fix: Add missing RBAC permissions for finalizers (#246)

* Revert to preferring IP addresses for Node listeners by default * Changelog * Docs * Use op-rs release. Also fix tests * docs: Add newline * added permissions for finalizers * missing permission * omit Hostname test case from openshift tests * fixed test * changelog * removed unecessary permissions on PVs --------- Co-authored-by: Natalie Klestrup Röijezon <nat@nullable.se> Co-authored-by: Sebastian Bernauer <sebastian.bernauer@stackable.tech>
stackabletech · Nov 8, 2024 · b2559c3 · b2559c3
1 parent 0b38a1c
commit b2559c3
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -23,6 +23,7 @@ All notable changes to this project will be documented in this file.
 - Listener controller now listens for ListenerClass updates ([#231]).
 - Propagate `ListenerClass.spec.serviceAnnotations` to the created Services ([#234]).
 - Failing to parse one `Listener`/`ListenerClass` should no longer cause the whole operator to stop functioning ([#238]).
+- Added necessary RBAC permissions for running on Openshift ([#246]).
 
 [#231]: https://github.com/stackabletech/listener-operator/pull/231
 [#232]: https://github.com/stackabletech/listener-operator/pull/232
@@ -31,6 +32,7 @@ All notable changes to this project will be documented in this file.
 [#237]: https://github.com/stackabletech/listener-operator/pull/237
 [#238]: https://github.com/stackabletech/listener-operator/pull/238
 [#244]: https://github.com/stackabletech/listener-operator/pull/244
+[#246]: https://github.com/stackabletech/listener-operator/pull/246
 
 ## [24.7.0] - 2024-07-24
 

diff --git a/deploy/helm/listener-operator/templates/roles.yaml b/deploy/helm/listener-operator/templates/roles.yaml
@@ -118,11 +118,13 @@ rules:
     resources:
       - listeners
       - listeners/status
+      - listeners/finalizers
       - podlisteners
     verbs:
       - patch
       - create
       - delete
+      - update
 {{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
   - apiGroups:
     - security.openshift.io

diff --git a/...validate-all-ingresses-are-reachable.yaml → ...idate-all-ingresses-are-reachable.yaml.j2 b/...validate-all-ingresses-are-reachable.yaml → ...idate-all-ingresses-are-reachable.yaml.j2
@@ -48,6 +48,8 @@ spec:
       containers:
         - name: query-ingresses
           image: docker.stackable.tech/stackable/testing-tools:0.2.0-stackable0.0.0-dev
+# NOTE: Hostname resolution does not work on our OKD clusters, so the command for testing the Hostname is omitted on Openshift. It would be better to omit this entire test value for Openshift but this is not (yet) possible in beku.
+{% if test_scenario['values']['openshift'] == 'true' and test_scenario['values']['addressType'] != "Hostname" %}
           command:
             - bash
             - -euo
@@ -70,6 +72,7 @@ spec:
                 echo Requesting $ADDR should return $pod;
                 curl -s $ADDR | grep $pod;
               done
+{% endif %}
           resources:
             limits:
               cpu: 500m