This is an automated email from the ASF dual-hosted git repository.
tsato pushed a commit to branch release-1.9.x
in repository https://gitbox.apache.org/repos/asf/camel-k.git
The following commit(s) were added to refs/heads/release-1.9.x by this push:
new f2018ec44 fix(#3390): Fix Knative addressable resolver cluster role
binding in global operator mode
f2018ec44 is described below
commit f2018ec4423486cae1e0ae92ddc77d4cc9eaa783
Author: Christoph Deppisch <[email protected]>
AuthorDate: Mon Jun 27 20:10:41 2022 +0200
fix(#3390): Fix Knative addressable resolver cluster role binding in global
operator mode
Use proper operator namespace in the service account role binding subject
for global operators. Was using empty global operator watch namespace before
which caused errors in the cluster role binding.
(cherry picked from commit 2ffdcfab6f8fa4ee90f9581b26ebf7cbe48aa685)
---
pkg/install/knative.go | 16 ++++++++--------
pkg/install/optional.go | 2 +-
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/pkg/install/knative.go b/pkg/install/knative.go
index 6f30db5ab..23d779c60 100644
--- a/pkg/install/knative.go
+++ b/pkg/install/knative.go
@@ -32,26 +32,26 @@ import (
const knativeAddressableResolverClusterRoleName = "addressable-resolver"
-// BindKnativeAddressableResolverClusterRole binds the Knative Addressable
resolver aggregated ClusterRole
+// BindKnativeAddressableResolverClusterRole binds the Knative addressable
resolver aggregated ClusterRole
// to the operator ServiceAccount.
-func BindKnativeAddressableResolverClusterRole(ctx context.Context, c
kubernetes.Interface, namespace string) error {
+func BindKnativeAddressableResolverClusterRole(ctx context.Context, c
kubernetes.Interface, namespace string, operatorNamespace string) error {
if isKnative, err := knative.IsInstalled(ctx, c); err != nil {
return err
} else if !isKnative {
return nil
}
if namespace != "" {
- return applyAddressableResolverRoleBinding(ctx, c, namespace)
+ return applyAddressableResolverRoleBinding(ctx, c, namespace,
operatorNamespace)
}
- return applyAddressableResolverClusterRoleBinding(ctx, c, namespace)
+ return applyAddressableResolverClusterRoleBinding(ctx, c,
operatorNamespace)
}
-func applyAddressableResolverRoleBinding(ctx context.Context, c
kubernetes.Interface, namespace string) error {
+func applyAddressableResolverRoleBinding(ctx context.Context, c
kubernetes.Interface, namespace string, operatorNamespace string) error {
rb := rbacv1ac.RoleBinding(fmt.Sprintf("%s-addressable-resolver",
serviceAccountName), namespace).
WithSubjects(
rbacv1ac.Subject().
WithKind("ServiceAccount").
- WithNamespace(namespace).
+ WithNamespace(operatorNamespace).
WithName(serviceAccountName),
).
WithRoleRef(rbacv1ac.RoleRef().
@@ -65,12 +65,12 @@ func applyAddressableResolverRoleBinding(ctx
context.Context, c kubernetes.Inter
return err
}
-func applyAddressableResolverClusterRoleBinding(ctx context.Context, c
kubernetes.Interface, namespace string) error {
+func applyAddressableResolverClusterRoleBinding(ctx context.Context, c
kubernetes.Interface, operatorNamespace string) error {
crb :=
rbacv1ac.ClusterRoleBinding(fmt.Sprintf("%s-addressable-resolver",
serviceAccountName)).
WithSubjects(
rbacv1ac.Subject().
WithKind("ServiceAccount").
- WithNamespace(namespace).
+ WithNamespace(operatorNamespace).
WithName(serviceAccountName),
).
WithRoleRef(rbacv1ac.RoleRef().
diff --git a/pkg/install/optional.go b/pkg/install/optional.go
index dd3d0fc42..5c47d0a7c 100644
--- a/pkg/install/optional.go
+++ b/pkg/install/optional.go
@@ -65,7 +65,7 @@ func OperatorStartupOptionalTools(ctx context.Context, c
client.Client, namespac
}
// Try to bind the Knative Addressable resolver aggregated ClusterRole
to the operator ServiceAccount
- if err := BindKnativeAddressableResolverClusterRole(ctx, c, namespace);
err != nil {
+ if err := BindKnativeAddressableResolverClusterRole(ctx, c, namespace,
operatorNamespace); err != nil {
log.Info("Cannot bind the Knative Addressable resolver
aggregated ClusterRole: skipping.")
log.V(8).Info("Error while binding the Knative Addressable
resolver aggregated ClusterRole", "error", err)
}
