From a2bf340975edc8c539c7f1a4f3cf6543f7a41447 Mon Sep 17 00:00:00 2001 From: breadly7 <32871303+breadly7@users.noreply.github.com> Date: Fri, 9 Dec 2022 18:27:21 +0100 Subject: [PATCH] Rollout operator psp (#3686) * make rollout-operator able to use psp * add new role-binding to generated templates * add changelog entry * add generated golden records --- operations/helm/charts/mimir-distributed/CHANGELOG.md | 1 + .../helm/charts/mimir-distributed/templates/rolebinding.yaml | 4 ++++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ .../mimir-distributed/templates/rolebinding.yaml | 2 ++ 11 files changed, 23 insertions(+) diff --git a/operations/helm/charts/mimir-distributed/CHANGELOG.md b/operations/helm/charts/mimir-distributed/CHANGELOG.md index 091f86be950..a4533ebf566 100644 --- a/operations/helm/charts/mimir-distributed/CHANGELOG.md +++ b/operations/helm/charts/mimir-distributed/CHANGELOG.md @@ -30,6 +30,7 @@ Entries should include a reference to the Pull Request that introduced the chang * [ENHANCEMENT] Update the `rollout-operator` subchart to `0.2.0`. #3624 * [ENHANCEMENT] Add ability to manage PrometheusRule for metamonitoring with Prometheus operator from the Helm chart. The alerts are disabled by default but can be enabled with `prometheusRule.mimirAlerts` set to `true`. To enable the default rules, set `mimirRules` to `true`. #2134 #2609 +* [BUGFIX] Enable `rollout-operator` to use PodSecurityPolicies if necessary ## 4.0.0 diff --git a/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml b/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml index 68a8e35f4a9..9bb34a6cf12 100644 --- a/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml @@ -15,4 +15,8 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "mimir.serviceAccountName" . }} +{{- if .Values.rollout_operator.enabled }} +- kind: ServiceAccount + name: {{ include "rollout-operator.serviceAccountName" . }} +{{- end }} {{- end }} diff --git a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml index fafe5b555ad..902d6f333de 100644 --- a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: gateway-enterprise-values-mimir +- kind: ServiceAccount + name: gateway-enterprise-values-mimir-distributed diff --git a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/rolebinding.yaml index 53606368041..c007b2d5604 100644 --- a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: gateway-nginx-values-mimir +- kind: ServiceAccount + name: gateway-nginx-values-mimir-distributed diff --git a/operations/helm/tests/large-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/large-values-generated/mimir-distributed/templates/rolebinding.yaml index ef917e178bd..9f1e126ad69 100644 --- a/operations/helm/tests/large-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/large-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: large-values-mimir +- kind: ServiceAccount + name: large-values-mimir-distributed diff --git a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/rolebinding.yaml index b632563d0b5..d856013e549 100644 --- a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: scheduler-name-values-mimir +- kind: ServiceAccount + name: scheduler-name-values-mimir-distributed diff --git a/operations/helm/tests/small-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/small-values-generated/mimir-distributed/templates/rolebinding.yaml index 153b41678f9..b7a5aaf57be 100644 --- a/operations/helm/tests/small-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/small-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: small-values-mimir +- kind: ServiceAccount + name: small-values-mimir-distributed diff --git a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/rolebinding.yaml index 92c4d4f3b50..2cd18e7c946 100644 --- a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: test-enterprise-legacy-label-values-enterprise-metrics +- kind: ServiceAccount + name: test-enterprise-legacy-label-values-mimir-distributed diff --git a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml index e491a039715..72bd841ec78 100644 --- a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: test-enterprise-values-mimir +- kind: ServiceAccount + name: test-enterprise-values-mimir-distributed diff --git a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml index 0a25a6a1dbd..d56c66a6536 100644 --- a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: test-oss-logical-multizone-values-mimir +- kind: ServiceAccount + name: test-oss-logical-multizone-values-mimir-distributed diff --git a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml index 9fc70fa3bac..caf17349d69 100644 --- a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/rolebinding.yaml @@ -16,3 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: test-oss-multizone-values-mimir +- kind: ServiceAccount + name: test-oss-multizone-values-mimir-distributed