From 4b2f7e99441988c3257402235431d23dd9e1db76 Mon Sep 17 00:00:00 2001 From: nijayf Date: Mon, 18 Mar 2024 17:11:28 +0530 Subject: [PATCH 01/10] Removed restriction by resourcenames --- .../clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index f81815406..28b7f81ac 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -129,7 +129,6 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - resourceNames: ["iv", "dls-license"] verbs: ["list","get", "create", "update", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 From 069c80c4a7b1f40eb7ad84b01ebdda56969102ce Mon Sep 17 00:00:00 2001 From: nijayf Date: Tue, 19 Mar 2024 00:23:33 +0530 Subject: [PATCH 02/10] Moved permissions from clusterrole to role --- .../v1.0.0/statefulset.yaml | 33 ++++++++++--------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index 28b7f81ac..50cd07a84 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -42,16 +42,13 @@ rules: verbs: ["list", "watch"] - apiGroups: [""] resources: ["namespaces"] - verbs: ["get", "list", "watch", "create"] + verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["list", "watch", "create", "delete"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["list", "watch"] @@ -67,21 +64,18 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csidrivers"] verbs: ["list", "watch", "get"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list"] - apiGroups: [""] resources: ["configmaps"] - verbs: ["get", "create", "delete", "update"] - - apiGroups: ["storage.dell.com"] - resources: ["containerstoragemodules"] - verbs: ["list", "create", "get", "delete", "watch"] + verbs: ["get"] + - apiGroups: [ "storage.dell.com" ] + resources: [ "containerstoragemodules" ] + verbs: [ "list", "get", "watch" ] - apiGroups: ["mobility.storage.dell.com"] resources: ["backups"] verbs: ["list", "create", "get"] - - apiGroups: ["cert-manager.io"] - resources: ["issuers"] - verbs: ["list", "get", "create", "delete"] - - apiGroups: ["cert-manager.io"] - resources: ["certificates"] - verbs: ["list", "get", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -129,7 +123,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete"] + verbs: ["get", "create", "update", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -178,6 +172,15 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["list","get", "create", "update", "delete"] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses" ] + verbs: [ "list", "watch", "create", "delete" ] + - apiGroups: [ "storage.dell.com" ] + resources: [ "containerstoragemodules" ] + verbs: [ "create", "delete" ] + - apiGroups: [ "" ] + resources: [ "configmaps" ] + verbs: [ "create", "delete", "update" ] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding From 51cef471d7a9d7c720703fa222cca3d3a455527c Mon Sep 17 00:00:00 2001 From: nijayf Date: Tue, 19 Mar 2024 00:52:30 +0530 Subject: [PATCH 03/10] Moved permissions from clusterrole to role --- .../v1.0.0/statefulset.yaml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index 50cd07a84..c0b526dbe 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -49,6 +49,9 @@ rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["list", "watch"] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses" ] + verbs: [ "list", "watch", "create", "delete" ] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["list", "watch"] @@ -73,9 +76,6 @@ rules: - apiGroups: [ "storage.dell.com" ] resources: [ "containerstoragemodules" ] verbs: [ "list", "get", "watch" ] - - apiGroups: ["mobility.storage.dell.com"] - resources: ["backups"] - verbs: ["list", "create", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -100,6 +100,9 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["list","get", "create", "update", "delete"] + - apiGroups: [ "" ] + resources: [ "configmaps" ] + verbs: [ "create", "delete", "update" ] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -148,6 +151,9 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["list","get", "create", "update", "delete"] + - apiGroups: [ "" ] + resources: [ "configmaps" ] + verbs: [ "create", "delete", "update" ] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -172,15 +178,15 