Skip to content

[release-4.21] OCPBUGS-72509: deploy prometheus role and binding on hypershift guest #489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-bot merged 1 commit into from
Jan 10, 2026
Merged

[release-4.21] OCPBUGS-72509: deploy prometheus role and binding on hypershift guest #489

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions assets/overlays/aws-ebs/generated/hypershift/kube_rbac_proxy_binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/kube_rbac_proxy_binding.yaml
#
#
# Allow kube-rbac-proxies to create tokenreviews to check Prometheus identity when scraping metrics.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ebs-kube-rbac-proxy-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ebs-kube-rbac-proxy-role
subjects:
- kind: ServiceAccount
name: aws-ebs-csi-driver-controller-sa
namespace: ${NAMESPACE}
18 changes: 18 additions & 0 deletions assets/overlays/aws-ebs/generated/hypershift/kube_rbac_proxy_role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/kube_rbac_proxy_role.yaml
#
#
# Allow kube-rbac-proxies to create tokenreviews to check Prometheus identity when scraping metrics.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ebs-kube-rbac-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
4 changes: 4 additions & 0 deletions assets/overlays/aws-ebs/generated/hypershift/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ controllerStaticAssetNames:
- service.yaml
guestStaticAssetNames:
- csidriver.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- lease_leader_election_binding.yaml
- lease_leader_election_role.yaml
- main_attacher_binding.yaml
Expand All @@ -16,6 +18,8 @@ guestStaticAssetNames:
- node_privileged_binding.yaml
- node_sa.yaml
- privileged_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
- storageclass_gp2.yaml
- storageclass_gp3.yaml
- storageclass_reader_resizer_binding.yaml
Expand Down
20 changes: 20 additions & 0 deletions assets/overlays/aws-ebs/generated/hypershift/prometheus_binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/prometheus_binding.yaml
#
#
# Grant cluster-monitoring access to the operator metrics service

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: aws-ebs-csi-driver-prometheus
namespace: ${NODE_NAMESPACE}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: aws-ebs-csi-driver-prometheus
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: openshift-monitoring
23 changes: 23 additions & 0 deletions assets/overlays/aws-ebs/generated/hypershift/prometheus_role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/prometheus_role.yaml
#
#
# Role for accessing metrics exposed by the operator

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: aws-ebs-csi-driver-prometheus
namespace: ${NODE_NAMESPACE}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
8 changes: 4 additions & 4 deletions assets/overlays/aws-ebs/generated/standalone/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,12 @@ controllerStaticAssetNames:
- controller.yaml
- controller_pdb.yaml
- controller_sa.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
- service.yaml
- servicemonitor.yaml
guestStaticAssetNames:
- csidriver.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- lease_leader_election_binding.yaml
- lease_leader_election_role.yaml
- main_attacher_binding.yaml
Expand All @@ -21,6 +19,8 @@ guestStaticAssetNames:
- node_privileged_binding.yaml
- node_sa.yaml
- privileged_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
- storageclass_gp2.yaml
- storageclass_gp3.yaml
- storageclass_reader_resizer_binding.yaml
Expand Down
8 changes: 4 additions & 4 deletions assets/overlays/aws-efs/generated/standalone/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,20 @@ controllerStaticAssetNames:
- controller_privileged_binding.yaml
- controller_sa.yaml
- credentials.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- privileged_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
- service.yaml
- servicemonitor.yaml
guestStaticAssetNames:
- credentials-node.yaml
- csidriver.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- lease_leader_election_binding.yaml
- lease_leader_election_role.yaml
- main_provisioner_binding.yaml
- node.yaml
- node_privileged_binding.yaml
- node_sa.yaml
- privileged_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
19 changes: 19 additions & 0 deletions assets/overlays/azure-disk/generated/hypershift/kube_rbac_proxy_binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/kube_rbac_proxy_binding.yaml
#
#
# Allow kube-rbac-proxies to create tokenreviews to check Prometheus identity when scraping metrics.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: azure-disk-kube-rbac-proxy-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: azure-disk-kube-rbac-proxy-role
subjects:
- kind: ServiceAccount
name: azure-disk-csi-driver-controller-sa
namespace: ${NAMESPACE}
18 changes: 18 additions & 0 deletions assets/overlays/azure-disk/generated/hypershift/kube_rbac_proxy_role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/kube_rbac_proxy_role.yaml
#
#
# Allow kube-rbac-proxies to create tokenreviews to check Prometheus identity when scraping metrics.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: azure-disk-kube-rbac-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
4 changes: 4 additions & 0 deletions assets/overlays/azure-disk/generated/hypershift/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ controllerStaticAssetNames:
- service.yaml
guestStaticAssetNames:
- csidriver.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- lease_leader_election_binding.yaml
- lease_leader_election_role.yaml
- main_attacher_binding.yaml
Expand All @@ -22,6 +24,8 @@ guestStaticAssetNames:
- node_service.yaml
- node_servicemonitor.yaml
- privileged_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
- storageclass.yaml
- storageclass_reader_resizer_binding.yaml
- volumesnapshot_reader_provisioner_binding.yaml
Expand Down
20 changes: 20 additions & 0 deletions assets/overlays/azure-disk/generated/hypershift/prometheus_binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/prometheus_binding.yaml
#
#
# Grant cluster-monitoring access to the operator metrics service

