Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm: grant configmap watch permission to constellation-operator-cont… #3632

Merged
merged 1 commit into from
Feb 3, 2025
Merged

helm: grant configmap watch permission to constellation-operator-cont… #3632

merged 1 commit into from
Feb 3, 2025

Conversation

msanft
Copy link
Contributor

@msanft msanft commented Feb 3, 2025

…roller-manager

Context

We have an annoying warning in the constellation-operator-controller-manager pod, indicating that it isn't allowed to watch configmaps:

E0203 09:59:44.215148       1 reflector.go:166] "Unhandled Error" err="external/gazelle~~go_deps~io_k8s_client_go/tools/cache/reflector.go:251: Failed to watch
 *v1.ConfigMap: configmaps is forbidden: User \"system:serviceaccount:kube-system:constellation-operator-controller-manager\" cannot watch resource \"configmap
s\" in API group \"\" at the cluster scope" logger="UnhandledError"

Proposed change(s)

  • Grant the configmap watch permission to the pod.

Checklist

  • Run the E2E tests that are relevant to this PR's changes
  • Update docs
  • Add labels (e.g., for changelog category)
  • Is PR title adequate for changelog?
  • Link to Milestone

@msanft msanft added the no changelog Change won't be listed in release changelog label Feb 3, 2025
@msanft msanft added this to the v2.21.0 milestone Feb 3, 2025
@msanft msanft requested a review from daniel-weisse February 3, 2025 10:01
@msanft msanft requested a review from burgerdev as a code owner February 3, 2025 10:01
@netlify Netlify
Copy link

netlify bot commented Feb 3, 2025
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit 8276e2b
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/67a11155f716ee00087ec4e0

burgerdev
burgerdev approved these changes Feb 3, 2025
View reviewed changes
...ion/helm/charts/edgeless/operators/charts/constellation-operator/templates/manager-rbac.yaml
@@ -13,6 +13,7 @@ rules:
verbs:
- get
- list
- watch
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The RBAC config is semi-automatically generated, the source of truth is in kubebuilder comments:

constellation/operators/constellation-node-operator/controllers/nodeversion_controller.go

Line 86 in 76b642b

//+kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get

This is currently not enforced, but I want to canonicalize kubebuilder eventually (cf. #2837). Could you just add watch there for now, too?

@msanft msanft force-pushed the msanft/helm/fix-warning branch from 3823862 to 8276e2b Compare February 3, 2025 18:56
@msanft msanft requested a review from 3u13r as a code owner February 3, 2025 18:56
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 3, 2025

Coverage report

Package Old New Trend
operators/constellation-node-operator/controllers 30.80% 30.80% 🚧

@msanft msanft merged commit 245700e into main Feb 3, 2025
10 checks passed
@msanft msanft deleted the msanft/helm/fix-warning branch February 3, 2025 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@burgerdev burgerdev burgerdev approved these changes

@daniel-weisse daniel-weisse daniel-weisse approved these changes

@3u13r 3u13r Awaiting requested review from 3u13r 3u13r is a code owner

Assignees
No one assigned
Labels
no changelog Change won't be listed in release changelog
Projects
None yet
Milestone
v2.21.0
Development

Successfully merging this pull request may close these issues.
3 participants
@msanft @burgerdev @daniel-weisse