diff --git a/config/e2e/manager_e2e_coverage_copy_pod.yaml b/config/e2e/manager_e2e_coverage_copy_pod.yaml index 45139d062..3802cc265 100644 --- a/config/e2e/manager_e2e_coverage_copy_pod.yaml +++ b/config/e2e/manager_e2e_coverage_copy_pod.yaml @@ -2,13 +2,6 @@ apiVersion: v1 kind: Pod metadata: name: e2e-coverage-copy-pod - labels: - app.kubernetes.io/name: e2e-coverage-copy-pod - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/component: e2e-coverage - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize spec: restartPolicy: Never securityContext: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 23e407afc..42827cca3 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -3,12 +3,6 @@ kind: Namespace metadata: labels: control-plane: controller-manager - app.kubernetes.io/name: namespace - app.kubernetes.io/instance: system - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/enforce-version: latest name: system @@ -22,12 +16,6 @@ metadata: kubectl.kubernetes.io/default-logs-container: manager labels: control-plane: controller-manager - app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize spec: selector: matchLabels: @@ -102,4 +90,4 @@ spec: terminationGracePeriodSeconds: 10 volumes: - name: cache - emptyDir: {} \ No newline at end of file + emptyDir: {} diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index e0d88607f..d19136ae7 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -5,12 +5,6 @@ kind: ServiceMonitor metadata: labels: control-plane: controller-manager - app.kubernetes.io/name: servicemonitor - app.kubernetes.io/instance: controller-manager-metrics-monitor - app.kubernetes.io/component: metrics - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: controller-manager-metrics-monitor namespace: system spec: diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index 55168229d..51a75db47 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -1,13 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: metrics-reader - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: metrics-reader rules: - nonResourceURLs: diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index f7c39f0e4..80e1857c5 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -1,13 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: proxy-role - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: proxy-role rules: - apiGroups: diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index 015ea605a..ec7acc0a1 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -1,13 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: proxy-rolebinding - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index aba6f62bb..71f179727 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -3,12 +3,6 @@ kind: Service metadata: labels: control-plane: controller-manager - app.kubernetes.io/name: service - app.kubernetes.io/instance: controller-manager-metrics-service - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: controller-manager-metrics-service namespace: system spec: diff --git a/config/rbac/clusterextension_editor_role.yaml b/config/rbac/clusterextension_editor_role.yaml index 4eef877aa..61cd61ce3 100644 --- a/config/rbac/clusterextension_editor_role.yaml +++ b/config/rbac/clusterextension_editor_role.yaml @@ -2,13 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: clusterextension-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: clusterextension-editor-role rules: - apiGroups: @@ -23,9 +16,3 @@ rules: - patch - update - watch -- apiGroups: - - olm.operatorframework.io - resources: - - clusterextensions/status - verbs: - - get diff --git a/config/rbac/clusterextension_viewer_role.yaml b/config/rbac/clusterextension_viewer_role.yaml index 5ffd0ecdb..bee8b9d9e 100644 --- a/config/rbac/clusterextension_viewer_role.yaml +++ b/config/rbac/clusterextension_viewer_role.yaml @@ -2,13 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: clusterextension-viewer-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: clusterextension-viewer-role rules: - apiGroups: @@ -19,9 +12,3 @@ rules: - get - list - watch -- apiGroups: - - olm.operatorframework.io - resources: - - clusterextensions/status - verbs: - - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6a..33b8765d5 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -9,6 +9,14 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml + +# The following resources are pre-defined roles for editors and viewers +# of APIs provided by this project. +- clusterextension_editor_role.yaml +- clusterextension_viewer_role.yaml +- extension_editor_role.yaml +- extension_viewer_role.yaml + # Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 3c1f16437..4190ec805 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -2,13 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - labels: - app.kubernetes.io/name: role - app.kubernetes.io/instance: leader-election-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: leader-election-role rules: - apiGroups: diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 4dd54f272..1d1321ed4 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -1,13 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - labels: - app.kubernetes.io/name: rolebinding - app.kubernetes.io/instance: leader-election-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: leader-election-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index d75683ff4..91556a364 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -48,7 +48,6 @@ rules: resources: - clusterextensions/status verbs: - - get - patch - update - apiGroups: @@ -74,6 +73,5 @@ rules: resources: - extensions/status verbs: - - get - patch - update diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 98f405860..2070ede44 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,13 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: manager-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 2f81b60e5..7cd6025bf 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -1,12 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - labels: - app.kubernetes.io/name: serviceaccount - app.kubernetes.io/instance: controller-manager-sa - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: operator-controller - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize name: controller-manager namespace: system diff --git a/config/samples/olm_v1alpha1_clusterextension.yaml b/config/samples/olm_v1alpha1_clusterextension.yaml index e7585d7f9..73ac97722 100644 --- a/config/samples/olm_v1alpha1_clusterextension.yaml +++ b/config/samples/olm_v1alpha1_clusterextension.yaml @@ -1,12 +1,6 @@ apiVersion: olm.operatorframework.io/v1alpha1 kind: ClusterExtension metadata: - labels: - app.kubernetes.io/name: clusterextension - app.kubernetes.io/instance: clusterextension-sample - app.kubernetes.io/part-of: operator-controller - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: operator-controller name: clusterextension-sample spec: packageName: argocd-operator diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go index ffd02a2ee..f7c9a9be9 100644 --- a/internal/controllers/clusterextension_controller.go +++ b/internal/controllers/clusterextension_controller.go @@ -56,7 +56,7 @@ type ClusterExtensionReconciler struct { } //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions,verbs=get;list;watch -//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/status,verbs=get;update;patch +//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/status,verbs=update;patch //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/finalizers,verbs=update //+kubebuilder:rbac:groups=core.rukpak.io,resources=bundledeployments,verbs=get;list;watch;create;update;patch diff --git a/internal/controllers/extension_controller.go b/internal/controllers/extension_controller.go index 03a7b341f..994b8cdb4 100644 --- a/internal/controllers/extension_controller.go +++ b/internal/controllers/extension_controller.go @@ -44,7 +44,7 @@ type ExtensionReconciler struct { } //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=extensions,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=extensions/status,verbs=get;update;patch +//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=extensions/status,verbs=update;patch //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=extensions/finalizers,verbs=update // Reconcile is part of the main kubernetes reconciliation loop which aims to