diff --git a/Makefile b/Makefile index 6bec192f4d..48e9d52840 100644 --- a/Makefile +++ b/Makefile @@ -163,7 +163,7 @@ check-bundle: bundle generate: gen-k8s gen-crds gen-rbac manifests: - GOFLAGS=-mod=mod go run hack/render-manifests.go -handler-prefix=$(HANDLER_PREFIX) -handler-namespace=$(HANDLER_NAMESPACE) -operator-namespace=$(OPERATOR_NAMESPACE) -handler-image=$(HANDLER_IMAGE) -operator-image=$(OPERATOR_IMAGE) -handler-pull-policy=$(HANDLER_PULL_POLICY) -kube-rbac-proxy-image=$(KUBE_RBAC_PROXY_IMAGE) -operator-pull-policy=$(OPERATOR_PULL_POLICY) -input-dir=deploy/ -output-dir=$(MANIFESTS_DIR) + GOFLAGS=-mod=mod go run hack/render-manifests.go -handler-prefix=$(HANDLER_PREFIX) -handler-namespace=$(HANDLER_NAMESPACE) -operator-namespace=$(OPERATOR_NAMESPACE) -handler-image=$(HANDLER_IMAGE) -operator-image=$(OPERATOR_IMAGE) -handler-pull-policy=$(HANDLER_PULL_POLICY) -monitoring-namespace=$(MONITORING_NAMESPACE) -kube-rbac-proxy-image=$(KUBE_RBAC_PROXY_IMAGE) -operator-pull-policy=$(OPERATOR_PULL_POLICY) -input-dir=deploy/ -output-dir=$(MANIFESTS_DIR) handler: SKIP_PUSH=true handler: push-handler diff --git a/bundle/manifests/kubernetes-nmstate-operator.clusterserviceversion.yaml b/bundle/manifests/kubernetes-nmstate-operator.clusterserviceversion.yaml index 788c862cc2..cf17cca036 100644 --- a/bundle/manifests/kubernetes-nmstate-operator.clusterserviceversion.yaml +++ b/bundle/manifests/kubernetes-nmstate-operator.clusterserviceversion.yaml @@ -256,6 +256,8 @@ spec: value: Always - name: HANDLER_NAMESPACE value: nmstate + - name: MONITORING_NAMESPACE + value: monitoring - name: KUBE_RBAC_PROXY_IMAGE value: quay.io/openshift/origin-kube-rbac-proxy:4.10.0 image: quay.io/nmstate/kubernetes-nmstate-operator:latest diff --git a/controllers/operator/nmstate_controller.go b/controllers/operator/nmstate_controller.go index 71500f6bca..d8d1512aa5 100644 --- a/controllers/operator/nmstate_controller.go +++ b/controllers/operator/nmstate_controller.go @@ -299,6 +299,7 @@ func (r *NMStateReconciler) applyHandler(instance *nmstatev1.NMState) error { data.Data["HandlerImage"] = os.Getenv("RELATED_IMAGE_HANDLER_IMAGE") data.Data["HandlerPullPolicy"] = os.Getenv("HANDLER_IMAGE_PULL_POLICY") data.Data["HandlerPrefix"] = os.Getenv("HANDLER_PREFIX") + data.Data["MonitoringNamespace"] = os.Getenv("MONITORING_NAMESPACE") data.Data["KubeRBACProxyImage"] = os.Getenv("KUBE_RBAC_PROXY_IMAGE") data.Data["InfraNodeSelector"] = archAndCRInfraNodeSelector data.Data["InfraTolerations"] = infraTolerations diff --git a/controllers/operator/nmstate_controller_test.go b/controllers/operator/nmstate_controller_test.go index efa1ff982a..212b031d2e 100644 --- a/controllers/operator/nmstate_controller_test.go +++ b/controllers/operator/nmstate_controller_test.go @@ -73,14 +73,15 @@ var _ = Describe("NMState controller reconcile", func() { UID: "12345", }, } - handlerPrefix = "handler" - handlerNamespace = "nmstate" - handlerKey = types.NamespacedName{Namespace: handlerNamespace, Name: handlerPrefix + "-nmstate-handler"} - webhookKey = types.NamespacedName{Namespace: handlerNamespace, Name: handlerPrefix + "-nmstate-webhook"} - handlerImage = "quay.io/some_image" - kubeRBACProxyImage = "quay.io/some_kube_rbac_proxy_image" - imagePullPolicy = "Always" - manifestsDir = "" + handlerPrefix = "handler" + handlerNamespace = "nmstate" + handlerKey = types.NamespacedName{Namespace: handlerNamespace, Name: handlerPrefix + "-nmstate-handler"} + webhookKey = types.NamespacedName{Namespace: handlerNamespace, Name: handlerPrefix + "-nmstate-webhook"} + handlerImage = "quay.io/some_image" + monitoringNamespace = "monitoring" + kubeRBACProxyImage = "quay.io/some_kube_rbac_proxy_image" + imagePullPolicy = "Always" + manifestsDir = "" ) BeforeEach(func() { var err error @@ -106,6 +107,7 @@ var _ = Describe("NMState controller reconcile", func() { os.Setenv("RELATED_IMAGE_HANDLER_IMAGE", handlerImage) os.Setenv("HANDLER_IMAGE_PULL_POLICY", imagePullPolicy) os.Setenv("HANDLER_PREFIX", handlerPrefix) + os.Setenv("MONITORING_NAMESPACE", monitoringNamespace) os.Setenv("KUBE_RBAC_PROXY_IMAGE", kubeRBACProxyImage) }) AfterEach(func() { diff --git a/deploy/handler/operator.yaml b/deploy/handler/operator.yaml index f59c4bbb18..13765a931d 100644 --- a/deploy/handler/operator.yaml +++ b/deploy/handler/operator.yaml @@ -523,3 +523,34 @@ spec: selector: matchLabels: prometheus.nmstate.io: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: prometheus-k8s + namespace: {{ .HandlerNamespace }} +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: prometheus-k8s + namespace: {{ .HandlerNamespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prometheus-k8s +subjects: + - kind: ServiceAccount + name: prometheus-k8s + namespace: {{ .MonitoringNamespace }} diff --git a/deploy/operator/operator.yaml b/deploy/operator/operator.yaml index ab00557a14..62220edf89 100644 --- a/deploy/operator/operator.yaml +++ b/deploy/operator/operator.yaml @@ -78,5 +78,7 @@ spec: value: {{ .HandlerPullPolicy }} - name: HANDLER_NAMESPACE value: {{ .HandlerNamespace }} + - name: MONITORING_NAMESPACE + value: {{ .MonitoringNamespace }} - name: KUBE_RBAC_PROXY_IMAGE value: {{ .KubeRBACProxyImage }} diff --git a/hack/render-manifests.go b/hack/render-manifests.go index b403eaaa2e..19e2e80292 100644 --- a/hack/render-manifests.go +++ b/hack/render-manifests.go @@ -34,14 +34,15 @@ func exitWithError(err error, cause string, args ...interface{}) { func main() { type Inventory struct { - HandlerNamespace string - HandlerImage string - HandlerPullPolicy string - HandlerPrefix string - OperatorNamespace string - OperatorImage string - OperatorPullPolicy string - KubeRBACProxyImage string + HandlerNamespace string + HandlerImage string + HandlerPullPolicy string + HandlerPrefix string + OperatorNamespace string + OperatorImage string + OperatorPullPolicy string + MonitoringNamespace string + KubeRBACProxyImage string } handlerNamespace := flag.String("handler-namespace", "nmstate", "Namespace for the NMState handler") @@ -51,20 +52,22 @@ func main() { operatorNamespace := flag.String("operator-namespace", "nmstate-operator", "Namespace for the NMState operator") operatorImage := flag.String("operator-image", "", "Image for the NMState operator") operatorPullPolicy := flag.String("operator-pull-policy", "Always", "Pull policy for the NMState operator image") + monitoringNamespace := flag.String("monitoring-namespace", "monitoring", "Namespace for the cluster monitoring") kubeRBACProxyImage := flag.String("kube-rbac-proxy-image", "", "Image for the kube RBAC proxy needed for metrics") inputDir := flag.String("input-dir", "", "Input directory") outputDir := flag.String("output-dir", "", "Output directory") flag.Parse() inventory := Inventory{ - HandlerNamespace: *handlerNamespace, - HandlerImage: *handlerImage, - HandlerPullPolicy: *handlerPullPolicy, - HandlerPrefix: *handlerPrefix, - OperatorNamespace: *operatorNamespace, - OperatorImage: *operatorImage, - OperatorPullPolicy: *operatorPullPolicy, - KubeRBACProxyImage: *kubeRBACProxyImage, + HandlerNamespace: *handlerNamespace, + HandlerImage: *handlerImage, + HandlerPullPolicy: *handlerPullPolicy, + HandlerPrefix: *handlerPrefix, + OperatorNamespace: *operatorNamespace, + OperatorImage: *operatorImage, + OperatorPullPolicy: *operatorPullPolicy, + MonitoringNamespace: *monitoringNamespace, + KubeRBACProxyImage: *kubeRBACProxyImage, } // Clean up output dir so we don't have old files.