fixes

Signed-off-by: Kaustav Majumder <[email protected]>

config/rbac/role.yaml

@@ -174,6 +174,41 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - alertmanagerconfigs
+  - alertmanagers
+  - prometheuses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - podmonitors
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - prometheusrules
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - monitoring.coreos.com
   resources:
@@ -186,6 +221,28 @@ rules:
   - list
   - update
   - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
 - apiGroups:
   - noobaa.io
   resources:
@@ -362,58 +419,3 @@ rules:
   - templates
   verbs:
   - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  creationTimestamp: null
-  name: manager-role
-  namespace: system
-rules:
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - alertmanagerconfigs
-  - alertmanagers
-  - prometheuses
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - podmonitors
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - prometheusrules
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - servicemonitors
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch

controllers/ocsinitialization/ocsinitialization_controller.go

@@ -60,11 +60,11 @@ type OCSInitializationReconciler struct {
 // +kubebuilder:rbac:groups=ocs.openshift.io,resources=*,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,verbs=get;create;update
 // +kubebuilder:rbac:groups=security.openshift.io,resourceNames=privileged,resources=securitycontextconstraints,verbs=get;create;update
-// +kubebuilder:rbac:groups="networking.k8s.io",namespace=system,resources=networkpolicies,verbs=create;get;list;watch;update
-// +kubebuilder:rbac:groups="monitoring.coreos.com",namespace=system,resources={alertmanagers,prometheuses,alertmanagerconfigs},verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups="monitoring.coreos.com",namespace=system,resources=prometheusrules,verbs=get;list;watch;create;update;patch
-// +kubebuilder:rbac:groups="monitoring.coreos.com",namespace=system,resources=podmonitors,verbs=get;list;watch;update;patch
-// +kubebuilder:rbac:groups="monitoring.coreos.com",namespace=system,resources=servicemonitors,verbs=get;list;watch;update;patch;create;delete
+// +kubebuilder:rbac:groups="networking.k8s.io",resources=networkpolicies,verbs=create;get;list;watch;update
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources={alertmanagers,prometheuses,alertmanagerconfigs},verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheusrules,verbs=get;list;watch;create;update;patch
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=podmonitors,verbs=get;list;watch;update;patch
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=servicemonitors,verbs=get;list;watch;update;patch;create;delete
 
 // Reconcile reads that state of the cluster for a OCSInitialization object and makes changes based on the state read
 // and what is in the OCSInitialization.Spec
@@ -245,6 +245,7 @@ func (r *OCSInitializationReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Owns(&corev1.Service{}).
 		Owns(&v1.NetworkPolicy{}).
 		Owns(&corev1.Secret{}).
+		Owns(&promv1.Prometheus{}).
 		// Watcher for storagecluster required to update
 		// ocs-operator-config configmap if storagecluster spec changes
 		Watches(
@@ -480,7 +481,7 @@ func (r *OCSInitializationReconciler) reconcilePrometheusKubeRBACConfigMap(initi
 
 	var err error
 	prometheusKubeRBACConfigMap := &corev1.ConfigMap{}
-	prometheusKubeRBACConfigMap.Name = templates.PrometheusKubeRBACPoxyConfigMapName
+	prometheusKubeRBACConfigMap.Name = templates.PrometheusKubeRBACProxyConfigMapName
 	prometheusKubeRBACConfigMap.Namespace = initialData.Namespace
 
 	_, err = ctrl.CreateOrUpdate(r.ctx, r.Client, prometheusKubeRBACConfigMap, func() error {
@@ -548,7 +549,6 @@ func (r *OCSInitializationReconciler) reconcilePrometheus(initialData *ocsv1.OCS
 		if err := ctrl.SetControllerReference(initialData, prometheus, r.Scheme); err != nil {
 			return err
 		}
-		//TODO fix image for kube-rbac-proxy
 		prometheus.Spec = templates.PrometheusTemplate.DeepCopy().Spec
 		return nil
 	})
@@ -613,7 +613,7 @@ func (r *OCSInitializationReconciler) reconcileK8sMetricsServiceMonitor(initialD
 	var err error
 
 	k8sMetricsServiceMonitor := &promv1.ServiceMonitor{}
-	k8sMetricsServiceMonitor.Name = ""
+	k8sMetricsServiceMonitor.Name = "k8s-metrics-service-monitor"
 	k8sMetricsServiceMonitor.Namespace = initialData.Namespace
 
 	_, err = ctrl.CreateOrUpdate(r.ctx, r.Client, k8sMetricsServiceMonitor, func() error {

templates/prometheus.go

@@ -18,8 +18,8 @@ var resourceSelector = metav1.LabelSelector{
 }
 
 var (
-	KubeRBACProxyPortNumber             = 9339
-	PrometheusKubeRBACPoxyConfigMapName = "prometheus-kube-rbac-proxy-config"
+	KubeRBACProxyPortNumber              = 9339
+	PrometheusKubeRBACProxyConfigMapName = "prometheus-kube-rbac-proxy-config"
 )
 
 var PrometheusTemplate = promv1.Prometheus{
@@ -40,7 +40,8 @@ var PrometheusTemplate = promv1.Prometheus{
 				},
 			},
 			Containers: []corev1.Container{{
-				Name: "kube-rbac-proxy",
+				Name:  "kube-rbac-proxy",
+				Image: "gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0",
 				Args: []string{
 					fmt.Sprintf("--secure-listen-address=0.0.0.0:%d", KubeRBACProxyPortNumber),
 					"--upstream=http://127.0.0.1:9090/",
@@ -90,7 +91,7 @@ var PrometheusTemplate = promv1.Prometheus{
 					VolumeSource: corev1.VolumeSource{
 						ConfigMap: &corev1.ConfigMapVolumeSource{
 							LocalObjectReference: corev1.LocalObjectReference{
-								Name: PrometheusKubeRBACPoxyConfigMapName,
+								Name: PrometheusKubeRBACProxyConfigMapName,
 							},
 						},
 					},