Update monitoring role for config policy #40
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As mentioned in a comment in the metrics doc, our config policy metrics are not showing up on managed clusters, but it works on the hub I'm guessing because the roles are obtained another way. I followed this doc to make these updates: https://docs.openshift.com/container-platform/4.11/operators/operator_sdk/osdk-monitoring-prometheus.html After updating, the prometheus on the managed cluster was able to start collecting the metrics. Refs: - https://issues.redhat.com/browse/ACM-2324 Signed-off-by: Gus Parvin <[email protected]>
JustinKuli
approved these changes
Dec 6, 2022
| @@ -18,6 +18,9 @@ rules: | |||
| resources: | |||
| - services | |||
| - pods | |||
| - endpoints | |||
| - nodes | |||
There was a problem hiding this comment.
Seems odd that nodes are required here. I can kind of understand endpoints and maybe secrets though... But this is what's doc'd so, it seems good to me!
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gparvin, JustinKuli The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@gparvin: cannot checkout In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-merge-robot
pushed a commit
that referenced
this pull request
Dec 15, 2022
Reducing the permissions added by pr #40 We discovered only the endpoints permission was needed. The secrets and nodes was not needed. Since those were documented there is a chance there could be some scenario where the extra permissions are needed. Preferring to keep the rbac more restrictive. Signed-off-by: Gus Parvin <[email protected]>
magic-mirror-bot bot
pushed a commit
to stolostron/governance-policy-addon-controller
that referenced
this pull request
Dec 15, 2022
Reducing the permissions added by pr open-cluster-management-io/governance-policy-addon-controller#40 We discovered only the endpoints permission was needed. The secrets and nodes was not needed. Since those were documented there is a chance there could be some scenario where the extra permissions are needed. Preferring to keep the rbac more restrictive. Signed-off-by: Gus Parvin <[email protected]> (cherry picked from commit 1755befaf76eee44a7fe36a4a1f575d953f5d4fc)
magic-mirror-bot bot
pushed a commit
to stolostron/governance-policy-addon-controller
that referenced
this pull request
Dec 15, 2022
Reducing the permissions added by pr open-cluster-management-io/governance-policy-addon-controller#40 We discovered only the endpoints permission was needed. The secrets and nodes was not needed. Since those were documented there is a chance there could be some scenario where the extra permissions are needed. Preferring to keep the rbac more restrictive. Signed-off-by: Gus Parvin <[email protected]> (cherry picked from commit 1755befaf76eee44a7fe36a4a1f575d953f5d4fc)
dhaiducek
pushed a commit
to openshift-cherrypick-robot/governance-policy-addon-controller
that referenced
this pull request
Dec 19, 2022
Reducing the permissions added by pr open-cluster-management-io/governance-policy-addon-controller#40 We discovered only the endpoints permission was needed. The secrets and nodes was not needed. Since those were documented there is a chance there could be some scenario where the extra permissions are needed. Preferring to keep the rbac more restrictive. Signed-off-by: Gus Parvin <[email protected]> (cherry picked from commit 1755befaf76eee44a7fe36a4a1f575d953f5d4fc)
openshift-merge-robot
pushed a commit
to stolostron/governance-policy-addon-controller
that referenced
this pull request
Jan 4, 2023
Reducing the permissions added by pr open-cluster-management-io/governance-policy-addon-controller#40 We discovered only the endpoints permission was needed. The secrets and nodes was not needed. Since those were documented there is a chance there could be some scenario where the extra permissions are needed. Preferring to keep the rbac more restrictive. Signed-off-by: Gus Parvin <[email protected]> (cherry picked from commit 1755befaf76eee44a7fe36a4a1f575d953f5d4fc)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As mentioned in a comment in the metrics doc, our config policy metrics are not showing up on managed clusters, but it works on the hub I'm guessing because the roles are obtained another way. I followed this doc to make these updates:
https://docs.openshift.com/container-platform/4.11/operators/operator_sdk/osdk-monitoring-prometheus.html After updating, the prometheus on the managed cluster was able to start collecting the metrics.
Refs:
Signed-off-by: Gus Parvin [email protected]