From aa7051e6ebe35542242bf1e79fffd6fe82a4d4f2 Mon Sep 17 00:00:00 2001 From: Max Cao Date: Fri, 6 Sep 2024 14:51:42 -0700 Subject: [PATCH 1/2] Fix upgrade bugs This commit does 3 things: 1. Removes the common app.kubernetes.io/name commonLabel that kustomize uses from the deployment. This is because kustomize commonLabels will mutate the labelSelector that the replica set uses to find its pods. It is discouraged by k8s to update the label selectors so this reverts that change. 2. Adds the --extra-service-accounts arg to operator-sdk bundle. This is because during an operator-sdk bundle upgrade, it will delete the service accounts that it thinks do not belong to the CSV anymore (since it did not appear in the CSV). 3. Adds a local-upgrade script that simulates a local upgrade that CI does. --- Makefile | 2 +- ...c.authorization.k8s.io_v1_clusterrole.yaml | 21 -- ...c.authorization.k8s.io_v1_clusterrole.yaml | 15 - ...rization.k8s.io_v1_clusterrolebinding.yaml | 15 - ...c.authorization.k8s.io_v1_clusterrole.yaml | 43 --- ...rization.k8s.io_v1_clusterrolebinding.yaml | 18 - ...c.authorization.k8s.io_v1_clusterrole.yaml | 54 --- ...rization.k8s.io_v1_clusterrolebinding.yaml | 15 - ...c.authorization.k8s.io_v1_clusterrole.yaml | 37 -- ...rization.k8s.io_v1_clusterrolebinding.yaml | 15 - ...rization.k8s.io_v1_clusterrolebinding.yaml | 15 - ...c.authorization.k8s.io_v1_clusterrole.yaml | 15 - ...rization.k8s.io_v1_clusterrolebinding.yaml | 15 - ...rization.k8s.io_v1_clusterrolebinding.yaml | 15 - ...c.authorization.k8s.io_v1_clusterrole.yaml | 16 - ...rization.k8s.io_v1_clusterrolebinding.yaml | 21 -- ...c.authorization.k8s.io_v1_clusterrole.yaml | 52 --- ...-pod-autoscaler.clusterserviceversion.yaml | 322 +++++++++++++++++- ...dmission-controller_v1_serviceaccount.yaml | 7 - .../vpa-metrics-service_v1_service.yaml | 1 - .../vpa-recommender_v1_serviceaccount.yaml | 7 - .../vpa-updater_v1_serviceaccount.yaml | 7 - config/default/kustomization.yaml | 12 +- config/manager/manager.yaml | 2 - hack/local-upgrade.sh | 33 ++ 25 files changed, 357 insertions(+), 418 deletions(-) delete mode 100644 bundle/manifests/system-evictioner_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/system-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/system-metrics-reader_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml delete mode 100644 bundle/manifests/system-vpa-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/system-vpa-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml delete mode 100644 bundle/manifests/system-vpa-admission-controller_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/system-vpa-admission-controller_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml delete mode 100644 bundle/manifests/system-vpa-checkpoint-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/system-vpa-checkpoint-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml delete mode 100644 bundle/manifests/system-vpa-evictioner-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml delete mode 100644 bundle/manifests/system-vpa-status-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/system-vpa-status-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml delete mode 100644 bundle/manifests/system-vpa-status-reader-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml delete mode 100644 bundle/manifests/system-vpa-status-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/system-vpa-target-reader-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml delete mode 100644 bundle/manifests/system-vpa-target-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 bundle/manifests/vpa-admission-controller_v1_serviceaccount.yaml delete mode 100644 bundle/manifests/vpa-recommender_v1_serviceaccount.yaml delete mode 100644 bundle/manifests/vpa-updater_v1_serviceaccount.yaml create mode 100755 hack/local-upgrade.sh diff --git a/Makefile b/Makefile index 4eb26314..984e6155 100644 --- a/Makefile +++ b/Makefile @@ -45,7 +45,7 @@ IMAGE_TAG_BASE ?= quay.io/openshift/origin-vertical-pod-autoscaler-operator BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:$(BUNDLE_VERSION) # BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command -BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(BUNDLE_VERSION) $(BUNDLE_METADATA_OPTS) +BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(BUNDLE_VERSION) $(BUNDLE_METADATA_OPTS) --extra-service-accounts=vpa-admission-controller,vpa-recommender,vpa-updater # USE_IMAGE_DIGESTS defines if images are resolved via tags or digests # You can enable this value if you would like to use SHA Based Digests diff --git a/bundle/manifests/system-evictioner_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/system-evictioner_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index 89b58918..00000000 --- a/bundle/manifests/system-evictioner_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:evictioner -rules: -- apiGroups: - - apps - - extensions - resources: - - replicasets - verbs: - - get -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create diff --git