fix: Add net policy rbac and remove auth from sentinel script (#1383) (…

…#1385) * Add missing networkpolicy rbac for operator-manager * Fix sentinel liveness script --------- Signed-off-by: Siddhesh Ghadi <[email protected]> Co-authored-by: Siddhesh Ghadi <[email protected]>
argoproj-labs · Jun 4, 2024 · bc536d6 · bc536d6
1 parent bc233a4
commit bc536d6
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 1 deletion.
diff --git a/build/redis/sentinel_liveness.sh.tpl b/build/redis/sentinel_liveness.sh.tpl
@@ -1,6 +1,5 @@
 response=$(
   redis-cli \
-    -a "${AUTH}" --no-auth-warning \
     -h localhost \
     -p 26379 \
 {{- if eq .UseTLS "true"}}

diff --git a/bundle/manifests/argocd-operator.clusterserviceversion.yaml b/bundle/manifests/argocd-operator.clusterserviceversion.yaml
@@ -1799,6 +1799,18 @@ spec:
           - ingresses
           verbs:
           - '*'
+        - apiGroups:
+          - networking.k8s.io
+          resources:
+          - networkpolicies
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - oauth.openshift.io
           resources:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -128,6 +128,18 @@ rules:
   - ingresses
   verbs:
   - '*'
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - oauth.openshift.io
   resources:

diff --git a/controllers/argocd/argocd_controller.go b/controllers/argocd/argocd_controller.go
@@ -71,6 +71,7 @@ var ActiveInstanceMap = make(map[string]string)
 //+kubebuilder:rbac:groups=batch,resources=cronjobs;jobs,verbs=*
 //+kubebuilder:rbac:groups=config.openshift.io,resources=clusterversions,verbs=get;list;watch
 //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=*
+//+kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies,verbs=create;delete;get;list;patch;update;watch;
 //+kubebuilder:rbac:groups=monitoring.coreos.com,resources=prometheuses;prometheusrules;servicemonitors,verbs=*
 //+kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=*
 //+kubebuilder:rbac:groups=argoproj.io,resources=applications;appprojects,verbs=*

diff --git a/deploy/olm-catalog/argocd-operator/0.9.0/argocd-operator.v0.9.0.clusterserviceversion.yaml b/deploy/olm-catalog/argocd-operator/0.9.0/argocd-operator.v0.9.0.clusterserviceversion.yaml
@@ -1799,6 +1799,18 @@ spec:
           - ingresses
           verbs:
           - '*'
+        - apiGroups:
+          - networking.k8s.io
+          resources:
+          - networkpolicies
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - oauth.openshift.io
           resources: