From 9caffd0ef010ccd6c43665ea86683a732edc2ce5 Mon Sep 17 00:00:00 2001 From: Ayoub Mrini Date: Thu, 23 Nov 2023 09:59:02 +0100 Subject: [PATCH] MON-3287: Remove openshift-etcd related RBAC as they will be manager by cluster-etcd-operator now. The resources may keep some of CMO related metadata, this is the trade-off to keep the same names and avoid unnecessary API calls in CMO. --- .../role-binding-specific-namespaces.yaml | 19 ---------- .../role-specific-namespaces.yaml | 38 ------------------- jsonnet/main.jsonnet | 1 - ...0_cluster-monitoring-operator_02-role.yaml | 26 ------------- 4 files changed, 84 deletions(-) diff --git a/assets/prometheus-k8s/role-binding-specific-namespaces.yaml b/assets/prometheus-k8s/role-binding-specific-namespaces.yaml index cc69573002..cbba13b733 100644 --- a/assets/prometheus-k8s/role-binding-specific-namespaces.yaml +++ b/assets/prometheus-k8s/role-binding-specific-namespaces.yaml @@ -57,25 +57,6 @@ items: - kind: ServiceAccount name: prometheus-k8s namespace: openshift-monitoring -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: openshift-monitoring - app.kubernetes.io/version: 2.48.0 - name: prometheus-k8s - namespace: openshift-etcd - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: openshift-monitoring - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/assets/prometheus-k8s/role-specific-namespaces.yaml b/assets/prometheus-k8s/role-specific-namespaces.yaml index c8b166eec7..ad68b89e20 100644 --- a/assets/prometheus-k8s/role-specific-namespaces.yaml +++ b/assets/prometheus-k8s/role-specific-namespaces.yaml @@ -114,44 +114,6 @@ items: - get - list - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: openshift-monitoring - app.kubernetes.io/version: 2.48.0 - name: prometheus-k8s - namespace: openshift-etcd - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/jsonnet/main.jsonnet b/jsonnet/main.jsonnet index a62187ffdc..dd8001a8e4 100644 --- a/jsonnet/main.jsonnet +++ b/jsonnet/main.jsonnet @@ -206,7 +206,6 @@ local inCluster = name: 'k8s', alertmanagerName: $.values.alertmanager.name, namespaces+: [ - 'openshift-etcd', $.values.common.namespaceUserWorkload, ], namespaceSelector: $.values.common.clusterMonitoringNamespaceSelector, diff --git a/manifests/0000_50_cluster-monitoring-operator_02-role.yaml b/manifests/0000_50_cluster-monitoring-operator_02-role.yaml index d537dd7cea..a6da01c9c1 100644 --- a/manifests/0000_50_cluster-monitoring-operator_02-role.yaml +++ b/manifests/0000_50_cluster-monitoring-operator_02-role.yaml @@ -566,32 +566,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - apiGroups: - "" resources: