Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace ClusterRole with Role only for posthog namespace #632

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@
# Template Parameters:
#
# NAMESPACE={{ .Values.clickhouse.namespace | default .Release.Namespace }}
# COMMENT=#
# ROLE_KIND=ClusterRole
# ROLE_NAME=clickhouse-operator-{{ .Values.clickhouse.namespace | default .Release.Namespace }}
# ROLE_BINDING_KIND=ClusterRoleBinding
# ROLE_BINDING_NAME=clickhouse-operator-{{ .Values.clickhouse.namespace | default .Release.Namespace }}
# COMMENT=
# ROLE_KIND=Role
# ROLE_NAME=clickhouse-operator
# ROLE_BINDING_KIND=RoleBinding
# ROLE_BINDING_NAME=clickhouse-operator
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
kind: Role
metadata:
name: clickhouse-operator-{{ .Values.clickhouse.namespace | default .Release.Namespace }}
name: clickhouse-operator
namespace: {{ .Values.clickhouse.namespace | default .Release.Namespace }}
labels:
clickhouse.altinity.com/chop: 0.18.4
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@
# Setup ClusterRoleBinding between ClusterRole and ServiceAccount.
# ClusterRoleBinding is namespace-less and must have unique name
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
kind: RoleBinding
metadata:
name: clickhouse-operator-{{ .Values.clickhouse.namespace | default .Release.Namespace }}
name: clickhouse-operator
namespace: {{ .Values.clickhouse.namespace | default .Release.Namespace }}
labels:
clickhouse.altinity.com/chop: 0.18.4
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: clickhouse-operator-{{ .Values.clickhouse.namespace | default .Release.Namespace }}
kind: Role
name: clickhouse-operator
subjects:
- kind: ServiceAccount
name: clickhouse-operator
Expand Down
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
the manifest should match the snapshot when using default values:
1: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
kind: Role
metadata:
labels:
clickhouse.altinity.com/chop: 0.18.4
name: clickhouse-operator-NAMESPACE
name: clickhouse-operator
namespace: NAMESPACE
rules:
- apiGroups:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
the manifest should match the snapshot when using default values:
1: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
kind: RoleBinding
metadata:
labels:
clickhouse.altinity.com/chop: 0.18.4
name: clickhouse-operator-NAMESPACE
name: clickhouse-operator
namespace: NAMESPACE
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: clickhouse-operator-NAMESPACE
kind: Role
name: clickhouse-operator
subjects:
- kind: ServiceAccount
name: clickhouse-operator
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
suite: ClickHouse cluster role definition
suite: ClickHouse role definition
templates:
- templates/clickhouse-operator/clusterrole.yaml
- templates/clickhouse-operator/role.yaml

tests:
- it: should be empty if clickhouse.enabled is set to false
Expand All @@ -16,7 +16,7 @@ tests:
count: 1
- matchSnapshot: {}

- it: ClusterRole/clickhouse-operator-posthog metadata.namespace override via clickhouse.namespace should work
- it: Role/clickhouse-operator-posthog metadata.namespace override via clickhouse.namespace should work
set:
clickhouse.namespace: "custom-namespace"
documentIndex: 0
Expand All @@ -27,7 +27,7 @@ tests:
path: metadata.namespace
value: custom-namespace

- it: ClusterRole/clickhouse-operator-posthog metadata.namespace override via Release.Namespace should work
- it: Role/clickhouse-operator-posthog metadata.namespace override via Release.Namespace should work
release:
namespace: custom-namespace-from-release
documentIndex: 0
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
suite: ClickHouse cluster role binding definition
suite: ClickHouse role binding definition
templates:
- templates/clickhouse-operator/clusterrolebinding.yaml
- templates/clickhouse-operator/rolebinding.yaml

tests:
- it: should be empty if clickhouse.enabled is set to false
Expand All @@ -16,7 +16,7 @@ tests:
count: 1
- matchSnapshot: {}

- it: ClusterRoleBinding/clickhouse-operator-posthog metadata.namespace override via clickhouse.namespace should work
- it: RoleBinding/clickhouse-operator-posthog metadata.namespace override via clickhouse.namespace should work
set:
clickhouse.namespace: "custom-namespace"
documentIndex: 0
Expand All @@ -27,7 +27,7 @@ tests:
path: metadata.namespace
value: custom-namespace

