From 5566d40273df18a89fd9eea4f1087fdaeee583a2 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Fri, 10 Aug 2018 10:26:42 -0400 Subject: [PATCH 1/7] fix(ocs): update prometheus operator security context causes problems in openshift --- .../ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml index 2d5fd917c6..4841db108a 100644 --- a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml +++ b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml @@ -7,7 +7,7 @@ metadata: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus @@ -192,9 +192,6 @@ spec: readOnlyRootFilesystem: true nodeSelector: beta.kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 65534 maturity: alpha version: 0.22.2 customresourcedefinitions: From 33ef2a6bbd06568839a5fcf2af09d99c7e4b716f Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Fri, 10 Aug 2018 10:31:09 -0400 Subject: [PATCH 2/7] chore(deploy): update 0.6.0 for okd --- .../0.6.0/files/08-ocs.configmap.yaml | 5 +--- .../files/20-aggregated.clusterrole.yaml | 26 ------------------- .../manifests/0.6.0/tasks/install.yaml | 9 ------- .../0.6.0/tasks/remove_components.yaml | 7 ----- 4 files changed, 1 insertion(+), 46 deletions(-) delete mode 100644 deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml diff --git a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml index 30695fd89c..90d0836132 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml @@ -6962,7 +6962,7 @@ data: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus @@ -7147,9 +7147,6 @@ data: readOnlyRootFilesystem: true nodeSelector: beta.kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 65534 maturity: alpha version: 0.22.2 customresourcedefinitions: diff --git a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml deleted file mode 100644 index 9b30697e5a..0000000000 --- a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -##--- -# Source: olm/templates/20-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["*"] - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "view" default roles - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["*"] - verbs: ["get", "list", "watch"] diff --git a/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml b/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml index 6ee0ab05f9..ae7fe9f851 100644 --- a/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml +++ b/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml @@ -116,15 +116,6 @@ files: - "{{ mktemp.stdout }}/20-aggregated-edit.clusterrole.yaml" -- name: Apply aggregate-olm-edit ClusterRole manifest - oc_obj: - state: present - kind: ClusterRole - name: aggregate-olm-edit - namespace: operator-lifecycle-manager - files: - - "{{ mktemp.stdout }}/20-aggregated.clusterrole.yaml" - - name: Apply aggregate-olm-view ClusterRole manifest oc_obj: state: present diff --git a/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml b/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml index 93c5e3a509..ee8d5a647f 100644 --- a/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml +++ b/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml @@ -76,13 +76,6 @@ name: aggregate-olm-edit namespace: operator-lifecycle-manager -- name: Remove aggregate-olm-edit ClusterRole manifest - oc_obj: - state: absent - kind: ClusterRole - name: aggregate-olm-edit - namespace: operator-lifecycle-manager - - name: Remove aggregate-olm-view ClusterRole manifest oc_obj: state: absent From fdd63af1e845814a515701020512685379cd535f Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:22:44 -0400 Subject: [PATCH 3/7] fix(ocs): add securityContext to prometheus example --- .../ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml index 4841db108a..dfd016fb76 100644 --- a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml +++ b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml @@ -7,7 +7,7 @@ metadata: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus From 3d3b9cf24563ddfc217fb3fe4ae34dcd06ecaaba Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:24:25 -0400 Subject: [PATCH 4/7] update 0.6.0 release --- deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml | 2 +- deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml index 90d0836132..bfb84c542a 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml @@ -6962,7 +6962,7 @@ data: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus diff --git a/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml b/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml index 7e7c9b9452..edffc8a1a0 100644 --- a/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml +++ b/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml @@ -6962,7 +6962,7 @@ data: namespace: placeholder annotations: tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' + alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' spec: replaces: prometheusoperator.0.15.0 displayName: Prometheus @@ -7147,9 +7147,6 @@ data: readOnlyRootFilesystem: true nodeSelector: beta.kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 65534 maturity: alpha version: 0.22.2 customresourcedefinitions: From 393119cd9cbc9c30e7a84ab56365256a035bd272 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:28:43 -0400 Subject: [PATCH 5/7] chore(rbac): list out verbs in edit role --- .../manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml | 2 +- deploy/chart/templates/20-aggregated-edit.clusterrole.yaml | 2 +- .../manifests/0.6.0/20-aggregated-edit.clusterrole.