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["list","get", "create", "update", "delete"] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "storageclasses" ] - verbs: [ "list", "watch", "create", "delete" ] - apiGroups: [ "storage.dell.com" ] resources: [ "containerstoragemodules" ] verbs: [ "create", "delete" ] - apiGroups: [ "" ] resources: [ "configmaps" ] verbs: [ "create", "delete", "update" ] + - apiGroups: ["mobility.storage.dell.com"] + resources: ["backups"] + verbs: ["list", "create", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding From 554712e189ceb137461eeb1092a1da395f670d97 Mon Sep 17 00:00:00 2001 From: Jooseppi Luna Date: Mon, 18 Mar 2024 15:57:09 -0400 Subject: [PATCH 04/10] Update statefulset.yaml --- .../apexconnectivityclient/v1.0.0/statefulset.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index c0b526dbe..0417b06c8 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -67,15 +67,15 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csidrivers"] verbs: ["list", "watch", "get"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["list"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get"] - apiGroups: [ "storage.dell.com" ] resources: [ "containerstoragemodules" ] verbs: [ "list", "get", "watch" ] + - apiGroups: ["mobility.storage.dell.com"] + resources: ["backups"] + verbs: ["list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -126,7 +126,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "create", "update", "delete"] + verbs: ["get", "create", "update", "delete", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -150,7 +150,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete"] + verbs: ["list","get", "create", "update", "delete", "watch"] - apiGroups: [ "" ] resources: [ "configmaps" ] verbs: [ "create", "delete", "update" ] @@ -177,7 +177,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete"] + verbs: ["list","get", "create", "update", "delete","watch"] - apiGroups: [ "storage.dell.com" ] resources: [ "containerstoragemodules" ] verbs: [ "create", "delete" ] @@ -186,7 +186,7 @@ rules: verbs: [ "create", "delete", "update" ] - apiGroups: ["mobility.storage.dell.com"] resources: ["backups"] - verbs: ["list", "create", "get"] + verbs: ["create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding From 3b159c3b688b85221e884c47ad6a54db5a76f19e Mon Sep 17 00:00:00 2001 From: Jooseppi Luna Date: Mon, 18 Mar 2024 16:01:24 -0400 Subject: [PATCH 05/10] Update statefulset.yaml --- .../clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index 0417b06c8..f32f12190 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -99,7 +99,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete"] + verbs: ["list","get", "create", "update", "delete", "watch"] - apiGroups: [ "" ] resources: [ "configmaps" ] verbs: [ "create", "delete", "update" ] From f143816625d8b1e202f507b22066722485830407 Mon Sep 17 00:00:00 2001 From: Jooseppi Luna Date: Mon, 18 Mar 2024 16:34:14 -0400 Subject: [PATCH 06/10] Update statefulset.yaml --- .../apexconnectivityclient/v1.0.0/statefulset.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index f32f12190..cdf773ff9 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -67,9 +67,6 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csidrivers"] verbs: ["list", "watch", "get"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] - apiGroups: [ "storage.dell.com" ] resources: [ "containerstoragemodules" ] verbs: [ "list", "get", "watch" ] @@ -102,7 +99,7 @@ rules: verbs: ["list","get", "create", "update", "delete", "watch"] - apiGroups: [ "" ] resources: [ "configmaps" ] - verbs: [ "create", "delete", "update" ] + verbs: [ "get", "create", "delete", "update" ] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -153,7 +150,7 @@ rules: verbs: ["list","get", "create", "update", "delete", "watch"] - apiGroups: [ "" ] resources: [ "configmaps" ] - verbs: [ "create", "delete", "update" ] + verbs: [ "get", "create", "delete", "update" ] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -183,7 +180,7 @@ rules: verbs: [ "create", "delete" ] - apiGroups: [ "" ] resources: [ "configmaps" ] - verbs: [ "create", "delete", "update" ] + verbs: [ "get", "create", "delete", "update" ] - apiGroups: ["mobility.storage.dell.com"] resources: ["backups"] verbs: ["create"] From f3e3ea35847024cedd7f808562429ff83fa28d52 Mon Sep 17 00:00:00 2001 From: nijayf Date: Tue, 19 Mar 2024 13:12:22 +0530 Subject: [PATCH 07/10] Added list permission for secret at cluster level --- .../apexconnectivityclient/v1.0.0/statefulset.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index cdf773ff9..29756d29e 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -67,6 +67,9 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csidrivers"] verbs: ["list", "watch", "get"] + - apiGroups: [ "" ] + resources: [ "secrets" ] + verbs: [ "list" ] - apiGroups: [ "storage.dell.com" ] resources: [ "containerstoragemodules" ] verbs: [ "list", "get", "watch" ] From 71cc0b605e51a3c32fca9fd38e15192b866b1b85 Mon Sep 17 00:00:00 2001 From: nijayf Date: Tue, 19 Mar 2024 17:26:59 +0530 Subject: [PATCH 08/10] removed list secret --- .../apexconnectivityclient/v1.0.0/statefulset.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index 29756d29e..cdf773ff9 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -67,9 +67,6 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csidrivers"] verbs: ["list", "watch", "get"] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "list" ] - apiGroups: [ "storage.dell.com" ] resources: [ "containerstoragemodules" ] verbs: [ "list", "get", "watch" ] From 2e02dd016a7971fb41e84cc445494fb1a2fa7914 Mon Sep 17 00:00:00 2001 From: nijayf Date: Tue, 19 Mar 2024 17:49:22 +0530 Subject: [PATCH 09/10] review changes --- .../apexconnectivityclient/v1.0.0/statefulset.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index cdf773ff9..58e9c890e 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -49,9 +49,9 @@ rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "storageclasses" ] - verbs: [ "list", "watch", "create", "delete" ] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["list", "watch", "create", "delete"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["list", "watch"] @@ -67,9 +67,9 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csidrivers"] verbs: ["list", "watch", "get"] - - apiGroups: [ "storage.dell.com" ] - resources: [ "containerstoragemodules" ] - verbs: [ "list", "get", "watch" ] + - apiGroups: ["storage.dell.com"] + resources: [ "containerstoragemodules"] + verbs: ["list", "get", "watch"] - apiGroups: ["mobility.storage.dell.com"] resources: ["backups"] verbs: ["list", "get"] From 7e009e33eccca3f9857e9b6f5699daf04202bf0c Mon Sep 17 00:00:00 2001 From: nijayf Date: Tue, 19 Mar 2024 17:54:06 +0530 Subject: [PATCH 10/10] review changes --- .../v1.0.0/statefulset.yaml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index 58e9c890e..217a1e458 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -68,7 +68,7 @@ rules: resources: ["csidrivers"] verbs: ["list", "watch", "get"] - apiGroups: ["storage.dell.com"] - resources: [ "containerstoragemodules"] + resources: ["containerstoragemodules"] verbs: ["list", "get", "watch"] - apiGroups: ["mobility.storage.dell.com"] resources: ["backups"] @@ -97,9 +97,9 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["list","get", "create", "update", "delete", "watch"] - - apiGroups: [ "" ] - resources: [ "configmaps" ] - verbs: [ "get", "create", "delete", "update" ] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "delete", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -148,9 +148,9 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["list","get", "create", "update", "delete", "watch"] - - apiGroups: [ "" ] - resources: [ "configmaps" ] - verbs: [ "get", "create", "delete", "update" ] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "delete", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -175,12 +175,12 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["list","get", "create", "update", "delete","watch"] - - apiGroups: [ "storage.dell.com" ] - resources: [ "containerstoragemodules" ] - verbs: [ "create", "delete" ] - - apiGroups: [ "" ] - resources: [ "configmaps" ] - verbs: [ "get", "create", "delete", "update" ] + - apiGroups: ["storage.dell.com"] + resources: ["containerstoragemodules"] + verbs: ["create", "delete"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "delete", "update"] - apiGroups: ["mobility.storage.dell.com"] resources: ["backups"] verbs: ["create"]