From 3af1d8320c992a9ca80df6cad51bc67be6c193bd Mon Sep 17 00:00:00 2001
From: Brian Torres-Gil <brian@ixi.us>
Date: Thu, 13 Jul 2023 12:22:56 -0700
Subject: [PATCH] fix: non-namespaced resources incorrectly have ns (#2158)
---
.../components/blackbox-exporter.libsonnet | 5 ++++-
.../components/node-exporter.libsonnet | 10 ++++++++--
.../components/prometheus-adapter.libsonnet | 15 ++++++++++-----
.../blackboxExporter-clusterRoleBinding.yaml | 1 -
manifests/nodeExporter-clusterRole.yaml | 1 -
manifests/nodeExporter-clusterRoleBinding.yaml | 1 -
manifests/prometheusAdapter-clusterRole.yaml | 1 -
...dapter-clusterRoleAggregatedMetricsReader.yaml | 1 -
.../prometheusAdapter-clusterRoleBinding.yaml | 1 -
...etheusAdapter-clusterRoleBindingDelegator.yaml | 1 -
...metheusAdapter-clusterRoleServerResources.yaml | 1 -
11 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet
index 299b29b0..cd3caa31 100644
--- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet
@@ -147,7 +147,10 @@ function(params) {
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
- metadata: bb._metadata,
+ metadata: {
+ name: 'blackbox-exporter',
+ labels: bb._config.commonLabels,
+ },
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet
index c380b8fa..ae2d04d7 100644
--- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet
@@ -92,7 +92,10 @@ function(params) {
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
- metadata: ne._metadata,
+ metadata: {
+ name: ne._config.name,
+ labels: ne._config.commonLabels,
+ },
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
@@ -108,7 +111,10 @@ function(params) {
clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
- metadata: ne._metadata,
+ metadata: {
+ name: ne._config.name,
+ labels: ne._config.commonLabels,
+ },
rules: [
{
apiGroups: ['authentication.k8s.io'],
diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet
index 6c603b93..acd8bea9 100644
--- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet
+++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet
@@ -133,6 +133,11 @@ function(params) {
labels: pa._config.commonLabels,
},
+ _metadata_no_ns:: {
+ name: pa._config.name,
+ labels: pa._config.commonLabels,
+ },
+
apiService: {
apiVersion: 'apiregistration.k8s.io/v1',
kind: 'APIService',
@@ -322,7 +327,7 @@ function(params) {
clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
- metadata: pa._metadata,
+ metadata: pa._metadata_no_ns,
rules: [{
apiGroups: [''],
resources: ['nodes', 'namespaces', 'pods', 'services'],
@@ -333,7 +338,7 @@ function(params) {
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
- metadata: pa._metadata,
+ metadata: pa._metadata_no_ns,
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
@@ -349,7 +354,7 @@ function(params) {
clusterRoleBindingDelegator: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
- metadata: pa._metadata {
+ metadata: pa._metadata_no_ns {
name: 'resource-metrics:system:auth-delegator',
},
roleRef: {
@@ -367,7 +372,7 @@ function(params) {
clusterRoleServerResources: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
- metadata: pa._metadata {
+ metadata: pa._metadata_no_ns {
name: 'resource-metrics-server-resources',
},
rules: [{
@@ -380,7 +385,7 @@ function(params) {
clusterRoleAggregatedMetricsReader: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
- metadata: pa._metadata {
+ metadata: pa._metadata_no_ns {
name: 'system:aggregated-metrics-reader',
labels+: {
'rbac.authorization.k8s.io/aggregate-to-admin': 'true',
diff --git a/manifests/blackboxExporter-clusterRoleBinding.yaml b/manifests/blackboxExporter-clusterRoleBinding.yaml
index 1247e61b..82228897 100644
--- a/manifests/blackboxExporter-clusterRoleBinding.yaml
+++ b/manifests/blackboxExporter-clusterRoleBinding.yaml
@@ -7,7 +7,6 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.24.0
name: blackbox-exporter
- namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
diff --git a/manifests/nodeExporter-clusterRole.yaml b/manifests/nodeExporter-clusterRole.yaml
index f8d8ed3e..e1a8e32c 100644
--- a/manifests/nodeExporter-clusterRole.yaml
+++ b/manifests/nodeExporter-clusterRole.yaml
@@ -7,7 +7,6 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 1.6.0
name: node-exporter
- namespace: monitoring
rules:
- apiGroups:
- authentication.k8s.io
diff --git a/manifests/nodeExporter-clusterRoleBinding.yaml b/manifests/nodeExporter-clusterRoleBinding.yaml
index 544eba98..57a8df85 100644
--- a/manifests/nodeExporter-clusterRoleBinding.yaml
+++ b/manifests/nodeExporter-clusterRoleBinding.yaml
@@ -7,7 +7,6 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 1.6.0
name: node-exporter
- namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
diff --git a/manifests/prometheusAdapter-clusterRole.yaml b/manifests/prometheusAdapter-clusterRole.yaml
index 57e49253..06ad34c8 100644
--- a/manifests/prometheusAdapter-clusterRole.yaml
+++ b/manifests/prometheusAdapter-clusterRole.yaml
@@ -7,7 +7,6 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.10.0
name: prometheus-adapter
- namespace: monitoring
rules:
- apiGroups:
- ""
diff --git a/manifests/prometheusAdapter-clusterRoleAggregatedMetricsReader.yaml b/manifests/prometheusAdapter-clusterRoleAggregatedMetricsReader.yaml
index b1f31754..ec5b4f79 100644
--- a/manifests/prometheusAdapter-clusterRoleAggregatedMetricsReader.yaml
+++ b/manifests/prometheusAdapter-clusterRoleAggregatedMetricsReader.yaml
@@ -10,7 +10,6 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
- namespace: monitoring
rules:
- apiGroups:
- metrics.k8s.io
diff --git a/manifests/prometheusAdapter-clusterRoleBinding.yaml b/manifests/prometheusAdapter-clusterRoleBinding.yaml
index 749fc66a..e7a937da 100644
--- a/manifests/prometheusAdapter-clusterRoleBinding.yaml
+++ b/manifests/prometheusAdapter-clusterRoleBinding.yaml
@@ -7,7 +7,6 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.10.0
name: prometheus-adapter
- namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
diff --git a/manifests/prometheusAdapter-clusterRoleBindingDelegator.yaml b/manifests/prometheusAdapter-clusterRoleBindingDelegator.yaml
index eb8fc9e7..c653e83f 100644
--- a/manifests/prometheusAdapter-clusterRoleBindingDelegator.yaml
+++ b/manifests/prometheusAdapter-clusterRoleBindingDelegator.yaml
@@ -7,7 +7,6 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.10.0
name: resource-metrics:system:auth-delegator
- namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
diff --git a/manifests/prometheusAdapter-clusterRoleServerResources.yaml b/manifests/prometheusAdapter-clusterRoleServerResources.yaml
index 73d78b06..a13d63a4 100644
--- a/manifests/prometheusAdapter-clusterRoleServerResources.yaml
+++ b/manifests/prometheusAdapter-clusterRoleServerResources.yaml
@@ -7,7 +7,6 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.10.0
name: resource-metrics-server-resources
- namespace: monitoring
rules:
- apiGroups:
- metrics.k8s.io
--
GitLab