Skip to content

Commit

Permalink
Allow operator to update Route spec.subdomain
Browse files Browse the repository at this point in the history 
Before this commit, cluster-ingress-operator did not have permission to
update spec.host or spec.subdomain on an existing route as the operator's
serviceaccount did not have the necessary "routes/custom-host" permission.
A previous change to the operator had added logic to clear spec.host and
instead set spec.subdomain, but without the required permission, the update
would fail with the following error message:

    ERROR   operator.init   controller/controller.go:265    Reconciler error
{"controller": "canary_controller", "object": {"name":"default","namespace":"openshift-ingress-operator"},
"namespace": "openshift-ingress-operator", "name": "default", "reconcileID": "463061e3-93a1-4067-802e-03e3f1f8cdd0",
"error": "failed to ensure canary route: failed to update canary route openshift-ingress-canary/canary:
Route.route.openshift.io \"canary\" is invalid: spec.subdomain: Invalid value: \"canary-openshift-ingress-canary\": field is immutable"}

This commit adds the needed permission to the clusterrole for the
operator's serviceaccount so that the update can succeed.

This commit fixes OCPBUGS-32887.

https://issues.redhat.com/browse/OCPBUGS-32887

Follow-up to commit 530d326.

* manifests/00-cluster-role.yaml: Add permission for routes/custom-host.
  • Loading branch information
@Miciah
Miciah committed Apr 24, 2024
1 parent b7d42a2 commit 77c61ba
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions manifests/00-cluster-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,7 @@ rules:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'

Expand Down

0 comments on commit 77c61ba

Please sign in to comment.