-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explain how to disable builds by strategy using policy #780
Conversation
@@ -912,3 +912,131 @@ case `*scmsecret*`: | |||
<1> The URL of private repository is usually in the form | |||
`[email protected]:<username>/<repository>`. | |||
==== | |||
|
|||
|
|||
== Limiting the type of build strategies for builds |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since this requires cluster-admin, maybe it belongs under the admin guide, not the dev guide?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
makes sense, I'll move it there
lgtm. |
(aside from relocating it and one nit) |
$ oadm edit clusterrole edit | ||
---- | ||
|
||
For each role, remove the line that corresponds to the resource of the strategy to disable: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How hard is this to do with a json patch?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't realize we had 'oc patch' until you asked the question :) I will try to come up with a patch... I think that's better than interactive editing
9f37a18
to
ba77210
Compare
Updated based on review comments. Thx |
lgtm |
$ oc get clusterrole admin -o yaml | grep -v "builds\/docker" | \ | ||
oc replace clusterrole admin -f - | ||
|
||
$ oc get clusterrole edit -o yaml | grep -v "builds\/docker" | \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't object, but why is patch hard to use?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd rather make patch easy as opposed to working around it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kubectl patch
in its current form only adds to your object. I didn't find a way to delete keys. It doesn't take a real json patch as input.
This doc is very clear on how to do this, but I don't think it's obvious why I would want to. Is that described somewhere else? |
It's not. I can add an explanation to the overview |
permission to use all strategies (Docker, Source-to-Image, and Custom). | ||
|
||
|
||
=== Disabling a build strategy globally |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All the ===
level headings can be ==
like Overview.
@csrwng Overall LGTM (one comment inline). Will leave open for the moment in case more was incoming per:
|
ba77210
to
bd91645
Compare
updated overview and fixed level headings |
... | ||
|
||
---- | ||
<1> Delete this line to disable Docker builds globally |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Delete this line to disable Docker builds globally for users with the admin role.
one comment/question and then lgtm. |
|
||
---- | ||
$ oadm edit clusterrole admin | ||
$ oadm edit clusterrole edit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should be "oc edit", oadm don't have command edit.
bd91645
to
4fd773f
Compare
addressed comments |
lgtm. |
👍 |
Explain how to disable builds by strategy using policy
Documents how to disable a build strategy globally and how to grant access only to specified users or to users within a project.