From 10e3708f2a6b1e66471c959b4b4f07eddaf24c2e Mon Sep 17 00:00:00 2001 From: Theo Barber-Bany Date: Mon, 18 Dec 2023 10:29:38 +0000 Subject: [PATCH] Adds GCP ClusterRole and ClusterRoleBinding This change adds back the ClusterRole and ClusterRoleBinding removed in [OCPBUGS-5825](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/778). This is because it is still required at present. --- pkg/cloud/cloud_test.go | 18 +++++++++++------ ...-cloud-controller-manager-clusterrole.yaml | 20 +++++++++++++++++++ ...controller-manager-clusterrolebinding.yaml | 12 +++++++++++ pkg/cloud/gcp/gcp.go | 3 +++ pkg/cloud/gcp/gcp_test.go | 2 +- 5 files changed, 48 insertions(+), 7 deletions(-) create mode 100644 pkg/cloud/gcp/assets/gcp-cloud-controller-manager-clusterrole.yaml create mode 100644 pkg/cloud/gcp/assets/gcp-cloud-controller-manager-clusterrolebinding.yaml diff --git a/pkg/cloud/cloud_test.go b/pkg/cloud/cloud_test.go index 1626c847f..0ae885f3b 100644 --- a/pkg/cloud/cloud_test.go +++ b/pkg/cloud/cloud_test.go @@ -157,17 +157,23 @@ func TestGetResources(t *testing.T) { }, { name: "GCP resources returned as expected", testPlatform: platformsMap[string(configv1.GCPPlatformType)], - expectedResourceCount: 2, + expectedResourceCount: 4, expectedResourcesKindName: []string{ "Deployment/gcp-cloud-controller-manager", "PodDisruptionBudget/gcp-cloud-controller-manager", + "ClusterRole/gcp-cloud-controller-manager", + "ClusterRoleBinding/gcp-cloud-controller-manager:gcp-cloud-controller-manager", }, }, { - name: "GCP resources returned as expected with single node cluster", - testPlatform: platformsMap[string(configv1.GCPPlatformType)], - expectedResourceCount: 1, - singleReplica: true, - expectedResourcesKindName: []string{"Deployment/gcp-cloud-controller-manager"}, + name: "GCP resources returned as expected with single node cluster", + testPlatform: platformsMap[string(configv1.GCPPlatformType)], + expectedResourceCount: 3, + singleReplica: true, + expectedResourcesKindName: []string{ + "Deployment/gcp-cloud-controller-manager", + "ClusterRole/gcp-cloud-controller-manager", + "ClusterRoleBinding/gcp-cloud-controller-manager:gcp-cloud-controller-manager", + }, }, { name: "Azure resources returned as expected", testPlatform: platformsMap[string(configv1.AzurePlatformType)], diff --git a/pkg/cloud/gcp/assets/gcp-cloud-controller-manager-clusterrole.yaml b/pkg/cloud/gcp/assets/gcp-cloud-controller-manager-clusterrole.yaml new file mode 100644 index 000000000..dff0bfb16 --- /dev/null +++ b/pkg/cloud/gcp/assets/gcp-cloud-controller-manager-clusterrole.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gcp-cloud-controller-manager +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - services/status + verbs: + - patch + - update diff --git a/pkg/cloud/gcp/assets/gcp-cloud-controller-manager-clusterrolebinding.yaml b/pkg/cloud/gcp/assets/gcp-cloud-controller-manager-clusterrolebinding.yaml new file mode 100644 index 000000000..181482a88 --- /dev/null +++ b/pkg/cloud/gcp/assets/gcp-cloud-controller-manager-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gcp-cloud-controller-manager:gcp-cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gcp-cloud-controller-manager +subjects: +- kind: ServiceAccount + name: cloud-provider + namespace: kube-system diff --git a/pkg/cloud/gcp/gcp.go b/pkg/cloud/gcp/gcp.go index 80089f304..ed5bc0a7d 100644 --- a/pkg/cloud/gcp/gcp.go +++ b/pkg/cloud/gcp/gcp.go @@ -6,6 +6,7 @@ import ( "github.com/asaskevich/govalidator" appsv1 "k8s.io/api/apps/v1" + rbacv1 "k8s.io/api/rbac/v1" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/openshift/cluster-cloud-controller-manager-operator/pkg/cloud/common" @@ -19,6 +20,8 @@ var ( assetsFs embed.FS templates = []common.TemplateSource{ {ReferenceObject: &appsv1.Deployment{}, EmbedFsPath: "assets/cloud-controller-manager.yaml"}, + {ReferenceObject: &rbacv1.ClusterRole{}, EmbedFsPath: "assets/gcp-cloud-controller-manager-clusterrole.yaml"}, + {ReferenceObject: &rbacv1.ClusterRoleBinding{}, EmbedFsPath: "assets/gcp-cloud-controller-manager-clusterrolebinding.yaml"}, } ) diff --git a/pkg/cloud/gcp/gcp_test.go b/pkg/cloud/gcp/gcp_test.go index a43c18250..79bd7802d 100644 --- a/pkg/cloud/gcp/gcp_test.go +++ b/pkg/cloud/gcp/gcp_test.go @@ -55,7 +55,7 @@ func TestResourcesRenderingSmoke(t *testing.T) { } resources := assets.GetRenderedResources() - assert.Len(t, resources, 1) + assert.Len(t, resources, 3) }) } }