-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added rules to ClusterRole #1036
base: main
Are you sure you want to change the base?
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: rbaturov The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see that we're consuming the auth_proxy_role.yaml
[titzhak@fedora numaresources-operator]$ grep -R auth_proxy_role.yaml
config/rbac/kustomization.yaml:#- auth_proxy_role.yaml
Anyway, if this file is supposed to be consumed only on testing environment I would make sure it deployed only there and not on production.
@@ -62,7 +62,7 @@ metadata: | |||
} | |||
] | |||
capabilities: Basic Install | |||
createdAt: "2024-09-25T14:08:22Z" | |||
createdAt: "2024-10-07T12:09:23Z" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not needed. you may commit without this file
We need to modify the ClusterRole to grant the required permissions for the manager pod to access the /metrics endpoint. This is essential for e2e testing, as we will run curl commands from within the manager container to interact with the endpoint. Signed-off-by: Ronny Baturov <[email protected]>
f88eba1
to
d078332
Compare
Thanks for the fast reply. |
But you said it's being used only for e2e tests isn't it? |
Yes you are right. now that I think of this, @ffromani what do you guys think if I'll just use the ClusterRole |
This or you can add the specific content you need using MergePatch: |
|
@rbaturov this is the only missing RBAC changeset to enable the testing per our offline discussion? |
Yes, this is the only change needed to test the operator metrics endpoint for (manager container).
|
ok then this is good to go in main branch for everyone, not just for CI/testing. If upgrade is no bother (as I expect, honestly) than this change can also be backported. |
So can we merge this? |
/hold |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
@rbaturov: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
We need to modify the ClusterRole to grant the required permissions for the manager pod to access the /metrics endpoint. This is essential for e2e testing, as we will run curl commands from within the manager container to interact with the endpoint.
This is needed to support:
https://issues.redhat.com/browse/CNF-10142