From ed741bf03d96b65640752986976951725c5e51e1 Mon Sep 17 00:00:00 2001 From: breadly7 Date: Thu, 8 Dec 2022 15:49:31 +0100 Subject: [PATCH 1/4] make rollout-operator able to use psp --- .../helm/charts/mimir-distributed/templates/rolebinding.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml b/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml index 68a8e35f4a9..9bb34a6cf12 100644 --- a/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml @@ -15,4 +15,8 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "mimir.serviceAccountName" . }} +{{- if .Values.rollout_operator.enabled }} +- kind: ServiceAccount + name: {{ include "rollout-operator.serviceAccountName" . }} +{{- end }} {{- end }} From 10325c89f70cb827a930feacc2ca81850c01c650 Mon Sep 17 00:00:00 2001 From: breadly7 Date: Fri, 9 Dec 2022 10:10:40 +0100 Subject: [PATCH 2/4] add new role-binding to generated templates --- .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ 5 files changed, 10 insertions(+) diff --git a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/rolebinding.yaml index b632563d0b5..d856013e549 100644 --- a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: scheduler-name-values-mimir +- kind: ServiceAccount + name: scheduler-name-values-mimir-distributed diff --git a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/rolebinding.yaml index 92c4d4f3b50..2cd18e7c946 100644 --- a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: test-enterprise-legacy-label-values-enterprise-metrics +- kind: ServiceAccount + name: test-enterprise-legacy-label-values-mimir-distributed diff --git a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml index e491a039715..72bd841ec78 100644 --- a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: test-enterprise-values-mimir +- kind: ServiceAccount + name: test-enterprise-values-mimir-distributed diff --git a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml index 0a25a6a1dbd..d56c66a6536 100644 --- a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: test-oss-logical-multizone-values-mimir +- kind: ServiceAccount + name: test-oss-logical-multizone-values-mimir-distributed diff --git a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml index 9fc70fa3bac..caf17349d69 100644 --- a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: test-oss-multizone-values-mimir +- kind: ServiceAccount + name: test-oss-multizone-values-mimir-distributed From 8d31a57cbee75bb06181896446af0c18947b8d1c Mon Sep 17 00:00:00 2001 From: breadly7 Date: Fri, 9 Dec 2022 10:32:37 +0100 Subject: [PATCH 3/4] add changelog entry --- operations/helm/charts/mimir-distributed/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/operations/helm/charts/mimir-distributed/CHANGELOG.md b/operations/helm/charts/mimir-distributed/CHANGELOG.md index 091f86be950..a4533ebf566 100644 --- a/operations/helm/charts/mimir-distributed/CHANGELOG.md +++ b/operations/helm/charts/mimir-distributed/CHANGELOG.md @@ -30,6 +30,7 @@ Entries should include a reference to the Pull Request that introduced the chang * [ENHANCEMENT] Update the `rollout-operator` subchart to `0.2.0`. #3624 * [ENHANCEMENT] Add ability to manage PrometheusRule for metamonitoring with Prometheus operator from the Helm chart. The alerts are disabled by default but can be enabled with `prometheusRule.mimirAlerts` set to `true`. To enable the default rules, set `mimirRules` to `true`. #2134 #2609 +* [BUGFIX] Enable `rollout-operator` to use PodSecurityPolicies if necessary ## 4.0.0 From 5712d855a549a1068ef24f257b51daa2ec02f556 Mon Sep 17 00:00:00 2001 From: breadly7 Date: Fri, 9 Dec 2022 12:45:47 +0100 Subject: [PATCH 4/4] add generated golden records --- .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ 4 files changed, 8 insertions(+) diff --git a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml index fafe5b555ad..902d6f333de 100644 --- a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: gateway-enterprise-values-mimir +- kind: ServiceAccount + name: gateway-enterprise-values-mimir-distributed diff --git a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/rolebinding.yaml index 53606368041..c007b2d5604 100644 --- a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: gateway-nginx-values-mimir +- kind: ServiceAccount + name: gateway-nginx-values-mimir-distributed diff --git a/operations/helm/tests/large-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/large-values-generated/mimir-distributed/templates/rolebinding.yaml index ef917e178bd..9f1e126ad69 100644 --- a/operations/helm/tests/large-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/large-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: large-values-mimir +- kind: ServiceAccount + name: large-values-mimir-distributed diff --git a/operations/helm/tests/small-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/small-values-generated/mimir-distributed/templates/rolebinding.yaml index 153b41678f9..b7a5aaf57be 100644 --- a/operations/helm/tests/small-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/small-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: small-values-mimir +- kind: ServiceAccount + name: small-values-mimir-distributed