[bitnami/kuberay] Adding the list and watch for endpoints resource to the cluster role to solve #30648

[frivas-at-navteca]

This change adds the necessary rules to the operator cluster role to get the Ray Service in Running state and also make the kuberay operator not to show the

W1127 12:42:08.725162       1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kuberay:kuberay-operator" cannot list resource "endpoints" in API group "" at the cluster scope
E1127 12:42:08.725465       1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.Endpoints: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kuberay:kuberay-operator" cannot list resource "endpoints" in API group "" at the cluster scope
W1127 12:42:57.122692       1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kuberay:kuberay-operator" cannot list resource "endpoints" in API group "" at the cluster scope
E1127 12:42:57.122732       1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.Endpoints: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kuberay:kuberay-operator" cannot list resource "endpoints" in API group "" at the cluster scope
W1127 12:43:42.058024       1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kuberay:kuberay-operator" cannot list resource "endpoints" in API group "" at the cluster scope
E1127 12:43:42.058075       1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.Endpoints: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kuberay:kuberay-operator" cannot list resource "endpoints" in API group "" at the cluster scope
W1127 12:44:29.551260       1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kuberay:kuberay-operator" cannot list resource "endpoints" in API group "" at the cluster scope
E1127 12:44:29.551308       1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.Endpoints: failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kuberay:kuberay-operator" cannot list resource "endpoints" in API group "" at the cluster scope

This issue has been seen in the operator's log and as I am not using the apiserver or cluster components

Description of the change

Adds RBAC rules to the Operator Cluster Role.

Benefits

Ray Service will be in running state and also the Operator logs won't show the messages with the permissions.

Possible drawbacks

None as far as I know. Just keep in mind this applies only to the operator not apiserver or cluster.

Applicable issues

• fixes [bitnami/kuberay] Missing Cluster Role rules causes Ray Service to be in WaitForServeDeploymentReady #30648

[frivas-at-navteca]

Re-opening. Sorry for the delay with this. I hope you have had a Merry Christmas and a Happy New Year and the 3 Kings had been great to you.

I have synched my fork and it should be fine now.

Thank you very much for all the support and lets get this through!

[carrodher]

Thanks for your contribution! Could you please bump the chart version in the Chart.yaml? This is necessary to test the changes and cut a new release.

[frivas-at-navteca]

Hello @carrodher and @alvneiayu I hope you are doing great!

I was wondering about this PR. I have seen there are 2 new releases of Kuberay solving other important issues. I was wondering if this one will be included in a future release.

Thank you for your support and help

Thank you very much!
have a great day!