From f689721ca527d6113d88d8331c43bf4bdf27f930 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Fri, 10 Aug 2018 10:26:42 -0400 Subject: [PATCH 1/7] fix(ocs): update prometheus operator security context causes problems in openshift --- .../ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml index 2d5fd917c66..4841db108ae 100644 --- a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml +++ b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml @@ -7,7 +7,7 @@ metadata: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus @@ -192,9 +192,6 @@ spec: readOnlyRootFilesystem: true nodeSelector: beta.kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 65534 maturity: alpha version: 0.22.2 customresourcedefinitions: From 4ef2d7e9f9ec9ceb1abc378dfa27eb3e4c4f8a8c Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Fri, 10 Aug 2018 10:31:09 -0400 Subject: [PATCH 2/7] chore(deploy): update 0.6.0 for okd --- .../0.6.0/files/08-ocs.configmap.yaml | 5 +--- .../files/20-aggregated.clusterrole.yaml | 26 ------------------- .../manifests/0.6.0/tasks/install.yaml | 9 ------- .../0.6.0/tasks/remove_components.yaml | 7 ----- 4 files changed, 1 insertion(+), 46 deletions(-) delete mode 100644 deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml diff --git a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml index 30695fd89c6..90d08361321 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml @@ -6962,7 +6962,7 @@ data: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus @@ -7147,9 +7147,6 @@ data: readOnlyRootFilesystem: true nodeSelector: beta.kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 65534 maturity: alpha version: 0.22.2 customresourcedefinitions: diff --git a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml deleted file mode 100644 index 9b30697e5a6..00000000000 --- a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -##--- -# Source: olm/templates/20-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "view" default roles - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["*"] - verbs: ["get", "list", "watch"] diff --git a/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml b/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml index 6ee0ab05f9f..ae7fe9f851a 100644 --- a/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml +++ b/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml @@ -116,15 +116,6 @@ files: - "{{ mktemp.stdout }}/20-aggregated-edit.clusterrole.yaml" -- name: Apply aggregate-olm-edit ClusterRole manifest - oc_obj: - state: present - kind: ClusterRole - name: aggregate-olm-edit - namespace: operator-lifecycle-manager - files: - - "{{ mktemp.stdout }}/20-aggregated.clusterrole.yaml" - - name: Apply aggregate-olm-view ClusterRole manifest oc_obj: state: present diff --git a/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml b/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml index 93c5e3a509c..ee8d5a647f8 100644 --- a/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml +++ b/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml @@ -76,13 +76,6 @@ name: aggregate-olm-edit namespace: operator-lifecycle-manager -- name: Remove aggregate-olm-edit ClusterRole manifest - oc_obj: - state: absent - kind: ClusterRole - name: aggregate-olm-edit - namespace: operator-lifecycle-manager - - name: Remove aggregate-olm-view ClusterRole manifest oc_obj: state: absent From 52f7470dcd6b7fd0d47c443d0878450e009d7030 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:22:44 -0400 Subject: [PATCH 3/7] fix(ocs): add securityContext to prometheus example --- .../ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml index 4841db108ae..dfd016fb76b 100644 --- a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml +++ b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml @@ -7,7 +7,7 @@ metadata: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus From af73ea9484355c575a3da13688e512b639a1d87b Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:24:25 -0400 Subject: [PATCH 4/7] update 0.6.0 release --- deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml | 2 +- deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml index 90d08361321..bfb84c542a5 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml @@ -6962,7 +6962,7 @@ data: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus diff --git a/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml b/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml index 7e7c9b94522..edffc8a1a0a 100644 --- a/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml +++ b/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml @@ -6962,7 +6962,7 @@ data: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus @@ -7147,9 +7147,6 @@ data: readOnlyRootFilesystem: true nodeSelector: beta.kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 65534 maturity: alpha version: 0.22.2 customresourcedefinitions: From 785b15e15554fdae67e835a6a1be3a2c628d7440 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:28:43 -0400 Subject: [PATCH 5/7] chore(rbac): list out verbs in edit role --- .../manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml | 2 +- deploy/chart/templates/20-aggregated-edit.clusterrole.yaml | 2 +- .../manifests/0.6.0/20-aggregated-edit.clusterrole.