Skip to content

Commit

Permalink
Update RBAC to work with ocp >= 4.15 and ocp < 4.15
Browse files Browse the repository at this point in the history
  • Loading branch information
@JoaoBraveCoding
JoaoBraveCoding committed Jan 10, 2024
1 parent d2a5f5e commit 415e92f
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 34 deletions.
12 changes: 5 additions & 7 deletions operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ metadata:
categories: OpenShift Optional, Logging & Tracing
certified: "false"
containerImage: docker.io/grafana/loki-operator:0.5.0
createdAt: "2024-01-09T15:56:31Z"
createdAt: "2024-01-10T18:25:00Z"
description: The Community Loki Operator provides Kubernetes native deployment
and management of Loki and related logging components.
features.operators.openshift.io/disconnected: "true"
Expand Down Expand Up @@ -1420,6 +1420,10 @@ spec:
spec:
clusterPermissions:
- rules:
- nonResourceURLs:
- /api/v2/alerts
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -1593,12 +1597,6 @@ spec:
- alertmanagers/api
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
Expand Down
12 changes: 5 additions & 7 deletions operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ metadata:
categories: OpenShift Optional, Logging & Tracing
certified: "false"
containerImage: docker.io/grafana/loki-operator:0.5.0
createdAt: "2024-01-09T15:56:30Z"
createdAt: "2024-01-10T18:24:59Z"
description: The Community Loki Operator provides Kubernetes native deployment
and management of Loki and related logging components.
operators.operatorframework.io/builder: operator-sdk-unknown
Expand Down Expand Up @@ -1400,6 +1400,10 @@ spec:
spec:
clusterPermissions:
- rules:
- nonResourceURLs:
- /api/v2/alerts
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -1573,12 +1577,6 @@ spec:
- alertmanagers/api
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
Expand Down
12 changes: 5 additions & 7 deletions operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ metadata:
categories: OpenShift Optional, Logging & Tracing
certified: "false"
containerImage: quay.io/openshift-logging/loki-operator:0.1.0
createdAt: "2024-01-09T15:56:33Z"
createdAt: "2024-01-10T18:25:02Z"
description: |
The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging.
## Prerequisites and Requirements
Expand Down Expand Up @@ -1405,6 +1405,10 @@ spec:
spec:
clusterPermissions:
- rules:
- nonResourceURLs:
- /api/v2/alerts
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -1578,12 +1582,6 @@ spec:
- alertmanagers/api
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
Expand Down
10 changes: 4 additions & 6 deletions operator/config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ kind: ClusterRole
metadata:
name: lokistack-manager
rules:
- nonResourceURLs:
- /api/v2/alerts
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -177,12 +181,6 @@ rules:
- alertmanagers/api
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
Expand Down
3 changes: 2 additions & 1 deletion operator/controllers/loki/lokistack_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,8 @@ type LokiStackReconciler struct {
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings;clusterroles;roles;rolebindings,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors;prometheusrules,verbs=get;list;watch;create;update;delete
// +kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers,verbs=patch
// +kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers/api,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers/api,verbs=create
// +kubebuilder:rbac:urls=/api/v2/alerts,verbs=create
// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;create;update
// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update
// +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;list;watch;create;update
Expand Down
14 changes: 8 additions & 6 deletions operator/internal/manifests/openshift/rbac.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,14 @@ func BuildRulerClusterRole(opts Options) *rbacv1.ClusterRole {
"patch",
},
},
{
NonResourceURLs: []string{
"/api/v2/alerts",
},
Verbs: []string{
"create",
},
},
{
APIGroups: []string{
"monitoring.coreos.com",
Expand All @@ -108,13 +116,7 @@ func BuildRulerClusterRole(opts Options) *rbacv1.ClusterRole {
"alertmanagers/api",
},
Verbs: []string{
"get",
"list",
"watch",
"create",
"update",
"patch",
"delete",
},
},
},
Expand Down

0 comments on commit 415e92f

Please sign in to comment.