From e0848768eb516b31e49c58da107b29663bd6b180 Mon Sep 17 00:00:00 2001 From: ntkathole Date: Tue, 31 Mar 2026 22:11:59 +0530 Subject: [PATCH] feat: Add RBAC aggregation labels to FeatureStore ClusterRoles Signed-off-by: ntkathole --- ...e-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml | 2 ++ ...e-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml | 1 + infra/feast-operator/config/rbac/featurestore_editor_role.yaml | 2 ++ infra/feast-operator/config/rbac/featurestore_viewer_role.yaml | 1 + infra/feast-operator/dist/install.yaml | 3 +++ 5 files changed, 9 insertions(+) diff --git a/infra/feast-operator/bundle/manifests/feast-operator-featurestore-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/infra/feast-operator/bundle/manifests/feast-operator-featurestore-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml index aff4d1f9840..b1f88ff62c3 100644 --- a/infra/feast-operator/bundle/manifests/feast-operator-featurestore-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/infra/feast-operator/bundle/manifests/feast-operator-featurestore-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -5,6 +5,8 @@ metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: feast-operator + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" name: feast-operator-featurestore-editor-role rules: - apiGroups: diff --git a/infra/feast-operator/bundle/manifests/feast-operator-featurestore-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/infra/feast-operator/bundle/manifests/feast-operator-featurestore-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml index bcf9699fc1a..c64d255eed7 100644 --- a/infra/feast-operator/bundle/manifests/feast-operator-featurestore-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/infra/feast-operator/bundle/manifests/feast-operator-featurestore-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -5,6 +5,7 @@ metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: feast-operator + rbac.authorization.k8s.io/aggregate-to-view: "true" name: feast-operator-featurestore-viewer-role rules: - apiGroups: diff --git a/infra/feast-operator/config/rbac/featurestore_editor_role.yaml b/infra/feast-operator/config/rbac/featurestore_editor_role.yaml index 37c38e6f618..e2e3acf1b60 100644 --- a/infra/feast-operator/config/rbac/featurestore_editor_role.yaml +++ b/infra/feast-operator/config/rbac/featurestore_editor_role.yaml @@ -5,6 +5,8 @@ metadata: labels: app.kubernetes.io/name: feast-operator app.kubernetes.io/managed-by: kustomize + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" name: featurestore-editor-role rules: - apiGroups: diff --git a/infra/feast-operator/config/rbac/featurestore_viewer_role.yaml b/infra/feast-operator/config/rbac/featurestore_viewer_role.yaml index b4444cbe60a..bca67d9788d 100644 --- a/infra/feast-operator/config/rbac/featurestore_viewer_role.yaml +++ b/infra/feast-operator/config/rbac/featurestore_viewer_role.yaml @@ -5,6 +5,7 @@ metadata: labels: app.kubernetes.io/name: feast-operator app.kubernetes.io/managed-by: kustomize + rbac.authorization.k8s.io/aggregate-to-view: "true" name: featurestore-viewer-role rules: - apiGroups: diff --git a/infra/feast-operator/dist/install.yaml b/infra/feast-operator/dist/install.yaml index c1818a54744..09217d381f2 100644 --- a/infra/feast-operator/dist/install.yaml +++ b/infra/feast-operator/dist/install.yaml @@ -20250,6 +20250,8 @@ metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: feast-operator + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" name: feast-operator-featurestore-editor-role rules: - apiGroups: @@ -20277,6 +20279,7 @@ metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: feast-operator + rbac.authorization.k8s.io/aggregate-to-view: "true" name: feast-operator-featurestore-viewer-role rules: - apiGroups: