This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 6c6a332f3454493f4dfbda606d0df4bdd18ed586
Author: Antonin Stefanutti <anto...@stefanutti.fr>
AuthorDate: Thu Sep 2 12:21:13 2021 +0200
chore: Remove Ingress permission on OpenShift
---
e2e/support/test_support.go | 8 +++++++-
pkg/install/common.go | 18 +++++++++++++++++-
pkg/install/operator.go | 22 +++++++++++++---------
3 files changed, 37 insertions(+), 11 deletions(-)
diff --git a/e2e/support/test_support.go b/e2e/support/test_support.go
index f883844..323362e 100644
--- a/e2e/support/test_support.go
+++ b/e2e/support/test_support.go
@@ -1071,7 +1071,13 @@ func CreateOperatorRole(ns string) (err error) {
if err != nil {
panic(err)
}
- err = install.Resource(TestContext, TestClient(), ns, true,
install.IdentityResourceCustomizer, "/rbac/operator-role-kubernetes.yaml")
+ customizer := install.IdentityResourceCustomizer
+ if oc {
+ // Remove Ingress permissions as it's not needed on OpenShift
+ // This should ideally be removed from the common RBAC manifest.
+ customizer = install.RemoveIngressRoleCustomizer
+ }
+ err = install.Resource(TestContext, TestClient(), ns, true, customizer,
"/rbac/operator-role-kubernetes.yaml")
if err != nil {
return err
}
diff --git a/pkg/install/common.go b/pkg/install/common.go
index 345d112..dfc4f9c 100644
--- a/pkg/install/common.go
+++ b/pkg/install/common.go
@@ -21,6 +21,8 @@ import (
"context"
"strings"
+ networking "k8s.io/api/networking/v1"
+ rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/errors"
k8s "k8s.io/client-go/kubernetes"
@@ -41,12 +43,26 @@ var IdentityResourceCustomizer = func(object ctrl.Object)
ctrl.Object {
return object
}
+var RemoveIngressRoleCustomizer = func(object ctrl.Object) ctrl.Object {
+ if role, ok := object.(*rbacv1.Role); ok && role.Name ==
"camel-k-operator" {
+ rules:
+ for i, rule := range role.Rules {
+ for _, group := range rule.APIGroups {
+ if group == networking.GroupName {
+ role.Rules = append(role.Rules[:i],
role.Rules[i+1:]...)
+ break rules
+ }
+ }
+ }
+ }
+ return object
+}
+
// Resources installs named resources from the project resource directory
func Resources(ctx context.Context, c client.Client, namespace string, force
bool, customizer ResourceCustomizer, names ...string) error {
return ResourcesOrCollect(ctx, c, namespace, nil, force, customizer,
names...)
}
-// ResourcesOrCollect --
func ResourcesOrCollect(ctx context.Context, c client.Client, namespace
string, collection *kubernetes.Collection,
force bool, customizer ResourceCustomizer, names ...string) error {
for _, name := range names {
diff --git a/pkg/install/operator.go b/pkg/install/operator.go
index 513deef..b1ca8a7 100644
--- a/pkg/install/operator.go
+++ b/pkg/install/operator.go
@@ -23,7 +23,6 @@ import (
"strings"
"github.com/pkg/errors"
- "k8s.io/apimachinery/pkg/types"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
@@ -31,6 +30,7 @@ import (
k8serrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/intstr"
ctrl "sigs.k8s.io/controller-runtime/pkg/client"
@@ -45,7 +45,6 @@ import (
"github.com/apache/camel-k/pkg/util/patch"
)
-// OperatorConfiguration --
type OperatorConfiguration struct {
CustomImage string
CustomImagePullPolicy string
@@ -59,12 +58,10 @@ type OperatorConfiguration struct {
ResourcesRequirements []string
}
-// OperatorHealthConfiguration --
type OperatorHealthConfiguration struct {
Port int32
}
-// OperatorMonitoringConfiguration --
type OperatorMonitoringConfiguration struct {
Enabled bool
Port int32
@@ -72,6 +69,11 @@ type OperatorMonitoringConfiguration struct {
// OperatorOrCollect installs the operator resources or adds them to the
collector if present
func OperatorOrCollect(ctx context.Context, c client.Client, cfg
OperatorConfiguration, collection *kubernetes.Collection, force bool) error {
+ isOpenShift, err := isOpenShift(c, cfg.ClusterType)
+ if err != nil {
+ return err
+ }
+
customizer := func(o ctrl.Object) ctrl.Object {
if cfg.CustomImage != "" {
if d, ok := o.(*appsv1.Deployment); ok {
@@ -186,6 +188,13 @@ func OperatorOrCollect(ctx context.Context, c
client.Client, cfg OperatorConfigu
}
}
}
+
+ if isOpenShift {
+ // Remove Ingress permissions as it's not needed on
OpenShift
+ // This should ideally be removed from the common RBAC
manifest.
+ RemoveIngressRoleCustomizer(o)
+ }
+
return o
}
@@ -195,10 +204,6 @@ func OperatorOrCollect(ctx context.Context, c
client.Client, cfg OperatorConfigu
}
// Install OpenShift RBAC resources if needed (roles and bindings)
- isOpenShift, err := isOpenShift(c, cfg.ClusterType)
- if err != nil {
- return err
- }
if isOpenShift {
if err := installOpenShiftRoles(ctx, c, cfg.Namespace,
customizer, collection, force); err != nil {
return err
@@ -448,7 +453,6 @@ func PlatformOrCollect(ctx context.Context, c
client.Client, clusterType string,
return pl, nil
}
-// ExampleOrCollect --
func ExampleOrCollect(ctx context.Context, c client.Client, namespace string,
collection *kubernetes.Collection, force bool) error {
return ResourcesOrCollect(ctx, c, namespace, collection, force,
IdentityResourceCustomizer,
"/samples/bases/camel_v1_integration.yaml",