a/bundle/manifests/system-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/system-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index c507c60b..00000000 --- a/bundle/manifests/system-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:metrics-reader -rules: -- apiGroups: - - metrics.k8s.io - resources: - - pods - verbs: - - get - - list diff --git a/bundle/manifests/system-metrics-reader_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/system-metrics-reader_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml deleted file mode 100644 index ecbb8436..00000000 --- a/bundle/manifests/system-metrics-reader_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:metrics-reader -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:metrics-reader -subjects: -- kind: ServiceAccount - name: vpa-recommender - namespace: openshift-vertical-pod-autoscaler diff --git a/bundle/manifests/system-vpa-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/system-vpa-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index e822a058..00000000 --- a/bundle/manifests/system-vpa-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-actor -rules: -- apiGroups: - - "" - resources: - - pods - - nodes - - limitranges - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: - - poc.autoscaling.k8s.io - resources: - - verticalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling.k8s.io - resources: - - verticalpodautoscalers - verbs: - - get - - list - - watch diff --git a/bundle/manifests/system-vpa-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/system-vpa-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml deleted file mode 100644 index 54772e41..00000000 --- a/bundle/manifests/system-vpa-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-actor -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:vpa-actor -subjects: -- kind: ServiceAccount - name: vpa-recommender - namespace: openshift-vertical-pod-autoscaler -- kind: ServiceAccount - name: vpa-updater - namespace: openshift-vertical-pod-autoscaler diff --git a/bundle/manifests/system-vpa-admission-controller_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/system-vpa-admission-controller_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index 15641bbd..00000000 --- a/bundle/manifests/system-vpa-admission-controller_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-admission-controller -rules: -- apiGroups: - - "" - resources: - - pods - - configmaps - - nodes - - limitranges - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - create - - delete - - get - - list -- apiGroups: - - poc.autoscaling.k8s.io - resources: - - verticalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling.k8s.io - resources: - - verticalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch diff --git a/bundle/manifests/system-vpa-admission-controller_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/system-vpa-admission-controller_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml deleted file mode 100644 index e075482f..00000000 --- a/bundle/manifests/system-vpa-admission-controller_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-admission-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:vpa-admission-controller -subjects: -- kind: ServiceAccount - name: vpa-admission-controller - namespace: openshift-vertical-pod-autoscaler diff --git a/bundle/manifests/system-vpa-checkpoint-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/system-vpa-checkpoint-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index 6eac50b4..00000000 --- a/bundle/manifests/system-vpa-checkpoint-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-checkpoint-actor -rules: -- apiGroups: - - poc.autoscaling.k8s.io - resources: - - verticalpodautoscalercheckpoints - verbs: - - get - - list - - watch - - create - - patch - - delete -- apiGroups: - - autoscaling.k8s.io - resources: - - verticalpodautoscalercheckpoints - verbs: - - get - - list - - watch - - create - - patch - - delete -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list diff --git a/bundle/manifests/system-vpa-checkpoint-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/system-vpa-checkpoint-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml deleted file mode 100644 index e93e9984..00000000 --- a/bundle/manifests/system-vpa-checkpoint-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-checkpoint-actor -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:vpa-checkpoint-actor -subjects: -- kind: ServiceAccount - name: vpa-recommender - namespace: openshift-vertical-pod-autoscaler diff --git a/bundle/manifests/system-vpa-evictioner-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/system-vpa-evictioner-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml deleted file mode 100644 index 2d05326c..00000000 --- a/bundle/manifests/system-vpa-evictioner-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-evictioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:evictioner -subjects: -- kind: ServiceAccount - name: vpa-updater - namespace: openshift-vertical-pod-autoscaler diff --git