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml index 12587d5477..b833b2fd69 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml @@ -11,4 +11,4 @@ metadata: rules: - apiGroups: ["operators.coreos.com"] resources: ["*"] - verbs: ["*"] \ No newline at end of file + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml index 9c1b6dc4d6..f8d0fbd4e5 100644 --- a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml +++ b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml @@ -9,4 +9,4 @@ metadata: rules: - apiGroups: ["operators.coreos.com"] resources: ["*"] - verbs: ["*"] \ No newline at end of file + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml index 12587d5477..b833b2fd69 100644 --- a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml +++ b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml @@ -11,4 +11,4 @@ metadata: rules: - apiGroups: ["operators.coreos.com"] resources: ["*"] - verbs: ["*"] \ No newline at end of file + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] From 393c499775ccd9d96c11d45e5211d396d7d308f4 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:38:54 -0400 Subject: [PATCH 6/7] chore(rbac): update roles to include resources --- .../manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml | 2 +- .../manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml | 2 +- deploy/chart/templates/20-aggregated-edit.clusterrole.yaml | 2 +- deploy/chart/templates/21-aggregated-view.clusterrole.yaml | 2 +- .../manifests/0.6.0/20-aggregated-edit.clusterrole.yaml | 2 +- .../manifests/0.6.0/21-aggregated-view.clusterrole.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml index b833b2fd69..86a0977c26 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml @@ -10,5 +10,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml index c52735f90b..2589e9f42b 100644 --- a/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml +++ b/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml @@ -9,5 +9,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch"] diff --git a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml index f8d0fbd4e5..5c6ec260c9 100644 --- a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml +++ b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml @@ -8,5 +8,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/chart/templates/21-aggregated-view.clusterrole.yaml b/deploy/chart/templates/21-aggregated-view.clusterrole.yaml index 3ca9c61fb6..4a251182e6 100644 --- a/deploy/chart/templates/21-aggregated-view.clusterrole.yaml +++ b/deploy/chart/templates/21-aggregated-view.clusterrole.yaml @@ -7,5 +7,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch"] diff --git a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml index b833b2fd69..86a0977c26 100644 --- a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml +++ b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml @@ -10,5 +10,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml b/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml index c52735f90b..2589e9f42b 100644 --- a/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml +++ b/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml @@ -9,5 +9,5 @@ metadata: rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: ["operators.coreos.com"] - resources: ["*"] + resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] verbs: ["get", "list", "watch"] From 42ade77e109fa3e25cb819c95a5785a3681ee434 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 13 Aug 2018 11:44:05 -0400 Subject: [PATCH 7/7] fix(e2e): re-enable prometheus test --- test/e2e/installplan_e2e_test.go | 2 +- test/e2e/ocs_e2e_test.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/e2e/installplan_e2e_test.go b/test/e2e/installplan_e2e_test.go index 97a0ed9cd5..670defab9c 100644 --- a/test/e2e/installplan_e2e_test.go +++ b/test/e2e/installplan_e2e_test.go @@ -23,7 +23,7 @@ import ( const ( etcdVersion = "3.2.13" - prometheusVersion = "v1.7.0" + prometheusVersion = "v2.3.2" expectedEtcdNodes = 3 expectedPrometheusSize = 3 ocsConfigMap = "ocs" diff --git a/test/e2e/ocs_e2e_test.go b/test/e2e/ocs_e2e_test.go index fd7cc41306..63aee5d0e8 100644 --- a/test/e2e/ocs_e2e_test.go +++ b/test/e2e/ocs_e2e_test.go @@ -305,13 +305,13 @@ func TestInstallPrometheusOCS(t *testing.T) { "labels": map[string]interface{}{"prometheus": "test-prometheus"}, }, "spec": map[string]interface{}{ - "replicas": expectedPrometheusSize, - "version": prometheusVersion, + "replicas": expectedPrometheusSize, + "version": prometheusVersion, + "securityContext": struct{}{}, }, } t.Run("test prometheus object creation", func(t *testing.T) { - t.Skip("skipping prometheus object verification - currently broken") err = c.CreateCustomResource(&unstructured.Unstructured{Object: prometheus}) require.NoError(t, err)