From f88eba16e589462e8c9b3cdfe9f37949f5950b9d Mon Sep 17 00:00:00 2001 From: Ronny Baturov Date: Mon, 7 Oct 2024 14:59:14 +0300 Subject: [PATCH] Added rules to ClusterRole We need to modify the ClusterRole to grant the required permissions for the manager and RTE-worker pods to access the /metrics endpoint. This is essential for e2e testing, as we will run curl commands from within the manager and RTE-worker containers to interact with the endpoint. Since this ClusterRole is also used by the RTE service account (as referenced in PR #1035), this change will grant access to both pods. Signed-off-by: Ronny Baturov --- .../numaresources-operator.clusterserviceversion.yaml | 2 +- config/rbac/auth_proxy_role.yaml | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/bundle/manifests/numaresources-operator.clusterserviceversion.yaml b/bundle/manifests/numaresources-operator.clusterserviceversion.yaml index f44c7c914..71b01293b 100644 --- a/bundle/manifests/numaresources-operator.clusterserviceversion.yaml +++ b/bundle/manifests/numaresources-operator.clusterserviceversion.yaml @@ -62,7 +62,7 @@ metadata: } ] capabilities: Basic Install - createdAt: "2024-09-25T14:08:22Z" + createdAt: "2024-10-07T12:09:23Z" olm.skipRange: '>=4.17.0 <4.18.0' operators.operatorframework.io/builder: operator-sdk-v1.36.1 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index 80e1857c5..c6aa0a5c5 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -15,3 +15,13 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get +- nonResourceURLs: + - /metrics + verbs: + - get \ No newline at end of file