search

openshift / cluster-monitoring-operator

Manage the OpenShift monitoring stack
Apache License 2.0
247 stars 360 forks source link

[release-4.14] OCPBUGS-34023: fix KRP permissions for Thanos Querier #2374

Closed rexagod closed 3 months ago

rexagod commented 3 months ago

fix KRP configuration for thanos-querier in order to enforce restricted access only to entities allowed to [http-verb] for pods.metrics.k8s.io

openshift-ci-robot commented 3 months ago

@rexagod: This pull request references Jira Issue OCPBUGS-34023, which is valid.

7 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.14.z) matches configured target version for branch (4.14.z) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST) * release note text is set and does not match the template * dependent bug [Jira Issue OCPBUGS-17035](https://issues.redhat.com//browse/OCPBUGS-17035) is in the state Closed (Done-Errata), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA)) * dependent [Jira Issue OCPBUGS-17035](https://issues.redhat.com//browse/OCPBUGS-17035) targets the "4.15.0" version, which is one of the valid target versions: 4.15.0, 4.15.z * bug has dependents

Requesting review from QA contact: /cc @juzhao

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/cluster-monitoring-operator/pull/2374): >fix KRP configuration for thanos-querier in order to enforce restricted access only to entities allowed to [http-verb] for pods.metrics.k8s.io > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcluster-monitoring-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
rexagod commented 3 months ago

/label backport-risk-assessed

openshift-ci[bot] commented 3 months ago

@rexagod: Can not set label backport-risk-assessed: Must be member in one of these teams: [openshift-patch-managers]

In response to [this](https://github.com/openshift/cluster-monitoring-operator/pull/2374#issuecomment-2135314007): >/label backport-risk-assessed Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
simonpasquier commented 3 months ago

/label backport-risk-assessed

simonpasquier commented 3 months ago

/approve

openshift-ci[bot] commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rexagod, simonpasquier

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/cluster-monitoring-operator/blob/release-4.14/OWNERS)~~ [simonpasquier] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci[bot] commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rexagod, simonpasquier

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/cluster-monitoring-operator/blob/release-4.14/OWNERS)~~ [simonpasquier] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci[bot] commented 3 months ago

@rexagod: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
juzhao commented 3 months ago

/label cherry-pick-approved /label qe-approved

openshift-ci-robot commented 3 months ago

@rexagod: Jira Issue OCPBUGS-34023: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-34023 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/cluster-monitoring-operator/pull/2374): >fix KRP configuration for thanos-querier in order to enforce restricted access only to entities allowed to [http-verb] for pods.metrics.k8s.io > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcluster-monitoring-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-bot commented 3 months ago

[ART PR BUILD NOTIFIER]

This PR has been included in build cluster-monitoring-operator-container-v4.14.0-202405290807.p0.g618dee4.assembly.stream.el8 for distgit cluster-monitoring-operator. All builds following this will include this PR.

openshift-merge-robot commented 3 months ago

Fix included in accepted release 4.14.0-0.nightly-2024-05-30-083125