Skip to content

Commit

Permalink
fixing approach
Browse files Browse the repository at this point in the history
  • Loading branch information
[email protected] committed Jan 18, 2024
1 parent a53be1c commit 37b4f81
Show file tree
Hide file tree
Showing 9 changed files with 48 additions and 24 deletions.
2 changes: 1 addition & 1 deletion class/defaults.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ parameters:
namespaceAnnotations: {}

charts:
stackgres-operator:
stackgres_operator:
source: "https://stackgres.io/downloads/stackgres-k8s/stackgres/helm/"
version: "1.7.0"
kubernetesVersion: "${dynamic_facts:kubernetesVersion:major}.${dynamic_facts:kubernetesVersion:minor}"
Expand Down
8 changes: 4 additions & 4 deletions class/stackgres-operator.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ parameters:
kapitan:
dependencies:
- type: helm
output_path: dependencies/stackgres-operator/helmcharts/stackgres-operator/${stackgres_operator:charts:stackgres-operator:version}
source: ${stackgres_operator:charts:stackgres-operator:source}
version: ${stackgres_operator:charts:stackgres-operator:version}
output_path: dependencies/stackgres-operator/helmcharts/stackgres-operator/${stackgres_operator:charts:stackgres_operator:version}
source: ${stackgres_operator:charts:stackgres_operator:source}
version: ${stackgres_operator:charts:stackgres_operator:version}
chart_name: stackgres-operator
compile:
- input_paths:
Expand All @@ -20,7 +20,7 @@ parameters:
- output_path: stackgres-operator/01_helmchart
input_type: helm
input_paths:
- dependencies/stackgres-operator/helmcharts/stackgres-operator/${stackgres_operator:charts:stackgres-operator:version}/
- dependencies/stackgres-operator/helmcharts/stackgres-operator/${stackgres_operator:charts:stackgres_operator:version}/
helm_values: ${stackgres_operator:helmValues}
helm_params:
name: stackgres-operator
Expand Down
1 change: 1 addition & 0 deletions component/main.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ local setRestAPIPwJob = kube.Job('stackgres-restapi-set-password') {
namespace: params.namespace,
},
spec+: {
ttlSecondsAfterFinished: 5,
template: {
metadata: {
labels: commonLabels,
Expand Down
5 changes: 5 additions & 0 deletions component/pre.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ local job = kube.Job('') {
},
},
spec: {
ttlSecondsAfterFinished: 5,
template: {
spec: {
containers: [
Expand All @@ -35,6 +36,10 @@ local job = kube.Job('') {
name: 'NAMESPACE',
value: params.namespace,
},
{
name: 'VERSION',
value: params.charts.stackgres_operator.version,
},
],
image: params.images.registry + '/appuio/oc:v4.14',
name: 'kubectl',
Expand Down
9 changes: 5 additions & 4 deletions component/scripts/preCleanCerts.sh
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
#!/bin/bash


kubectl delete --ignore-not-found=true clusterrolebindings.rbac.authorization.k8s.io stackgres-operator-init
# deleting webhook because they use legacy certs
kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io stackgres-operator

kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io stackgres-operator
kubectl -n "$NAMESPACE" delete --ignore-not-found=true certs --all

kubectl -n "$NAMESPACE" delete --ignore-not-found=true secrets stackgres-operator-certs stackgres-operator-web-certs

kubectl -n "$NAMESPACE" delete --ignore-not-found=true issuers.cert-manager.io stackgres-operator-ca-issuer stackgres-operator-self-signed-issuer

# at this point we need to reload our deployments
kubectl -n "$NAMESPACE" rollout restart deployment stackgres-operator

kubectl -n "$NAMESPACE" rollout restart deployment stackgres-restapi
7 changes: 6 additions & 1 deletion component/scriptsPermissions.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@ local clusterRole = kube.ClusterRole(rolename) {
resources: [ 'clusterrolebindings' ],
verbs: [ 'delete', 'get', 'list', 'watch' ],
},
{
apiGroups: [ 'admissionregistration.k8s.io' ],
resources: [ 'mutatingwebhookconfigurations', 'validatingwebhookconfigurations' ],
verbs: [ 'delete', 'get', 'list', 'watch' ],
},
],
};

Expand All @@ -49,7 +54,7 @@ local role = kube.Role(rolename) {
},
{
apiGroups: [ 'apps' ],
resources: [ 'deployments', "replicasets", "pods" ],
resources: [ 'deployments', 'replicasets', 'pods' ],
verbs: [ 'get', 'list', 'watch', 'create', 'update', 'patch', 'delete' ],
},
{
Expand Down
10 changes: 10 additions & 0 deletions tests/golden/defaults/stackgres-operator/stackgres-operator/01_clusterRole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,13 @@ rules:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- delete
- get
- list
- watch
29 changes: 15 additions & 14 deletions tests/golden/defaults/stackgres-operator/stackgres-operator/02_CleanCertsJobName.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,25 @@ spec:
command:
- /bin/bash
- -cex
- |
#!/bin/bash
kubectl delete --ignore-not-found=true clusterrolebindings.rbac.authorization.k8s.io stackgres-operator-init
kubectl -n "$NAMESPACE" delete --ignore-not-found=true certs --all
kubectl -n "$NAMESPACE" delete --ignore-not-found=true secrets stackgres-operator-certs stackgres-operator-web-certs
kubectl -n "$NAMESPACE" delete --ignore-not-found=true issuers.cert-manager.io stackgres-operator-ca-issuer stackgres-operator-self-signed-issuer
kubectl -n "$NAMESPACE" rollout restart deployment stackgres-operator
kubectl -n "$NAMESPACE" rollout restart deployment stackgres-restapi
- "#!/bin/bash\n\n\nkubectl delete --ignore-not-found=true clusterrolebindings.rbac.authorization.k8s.io\
\ stackgres-operator-init\n# deleting webhook because they use legacy\
\ certs\nkubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io\
\ stackgres-operator\n\nkubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io\
\ stackgres-operator\nkubectl -n \"$NAMESPACE\" delete --ignore-not-found=true\
\ certs --all\nkubectl -n \"$NAMESPACE\" delete --ignore-not-found=true\
\ secrets stackgres-operator-certs stackgres-operator-web-certs\nkubectl\
\ -n \"$NAMESPACE\" delete --ignore-not-found=true issuers.cert-manager.io\
\ stackgres-operator-ca-issuer stackgres-operator-self-signed-issuer\n\
# at this point we need to reload our deployments \nkubectl -n \"$NAMESPACE\"\
\ rollout restart deployment stackgres-operator\nkubectl -n \"$NAMESPACE\"\
\ rollout restart deployment stackgres-restapi\n"
env:
- name: NAMESPACE
value: syn-stackgres-operator
- name: VERSION
value: 1.7.0
image: quay.io/appuio/oc:v4.14
name: kubectl
restartPolicy: OnFailure
serviceAccountName: stackgres-init-additional-permissions
ttlSecondsAfterFinished: 5
1 change: 1 addition & 0 deletions tests/golden/defaults/stackgres-operator/stackgres-operator/02_set_restAPI_password_job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,4 @@ spec:
volumeMounts: []
restartPolicy: OnFailure
serviceAccountName: stackgres-operator-init
ttlSecondsAfterFinished: 5

0 comments on commit 37b4f81

Please sign in to comment.