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: azure-disk-csi-driver-prometheus
namespace: ${NODE_NAMESPACE}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: azure-disk-csi-driver-prometheus
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: openshift-monitoring
23 changes: 23 additions & 0 deletions assets/overlays/azure-disk/generated/hypershift/prometheus_role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/prometheus_role.yaml
#
#
# Role for accessing metrics exposed by the operator

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: azure-disk-csi-driver-prometheus
namespace: ${NODE_NAMESPACE}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
8 changes: 4 additions & 4 deletions assets/overlays/azure-disk/generated/standalone/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,12 @@ controllerStaticAssetNames:
- controller.yaml
- controller_pdb.yaml
- controller_sa.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
- service.yaml
- servicemonitor.yaml
guestStaticAssetNames:
- csidriver.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- lease_leader_election_binding.yaml
- lease_leader_election_role.yaml
- main_attacher_binding.yaml
Expand All @@ -27,6 +25,8 @@ guestStaticAssetNames:
- node_service.yaml
- node_servicemonitor.yaml
- privileged_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
- storageclass.yaml
- storageclass_reader_resizer_binding.yaml
- volumesnapshot_reader_provisioner_binding.yaml
Expand Down
19 changes: 19 additions & 0 deletions assets/overlays/azure-file/generated/hypershift/kube_rbac_proxy_binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/kube_rbac_proxy_binding.yaml
#
#
# Allow kube-rbac-proxies to create tokenreviews to check Prometheus identity when scraping metrics.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: azure-file-kube-rbac-proxy-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: azure-file-kube-rbac-proxy-role
subjects:
- kind: ServiceAccount
name: azure-file-csi-driver-controller-sa
namespace: ${NAMESPACE}
18 changes: 18 additions & 0 deletions assets/overlays/azure-file/generated/hypershift/kube_rbac_proxy_role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/kube_rbac_proxy_role.yaml
#
#
# Allow kube-rbac-proxies to create tokenreviews to check Prometheus identity when scraping metrics.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: azure-file-kube-rbac-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
4 changes: 4 additions & 0 deletions assets/overlays/azure-file/generated/hypershift/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ guestStaticAssetNames:
- csi-driver-cluster-role-binding.yaml
- csi-driver-cluster-role.yaml
- csidriver.yaml
- kube_rbac_proxy_binding.yaml
- kube_rbac_proxy_role.yaml
- lease_leader_election_binding.yaml
- lease_leader_election_role.yaml
- main_attacher_binding.yaml
Expand All @@ -18,6 +20,8 @@ guestStaticAssetNames:
- node_privileged_binding.yaml
- node_sa.yaml
- privileged_role.yaml
- prometheus_binding.yaml
- prometheus_role.yaml
- storageclass.yaml
- storageclass_reader_resizer_binding.yaml
- volumesnapshot_reader_provisioner_binding.yaml
Expand Down
20 changes: 20 additions & 0 deletions assets/overlays/azure-file/generated/hypershift/prometheus_binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/prometheus_binding.yaml
#
#
# Grant cluster-monitoring access to the operator metrics service

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: azure-file-csi-driver-prometheus
namespace: ${NODE_NAMESPACE}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: azure-file-csi-driver-prometheus
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: openshift-monitoring
23 changes: 23 additions & 0 deletions assets/overlays/azure-file/generated/hypershift/prometheus_role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Generated file. Do not edit. Update using "make update".
#
# Loaded from base/rbac/prometheus_role.yaml
#
#
# Role for accessing metrics exposed by the operator

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: azure-file-csi-driver-prometheus
namespace: ${NODE_NAMESPACE}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
Loading