Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks. By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.
This PR adds permission to Zora Operator delete service accounts.
It's need on OpenShift. Without this permission we got the error below.
{"level":"error","ts":"2024-02-29T19:08:03Z","msg":"failed to apply ServiceAccount zora-plugins","controller":"clusterscan","controllerGroup":"zora.undistro.io","controllerKind":"ClusterScan","ClusterScan":{"name":"openshift-hml-misconfig","namespace":"zora-system"},"namespace":"zora-system","name":"openshift-hml-misconfig","reconcileID":"64ec15a1-fe02-43f1-9219-fff99392684c","resourceVersion":"753793202","error":"serviceaccounts \"zora-plugins\" is forbidden: cannot set an ownerRef on a resource you can't delete: , <nil>","stacktrace":"github.com/undistro/zora/internal/controller/zora.(*ClusterScanReconciler).applyRBAC\n\t/workspace/internal/controller/zora/clusterscan_controller.go:472\ngithub.com/undistro/zora/internal/controller/zora.(*ClusterScanReconciler).reconcile\n\t/workspace/internal/controller/zora/clusterscan_controller.go:188\ngithub.com/undistro/zora/internal/controller/zora.(*ClusterScanReconciler).Reconcile\n\t/workspace/internal/controller/zora/clusterscan_controller.go:130\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:119\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:316\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:227"}
How has this been tested?
Installing on OpenShift
Checklist
[x] I have labeled this PR with the relevant Type labels
Description
This PR adds permission to Zora Operator delete service accounts. It's need on OpenShift. Without this permission we got the error below.
How has this been tested?
Checklist