Skip to content

Commit

Permalink
Add 'persistentvolumeclaims' access permission for exporter
Browse files Browse the repository at this point in the history 
Following error messages are logged in ocs-metrics-exporter pod,

```
Failed to watch *v1.PersistentVolume: unable to sync list result:
failed to get node name for pod: failed to get PVC openshift-storage/db-noobaa-db-pg-0:
persistentvolumeclaims "db-noobaa-db-pg-0" is forbidden:
User "system:serviceaccount:openshift-storage:ocs-metrics-exporter" cannot get
resource "persistentvolumeclaims" in API group "" in the namespace "openshift-storage"
```

```
Failed to watch *v1.PersistentVolume: unable to sync list result:
failed to get node name for pod:
failed to list pods in namespace openshift-storage: pods is forbidden:
User "system:serviceaccount:openshift-storage:ocs-metrics-exporter" cannot list
resource "pods" in API group "" in the namespace "openshift-storage"
```

Adding resources, 'persistentvolumeclaims' and 'pods', to the existing roles.

Signed-off-by: Arun Kumar Mohan <[email protected]>
  • Loading branch information
@aruniiird
aruniiird committed Dec 13, 2023
1 parent e8d575d commit 8a2a755
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion controllers/storagecluster/exporter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -597,7 +597,7 @@ const expectedMetricExporterRoleJSON = `
"rules":[
{
"apiGroups":[""],
"resources":["secrets","configmaps"],
"resources":["secrets","configmaps","persistentvolumeclaims","pods"],
"verbs":["get","list","watch"]
},
{
Expand Down

0 comments on commit 8a2a755

Please sign in to comment.