fix: Update cluster roles #1961

kamilprz · 2025-12-04T14:05:24Z

Description

There was still mentions of retina.io within the cluster role files for agent and operator. This PR updates those to retina.sh. It also adds in additional permissions to access captures and jobs.

Related Issue

#1936

Checklist

I have read the contributing documentation.
I signed and signed-off the commits (git commit -S -s ...). See this documentation on signing commits.
I have correctly attributed the author(s) of the code.
I have tested the changes locally.
I have followed the project's style guidelines.
I have updated the documentation, if necessary.
I have added tests, if applicable.

Screenshots (if applicable) or Testing Completed

Before / Current

After

Installing via https://retina.sh/docs/Installation/Setup#basic-mode

>VERSION=$( curl -sL https://api.github.com/repos/microsoft/retina/releases/latest | jq -r .name)
helm upgrade --install retina oci://ghcr.io/microsoft/retina/charts/retina \
    --version $VERSION \
    --namespace kube-system \
    --set image.tag=$VERSION \
    --set operator.tag=$VERSION \
    --set image.pullPolicy=Always \
    --set logLevel=info \
    --set os.windows=true \
    --set operator.enabled=true \
    --set operator.enableRetinaEndpoint=true \
    --skip-crds \
    --set enabledPlugin_linux="\[dropreason\,packetforward\,linuxutil\,dns\,packetparser\]" \
    --set enablePodLevel=true \
    --set enableAnnotations=true
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /mnt/c/Users/kamilp/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /mnt/c/Users/kamilp/.kube/config
Release "retina" does not exist. Installing it now.
Pulled: ghcr.io/microsoft/retina/charts/retina:v0.0.33-dev-rc1
Digest: sha256:e01d04909dcfc1d55529e8c39b100be77a4a4d1c5609d5fb694650bc0f5cef94
NAME: retina
LAST DEPLOYED: Fri Dec  5 22:10:31 2025
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
NOTES:
1. Installing retina service using helm: helm install retina ./deploy/standard/manifests/controller/helm/retina/ --namespace kube-system --dependency-update
2. Cleaning up/uninstalling/deleting retina and dependencies related:
  helm uninstall retina -n kube-system
>
>kubectl get clusterrole retina-cluster-reader -n kube-system -o yaml | grep "retina.io"
>
>kubectl get clusterrole retina-cluster-reader -n kube-system -o yaml | grep "retina.sh"
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh

Installing via - https://retina.sh/docs/Installation/Setup#advanced-mode-with-local-context

>VERSION=$( curl -sL https://api.github.com/repos/microsoft/retina/releases/latest | jq -r .name)
helm upgrade --install retina oci://ghcr.io/microsoft/retina/charts/retina \
    --version $VERSION \
    --namespace kube-system \
    --set image.tag=$VERSION \
    --set operator.tag=$VERSION \
    --set image.pullPolicy=Always \
    --set logLevel=info \
    --set os.windows=true \
    --set operator.enabled=true \
    --set operator.enableRetinaEndpoint=true \
    --skip-crds \
    --set enabledPlugin_linux="\[dropreason\,packetforward\,linuxutil\,dns\,packetparser\]" \
    --set enablePodLevel=true \
    --set enableAnnotations=true
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /mnt/c/Users/kamilp/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /mnt/c/Users/kamilp/.kube/config
Release "retina" does not exist. Installing it now.
Pulled: ghcr.io/microsoft/retina/charts/retina:v0.0.33-dev-rc1
Digest: sha256:e01d04909dcfc1d55529e8c39b100be77a4a4d1c5609d5fb694650bc0f5cef94
NAME: retina
LAST DEPLOYED: Fri Dec  5 22:17:06 2025
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
NOTES:
1. Installing retina service using helm: helm install retina ./deploy/standard/manifests/controller/helm/retina/ --namespace kube-system --dependency-update
2. Cleaning up/uninstalling/deleting retina and dependencies related:
  helm uninstall retina -n kube-system
>
>kubectl get clusterrole retina-cluster-reader -n kube-system -o yaml | grep "retina.io"
>
>
>kubectl get clusterrole retina-cluster-reader -n kube-system -o yaml | grep "retina.sh"
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh
>
>kubectl get clusterrole retina-operator-role -n kube-system -o yaml | grep "retina.io"
>
>kubectl get clusterrole retina-operator-role -n kube-system -o yaml | grep "retina.sh"
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh
  - retina.sh

Signed-off-by: Kamil <[email protected]>

kamilprz requested a review from a team as a code owner December 4, 2025 14:05

kamilprz requested review from anubhabMajumdar and snguyen64 December 4, 2025 14:05

update clusterrole and apigroups

48ad0c1

Signed-off-by: Kamil <[email protected]>

kamilprz force-pushed the kamilp/helm-roles branch from 5e4a576 to 48ad0c1 Compare December 4, 2025 14:22

kamilprz linked an issue Dec 5, 2025 that may be closed by this pull request

Helm-deployed agent crashing on launch: Helm-deployed ClusterRoles for operator, agent etc still use retina.io instead of retina.sh #1936

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: Update cluster roles #1961

fix: Update cluster roles #1961

kamilprz commented Dec 4, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

fix: Update cluster roles #1961

Are you sure you want to change the base?

fix: Update cluster roles #1961

Conversation

kamilprz commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Related Issue

Checklist

Screenshots (if applicable) or Testing Completed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

kamilprz commented Dec 4, 2025 •

edited

Loading