- it: ClusterRoleBinding/clickhouse-operator-posthog metadata.namespace override via Release.Namespace should work
- it: RoleBinding/clickhouse-operator-posthog metadata.namespace override via Release.Namespace should work
release:
namespace: custom-namespace-from-release
documentIndex: 0
Expand All @@ -38,7 +38,7 @@ tests:
path: metadata.namespace
value: custom-namespace-from-release

- it: ClusterRoleBinding/clickhouse-operator-posthog subjects[0].namespace override via clickhouse.namespace should work
- it: RoleBinding/clickhouse-operator-posthog subjects[0].namespace override via clickhouse.namespace should work
set:
clickhouse.namespace: "custom-namespace"
documentIndex: 0
Expand All @@ -49,7 +49,7 @@ tests:
path: subjects[0].namespace
value: custom-namespace

- it: ClusterRoleBinding/clickhouse-operator-posthog subjects[0].namespace override via Release.Namespace should work
- it: RoleBinding/clickhouse-operator-posthog subjects[0].namespace override via Release.Namespace should work
release:
namespace: custom-namespace-from-release
documentIndex: 0
Expand Down
20 changes: 10 additions & 10 deletions scripts/clickhouse_operator_sync.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ TMP_FOLDER="$(mktemp -d)"
trap 'rm -rf -- "$TMP_FOLDER"' EXIT

CLICKHOUSE_OPERATOR_TAG="0.18.4"
URL="https://raw.githubusercontent.com/Altinity/clickhouse-operator/${CLICKHOUSE_OPERATOR_TAG}/deploy/operator/clickhouse-operator-install-template.yaml"
REPO_URL="https://github.com/Altinity/clickhouse-operator.git"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this needed?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because running cat-clickhouse-operator-install-yaml.sh requires multiple template files, so instead of downloading all of them separately, it's easier to just clone the repo and have everything that is required there.


#
# Download the 'altinity/clickhouse-operator' definition and save it as temporary file.
#
# see: https://github.com/Altinity/clickhouse-operator/blob/master/docs/quick_start.md#in-case-you-can-not-run-scripts-from-internet-in-your-protected-environment
# Clone the 'altinity/clickhouse-operator' repo to temp folder.
#
git clone --depth 1 --branch ${CLICKHOUSE_OPERATOR_TAG} ${REPO_URL} "${TMP_FOLDER}"

OPERATOR_NAMESPACE="PLACEHOLDER"
METRICS_EXPORTER_NAMESPACE="${OPERATOR_NAMESPACE}"
# NOTE: we pin to 0.19.0 here which is different to the 0.16.1 manifest version.
Expand All @@ -35,12 +35,12 @@ METRICS_EXPORTER_NAMESPACE="${OPERATOR_NAMESPACE}"
OPERATOR_IMAGE="${OPERATOR_IMAGE:-altinity/clickhouse-operator:0.19.0}"
METRICS_EXPORTER_IMAGE="${METRICS_EXPORTER_IMAGE:-altinity/metrics-exporter:latest}"

curl -s "${URL}" | \
OPERATOR_IMAGE="${OPERATOR_IMAGE}" \
OPERATOR_NAMESPACE="${OPERATOR_NAMESPACE}" \
METRICS_EXPORTER_IMAGE="${METRICS_EXPORTER_IMAGE}" \
METRICS_EXPORTER_NAMESPACE="${METRICS_EXPORTER_NAMESPACE}" \
envsubst > "$TMP_FOLDER/clickhouse-operator.yaml"
OPERATOR_IMAGE="${OPERATOR_IMAGE}" \
OPERATOR_NAMESPACE="${OPERATOR_NAMESPACE}" \
METRICS_EXPORTER_IMAGE="${METRICS_EXPORTER_IMAGE}" \
METRICS_EXPORTER_NAMESPACE="${METRICS_EXPORTER_NAMESPACE}" \
MANIFEST_PRINT_RBAC_NAMESPACED=yes \
"${TMP_FOLDER}/deploy/builder/cat-clickhouse-operator-install-yaml.sh" > "${TMP_FOLDER}/clickhouse-operator.yaml"

#
# Use 'altinity/clickhouse-operator' definition file we fetched and parsed and slice it
Expand Down