumac May 27, 2026 12:15
@hyperspace-insights
Copy link
Copy Markdown
Contributor

hyperspace-insights Bot commented May 27, 2026

Summary

The following content is AI-generated and provides a summary of the pull request:

⚠️ Warnings:

  • Could not get issue kyma-project/gpu#123. Status: 404 - UnknownObjectException

Fix: Add bind and escalate Verbs to RBAC for Helm Chart Installation

Bug Fix

🐛 Added missing bind and escalate RBAC verbs required for the controller to properly manage roles and role bindings during Helm chart installation. Without these verbs, the controller cannot grant or delegate permissions it holds, which is necessary when installing Helm charts that create RBAC resources.

Changes

  • config/rbac/role.yaml: Added bind and escalate verbs to the rbac.authorization.k8s.io resource group entry covering clusterroles, clusterrolebindings, roles, and rolebindings.
  • internal/controller/gpu_controller.go: Updated the +kubebuilder:rbac marker annotation for rbac.authorization.k8s.io resources to include bind and escalate verbs, ensuring the generated RBAC manifest stays in sync with the controller's permission requirements.
  • 🔄 Regenerate and Update Summary
  • ✏️ Insert as PR Description (deletes this comment)
  • 🗑️ Delete comment
PR Bot Information

Version: 1.21.0

hyperspace-insights[bot]
hyperspace-insights Bot reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@hyperspace-insights hyperspace-insights Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Warnings:

  • Could not get issue kyma-project/gpu#123. Status: 404 - UnknownObjectException

The PR adds bind and escalate verbs to the RBAC ClusterRole for rbac.authorization.k8s.io resources, but the existing comment in gpu_controller.go (lines 84–89) explicitly and at length justifies not granting these verbs — making the comment directly contradictory to the change. That stale/misleading documentation must be updated before this can be merged cleanly.

PR Bot Information

Version: 1.21.0

  • File Content Strategy: Full file content
  • LLM: anthropic--claude-4.6-sonnet
  • Correlation ID: 5989e80c-e091-4f75-82a7-fdcd647590a9
  • Event Trigger: pull_request.opened
  • Agent Instructions:

Comment thread internal/controller/gpu_controller.go
@vrdc-sap vrdc-sap merged commit ab86561 into kyma-project:main May 27, 2026
9 of 10 checks passed
@vrdc-sap vrdc-sap deleted the vr-add-bind-and-escalate-rbac branch May 27, 2026 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyperspace-insights hyperspace-insights[bot] hyperspace-insights[bot] left review comments

@dusglumac dusglumac dusglumac approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vrdc-sap @dusglumac