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml index 12587d54779..b833b2fd698 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml @@ -11,4 +11,4 @@ metadata: rules: - apiGroups: ["operators.coreos.com"] resources: ["*"] - verbs: ["*"] \ No newline at end of file + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml index 9c1b6dc4d6e..f8d0fbd4e5d 100644 --- a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml +++ b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml @@ -9,4 +9,4 @@ metadata: rules: - apiGroups: ["operators.coreos.com"] resources: ["*"] - verbs: ["*"] \ No newline at end of file + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml index 12587d54779..b833b2fd698 100644 --- a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml +++ b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml @@ -11,4 +11,4 @@ metadata: rules: - apiGroups: ["operators.coreos.com"] resources: ["*"] - verbs: ["*"] \ No newline at end of file + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] From 5578c35db0fe7064e3793139e162ee1cde4d0f29 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:38:54 -0400 Subject: [PATCH 6/7] chore(rbac): update roles to include resources --- .../manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml | 2 +- .../manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml | 2 +- deploy/chart/templates/20-aggregated-edit.clusterrole.yaml | 2 +- deploy/chart/templates/21-aggregated-view.clusterrole.yaml | 2 +- .../manifests/0.6.0/20-aggregated-edit.clusterrole.yaml | 2 +- .../manifests/0.6.0/21-aggregated-view.clusterrole.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml index b833b2fd698..86a0977c26e 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml @@ -10,5 +10,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml index c52735f90be..2589e9f42b7 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml @@ -9,5 +9,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch"] diff --git a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml index f8d0fbd4e5d..5c6ec260c92 100644 --- a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml +++ b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml @@ -8,5 +8,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/chart/templates/21-aggregated-view.clusterrole.yaml b/deploy/chart/templates/21-aggregated-view.clusterrole.yaml index 3ca9c61fb63..4a251182e66 100644 --- a/deploy/chart/templates/21-aggregated-view.clusterrole.yaml +++ b/deploy/chart/templates/21-aggregated-view.clusterrole.yaml @@ -7,5 +7,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch"] diff --git a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml index b833b2fd698..86a0977c26e 100644 --- a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml +++ b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml @@ -10,5 +10,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml b/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml index c52735f90be..2589e9f42b7 100644 --- a/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml +++ b/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml @@ -9,5 +9,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch"] From 172eaafd67a80033bdf90c85b87f463bb266dd9b Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:44:05 -0400 Subject: [PATCH 7/7] fix(e2e): re-enable prometheus test --- test/e2e/installplan_e2e_test.go | 2 +- test/e2e/ocs_e2e_test.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/e2e/installplan_e2e_test.go b/test/e2e/installplan_e2e_test.go index 97a0ed9cd5c..670defab9c6 100644 --- a/test/e2e/installplan_e2e_test.go +++ b/test/e2e/installplan_e2e_test.go @@ -23,7 +23,7 @@ import ( const ( etcdVersion = "3.2.13" - prometheusVersion = "v1.7.0" + prometheusVersion = "v2.3.2" expectedEtcdNodes = 3 expectedPrometheusSize = 3 ocsConfigMap = "ocs" diff --git a/test/e2e/ocs_e2e_test.go b/test/e2e/ocs_e2e_test.go index fd7cc41306d..63aee5d0e88 100644 --- a/test/e2e/ocs_e2e_test.go +++ b/test/e2e/ocs_e2e_test.go @@ -305,13 +305,13 @@ func TestInstallPrometheusOCS(t *testing.T) { "labels": map[string]interface{}{"prometheus": "test-prometheus"}, }, "spec": map[string]interface{}{ - "replicas": expectedPrometheusSize, - "version": prometheusVersion, + "replicas": expectedPrometheusSize, + "version": prometheusVersion, + "securityContext": struct{}{}, }, } t.Run("test prometheus object creation", func(t *testing.T) { - t.Skip("skipping prometheus object verification - currently broken") err = c.CreateCustomResource(&unstructured.Unstructured{Object: prometheus}) require.NoError(t, err)