[PLAT-14237] Operator: Create required RBAC in OpenShift

Summary: Currently, only the monitoring related ClusterRoleBinding is created when running in OpenShift and rbac.create=true is set. In case of the operator, we need permissions to manage the custom resources as well as have abilitiy to create universes using the in-cluster credentials. With this change, when yugaware.kubernetesOperatorEnabled is set to true, we create the required RBAC permissions for OpenShift as well i.e. ocpCompatibility.enabled=true. There is no change when the operator feature is not enabled. Test Plan: Tried doing Helm template with following commands: No change in the default behavior. ``` helm template . --set rbac.create=false helm template . --set rbac.create=true helm template . ``` Only the monitoring related ClusterRoleBinding is created. ``` helm template . --set rbac.create=true --set ocpCompatibility.enabled=true ``` Creates all the RBAC resources along with the monitoring one. ``` helm template . --set rbac.create=true --set ocpCompatibility.enabled=true --set yugaware.kubernetesOperatorEnabled=true ``` Based on my limited testing on an actual OpenShift cluster, we might have more issues to fix to get the operator working on OpenShift. Reviewers: anijhawan, dshubin Reviewed By: dshubin Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D35621
yugabyte · Jun 25, 2024 · d0ce1cc · d0ce1cc
1 parent b675d45
commit d0ce1cc
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/stable/yugaware/templates/rbac.yaml b/stable/yugaware/templates/rbac.yaml
@@ -32,7 +32,9 @@ roleRef:
   kind: ClusterRole
   name: cluster-monitoring-view
   apiGroup: rbac.authorization.k8s.io
-{{- else }}
+{{- end }}
+{{/* Always create rest of the RBAC permissions when operator is enabled */}}
+{{- if or (not .Values.ocpCompatibility.enabled) .Values.yugaware.kubernetesOperatorEnabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole