From 9f1c8a37715a4ab5bd8e06a51be0db5e7d55d688 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Tue, 10 Dec 2024 09:49:26 +0100 Subject: [PATCH 1/3] feat(geoipupdates): rbac enhancement to allow rollout restart --- charts/geoipupdates/templates/rbac.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/geoipupdates/templates/rbac.yaml b/charts/geoipupdates/templates/rbac.yaml index f9263066..55cf81f9 100644 --- a/charts/geoipupdates/templates/rbac.yaml +++ b/charts/geoipupdates/templates/rbac.yaml @@ -16,6 +16,10 @@ rules: resources: ["pods"] resourceNames: [{{ include "geoipupdate.fullname" . }}] verbs: ["get", "read", "list", "watch", "create", "patch", "replace", "delete"] + - apiGroups: ["apps", "extensions"] + resources: ["deployments"] + resourceNames: ["updates-jenkins-io", "get-jenkins-io"] + verbs: ["get", "patch", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding From a443359a5897063200f140544fae57ad3a220a18 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Tue, 10 Dec 2024 09:51:18 +0100 Subject: [PATCH 2/3] bump version --- charts/geoipupdates/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/geoipupdates/Chart.yaml b/charts/geoipupdates/Chart.yaml index bf5e832d..de219ff5 100644 --- a/charts/geoipupdates/Chart.yaml +++ b/charts/geoipupdates/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: MaxMind GeoIP database updater name: geoipupdates -version: 2.2.0 +version: 2.2.1 appVersion: "v7.1.0" maintainers: - email: jenkins-infra-team@googlegroups.com From 8f71f0fe43ecb2d8d7fe89d3299604f16f53f515 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Thu, 12 Dec 2024 15:31:27 +0100 Subject: [PATCH 3/3] adding templating for namespaces and deployments --- charts/geoipupdates/templates/_helpers.tpl | 21 +++++++++++ charts/geoipupdates/templates/cronjob.yaml | 6 ++++ charts/geoipupdates/templates/rbac.yaml | 36 ++++++++++++++++--- .../tests/custom_values_test.yaml | 9 +++++ charts/geoipupdates/tests/defaults_test.yaml | 2 ++ .../tests/values/custom_geoipupdater.yaml | 10 ++++++ charts/geoipupdates/values.yaml | 10 ++++++ 7 files changed, 90 insertions(+), 4 deletions(-) diff --git a/charts/geoipupdates/templates/_helpers.tpl b/charts/geoipupdates/templates/_helpers.tpl index 569ff3f0..164631be 100644 --- a/charts/geoipupdates/templates/_helpers.tpl +++ b/charts/geoipupdates/templates/_helpers.tpl @@ -50,3 +50,24 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} + +{{/* +rollout expand +*/}} +{{- define "geoipupdate.rollout" -}} +{{- if .Values.geoipupdate.rolloutrestart -}} +{{- if .Values.geoipupdate.rolloutrestart.enable -}} +{{- $result := "" -}} +{{- range .Values.geoipupdate.rolloutrestart.restarts -}} +{{- $namespace := .namespace -}} +{{- $deployments := .deployments | join "," -}} +{{- if $result -}} +{{- $result = printf "%s;%s:%s" $result $namespace $deployments -}} +{{- else -}} +{{- $result = printf "%s:%s" $namespace $deployments -}} +{{- end -}} +{{- end -}} +{{ $result }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/geoipupdates/templates/cronjob.yaml b/charts/geoipupdates/templates/cronjob.yaml index 4ca9dd4b..ba5f69e1 100644 --- a/charts/geoipupdates/templates/cronjob.yaml +++ b/charts/geoipupdates/templates/cronjob.yaml @@ -51,6 +51,12 @@ spec: - name: STORAGE_FILESHARE value: {{ . }} {{- end }} + {{- if .Values.geoipupdate.rolloutrestart }} + {{- if .Values.geoipupdate.rolloutrestart.enable }} + - name: GEOIPUPDATE_ROLLOUT + value: {{ include "geoipupdate.rollout" . }} + {{- end }} + {{- end }} envFrom: - secretRef: name: {{ include "geoipupdate.fullname" . }} diff --git a/charts/geoipupdates/templates/rbac.yaml b/charts/geoipupdates/templates/rbac.yaml index 55cf81f9..3b17fffe 100644 --- a/charts/geoipupdates/templates/rbac.yaml +++ b/charts/geoipupdates/templates/rbac.yaml @@ -16,10 +16,6 @@ rules: resources: ["pods"] resourceNames: [{{ include "geoipupdate.fullname" . }}] verbs: ["get", "read", "list", "watch", "create", "patch", "replace", "delete"] - - apiGroups: ["apps", "extensions"] - resources: ["deployments"] - resourceNames: ["updates-jenkins-io", "get-jenkins-io"] - verbs: ["get", "patch", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -32,3 +28,35 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "geoipupdate.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "geoipupdate.fullname" . }}-rolloutrestart + labels: +{{ include "geoipupdate.labels" . | indent 4 }} +rules: + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "patch", "list", "watch"] +--- +{{- if .Values.geoipupdate.rolloutrestart -}} +{{- if .Values.geoipupdate.rolloutrestart.enable -}} +{{- range .Values.geoipupdate.rolloutrestart.restarts }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "geoipupdate.fullname" $ }}-rolloutrestart-{{ .namespace }} + namespace: {{ .namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "geoipupdate.fullname" $ }}-rolloutrestart +subjects: + - kind: ServiceAccount + namespace: {{ $.Release.Namespace }} + name: {{ include "geoipupdate.fullname" $ }} +--- +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/geoipupdates/tests/custom_values_test.yaml b/charts/geoipupdates/tests/custom_values_test.yaml index a52cf077..514c81ad 100644 --- a/charts/geoipupdates/tests/custom_values_test.yaml +++ b/charts/geoipupdates/tests/custom_values_test.yaml @@ -33,6 +33,9 @@ tests: - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name value: GEOIPUPDATE_DRYRUN + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value + value: "true" - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name value: GEOIPUPDATE_EDITION_IDS @@ -51,3 +54,9 @@ tests: - equal: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value value: myfileshare + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[4].name + value: GEOIPUPDATE_ROLLOUT + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].env[4].value + value: "updates-jenkins-io:updates-jenkins-io-content-secured-mirrorbits,updates-jenkins-io-content-unsecured-mirrorbits;get-jenkins-io:get-jenkins-io-mirrorbits" diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml index 7c634ca5..ae8c3df9 100644 --- a/charts/geoipupdates/tests/defaults_test.yaml +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -45,3 +45,5 @@ tests: path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name - notExists: path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name + - notExists: + path: spec.jobTemplate.spec.template.spec.containers[0].env[4].name diff --git a/charts/geoipupdates/tests/values/custom_geoipupdater.yaml b/charts/geoipupdates/tests/values/custom_geoipupdater.yaml index 1ec690f2..c869295e 100644 --- a/charts/geoipupdates/tests/values/custom_geoipupdater.yaml +++ b/charts/geoipupdates/tests/values/custom_geoipupdater.yaml @@ -9,3 +9,13 @@ geoipupdate: storage_name: "mystoragename" storage_fileshare: "myfileshare" cron: '0 6 * * *' # default to every day at 6AM + rolloutrestart: + enable: true + restarts: + - namespace: updates-jenkins-io + deployments: + - updates-jenkins-io-content-secured-mirrorbits + - updates-jenkins-io-content-unsecured-mirrorbits + - namespace: get-jenkins-io + deployments: + - get-jenkins-io-mirrorbits diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml index 28d130d4..8f6c2c32 100644 --- a/charts/geoipupdates/values.yaml +++ b/charts/geoipupdates/values.yaml @@ -16,6 +16,16 @@ geoipupdate: storage_name: "" storage_fileshare: "" cron: '0 4 * * *' # default to every day at 4AM + # rolloutrestart: + # enable: false + # restarts: + # - namespace: updates-jenkins-io + # deployments: + # - updates-jenkins-io-content-secured-mirrorbits + # - updates-jenkins-io-content-unsecured-mirrorbits + # - namespace: get-jenkins-io + # deployments: + # - get-jenkins-io-mirrorbits podSecurityContext: {} # fsGroup: 2000 containerSecurityContext: {}