cluster role: attempt to drop nodes/proxy resource

[haircommander]

mostly testing to see what breaks

Categories

• Bugfix
• Data Enhancement
• Feature
• Backporting
• Others (CI, Infrastructure, Documentation)

Sample Archive

• path/to/sample_data.json

Documentation

• path/to/documentation.md

Unit Tests

• path/to/file_test.go

Privacy

Yes. There are no sensitive data in the newly collected information.

Changelog

Breaking Changes

Yes/No

References

https://issues.redhat.com/browse/???
https://access.redhat.com/solutions/???

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: haircommander
Once this PR has been reviewed and has the lgtm label, please assign ncaak for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[opokornyy]

Hey @haircommander, what’s the status of this PR? If there’s no intention to continue the work, could you please close it?

[openshift-ci]

@haircommander: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[haircommander]

@opokornyy WDYT about this change? using the principal of least privilege, it makes sense to me to drop nodes/proxy from the cluster role here, as the tests seem to succeed without it. Are you open to this change?

[ncaak]

Hello there @haircommander and thanks for your contribution.

Indeed, it's good to follow the least privilege principle. However, I don't understand the need for this change right now. The next version of OpenShift is coming out in less than a month, and it's a significant update. I would prefer not to roll out these experiments lightly, as they may break something we don't see. Yes, the tests aren't failing, so it shouldn't be a problem.

Let's put this on hold until the next version is released. Is there a task or request that requires this kind of change?

[ncaak]

/hold

[haircommander]

yup no rush on this feature. there was concern about nodes/proxy from someone upstream but ultimately nodes/proxy is a very powerful capability. So there's nothing urgent about it, but it probably should be dropped eventually, if possible.