NETOBSERV-972 check if cluster admin via namespaces

Follow-up on netobserv#320, which relaxed the permission checks performed when lokiAuth is DISABLED: after discussion, we roll back to a more strict approach; however to mitigate the limitation of TokenReview (it doesn't provide a reliable way to check for cluster admins right), we verify that the user can list namespaces, assuming this is a cluster admin capability.
jotak · May 9, 2023 · 175f3b3 · 175f3b3
1 parent e2b2a89
commit 175f3b3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -15,6 +15,6 @@ kind: Kustomization
 images:
 - name: controller
   newName: quay.io/netobserv/network-observability-operator
-  newTag: 1.0.2
+  newTag: main
 commonLabels:
   app: netobserv-operator
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -30,11 +30,11 @@ spec:
         - --downstream-deployment=$(DOWNSTREAM_DEPLOYMENT)
         env:
           - name: RELATED_IMAGE_EBPF_AGENT
-            value: quay.io/netobserv/netobserv-ebpf-agent:v0.3.0
+            value: quay.io/netobserv/netobserv-ebpf-agent:main
           - name: RELATED_IMAGE_FLOWLOGS_PIPELINE
-            value: quay.io/netobserv/flowlogs-pipeline:v0.1.8
+            value: quay.io/netobserv/flowlogs-pipeline:main
           - name: RELATED_IMAGE_CONSOLE_PLUGIN
-            value: quay.io/netobserv/network-observability-console-plugin:v0.1.9
+            value: quay.io/netobserv/network-observability-console-plugin:main
           - name: DOWNSTREAM_DEPLOYMENT
             value: "false"
         image: controller:latest