Cherrypick v1.4.4 changes into main (#585)

* add v1.0.3 support (#524) * add v1.0.3 support * update test files (cherry picked from commit 0763aac) * Changed cluster role binding for secrets to role binding on specific namespaces (#527) * Changed cluster role binding for secrets to role binding on specific namespaces * Modified sample CRD * Added Default CSM Namespace * Added csmNamespace in crds and samples * Added namespace - default to role * Hardcoded CSM namespace as dell-csm * Added namespace creation * Added secret names * add Namespace to GetModuleComponentObj * Added secret names * ClusterRole does not have namespace (k8s docs) --------- Co-authored-by: nijayf <francis.nijay@emc.com> Co-authored-by: Jooseppi Luna <jooseppi_luna@dell.com> (cherry picked from commit 4e74385) * Remove secret create restriction by resourcenames (#529) * Removed restriction by resourcenames * Moved permissions from clusterrole to role * Moved permissions from clusterrole to role * Update statefulset.yaml * Update statefulset.yaml * Update statefulset.yaml * Added list permission for secret at cluster level * removed list secret * review changes * review changes --------- Co-authored-by: Jooseppi Luna <jooseppi_luna@dell.com> (cherry picked from commit 7520e8a) * dont delete namespaces BRUV (#531) (cherry picked from commit 8ce8e00) --------- Co-authored-by: JacobGros <jacobgrosner4@gmail.com> Co-authored-by: Francis Nijay <francis.nijay@dell.com>
dell · Jun 3, 2024 · 9cfc181 · 9cfc181
1 parent c1260ff
commit 9cfc181
Show file tree

Hide file tree

Showing 17 changed files with 4,635 additions and 25 deletions.
diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml
@@ -26,14 +26,13 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: connectivity-client-docker-k8s
-  namespace: <NAMESPACE>
 rules:
   - apiGroups: [""]
     resources: ["pods"]
     verbs: ["list", "watch"]
   - apiGroups: [""]
     resources: ["namespaces"]
-    verbs: ["get", "list", "watch", "create"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
     verbs: ["list", "watch"]
@@ -58,36 +57,135 @@ rules:
   - apiGroups: ["storage.k8s.io"]
     resources: ["csidrivers"]
     verbs: ["list", "watch", "get"]
+  - apiGroups: ["storage.dell.com"]
+    resources: ["containerstoragemodules"]
+    verbs: ["list", "get", "watch"]
+  - apiGroups: ["mobility.storage.dell.com"]
+    resources: ["backups"]
+    verbs: ["list", "get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: connectivity-client-docker-k8s
+  namespace: <NAMESPACE>
+subjects:
+  - kind: ServiceAccount
+    name: connectivity-client-docker-k8s
+    namespace: <NAMESPACE>
+roleRef:
+  kind: ClusterRole
+  name: connectivity-client-docker-k8s
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: connectivity-client-docker-k8s
+  namespace: <NAMESPACE>
+rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["list","get", "create", "update", "delete"]
+    verbs: ["list","get", "create", "update", "delete", "watch"]
   - apiGroups: [""]
     resources: ["configmaps"]
     verbs: ["get", "create", "delete", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: connectivity-client-docker-k8s
+  namespace: <NAMESPACE>
+subjects:
+  - kind: ServiceAccount
+    name: connectivity-client-docker-k8s
+    namespace: <NAMESPACE>
+roleRef:
+  kind: Role
+  name: connectivity-client-docker-k8s
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: connectivity-client-docker-k8s
+  namespace: default
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "delete", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: connectivity-client-docker-k8s
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: connectivity-client-docker-k8s
+    namespace: <NAMESPACE>
+roleRef:
+  kind: Role
+  name: connectivity-client-docker-k8s
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: connectivity-client-docker-k8s
+  namespace: "karavi"
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["list","get", "create", "update", "delete", "watch"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "create", "delete", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: connectivity-client-docker-k8s
+  namespace: "karavi"
+subjects:
+  - kind: ServiceAccount
+    name: connectivity-client-docker-k8s
+    namespace: <NAMESPACE>
+roleRef:
+  kind: Role
+  name: connectivity-client-docker-k8s
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: connectivity-client-docker-k8s
+  namespace: "dell-csm"
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["list","get", "create", "update", "delete","watch"]
   - apiGroups: ["storage.dell.com"]
     resources: ["containerstoragemodules"]
-    verbs: ["list", "create", "get", "delete", "watch"]
+    verbs: ["create", "delete"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "create", "delete", "update"]
   - apiGroups: ["mobility.storage.dell.com"]
     resources: ["backups"]
-    verbs: ["list", "create", "get"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["issuers"]
-    verbs: ["list", "get", "create", "delete"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates"]
-    verbs: ["list", "get", "create", "delete"]
+    verbs: ["create"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
   name: connectivity-client-docker-k8s
-  namespace: <NAMESPACE>
+  namespace: "dell-csm"
 subjects:
   - kind: ServiceAccount
     name: connectivity-client-docker-k8s
     namespace: <NAMESPACE>
 roleRef:
-  kind: ClusterRole
+  kind: Role
   name: connectivity-client-docker-k8s
   apiGroup: rbac.authorization.k8s.io
 ---

diff --git a/...leconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml b/...leconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: application-mobility-controller-manager-metrics-service
+  namespace: <NAMESPACE>
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    control-plane: controller-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: <NAMESPACE>-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get