Merge pull request #5529 from jhadvig/bz1831081

Bug 1838297: Creating role and roleBinding when enabling monitoring for an operator
openshift · May 26, 2020 · 520dbfa · 520dbfa
2 parents 727cb5e + c2b5546
commit 520dbfa
Showing 1 changed file with 43 additions and 1 deletion.
diff --git a/...ackages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-subscribe.tsx b/...ackages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-subscribe.tsx
@@ -35,7 +35,7 @@ import {
   PackageManifestModel,
   ClusterServiceVersionModel,
 } from '../../models';
-import { NamespaceModel } from '@console/internal/models';
+import { NamespaceModel, RoleBindingModel, RoleModel } from '@console/internal/models';
 import {
   OperatorGroupKind,
   PackageManifestKind,
@@ -218,6 +218,44 @@ export const OperatorHubSubscribeForm: React.FC<OperatorHubSubscribeFormProps> =
       },
     };
 
+    const rbacName = `${selectedTargetNamespace}-prometheus`;
+    const prometheusRole = {
+      kind: RoleModel.kind,
+      apiVersion: `${RoleModel.apiGroup}/${RoleModel.apiVersion}`,
+      metadata: {
+        name: rbacName,
+        namespace: selectedTargetNamespace,
+      },
+      rules: [
+        {
+          apiGroups: [''],
+          resources: ['services', 'endpoints', 'pods'],
+          verbs: ['get', 'list', 'watch'],
+        },
+      ],
+    };
+
+    const prometheusRoleBinding = {
+      kind: RoleBindingModel.kind,
+      apiVersion: `${RoleBindingModel.apiGroup}/${RoleBindingModel.apiVersion}`,
+      metadata: {
+        name: rbacName,
+        namespace: selectedTargetNamespace,
+      },
+      roleRef: {
+        kind: 'Role',
+        name: rbacName,
+        apiGroup: RoleBindingModel.apiGroup,
+      },
+      subjects: [
+        {
+          kind: 'ServiceAccount',
+          name: 'prometheus-operator',
+          namespace: 'openshift-monitoring',
+        },
+      ],
+    };
+
     const operatorGroup: OperatorGroupKind = {
       apiVersion: apiVersionForModel(OperatorGroupModel) as OperatorGroupKind['apiVersion'],
       kind: 'OperatorGroup',
@@ -254,6 +292,10 @@ export const OperatorHubSubscribeForm: React.FC<OperatorHubSubscribeFormProps> =
     try {
       if (isSuggestedNamespaceSelected && !suggestedNamespaceExists) {
         await k8sCreate(NamespaceModel, ns);
+        if (operatorRequestsMonitoring && enableMonitoring) {
+          await k8sCreate(RoleModel, prometheusRole);
+          await k8sCreate(RoleBindingModel, prometheusRoleBinding);
+        }
       }
       if (
         !props.operatorGroup.data.some(