From 0afcbffaaf7ae3e65bd069621e132eece2dce25c Mon Sep 17 00:00:00 2001 From: Tomas Nozicka Date: Wed, 5 Jun 2024 19:56:36 +0200 Subject: [PATCH] Sync --- deploy/operator.yaml | 40 +++++++++++++------ deploy/operator/00_clusterrole_def.yaml | 31 ++++++++------ ..._scyllacluster_member_clusterrole_def.yaml | 9 +++++ .../10_haproxy-ingress.role.yaml | 13 ++++++ ...inding.yaml => 20_clusterrolebinding.yaml} | 0 .../20_haproxy-ingress.rolebinding.yaml | 12 ++++++ ...ng.yaml => 20_prometheus.rolebinding.yaml} | 0 ...oy.yaml => 50_haproxy-ingress.deploy.yaml} | 0 ...=> 50_ingress-default-backend.deploy.yaml} | 0 ....deploy.yaml => 50_prometheus.deploy.yaml} | 0 .../templates/clusterrole_def.yaml | 31 ++++++++------ .../scyllacluster_member_clusterrole_def.yaml | 9 +++++ 12 files changed, 109 insertions(+), 36 deletions(-) create mode 100644 examples/third-party/haproxy-ingress/10_haproxy-ingress.role.yaml rename examples/third-party/haproxy-ingress/{10_clusterrolebinding.yaml => 20_clusterrolebinding.yaml} (100%) create mode 100644 examples/third-party/haproxy-ingress/20_haproxy-ingress.rolebinding.yaml rename examples/third-party/haproxy-ingress/{10_prometheus.rolebinding.yaml => 20_prometheus.rolebinding.yaml} (100%) rename examples/third-party/haproxy-ingress/{10_haproxy-ingress.deploy.yaml => 50_haproxy-ingress.deploy.yaml} (100%) rename examples/third-party/haproxy-ingress/{10_ingress-default-backend.deploy.yaml => 50_ingress-default-backend.deploy.yaml} (100%) rename examples/third-party/haproxy-ingress/{10_prometheus.deploy.yaml => 50_prometheus.deploy.yaml} (100%) diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 329d93e3937..b37ae7a2ff4 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -61,6 +61,12 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - update - apiGroups: - "" resources: @@ -115,7 +121,9 @@ rules: - scylla.scylladb.com resources: - scyllaclusters + - scyllaclusters/finalizers - scylladbmonitorings + - scylladbmonitorings/finalizers verbs: - create - delete @@ -139,6 +147,7 @@ rules: - "" resources: - configmaps + - configmaps/finalizers verbs: - create - delete @@ -175,6 +184,8 @@ rules: - scylla.scylladb.com resources: - nodeconfigs + - nodeconfigs/status + - nodeconfigs/finalizers verbs: - create - delete @@ -209,18 +220,6 @@ rules: - patch - update - watch -- apiGroups: - - scylla.scylladb.com - resources: - - nodeconfigs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - batch resources: @@ -283,6 +282,14 @@ rules: - patch - update - delete +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use --- apiVersion: v1 @@ -5093,6 +5100,7 @@ rules: - "" resources: - configmaps + - configmaps/finalizers verbs: - get - list @@ -5122,6 +5130,14 @@ rules: - scyllaclusters verbs: - get +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deploy/operator/00_clusterrole_def.yaml b/deploy/operator/00_clusterrole_def.yaml index d4a0c2c0ed9..6263a4b6de1 100644 --- a/deploy/operator/00_clusterrole_def.yaml +++ b/deploy/operator/00_clusterrole_def.yaml @@ -51,6 +51,12 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - update - apiGroups: - "" resources: @@ -105,7 +111,9 @@ rules: - scylla.scylladb.com resources: - scyllaclusters + - scyllaclusters/finalizers - scylladbmonitorings + - scylladbmonitorings/finalizers verbs: - create - delete @@ -129,6 +137,7 @@ rules: - "" resources: - configmaps + - configmaps/finalizers verbs: - create - delete @@ -165,6 +174,8 @@ rules: - scylla.scylladb.com resources: - nodeconfigs + - nodeconfigs/status + - nodeconfigs/finalizers verbs: - create - delete @@ -199,18 +210,6 @@ rules: - patch - update - watch -- apiGroups: - - scylla.scylladb.com - resources: - - nodeconfigs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - batch resources: @@ -273,3 +272,11 @@ rules: - patch - update - delete +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use diff --git a/deploy/operator/00_scyllacluster_member_clusterrole_def.yaml b/deploy/operator/00_scyllacluster_member_clusterrole_def.yaml index 4058a7f0d81..f49ff22f3b5 100644 --- a/deploy/operator/00_scyllacluster_member_clusterrole_def.yaml +++ b/deploy/operator/00_scyllacluster_member_clusterrole_def.yaml @@ -24,6 +24,7 @@ rules: - "" resources: - configmaps + - configmaps/finalizers verbs: - get - list @@ -53,3 +54,11 @@ rules: - scyllaclusters verbs: - get +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use diff --git a/examples/third-party/haproxy-ingress/10_haproxy-ingress.role.yaml b/examples/third-party/haproxy-ingress/10_haproxy-ingress.role.yaml new file mode 100644 index 00000000000..01787839162 --- /dev/null +++ b/examples/third-party/haproxy-ingress/10_haproxy-ingress.role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: haproxy-ingress +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use diff --git a/examples/third-party/haproxy-ingress/10_clusterrolebinding.yaml b/examples/third-party/haproxy-ingress/20_clusterrolebinding.yaml similarity index 100% rename from examples/third-party/haproxy-ingress/10_clusterrolebinding.yaml rename to examples/third-party/haproxy-ingress/20_clusterrolebinding.yaml diff --git a/examples/third-party/haproxy-ingress/20_haproxy-ingress.rolebinding.yaml b/examples/third-party/haproxy-ingress/20_haproxy-ingress.rolebinding.yaml new file mode 100644 index 00000000000..ebe89868052 --- /dev/null +++ b/examples/third-party/haproxy-ingress/20_haproxy-ingress.rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: haproxy-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: haproxy-ingress +subjects: +- kind: ServiceAccount + name: haproxy-ingress + namespace: haproxy-ingress diff --git a/examples/third-party/haproxy-ingress/10_prometheus.rolebinding.yaml b/examples/third-party/haproxy-ingress/20_prometheus.rolebinding.yaml similarity index 100% rename from examples/third-party/haproxy-ingress/10_prometheus.rolebinding.yaml rename to examples/third-party/haproxy-ingress/20_prometheus.rolebinding.yaml diff --git a/examples/third-party/haproxy-ingress/10_haproxy-ingress.deploy.yaml b/examples/third-party/haproxy-ingress/50_haproxy-ingress.deploy.yaml similarity index 100% rename from examples/third-party/haproxy-ingress/10_haproxy-ingress.deploy.yaml rename to examples/third-party/haproxy-ingress/50_haproxy-ingress.deploy.yaml diff --git a/examples/third-party/haproxy-ingress/10_ingress-default-backend.deploy.yaml b/examples/third-party/haproxy-ingress/50_ingress-default-backend.deploy.yaml similarity index 100% rename from examples/third-party/haproxy-ingress/10_ingress-default-backend.deploy.yaml rename to examples/third-party/haproxy-ingress/50_ingress-default-backend.deploy.yaml diff --git a/examples/third-party/haproxy-ingress/10_prometheus.deploy.yaml b/examples/third-party/haproxy-ingress/50_prometheus.deploy.yaml similarity index 100% rename from examples/third-party/haproxy-ingress/10_prometheus.deploy.yaml rename to examples/third-party/haproxy-ingress/50_prometheus.deploy.yaml diff --git a/helm/scylla-operator/templates/clusterrole_def.yaml b/helm/scylla-operator/templates/clusterrole_def.yaml index d4a0c2c0ed9..6263a4b6de1 100644 --- a/helm/scylla-operator/templates/clusterrole_def.yaml +++ b/helm/scylla-operator/templates/clusterrole_def.yaml @@ -51,6 +51,12 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - update - apiGroups: - "" resources: @@ -105,7 +111,9 @@ rules: - scylla.scylladb.com resources: - scyllaclusters + - scyllaclusters/finalizers - scylladbmonitorings + - scylladbmonitorings/finalizers verbs: - create - delete @@ -129,6 +137,7 @@ rules: - "" resources: - configmaps + - configmaps/finalizers verbs: - create - delete @@ -165,6 +174,8 @@ rules: - scylla.scylladb.com resources: - nodeconfigs + - nodeconfigs/status + - nodeconfigs/finalizers verbs: - create - delete @@ -199,18 +210,6 @@ rules: - patch - update - watch -- apiGroups: - - scylla.scylladb.com - resources: - - nodeconfigs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - batch resources: @@ -273,3 +272,11 @@ rules: - patch - update - delete +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use diff --git a/helm/scylla-operator/templates/scyllacluster_member_clusterrole_def.yaml b/helm/scylla-operator/templates/scyllacluster_member_clusterrole_def.yaml index 4058a7f0d81..f49ff22f3b5 100644 --- a/helm/scylla-operator/templates/scyllacluster_member_clusterrole_def.yaml +++ b/helm/scylla-operator/templates/scyllacluster_member_clusterrole_def.yaml @@ -24,6 +24,7 @@ rules: - "" resources: - configmaps + - configmaps/finalizers verbs: - get - list @@ -53,3 +54,11 @@ rules: - scyllaclusters verbs: - get +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use