From b2559c31c5e627f00823af27618a3836ed06c17f Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> Date: Fri, 8 Nov 2024 10:10:09 +0100 Subject: [PATCH] fix: Add missing RBAC permissions for finalizers (#246) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Revert to preferring IP addresses for Node listeners by default * Changelog * Docs * Use op-rs release. Also fix tests * docs: Add newline * added permissions for finalizers * missing permission * omit Hostname test case from openshift tests * fixed test * changelog * removed unecessary permissions on PVs --------- Co-authored-by: Natalie Klestrup Röijezon Co-authored-by: Sebastian Bernauer --- CHANGELOG.md | 2 ++ deploy/helm/listener-operator/templates/roles.yaml | 2 ++ ...le.yaml => 20-validate-all-ingresses-are-reachable.yaml.j2} | 3 +++ 3 files changed, 7 insertions(+) rename tests/templates/kuttl/smoke-nodeport/{20-validate-all-ingresses-are-reachable.yaml => 20-validate-all-ingresses-are-reachable.yaml.j2} (86%) diff --git a/CHANGELOG.md b/CHANGELOG.md index ffb06666..a48ab27b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ All notable changes to this project will be documented in this file. - Listener controller now listens for ListenerClass updates ([#231]). - Propagate `ListenerClass.spec.serviceAnnotations` to the created Services ([#234]). - Failing to parse one `Listener`/`ListenerClass` should no longer cause the whole operator to stop functioning ([#238]). +- Added necessary RBAC permissions for running on Openshift ([#246]). [#231]: https://github.com/stackabletech/listener-operator/pull/231 [#232]: https://github.com/stackabletech/listener-operator/pull/232 @@ -31,6 +32,7 @@ All notable changes to this project will be documented in this file. [#237]: https://github.com/stackabletech/listener-operator/pull/237 [#238]: https://github.com/stackabletech/listener-operator/pull/238 [#244]: https://github.com/stackabletech/listener-operator/pull/244 +[#246]: https://github.com/stackabletech/listener-operator/pull/246 ## [24.7.0] - 2024-07-24 diff --git a/deploy/helm/listener-operator/templates/roles.yaml b/deploy/helm/listener-operator/templates/roles.yaml index bdcc116c..2eda982d 100644 --- a/deploy/helm/listener-operator/templates/roles.yaml +++ b/deploy/helm/listener-operator/templates/roles.yaml @@ -118,11 +118,13 @@ rules: resources: - listeners - listeners/status + - listeners/finalizers - podlisteners verbs: - patch - create - delete + - update {{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }} - apiGroups: - security.openshift.io diff --git a/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml b/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 similarity index 86% rename from tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml rename to tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 index 50a0ff87..8d2ccfda 100644 --- a/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml +++ b/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 @@ -48,6 +48,8 @@ spec: containers: - name: query-ingresses image: docker.stackable.tech/stackable/testing-tools:0.2.0-stackable0.0.0-dev +# NOTE: Hostname resolution does not work on our OKD clusters, so the command for testing the Hostname is omitted on Openshift. It would be better to omit this entire test value for Openshift but this is not (yet) possible in beku. +{% if test_scenario['values']['openshift'] == 'true' and test_scenario['values']['addressType'] != "Hostname" %} command: - bash - -euo @@ -70,6 +72,7 @@ spec: echo Requesting $ADDR should return $pod; curl -s $ADDR | grep $pod; done +{% endif %} resources: limits: cpu: 500m