Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1838297: Creating role and roleBinding when enabling monitoring for an operator #5529

Merged
merged 1 commit into from May 26, 2020
Merged

Bug 1838297: Creating role and roleBinding when enabling monitoring for an operator #5529

merged 1 commit into from May 26, 2020

Conversation

jhadvig
Copy link
Member

@jhadvig jhadvig commented May 21, 2020

  • show the enable monitoring even when the suggested NS exists
  • variables name refactoring

/assign @spadgett

@openshift-ci-robot openshift-ci-robot added bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels May 21, 2020
@openshift-ci-robot
Copy link
Contributor

@jhadvig: This pull request references Bugzilla bug 1831081, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.0) matches configured target release for branch (4.5.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1831081: Creating role and roleBinding when enabling monitoring for an operator

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the component/olm Related to OLM label May 21, 2020
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 21, 2020
@jhadvig jhadvig changed the title Bug 1831081: Creating role and roleBinding when enabling monitoring for an operator Bug 1838297: Creating role and roleBinding when enabling monitoring for an operator May 22, 2020
@openshift-ci-robot openshift-ci-robot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. and removed bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels May 22, 2020
@openshift-ci-robot
Copy link
Contributor

@jhadvig: This pull request references Bugzilla bug 1838297, which is invalid:

  • expected the bug to target the "4.5.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1838297: Creating role and roleBinding when enabling monitoring for an operator

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label May 22, 2020
@jhadvig
Copy link
Member Author

jhadvig commented May 22, 2020

/bugzilla refresh

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label May 22, 2020
@openshift-ci-robot
Copy link
Contributor

@jhadvig: This pull request references Bugzilla bug 1838297, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.0) matches configured target release for branch (4.5.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label May 22, 2020
@jhadvig jhadvig mentioned this pull request May 22, 2020
Merged
jhadvig
jhadvig commented May 25, 2020
View reviewed changes
...d/packages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-subscribe.tsx Outdated

const createNamespaceDetails = isSuggestedNamespaceSelected && !suggestedNamespaceExists && (
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here I was in an impression that we wanna show the monitoring checkbox even if the suggested namespace exists. Thats why Im PATCHing the suggested namespace in that case.

When this annotation is set to true, the OpenShift Console will update the namespace that the operator is being deployed to with the openshift.io/cluster-monitoring=true label.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We intentionally didn't do this before because it enables monitoring for the entire namespace, and we don't know what workloads might already be running.

@shawn-hurley @bparees Any opinion on this?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, we need to be extra careful when we give folks the ability to add metrics to the cluster monitoring stack. I think that we should keep the logic that we only allow you to add monitoring if the namespace does not exist.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that we should keep the logic that we only allow you to add monitoring if the namespace does not exist.

on the one hand it sounds reasonable to me, on the other hand we make no restrictions on adding workloads to a namespace that has monitoring enabled, so while we protect you in one direction(keep you from turning monitoring on when existing untrusted workloads may exist), we provide no protection in the other direction(keeping you from adding untrusted workloads to a monitored namespace). Something to think about for the future, perhaps.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @lilic @s-urbaniak

spadgett
spadgett requested changes May 26, 2020
View reviewed changes
Copy link
Member

@spadgett spadgett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhadvig I think the handling of existing namespaces should be a separate change (if we want to change behavior). Let's make this PR just always create the role and role binding for a new namespace when enabling monitoring and deal with existing namespaces separately. It's a smaller change to backport as well.

...d/packages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-subscribe.tsx Outdated Show resolved Hide resolved
...d/packages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-subscribe.tsx Outdated Show resolved Hide resolved
...d/packages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-subscribe.tsx Outdated Show resolved Hide resolved
@jhadvig
Copy link
Member Author

jhadvig commented May 26, 2020

@spadgett comments addressed. PTAL

spadgett
spadgett approved these changes May 26, 2020
View reviewed changes
Copy link
Member

@spadgett spadgett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label May 26, 2020
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jhadvig, spadgett

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit 520dbfa into openshift:master May 26, 2020
@openshift-ci-robot
Copy link
Contributor

@jhadvig: All pull requests linked via external trackers have merged: openshift/console#5529. Bugzilla bug 1838297 has been moved to the MODIFIED state.

In response to this:

Bug 1838297: Creating role and roleBinding when enabling monitoring for an operator

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@spadgett
Copy link
Member

/cherry-pick release-4.4

@openshift-cherrypick-robot
Copy link

@spadgett: new pull request created: #5617

In response to this:

/cherry-pick release-4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request May 28, 2020
Merged
@spadgett spadgett added this to the v4.5 milestone May 28, 2020
@spadgett spadgett mentioned this pull request May 28, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shawn-hurley shawn-hurley shawn-hurley left review comments

@bparees bparees bparees left review comments

@spadgett spadgett spadgett approved these changes

@jeff-phillips-18 jeff-phillips-18 Awaiting requested review from jeff-phillips-18

Assignees

@spadgett spadgett

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. component/olm Related to OLM lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
v4.5
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@jhadvig @openshift-ci-robot @openshift-bot @spadgett @openshift-cherrypick-robot @shawn-hurley @bparees @openshift-merge-robot