Skip to content

Commit 788f2d7

Browse files
cbandycbandy
authored
Update OLM package for 4.4.0
The only significant change is replacing the wildcard RBAC verb with all the permissions of roles created by the Operator during RBAC reconciliation. See: 78b3975
1 parent def079d commit 788f2d7

File tree

4 files changed

+66
-11
lines changed

4 files changed

+66
-11
lines changed

installers/olm/Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
.DEFAULT_GOAL := help
2+
.SUFFIXES:
23

34
CCP_IMAGE_PREFIX ?= registry.developers.crunchydata.com/crunchydata
45
CCP_IMAGE_TAG ?= $(PGO_BASEOS)-$(CCP_PG_FULLVERSION)-$(PGO_VERSION)

installers/olm/install.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ registry() (
117117
kc create --filename=- <<< "$deployment_json"
118118
kc expose deploy "$registry_name" --port=50051
119119

120-
if ! kc wait --for='condition=available' --timeout='30s' deploy "$registry_name"; then
120+
if ! kc wait --for='condition=available' --timeout='90s' deploy "$registry_name"; then
121121
kc logs --selector="name=$registry_name" --tail='-1' --previous ||
122122
kc logs --selector="name=$registry_name" --tail='-1'
123123
exit 1

installers/olm/openshift.description.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ Create an external service or forward a port locally.
124124

125125
```
126126
oc -n "$PGO_OPERATOR_NAMESPACE" expose deployment postgres-operator
127-
oc -n "$PGO_OPERATOR_NAMESPACE" create route postgres-operator --service=postgres-operator
127+
oc -n "$PGO_OPERATOR_NAMESPACE" create route passthrough postgres-operator --service=postgres-operator
128128
129129
export PGO_APISERVER_URL="https://$(oc -n "$PGO_OPERATOR_NAMESPACE" get route postgres-operator -o jsonpath="{.spec.host}")"
130130
```

installers/olm/postgresoperator.csv.yaml

Lines changed: 63 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ spec:
6666
clusterPermissions:
6767
- serviceAccountName: postgres-operator
6868
rules:
69+
# dynamic namespace mode
6970
- apiGroups:
7071
- ''
7172
resources:
@@ -77,6 +78,7 @@ spec:
7778
- create
7879
- update
7980
- delete
81+
# reconcile rbac
8082
- apiGroups:
8183
- ''
8284
resources:
@@ -90,23 +92,75 @@ spec:
9092
- rbac.authorization.k8s.io
9193
resources:
9294
- roles
95+
- rolebindings
9396
verbs:
94-
- '*' # BUG(cbandy): spec.install.spec.clusterPermissions.rules.verbs in body should be one of [* assign get list watch create update patch put post delete deletecollection initialize use]
95-
#- get
96-
#- create
97-
#- update
98-
#- delete
99-
#- bind
100-
#- escalate
97+
- get
98+
- create
99+
- update
100+
- delete
101101
- apiGroups:
102-
- rbac.authorization.k8s.io
102+
- ''
103103
resources:
104-
- rolebindings
104+
- configmaps
105+
- endpoints
106+
- pods
107+
- pods/exec
108+
- pods/log
109+
- replicasets
110+
- secrets
111+
- services
112+
- persistentvolumeclaims
105113
verbs:
106114
- get
115+
- list
116+
- watch
117+
- create
118+
- patch
119+
- update
120+
- delete
121+
- deletecollection
122+
- apiGroups:
123+
- apps
124+
resources:
125+
- deployments
126+
verbs:
127+
- get
128+
- list
129+
- watch
130+
- create
131+
- patch
132+
- update
133+
- delete
134+
- deletecollection
135+
- apiGroups:
136+
- batch
137+
resources:
138+
- jobs
139+
verbs:
140+
- get
141+
- list
142+
- watch
143+
- create
144+
- patch
145+
- update
146+
- delete
147+
- deletecollection
148+
- apiGroups:
149+
- crunchydata.com
150+
resources:
151+
- pgclusters
152+
- pgpolicies
153+
- pgreplicas
154+
- pgtasks
155+
verbs:
156+
- get
157+
- list
158+
- watch
107159
- create
160+
- patch
108161
- update
109162
- delete
163+
- deletecollection
110164

111165
permissions:
112166
- serviceAccountName: postgres-operator

0 commit comments

Comments
 (0)