pkg/helm/run.go,pkg/internal/scaffold: helm operator metrics #1482
Conversation
joelanford
requested review from
AlexNPavel,
lilic,
hasbro17,
theishshah and
estroz
openshift-ci-robot
added
the
size/M
| - apiGroups: | ||
| - apps | ||
| resources: | ||
| - replicasets |
There was a problem hiding this comment.
This is necessary for code that moves up the owner reference chain from the pod to figure out which resource to use for the metrics service owner reference. Since our default operator workload kind is Deployment, the code needs to be able to GET both pods and replicasets. Since we end up using the replicaset's owner reference, we don't actually need GET permission on deployments.
There was a problem hiding this comment.
We already have pods and replicasets listed with the verb * above in Lines 164-184
- apiGroups:
- ""
resources:
- pods
...
verbs:
- "*"
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- "*"Those are the general default rules and these ones are specific to allowing metrics to be exposed. Do you think it's worth adding a comment in the scaffold so it's obvious to the user why we've repeated the rules for pods and replicasets?
There was a problem hiding this comment.
This would be nice. Lili asked this same question when we introduced the initial helm role generation. I looked into it and it turns out it isn't straigtforward since we unmarshal and remarshal the YAML (thus losing the comments) to update the role for CRD APIs.
|
New changes are detected. LGTM label has been removed. |
openshift-ci-robot
added
size/L
openshift-ci-robot
added
the
needs-rebase
openshift-ci-robot
removed
the
needs-rebase
Description of the change:
Adds controller-runtime metrics to the helm-operator.
Motivation for the change:
Improves observability of helm-operator.