Fix #17: Make RBAC resources unique and optional #18
Conversation
Problem: With the current Chart RBAC resource names are hard coded and not optional so it's impossible to deploy more than one instance in a namespace Solution: This uses the helper f5-bigip-ctlr.fullname as the name of each resource to it's unique. It also add variables to make the RBAc resources optional. You can also set the name of the service account to use so you can use it across all deploys. Testing (optional if not described in Solution section): Description of tests that were run to exercise the solutions (unit tests, system tests, etc)
Fix name of ClusterRole in ClusterRoleBinding
|
Any progress on this? |
|
@rendhalver - Thanks for the contribution. Under review. |
There was a problem hiding this comment.
@rendhalver - initial review looks good. Will be running regression tests and will update you on outcome. Provided regression / system tests are green, happy to add a commit to modify the version per the earlier comment. If anything is needed from you, will let you know.
There was a problem hiding this comment.
@f5tsomanchi - As we discussed on site and per the comment left in this review I would advise keeping the naming convention already in place, unless we can make a strong case to change them based on the way charts work in production when multiple versions might be deployed.
The RBAC aspects look fine, however, this MR had not been merged yet due to difficulty around a testing environment to run the system tests. They may need to be modified to run the newer charts.
| labels: | ||
| app: {{ template "f5-bigip-ctlr.name" . }} | ||
| chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} | ||
| chart: {{ template "f5-bigip-ctlr.chart" . }} |
There was a problem hiding this comment.
Charts in helm are expected to be tied to a version. This naming convention is deliberate and should be retained. Operators may be expected to use multiple versions of a chart during rolling deployments, testing etc., and having the name explicitly reference the version should make tracking, debugging, and human error elimination easier.
@f5tsomanchi The names of resources should be validated in a test environment
There was a problem hiding this comment.
@recursivelycurious - as said in the above comments,
The RBAC aspects look fine, however, this MR had not been merged yet due to difficulty around a testing environment to run the system tests. They may need to be modified to run the newer charts.
- Can you please elaborate the modifications needed to run newer charts ?
There was a problem hiding this comment.
There was a problem hiding this comment.
If you look in the helpers template "f5-bigip-ctlr.chart" . is functionally equivalent to .Chart.Name }}-{{ .Chart.Version | replace "+" "_"
|
@rendhalver : Please update the patch with requested changes |
I answered the question. |
|
@trinaths -- please take another look at this MR. |
Problem:
With the current Chart RBAC resource names are hard coded and not optional
so it's impossible to deploy more than one instance in a namespace
Solution:
This uses the helper f5-bigip-ctlr.fullname as the name of each resource to it's unique.
It also add variables to make the RBAc resources optional.
You can also set the name of the service account to use so you can use it across all deploys.
Testing (optional if not described in Solution section): Description of tests that were run to exercise the solutions (unit tests, system tests, etc)