fix: add Clusterrole to allow Korrel8r to view Logs and Metrics

Signed-off-by: Shweta Padubidri <[email protected]>

bundle/manifests/observability-operator.clusterserviceversion.yaml

@@ -267,6 +267,25 @@ spec:
           - use
         serviceAccountName: obo-prometheus-operator-admission-webhook
       - rules:
+        - apiGroups:
+          - ""
+          resources:
+          - configmaps
+          - endpoints
+          - events
+          - namespaces
+          - nodes
+          - persistentvolumeclaims
+          - persistentvolumes
+          - pods
+          - replicationcontrollers
+          - secrets
+          - serviceaccounts
+          - services
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - ""
           resources:
@@ -304,6 +323,17 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - apps
+          resources:
+          - daemonsets
+          - deployments
+          - replicasets
+          - statefulsets
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - apps
           resources:
@@ -315,6 +345,23 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - autoscaling
+          resources:
+          - horizontalpodautoscalers
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - batch
+          resources:
+          - cronjobs
+          - jobs
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - config.openshift.io
           resources:
@@ -364,6 +411,34 @@ spec:
           - infrastructure
           verbs:
           - get
+        - apiGroups:
+          - loki.grafana.com
+          resources:
+          - application
+          - audit
+          - infrastructure
+          - network
+          verbs:
+          - get
+        - apiGroups:
+          - monitoring.coreos.com
+          resourceNames:
+          - main
+          resources:
+          - alertmanagers/api
+          verbs:
+          - get
+          - list
+        - apiGroups:
+          - monitoring.coreos.com
+          resourceNames:
+          - k8s
+          resources:
+          - prometheuses/api
+          verbs:
+          - create
+          - get
+          - update
         - apiGroups:
           - monitoring.rhobs
           resources:
@@ -438,6 +513,15 @@ spec:
           - get
           - patch
           - update
+        - apiGroups:
+          - networking.k8s.io
+          resources:
+          - ingresses
+          - networkpolicies
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - observability.openshift.io
           resources:
@@ -481,6 +565,7 @@ spec:
           verbs:
           - create
           - delete
+          - get
           - list
           - patch
           - update
@@ -495,6 +580,7 @@ spec:
           verbs:
           - create
           - delete
+          - get
           - list
           - patch
           - update
@@ -520,6 +606,15 @@ spec:
           - securitycontextconstraints
           verbs:
           - use
+        - apiGroups:
+          - storage.k8s.io
+          resources:
+          - storageclasses
+          - volumeattachments
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - tempo.grafana.com
           resources:

cmd/operator/main.go

@@ -43,7 +43,7 @@ var defaultImages = map[string]string{
 	"ui-troubleshooting-panel": "quay.io/openshift-observability-ui/troubleshooting-panel-console-plugin:v0.1.0",
 	"ui-distributed-tracing":   "quay.io/openshift-observability-ui/distributed-tracing-console-plugin:v0.1.0",
 	"ui-logging":               "quay.io/openshift-logging/logging-view-plugin:6.0.0",
-	"korrel8r":                 "quay.io/korrel8r/korrel8r:0.6.5",
+	"korrel8r":                 "quay.io/korrel8r/korrel8r:0.6.6",
 }
 
 func imagesUsed() []string {

deploy/dependencies/kustomization.yaml

@@ -23,7 +23,6 @@ resources:
 - https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.74.0-rhobs1/example/rbac/prometheus-operator/prometheus-operator-service.yaml
 
 
-
 # Admission Webhook Deployment
 - https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.74.0-rhobs1/example/admission-webhook/deployment.yaml
 - https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.74.0-rhobs1/example/admission-webhook/service-account.yaml
@@ -38,7 +37,6 @@ resources:
 - admission-webhook/alertmanager-config-validating-webhook.yaml
 - admission-webhook/prometheus-rule-validating-webhook.yaml
 
-
 namespace: operators
 namePrefix: obo-
 commonLabels:

deploy/operator/observability-operator-cluster-role.yaml

@@ -4,6 +4,25 @@ kind: ClusterRole
 metadata:
   name: observability-operator
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - events
+  - namespaces
+  - nodes
+  - persistentvolumeclaims
+  - persistentvolumes
+  - pods
+  - replicationcontrollers
+  - secrets
+  - serviceaccounts
+  - services
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -41,6 +60,17 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - apps
   resources:
@@ -52,6 +82,23 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - config.openshift.io
   resources:
@@ -101,6 +148,34 @@ rules:
   - infrastructure
   verbs:
   - get
+- apiGroups:
+  - loki.grafana.com
+  resources:
+  - application
+  - audit
+  - infrastructure
+  - network
+  verbs:
+  - get
+- apiGroups:
+  - monitoring.coreos.com
+  resourceNames:
+  - main
+  resources:
+  - alertmanagers/api
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - monitoring.coreos.com
+  resourceNames:
+  - k8s
+  resources:
+  - prometheuses/api
+  verbs:
+  - create
+  - get
+  - update
 - apiGroups:
   - monitoring.rhobs
   resources:
@@ -175,6 +250,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - observability.openshift.io
   resources:
@@ -218,6 +302,7 @@ rules:
   verbs:
   - create
   - delete
+  - get
   - list
   - patch
   - update
@@ -232,6 +317,7 @@ rules:
   verbs:
   - create
   - delete
+  - get
   - list
   - patch
   - update
@@ -257,6 +343,15 @@ rules:
   - securitycontextconstraints
   verbs:
   - use
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - volumeattachments
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - tempo.grafana.com
   resources:

pkg/controllers/uiplugin/controller.go

@@ -75,6 +75,20 @@ const (
 // RBAC for logging view plugin
 // +kubebuilder:rbac:groups=loki.grafana.com,resources=application;infrastructure;audit,verbs=get
 
+// RBAC for korrel8r
+//+kubebuilder:rbac:groups=apps,resources=daemonsets;deployments;replicasets;statefulsets,verbs=get;list;watch
+//+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings;clusterroles;clusterrolebindings,verbs=get;list;watch
+//+kubebuilder:rbac:groups="",resources=configmaps;endpoints;events;namespaces;nodes;persistentvolumeclaims;persistentvolumes;pods;replicationcontrollers;secrets;serviceaccounts;services,verbs=get;list;watch
+//+kubebuilder:rbac:groups=batch,resources=cronjobs;jobs,verbs=get;list;watch
+//+kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch
+//+kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;list;watch
+//+kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses;volumeattachments,verbs=get;list;watch
+//+kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies;ingresses,verbs=get;list;watch
+//+kubebuilder:rbac:groups=loki.grafana.com,resources=application;infrastructure;audit;network,verbs=get
+//+kubebuilder:rbac:groups=monitoring.coreos.com,resources=prometheuses/api,resourceNames=k8s,verbs=get;create;update
+//+kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers/api,resourceNames=main,verbs=get;list
+
+// RegisterWithManager registers the controller with Manager
 func RegisterWithManager(mgr ctrl.Manager, opts Options) error {
 	logger := ctrl.Log.WithName("observability-ui")