From a1bac79fd4c5403997c146aaf1d594c5988e01e2 Mon Sep 17 00:00:00 2001 From: Daniel Hrabovcak Date: Wed, 17 Jul 2024 16:17:25 -0400 Subject: [PATCH] refactor: remove DaemonSet update and patch permission --- charts/operator/templates/role.yaml | 2 +- manifests/operator.yaml | 2 +- pkg/operator/collection.go | 13 +------------ 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/charts/operator/templates/role.yaml b/charts/operator/templates/role.yaml index 4394ae8d0a..e1fe89cf0b 100644 --- a/charts/operator/templates/role.yaml +++ b/charts/operator/templates/role.yaml @@ -78,7 +78,7 @@ rules: - daemonsets apiGroups: ["apps"] resourceNames: ["collector"] - verbs: ["get", "list", "watch", "patch", "update"] + verbs: ["get", "list", "watch"] - resources: - deployments apiGroups: ["apps"] diff --git a/manifests/operator.yaml b/manifests/operator.yaml index 789375e55e..1d32542325 100644 --- a/manifests/operator.yaml +++ b/manifests/operator.yaml @@ -204,7 +204,7 @@ rules: - daemonsets apiGroups: ["apps"] resourceNames: ["collector"] - verbs: ["get", "list", "watch", "patch", "update"] + verbs: ["get", "list", "watch"] - resources: - deployments apiGroups: ["apps"] diff --git a/pkg/operator/collection.go b/pkg/operator/collection.go index 21d7949d89..a9bf42a57c 100644 --- a/pkg/operator/collection.go +++ b/pkg/operator/collection.go @@ -229,18 +229,7 @@ func (r *collectionReconciler) ensureCollectorDaemonSet(ctx context.Context) err logger.Error(err, "collector DaemonSet does not exist") return nil } - if err != nil { - return err - } - - setContainerExtraArgs(ds.Spec.Template.Spec.Containers, CollectorPrometheusContainerName, "") - - // Support not having UPDATE permission. We will remove it in the future. - // See: https://github.com/GoogleCloudPlatform/prometheus-engine/pull/1079 - if err := r.client.Update(ctx, &ds); !apierrors.IsForbidden(err) { - return err - } - return nil + return err } func gzipData(data []byte) ([]byte, error) {