From 0df1f857150352a5916cc04acd3a24313da3b250 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20=C5=9Awi=C4=85tek?= Date: Wed, 17 Jan 2024 16:50:51 +0100 Subject: [PATCH] Fix ClusterRole and Binding reconciliation --- ...ntelemetry-operator.clusterserviceversion.yaml | 15 +-------------- config/manager/kustomization.yaml | 2 ++ config/rbac/role.yaml | 13 ------------- controllers/opentelemetrycollector_controller.go | 10 ++++++---- 4 files changed, 9 insertions(+), 31 deletions(-) diff --git a/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml b/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml index 1ee83f8934..8694888ef4 100644 --- a/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml +++ b/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml @@ -65,7 +65,7 @@ metadata: categories: Logging & Tracing,Monitoring certified: "false" containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator - createdAt: "2024-01-12T11:13:24Z" + createdAt: "2024-01-17T15:53:32Z" description: Provides the OpenTelemetry components, including the Collector operators.operatorframework.io/builder: operator-sdk-v1.29.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 @@ -351,19 +351,6 @@ spec: - patch - update - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - route.openshift.io resources: diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 5c5f0b84cb..0d8b4d5073 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,2 +1,4 @@ resources: - manager.yaml + + diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 5176137b9d..c2b96f80a7 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -184,19 +184,6 @@ rules: - patch - update - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - route.openshift.io resources: diff --git a/controllers/opentelemetrycollector_controller.go b/controllers/opentelemetrycollector_controller.go index c1e7933c07..f5fc4ceb2f 100644 --- a/controllers/opentelemetrycollector_controller.go +++ b/controllers/opentelemetrycollector_controller.go @@ -84,7 +84,6 @@ func NewReconciler(p Params) *OpenTelemetryCollectorReconciler { // +kubebuilder:rbac:groups=apps,resources=daemonsets;deployments;statefulsets,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings;clusterroles,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors;podmonitors,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete @@ -141,9 +140,12 @@ func (r *OpenTelemetryCollectorReconciler) SetupWithManager(mgr ctrl.Manager) er Owns(&appsv1.DaemonSet{}). Owns(&appsv1.StatefulSet{}). Owns(&autoscalingv2.HorizontalPodAutoscaler{}). - Owns(&policyV1.PodDisruptionBudget{}). - Owns(&rbacv1.ClusterRoleBinding{}). - Owns(&rbacv1.ClusterRole{}) + Owns(&policyV1.PodDisruptionBudget{}) + + if r.config.CreateRBACPermissions() { + builder.Owns(&rbacv1.ClusterRoleBinding{}) + builder.Owns(&rbacv1.ClusterRole{}) + } if featuregate.PrometheusOperatorIsAvailable.IsEnabled() { builder.Owns(&monitoringv1.ServiceMonitor{})