Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator: v1alpha2 mitigations #1285

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

operator: v1alpha2 mitigations #1285

wants to merge 5 commits into from

Conversation

chrisseto
Copy link
Contributor

No description provided.

@chrisseto chrisseto force-pushed the chris/operator-updates branch 2 times, most recently from 4a35d7e to e623d17 Compare May 17, 2024 19:11
@chrisseto chrisseto changed the title Chris/operator updates operator: v1alpha2 mitigations May 17, 2024
@chrisseto chrisseto marked this pull request as ready for review May 17, 2024 19:14
@RafalKorepta RafalKorepta force-pushed the chris/operator-updates branch 2 times, most recently from 0fa808d to 5c38baa Compare May 20, 2024 08:53
@RafalKorepta
Copy link
Contributor

RafalKorepta commented May 20, 2024
edited
Loading 

Error from server (Forbidden): error when retrieving current configuration of:
  Resource: "redpanda.vectorized.io/v1alpha1, Resource=clusters", GroupVersionKind: "redpanda.vectorized.io/v1alpha1, Kind=Cluster"
  Name: "cluster-tls", Namespace: "operator-szjomzu2kt"
  from server for: "STDIN": clusters.redpanda.vectorized.io "cluster-tls" is forbidden: User "system:serviceaccount:operator-szjomzu2kt:operator-szjomzu2kt" cannot get resource "clusters" in API group "redpanda.vectorized.io" in the namespace "operator-szjomzu2kt": RBAC: [clusterrole.rbac.authorization.k8s.io "operator-szjomzu2kt-proxy-role" not found, clusterrole.rbac.authorization.k8s.io "operator-szjomzu2kt-manager-role" not found]

https://github.com/redpanda-data/helm-charts/actions/runs/9156148797/job/25169993574?pr=1285#step:12:675

I will try to change/add/generate Role and RoleBinding (maybe ServiceAccount) for test pod.

Reference

https://github.com/redpanda-data/helm-charts/pull/1285/files#diff-5f3d8f6dc09177af0aa981073b367b7fe3949331c953f181933429610bd98225

chrisseto and others added 4 commits May 20, 2024 12:02
@chrisseto @RafalKorepta
operator: remove templates in favor of following kustomize
7510a48 
Previously there existed two sets of manifest for the operator. One in the
operator repo and one in the operator helm chart. Not only was the duplication
at risk of getting out of sync, there also existed a divergent feature set
between the two.

This commit removes as much of the operator helm chart as possible, instead
opting to follow the kustomize resources published by the operator itself.

This results in a few behavioral changes:
- {,Cluster}Role{,Bindings} names have changed and the total amount of
  permissions have been consolidated.
- `webhooks.enabled` now defaults to `true`. Disabling webhooks will likely
  result in a non-functional operator. This toggle will be removed in the
  future.
- `scope` is now deprecated. This poorly named field did not function the way
  it was documented and is no long possible to continue supporting due to the
  necessity of webhooks. It still exists and controls whether the operator runs
  in a namespaced mode or not BUT it does not affect the total set of RBAC
  objects created by this chart.
@chrisseto @RafalKorepta
fixup! operator: add golden tests to the operator chart
57dab07
@chrisseto @RafalKorepta
fixup! operator: remove templates in favor of following kustomize
4127041
@RafalKorepta
Update v1alpha1.Redpanda resource to v1alpha2.Redpanda
280225c
@chrisseto chrisseto marked this pull request as draft May 20, 2024 16:01
@chrisseto
Copy link
Contributor Author

Moving this into a draft as we no longer need to resort to such drastic changes. Though we'll probably merge portions of this over time as it contains some desirable changes.

@chrisseto chrisseto mentioned this pull request Sep 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RafalKorepta RafalKorepta Awaiting requested review from RafalKorepta RafalKorepta is a code owner

@JakeSCahill JakeSCahill Awaiting requested review from JakeSCahill JakeSCahill is a code owner

@andrewstucki andrewstucki Awaiting requested review from andrewstucki andrewstucki will be requested when the pull request is marked ready for review andrewstucki is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chrisseto @RafalKorepta