Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OCPBUGS-16654: Revert revert "STOR-1065: Rework sidecar bindings to b…
…ind common ClusterRoles" and fix "main" ClusterRoleBinding names PR #87 (#87) reverted "STOR-1065: Rework sidecar bindings to bind common ClusterRoles" as the safest way back to a known good state after nigltly CI tests detected that storage operator is degraded on all gcp and azure installs upgrades. This patch revert that revert and fixes the issue causing failure: modified bindings must have new unique names to keep upgrade happy. Otherwise: ``` processed event: {TypeMeta:{Kind: APIVersion:} ObjectMeta:{Name:azure-disk-csi-driver-operator.1773c595587b1603 GenerateName: Namespace:openshift-cluster-csi-drivers SelfLink: UID:ef428a3e-51ce-482d-b607-38c79981d484 ResourceVersion:55120 Generation:0 CreationTimestamp:2023-07-21 03:52:10 +0000 UTC DeletionTimestamp:<nil> DeletionGracePeriodSeconds:<nil> Labels:map[] Annotations:map[monitor.openshift.io/observed-recreation-count: monitor.openshift.io/observed-update-count:1] OwnerReferences:[] Finalizers:[] ManagedFields:[{Manager:azure-disk-csi-driver-operator Operation:Update APIVersion:v1 Time:2023-07-21 03:52:13 +0000 UTC FieldsType:FieldsV1 FieldsV1:{"f:count":{},"f:firstTimestamp":{},"f:involvedObject":{},"f:lastTimestamp":{},"f:message":{},"f:reason":{},"f:source":{"f:component":{}},"f:type":{}} Subresource:}]} InvolvedObject:{Kind:Deployment Namespace:openshift-cluster-csi-drivers Name:azure-disk-csi-driver-operator UID:324d87d5-4d51-4574-bd86-684e78506e85 APIVersion:apps/v1 ResourceVersion: FieldPath:} Reason:ClusterRoleBindingUpdateFailed Message:Failed to update ClusterRoleBinding.rbac.authorization.k8s.io/azure-disk-csi-attacher-binding: ClusterRoleBinding.rbac.authorization.k8s.io "azure-disk-csi-attacher-binding" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"openshift-csi-main-attacher-role"}: cannot change roleRef Source:{Component:azure-disk-csi-driver-operator-azurediskdriverstaticresourcescontroller-azurediskdriverstaticresourcescontroller Host:} FirstTimestamp:2023-07-21 03:52:10 +0000 UTC LastTimestamp:2023-07-21 03:52:13 +0000 UTC Count:2 Type:Warning EventTime:0001-01-01 00:00:00 +0000 UTC Series:nil Action: Related:nil ReportingController: ReportingInstance:} ```
- Loading branch information
Showing
12 changed files
with
51 additions
and
120 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| # Role for electing leader by the operator | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: Role | ||
| metadata: | ||
| name: azure-disk-csi-driver-lease-leader-election | ||
| namespace: openshift-cluster-csi-drivers | ||
| rules: | ||
| - apiGroups: ["coordination.k8s.io"] | ||
| resources: ["leases"] | ||
| verbs: ["get", "watch", "list", "delete", "update", "create"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| # Grant controller access to leases | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: RoleBinding | ||
| metadata: | ||
| name: azure-disk-csi-driver-lease-leader-election | ||
| namespace: openshift-cluster-csi-drivers | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: Role | ||
| name: azure-disk-csi-driver-lease-leader-election | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: azure-disk-csi-driver-controller-sa | ||
| namespace: openshift-cluster-csi-drivers |
4 changes: 2 additions & 2 deletions
4
assets/rbac/resizer_binding.yaml → assets/rbac/main_attacher_binding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,12 @@ | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: azure-disk-csi-resizer-binding | ||
| name: azure-disk-csi-main-attacher-binding | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: azure-disk-csi-driver-controller-sa | ||
| namespace: openshift-cluster-csi-drivers | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: azure-disk-external-resizer-role | ||
| name: openshift-csi-main-attacher-role | ||
| apiGroup: rbac.authorization.k8s.io |
4 changes: 2 additions & 2 deletions
4
assets/rbac/snapshotter_binding.yaml → assets/rbac/main_provisioner_binding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,12 @@ | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: azure-disk-csi-snapshotter-binding | ||
| name: azure-disk-csi-main-provisioner-binding | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: azure-disk-csi-driver-controller-sa | ||
| namespace: openshift-cluster-csi-drivers | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: azure-disk-external-snapshotter-role | ||
| name: openshift-csi-main-provisioner-role | ||
| apiGroup: rbac.authorization.k8s.io |
4 changes: 2 additions & 2 deletions
4
assets/rbac/attacher_binding.yaml → assets/rbac/main_resizer_binding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,12 @@ | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: azure-disk-csi-attacher-binding | ||
| name: azure-disk-csi-main-resizer-binding | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: azure-disk-csi-driver-controller-sa | ||
| namespace: openshift-cluster-csi-drivers | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: azure-disk-external-attacher-role | ||
| name: openshift-csi-main-resizer-role | ||
| apiGroup: rbac.authorization.k8s.io |
4 changes: 2 additions & 2 deletions
4
assets/rbac/provisioner_binding.yaml → assets/rbac/main_snapshotter_binding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,12 @@ | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: azure-disk-csi-provisioner-binding | ||
| name: azure-disk-csi-main-snapshotter-binding | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: azure-disk-csi-driver-controller-sa | ||
| namespace: openshift-cluster-csi-drivers | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: azure-disk-external-provisioner-role | ||
| name: openshift-csi-main-snapshotter-role | ||
| apiGroup: rbac.authorization.k8s.io |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: azure-disk-storageclass-reader-resizer-binding | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: azure-disk-csi-driver-controller-sa | ||
| namespace: openshift-cluster-csi-drivers | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: openshift-csi-resizer-storageclass-reader-role | ||
| apiGroup: rbac.authorization.k8s.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters