From 59f8542090ec99c59b4d8bf3c458761b02c129d8 Mon Sep 17 00:00:00 2001 From: Joe Stephenson Date: Thu, 21 Jul 2022 16:32:00 +0100 Subject: [PATCH] add list rbac permission for SC (#53) --- config/rbac/role.yaml | 6 ++++ controllers/etcdcluster_controller.go | 1 + kuttl/e2e/deployment-test/00-deploy.yaml | 6 ++++ kuttl/e2e/deployment-test/02-assert.yaml | 11 ++++++ .../e2e/deployment-test/02-cluster-no-sc.yaml | 35 +++++++++++++++++++ kuttl/e2e/kuttl-test.yaml | 2 +- 6 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 kuttl/e2e/deployment-test/02-assert.yaml create mode 100644 kuttl/e2e/deployment-test/02-cluster-no-sc.yaml diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 13e77da8..74f46952 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -234,3 +234,9 @@ rules: verbs: - delete - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list diff --git a/controllers/etcdcluster_controller.go b/controllers/etcdcluster_controller.go index c98b3351..7bd4a68c 100644 --- a/controllers/etcdcluster_controller.go +++ b/controllers/etcdcluster_controller.go @@ -1341,6 +1341,7 @@ func peerNameForMember(member etcd.Member) (string, error) { // +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;create;delete;patch;list;watch // +kubebuilder:rbac:groups="monitoring.coreos.com",resources=servicemonitors,verbs=get;create;delete;patch;list;watch // +kubebuilder:rbac:groups="coordination.k8s.io",resources=leases,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups="storage.k8s.io",resources=storageclasses,verbs=list func (r *EtcdClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (_ ctrl.Result, reterr error) { ctx, cancel := context.WithTimeout(ctx, 10*time.Second) diff --git a/kuttl/e2e/deployment-test/00-deploy.yaml b/kuttl/e2e/deployment-test/00-deploy.yaml index be408a38..18a37572 100644 --- a/kuttl/e2e/deployment-test/00-deploy.yaml +++ b/kuttl/e2e/deployment-test/00-deploy.yaml @@ -3764,6 +3764,12 @@ rules: - list - patch - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/kuttl/e2e/deployment-test/02-assert.yaml b/kuttl/e2e/deployment-test/02-assert.yaml new file mode 100644 index 00000000..bdadfe68 --- /dev/null +++ b/kuttl/e2e/deployment-test/02-assert.yaml @@ -0,0 +1,11 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 120 +--- +apiVersion: apps/v1 +kind: ReplicaSet +metadata: + name: storageos-etcd-default-sc-0 + namespace: storageos-etcd +status: + replicas: 1 diff --git a/kuttl/e2e/deployment-test/02-cluster-no-sc.yaml b/kuttl/e2e/deployment-test/02-cluster-no-sc.yaml new file mode 100644 index 00000000..c1be013a --- /dev/null +++ b/kuttl/e2e/deployment-test/02-cluster-no-sc.yaml @@ -0,0 +1,35 @@ +apiVersion: etcd.improbable.io/v1alpha1 +kind: EtcdCluster +metadata: + name: storageos-etcd-default-sc + namespace: storageos-etcd +spec: + replicas: 1 + version: 3.5.3 + tls: + enabled: true + storage: + volumeClaimTemplate: + resources: + requests: + storage: 1Mi + podTemplate: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + cpu: 200m + memory: 200Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: etcd.improbable.io/cluster-name + operator: In + values: + - storageos-etcd + topologyKey: kubernetes.io/hostname diff --git a/kuttl/e2e/kuttl-test.yaml b/kuttl/e2e/kuttl-test.yaml index 93dfc1b6..ca67b12c 100644 --- a/kuttl/e2e/kuttl-test.yaml +++ b/kuttl/e2e/kuttl-test.yaml @@ -7,4 +7,4 @@ startKIND: true kindContainers: - storageos/etcd-cluster-operator-controller:develop - storageos/etcd-cluster-operator-proxy:develop -timeout: 120 +timeout: 240