From cd8ebe99dd5313465b5a6cc1cf096cefea71df07 Mon Sep 17 00:00:00 2001 From: Michele Mangili <83061719+michele-mangili@users.noreply.github.com> Date: Thu, 20 Jul 2023 17:30:11 +0200 Subject: [PATCH] fix(cluster-scanner): corrected role to support OKD4 (#1247) --- charts/cluster-scanner/Chart.yaml | 2 +- charts/cluster-scanner/README.md | 8 ++++---- charts/cluster-scanner/templates/role.yaml | 2 ++ charts/cluster-scanner/tests/role_test.yaml | 1 + charts/sysdig-deploy/Chart.yaml | 4 ++-- 5 files changed, 10 insertions(+), 7 deletions(-) diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml index 1e21de8be..9dbbd1921 100644 --- a/charts/cluster-scanner/Chart.yaml +++ b/charts/cluster-scanner/Chart.yaml @@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner type: application -version: 0.3.2 +version: 0.3.3 appVersion: "0.1.0" home: https://www.sysdig.com/ diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md index b067d2c3b..a1d5597ac 100644 --- a/charts/cluster-scanner/README.md +++ b/charts/cluster-scanner/README.md @@ -25,7 +25,7 @@ $ pre-commit run -a $ helm repo add sysdig https://charts.sysdig.com $ helm repo update $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.3.2 \ + --create-namespace -n sysdig --version=0.3.3 \ --set global.clusterConfig.name=CLUSTER_NAME \ --set global.sysdig.region=SYSDIG_REGION \ --set global.sysdig.accessKey=YOUR-KEY-HERE @@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run: ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.3.2 \ + --create-namespace -n sysdig --version=0.3.3 \ --set global.clusterConfig.name=CLUSTER_NAME \ --set global.sysdig.region=SYSDIG_REGION \ --set global.sysdig.accessKey=YOUR-KEY-HERE @@ -146,7 +146,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to ` ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.3.2 \ + --create-namespace -n sysdig --version=0.3.3 \ --set global.sysdig.region="us1" ``` @@ -155,7 +155,7 @@ installing the chart. For example: ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.3.2 \ + --create-namespace -n sysdig --version=0.3.3 \ --values values.yaml ``` diff --git a/charts/cluster-scanner/templates/role.yaml b/charts/cluster-scanner/templates/role.yaml index 8a94cea10..79d9be595 100644 --- a/charts/cluster-scanner/templates/role.yaml +++ b/charts/cluster-scanner/templates/role.yaml @@ -21,6 +21,8 @@ rules: - apiGroups: ["*"] resources: - "endpoints" + # Following is required for OpenShift. See https://docs.openshift.com/container-platform/3.11/architecture/core_concepts/pods_and_services.html#endpoints + - "endpoints/restricted" resourceNames: - {{ include "cluster-scanner.fullname" . }} verbs: ["*"] diff --git a/charts/cluster-scanner/tests/role_test.yaml b/charts/cluster-scanner/tests/role_test.yaml index 333ff4627..72ee7736a 100644 --- a/charts/cluster-scanner/tests/role_test.yaml +++ b/charts/cluster-scanner/tests/role_test.yaml @@ -45,6 +45,7 @@ tests: apiGroups: ["*"] resources: - "endpoints" + - "endpoints/restricted" resourceNames: - test-release-cluster-scanner verbs: ["*"] diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index c0f062058..80b245a14 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.12.10 +version: 1.12.11 maintainers: - name: aroberts87 email: adam.roberts@sysdig.com @@ -36,7 +36,7 @@ dependencies: - name: cluster-scanner # repository: https://charts.sysdig.com repository: file://../cluster-scanner - version: ~0.3.2 + version: ~0.3.3 alias: clusterScanner condition: clusterScanner.enabled - name: kspm-collector