a/bundle/manifests/system-vpa-status-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/system-vpa-status-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index 487b3e9b..00000000 --- a/bundle/manifests/system-vpa-status-actor_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-status-actor -rules: -- apiGroups: - - autoscaling.k8s.io - resources: - - verticalpodautoscalers/status - verbs: - - get - - patch diff --git a/bundle/manifests/system-vpa-status-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/system-vpa-status-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml deleted file mode 100644 index beb83563..00000000 --- a/bundle/manifests/system-vpa-status-actor_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-status-actor -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:vpa-status-actor -subjects: -- kind: ServiceAccount - name: vpa-recommender - namespace: openshift-vertical-pod-autoscaler diff --git a/bundle/manifests/system-vpa-status-reader-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/system-vpa-status-reader-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml deleted file mode 100644 index d1c3f7da..00000000 --- a/bundle/manifests/system-vpa-status-reader-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-status-reader-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:vpa-status-reader -subjects: -- kind: ServiceAccount - name: vpa-updater - namespace: openshift-vertical-pod-autoscaler diff --git a/bundle/manifests/system-vpa-status-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/system-vpa-status-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index 99a3fa60..00000000 --- a/bundle/manifests/system-vpa-status-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-status-reader -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch diff --git a/bundle/manifests/system-vpa-target-reader-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/system-vpa-target-reader-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml deleted file mode 100644 index aef7ba96..00000000 --- a/bundle/manifests/system-vpa-target-reader-binding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-target-reader-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:vpa-target-reader -subjects: -- kind: ServiceAccount - name: vpa-recommender - namespace: openshift-vertical-pod-autoscaler -- kind: ServiceAccount - name: vpa-admission-controller - namespace: openshift-vertical-pod-autoscaler -- kind: ServiceAccount - name: vpa-updater - namespace: openshift-vertical-pod-autoscaler diff --git a/bundle/manifests/system-vpa-target-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/system-vpa-target-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index 0e883df7..00000000 --- a/bundle/manifests/system-vpa-target-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: system:vpa-target-reader -rules: -- apiGroups: - - '*' - resources: - - '*/scale' - verbs: - - get - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - - deploymentconfigs/scale - verbs: - - get - - list - - watch diff --git a/bundle/manifests/vertical-pod-autoscaler.clusterserviceversion.yaml b/bundle/manifests/vertical-pod-autoscaler.clusterserviceversion.yaml index d3b51c6b..9dbecd62 100644 --- a/bundle/manifests/vertical-pod-autoscaler.clusterserviceversion.yaml +++ b/bundle/manifests/vertical-pod-autoscaler.clusterserviceversion.yaml @@ -22,7 +22,7 @@ metadata: categories: OpenShift Optional certifiedLevel: Primed containerImage: quay.io/openshift/origin-vertical-pod-autoscaler-operator:4.18.0 - createdAt: "2024-09-03T22:34:44Z" + createdAt: "2024-09-06T21:50:13Z" description: An operator to run the OpenShift Vertical Pod Autoscaler. Vertical Pod Autoscaler (VPA) can be configured to monitor a workload's resource utilization, and then adjust its CPU and memory limits by updating the pod (future) or restarting @@ -200,16 +200,332 @@ spec: verbs: - create serviceAccountName: vertical-pod-autoscaler-operator + - rules: + - apiGroups: + - "" + resources: + - pods + - configmaps + - nodes + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - apiGroups: + - poc.autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - update + - get + - list + - watch + - apiGroups: + - '*' + resources: + - '*/scale' + verbs: + - get + - watch + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + - deploymentconfigs/scale + verbs: + - get + - list + - watch + serviceAccountName: vpa-admission-controller + - rules: + - apiGroups: + - metrics.k8s.io + resources: + - pods + verbs: + - get + - list + - apiGroups: + - "" + resources: + - pods + - nodes + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - poc.autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - poc.autoscaling.k8s.io + resources: + - verticalpodautoscalercheckpoints + verbs: + - get + - list + - watch + - create + - patch + - delete + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalercheckpoints + verbs: + - get + - list + - watch + - create + - patch + - delete + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers/status + verbs: + - get + - patch + - apiGroups: + - '*' + resources: + - '*/scale' + verbs: + - get + - watch + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + - deploymentconfigs/scale + verbs: + - get + - list + - watch + serviceAccountName: vpa-recommender + - rules: + - apiGroups: + - "" + resources: + - pods + - nodes + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - poc.autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - replicasets + verbs: + - get + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - apiGroups: + - '*' + resources: + - '*/scale' + verbs: + - get + - watch + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + - deploymentconfigs/scale + verbs: + - get + - list + - watch + serviceAccountName: vpa-updater deployments: - label: app.kubernetes.io/name: vertical-pod-autoscaler-operator - k8s-app: vertical-pod-autoscaler-operator name: vertical-pod-autoscaler-operator spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator k8s-app: vertical-pod-autoscaler-operator strategy: {} template: diff --git a/bundle/manifests/vpa-admission-controller_v1_serviceaccount.yaml b/bundle/manifests/vpa-admission-controller_v1_serviceaccount.yaml deleted file mode 100644 index b2df2ab1..00000000 --- a/bundle/manifests/vpa-admission-controller_v1_serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: vpa-admission-controller diff --git a/bundle/manifests/vpa-metrics-service_v1_service.yaml b/bundle/manifests/vpa-metrics-service_v1_service.yaml index 0ebfc400..166f62c6 100644 --- a/bundle/manifests/vpa-metrics-service_v1_service.yaml +++ b/bundle/manifests/vpa-metrics-service_v1_service.yaml @@ -13,7 +13,6 @@ spec: protocol: TCP targetPort: https selector: - app.kubernetes.io/name: vertical-pod-autoscaler-operator control-plane: vertical-pod-autoscaler-operator status: loadBalancer: {} diff --git a/bundle/manifests/vpa-recommender_v1_serviceaccount.yaml b/bundle/manifests/vpa-recommender_v1_serviceaccount.yaml deleted file mode 100644 index a6120780..00000000 --- a/bundle/manifests/vpa-recommender_v1_serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: vpa-recommender diff --git a/bundle/manifests/vpa-updater_v1_serviceaccount.yaml b/bundle/manifests/vpa-updater_v1_serviceaccount.yaml deleted file mode 100644 index f32f8b4b..00000000 --- a/bundle/manifests/vpa-updater_v1_serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - name: vpa-updater diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 1407cc97..54e16351 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,14 +1,10 @@ # Adds namespace to all resources. namespace: openshift-vertical-pod-autoscaler -commonLabels: - app.kubernetes.io/name: vertical-pod-autoscaler-operator - -# Labels to add to all resources and selectors. -# labels: -# - includeSelectors: true -# pairs: -# someName: someValue +labels: +- includeTemplates: true + pairs: + app.kubernetes.io/name: vertical-pod-autoscaler-operator resources: - ../crd diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index c02591d6..da0e18d4 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -16,8 +16,6 @@ kind: Deployment metadata: name: vertical-pod-autoscaler-operator namespace: openshift-vertical-pod-autoscaler - labels: - k8s-app: vertical-pod-autoscaler-operator spec: selector: matchLabels: diff --git a/hack/local-upgrade.sh b/hack/local-upgrade.sh new file mode 100755 index 00000000..6ca98208 --- /dev/null +++ b/hack/local-upgrade.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Required environment variables: +# - PREVIOUS_BUNDLE: The bundle image to install +# - OO_BUNDLE: The bundle image to upgrade to +# - KUBECONFIG: The kubeconfig file to use for the test + +echo PREVIOUS_BUNDLE: "$PREVIOUS_BUNDLE" +echo OO_BUNDLE: "$OO_BUNDLE" +echo KUBECONFIG: "$KUBECONFIG" +sleep 3 + +### Install step + +export VPA_NS=openshift-vertical-pod-autoscaler +oc create ns $VPA_NS + +operator-sdk run bundle --timeout=10m -n $VPA_NS --security-context-config restricted "$PREVIOUS_BUNDLE" || true + +oc wait --timeout=10m --for condition=Available -n $VPA_NS deployment vertical-pod-autoscaler-operator + +### Upgrade step + +echo "Upgrading the operator..." +sleep 3 + +operator-sdk run bundle-upgrade --timeout 10m -n $VPA_NS --security-context-config restricted "$OO_BUNDLE" || true + +oc wait --timeout=10m --for condition=Available -n $VPA_NS deployment vertical-pod-autoscaler-operator + +### Test step + +make e2e-olm-ci From 85fa84f0115708c8a1ce2ba22147c170ef4e1c6b Mon Sep 17 00:00:00 2001 From: Max Cao Date: Fri, 6 Sep 2024 16:50:17 -0700 Subject: [PATCH 2/2] Increase scorecard wait time --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 984e6155..9455f790 100644 --- a/Makefile +++ b/Makefile @@ -155,7 +155,7 @@ lint-fix: golangci-lint ## Run golangci-lint and perform fixes. .PHONY: test-scorecard test-scorecard: operator-sdk ## Run the scorecard tests. Requires an OpenShift cluster. - $(OPERATOR_SDK) scorecard bundle -n default + $(OPERATOR_SDK) scorecard bundle -n default -w 300s .PHONY: check check: fmt vet manifest-diff lint test ## Check code for formatting, vet, lint, manifest-diff and run tests.