Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace the create-rbac-permissions flag by just checking if the SA has permissions #2588

Closed
iblancasa opened this issue Jan 31, 2024 · 3 comments · Fixed by #2787
Closed

Replace the create-rbac-permissions flag by just checking if the SA has permissions #2588

iblancasa opened this issue Jan 31, 2024 · 3 comments · Fixed by #2787
Labels
enhancement New feature or request needs triage

Comments

@iblancasa
Copy link
Contributor

Component(s)

No response

Is your feature request related to a problem? Please describe.

After fixing #2525, the ClusterRole and ClusterRoleBinding are not part of the operator manifest anymore.

Describe the solution you'd like

During a SIG call, we agreed to document that those permissions need to be added to the operator service account if you want the operator to, automatically, generate the RBAC resources for those processors that need it. Also, instead of having the create-rbac-permissions flag, we can check if the SA has permissions to handle those resources and reconcile them.

Describe alternatives you've considered

No response

Additional context

No response
@iblancasa iblancasa added enhancement New feature or request needs triage labels Jan 31, 2024
@pavolloffay pavolloffay mentioned this issue Feb 1, 2024
Closed
@jaronoff97 jaronoff97 mentioned this issue Feb 1, 2024
Closed
iblancasa added a commit to iblancasa/opentelemetry-operator that referenced this issue Mar 25, 2024
@iblancasa
Check for the permissions instead of using a CLI flag. open-telemetry…
774b10c 
…#2588

Signed-off-by: Israel Blancas <iblancasa@gmail.com>
@iblancasa iblancasa mentioned this issue Mar 25, 2024
Merged
iblancasa added a commit to iblancasa/opentelemetry-operator that referenced this issue Apr 8, 2024
@iblancasa
Check for the permissions instead of using a CLI flag. open-telemetry…
de651f3 
…#2588

Signed-off-by: Israel Blancas <iblancasa@gmail.com>
pavolloffay pushed a commit that referenced this issue May 6, 2024
@iblancasa
Check for the permissions instead of using a CLI flag (#2787)
0e96e1f 
* Check for the permissions instead of using a CLI flag. #2588

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix bundle

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix log message

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Add E2E tests and fix #2833

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix tests

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Apply changes requested in code review

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix changelog

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix yaml

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Apply changes requested in code review

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix k8sattributes processor

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix test

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Apply changes requested in code review

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Apply changes requested in code review

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Remove checked error

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Revert change

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix workflow

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix E2E test

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix bundle

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Apply changes requested in code review

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix docs

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fixes #2862

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix E2E tests

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Apply changes requested in code review

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Remove kustomization

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Update bundle

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

* Fix typo

Signed-off-by: Israel Blancas <iblancasa@gmail.com>

---------

Signed-off-by: Israel Blancas <iblancasa@gmail.com>
@SergK SergK mentioned this issue Jun 15, 2024
Closed
@shashankram
Copy link

During a SIG call, we agreed to document that those permissions need to be added to the operator service account if you want the operator to, automatically, generate the RBAC resources for those processors that need it.

What was the reason for this?
How does a user know what RBAC perms a component managed by the operator needs? Isn't that the purpose of an operator, to simplify UX?

@iblancasa
Copy link
Contributor Author

During a SIG call, we agreed to document that those permissions need to be added to the operator service account if you want the operator to, automatically, generate the RBAC resources for those processors that need it.

What was the reason for this? How does a user know what RBAC perms a component managed by the operator needs? Isn't that the purpose of an operator, to simplify UX?

The permissions need to be added anyway to the operator (because if the operator has no permissions over one resource, cannot grant permissions over other resources).

@shashankram
Copy link

During a SIG call, we agreed to document that those permissions need to be added to the operator service account if you want the operator to, automatically, generate the RBAC resources for those processors that need it.

What was the reason for this? How does a user know what RBAC perms a component managed by the operator needs? Isn't that the purpose of an operator, to simplify UX?

The permissions need to be added anyway to the operator (because if the operator has no permissions over one resource, cannot grant permissions over other resources).

Are you referring to the operator needing to create RBAC resources for the collector?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Check for the permissions instead of using a CLI flag iblancasa/opentelemetry-operator
2 participants
@iblancasa @shashankram