Issue #523 - Use 'kubectl auth reconcile' for RBAC resources#600
Merged
alexmt merged 1 commit intoargoproj:masterfrom Sep 15, 2018
Merged
Issue #523 - Use 'kubectl auth reconcile' for RBAC resources#600alexmt merged 1 commit intoargoproj:masterfrom
alexmt merged 1 commit intoargoproj:masterfrom
Conversation
Member
|
I'm not sure if this is important, but apparently this command only works with rbac.v1: Assuming we switch to
|
edlee2121
suggested changes
Sep 14, 2018
util/kube/ctl.go
Outdated
Contributor
There was a problem hiding this comment.
We should always do auth reconcile followed by auth apply.
Reconcile will ignore any non-role or rolebinding objects but does not set the previous config file. The subsequent apply is needed to set these fields so that subsequent applies will behave properly.
util/kube/ctl.go
Outdated
Contributor
There was a problem hiding this comment.
Don't need this function if we always auth reconcile and then apply.
Contributor
There was a problem hiding this comment.
Oops, based on Alex's comments we do need this function to check the api version.
alexmt
force-pushed
the
523-auth-reconcile
branch
from
39e54ab to
b257ebe
Compare
Collaborator
Author
|
@jessesuen , @edlee2121 updated PR as we discussed . Now reconcile is followed by apply. PTAL |
jessesuen
approved these changes
Sep 15, 2018
edlee2121
approved these changes
Sep 15, 2018
leoluz
pushed a commit
to leoluz/argo-cd
that referenced
this pull request
Mar 13, 2025
…#600] (argoproj#601) * chore: More optimal IterateHierarchyV2 and iterateChildrenV2 [argoproj#600] Closes argoproj#600 The existing (effectively v1) implementations are suboptimal since they don't construct a graph before the iteration. They search for children by looking at all namespace resources and checking `isParentOf`, which can give `O(tree_size * namespace_resources_count)` time complexity. The v2 algorithms construct the graph and have `O(namespace_resources_count)` time complexity. See more details in the linked issues. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * improvements to graph building Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * use old name Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * chore: More optimal IterateHierarchyV2 and iterateChildrenV2 [argoproj#600] Closes argoproj#600 The existing (effectively v1) implementations are suboptimal since they don't construct a graph before the iteration. They search for children by looking at all namespace resources and checking `isParentOf`, which can give `O(tree_size * namespace_resources_count)` time complexity. The v2 algorithms construct the graph and have `O(namespace_resources_count)` time complexity. See more details in the linked issues. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * finish merge Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * chore: More optimal IterateHierarchyV2 and iterateChildrenV2 [argoproj#600] Closes argoproj#600 The existing (effectively v1) implementations are suboptimal since they don't construct a graph before the iteration. They search for children by looking at all namespace resources and checking `isParentOf`, which can give `O(tree_size * namespace_resources_count)` time complexity. The v2 algorithms construct the graph and have `O(namespace_resources_count)` time complexity. See more details in the linked issues. Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> * discard unneeded copies of child resources as we go Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * remove unnecessary comment Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * make childrenByUID sparse Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * eliminate duplicate map Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix comment Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * add useful comment back Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * use nsNodes instead of dupe map Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * remove unused struct Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * skip invalid APIVersion Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #523