From 34b046e5e3e440ced08900eda68a942b059b5bd2 Mon Sep 17 00:00:00 2001 From: Debakel Orakel Date: Thu, 30 Apr 2026 20:34:37 +0200 Subject: [PATCH 1/2] Remove rollout-operator from Helm chart This PR disabled the ability to deploy the rollout-operator. The rollout-operator needs to be installed with separate component. --- class/defaults.yml | 5 -- class/mimir.yml | 3 - component/helm_values.jsonnet | 37 ++++++---- component/main.jsonnet | 16 +++- .../ROOT/pages/references/parameters.adoc | 51 +++++++------ postprocess/fixup-securitycontext.jsonnet | 8 -- tests/extra-config.yml | 8 +- .../defaults/defaults/00_namespace.yaml | 5 ++ .../defaults/defaults/01_secrets.yaml | 2 + .../defaults/defaults/20_prometheus_rule.yaml | 2 + .../extra-config/00_namespace.yaml | 6 ++ .../extra-config/extra-config/01_secrets.yaml | 6 ++ ...-templates-custom-resource-definition.yaml | 50 ------------- ...ion-budget-custom-resource-definition.yaml | 68 ----------------- .../templates/deployment.yaml | 74 ------------------- .../templates/no-downscale-webhook.yaml | 38 ---------- .../templates/pod-eviction-webhook.yaml | 37 ---------- .../templates/prepare-downscale-webhook.yaml | 40 ---------- .../rollout_operator/templates/role.yaml | 52 ------------- .../templates/rolebinding.yaml | 18 ----- .../rollout_operator/templates/service.yaml | 21 ------ .../templates/serviceaccount.yaml | 11 --- .../webhook-clusterrole-binding.yaml | 12 --- .../templates/webhook-clusterrole.yaml | 14 ---- .../templates/webhook-role-binding.yaml | 13 ---- .../templates/webhook-role.yaml | 21 ------ ...-disruption-budget-validating-webhook.yaml | 38 ---------- .../extra-config/20_prometheus_rule.yaml | 2 + .../legacy/legacy/legacy/00_namespace.yaml | 5 ++ .../legacy/legacy/legacy/01_secrets.yaml | 2 + .../legacy/legacy/20_prometheus_rule.yaml | 2 + .../openshift/openshift/00_namespace.yaml | 6 ++ .../openshift/openshift/01_secrets.yaml | 2 + ...-templates-custom-resource-definition.yaml | 50 ------------- ...ion-budget-custom-resource-definition.yaml | 68 ----------------- .../templates/deployment.yaml | 69 ----------------- .../templates/no-downscale-webhook.yaml | 38 ---------- .../templates/pod-eviction-webhook.yaml | 37 ---------- .../templates/prepare-downscale-webhook.yaml | 40 ---------- .../rollout_operator/templates/role.yaml | 52 ------------- .../templates/rolebinding.yaml | 18 ----- .../rollout_operator/templates/service.yaml | 21 ------ .../templates/serviceaccount.yaml | 11 --- .../webhook-clusterrole-binding.yaml | 12 --- .../templates/webhook-clusterrole.yaml | 14 ---- .../templates/webhook-role-binding.yaml | 13 ---- .../templates/webhook-role.yaml | 21 ------ ...-disruption-budget-validating-webhook.yaml | 38 ---------- .../templates/rolebinding.yaml | 2 - .../openshift/20_prometheus_rule.yaml | 2 + .../preset-large/00_namespace.yaml | 5 ++ .../preset-large/preset-large/01_secrets.yaml | 2 + .../preset-large/20_prometheus_rule.yaml | 2 + .../preset-small/00_namespace.yaml | 5 ++ .../preset-small/preset-small/01_secrets.yaml | 2 + .../preset-small/20_prometheus_rule.yaml | 2 + tests/openshift.yml | 5 +- 57 files changed, 133 insertions(+), 1071 deletions(-) delete mode 100644 postprocess/fixup-securitycontext.jsonnet delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/replica-templates-custom-resource-definition.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/zone-aware-pod-disruption-budget-custom-resource-definition.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/deployment.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/no-downscale-webhook.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/pod-eviction-webhook.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/prepare-downscale-webhook.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/role.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/rolebinding.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/service.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/serviceaccount.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole-binding.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role-binding.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role.yaml delete mode 100644 tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/zone-aware-pod-disruption-budget-validating-webhook.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/replica-templates-custom-resource-definition.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/zone-aware-pod-disruption-budget-custom-resource-definition.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/deployment.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/no-downscale-webhook.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/pod-eviction-webhook.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/prepare-downscale-webhook.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/role.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/rolebinding.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/service.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/serviceaccount.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole-binding.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role-binding.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role.yaml delete mode 100644 tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/zone-aware-pod-disruption-budget-validating-webhook.yaml diff --git a/class/defaults.yml b/class/defaults.yml index 70f50908..fdca0814 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -27,9 +27,6 @@ parameters: nginx: registry: docker.io repository: nginxinc/nginx-unprivileged - rolloutOperator: - registry: docker.io - repository: grafana/rollout-operator preset: extra-small @@ -53,8 +50,6 @@ parameters: # Backend compactor: enabled: true - rolloutOperator: - enabled: false # Ingress gateway: enabled: true diff --git a/class/mimir.yml b/class/mimir.yml index 817318b1..f8055655 100644 --- a/class/mimir.yml +++ b/class/mimir.yml @@ -43,6 +43,3 @@ parameters: - type: jsonnet filter: postprocess/patch-alerts.jsonnet path: ${_instance}/10_mimir_distributed/mimir-distributed/templates/metamonitoring - - type: jsonnet - filter: postprocess/fixup-securitycontext.jsonnet - path: ${_instance}/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates diff --git a/component/helm_values.jsonnet b/component/helm_values.jsonnet index f9e7cd59..f3121438 100644 --- a/component/helm_values.jsonnet +++ b/component/helm_values.jsonnet @@ -5,6 +5,7 @@ local inv = kap.inventory(); // The hiera parameters for the component local params = inv.parameters.mimir; local isOpenshift = std.member([ 'openshift4', 'oke' ], inv.parameters.facts.distribution); +local hasRolloutOperator = std.member(inv.applications, 'rollout-operator'); local s3endpoint = if params.s3.endpoint != null then @@ -19,7 +20,7 @@ local s3endpoint = // Global Params and Zone Aware Replication local globalConfig = params.global + com.makeMergeable({ nodeSelector: std.get(params, 'globalNodeSelector', params.global.nodeSelector), - zoneAwareReplication: params.global.zoneAwareReplication, + zoneAwareReplication: if hasRolloutOperator then params.global.zoneAwareReplication else std.trace('rollout-operator must be installed', {}), }); local components = com.makeMergeable({ @@ -52,9 +53,6 @@ local components = com.makeMergeable({ compactor: { nodeSelector: std.get(params.components.compactor, 'nodeSelector', globalConfig.nodeSelector), } + com.makeMergeable(params.components.compactor), - rollout_operator: { - nodeSelector: std.get(params.components.rolloutOperator, 'nodeSelector', globalConfig.nodeSelector), - } + com.makeMergeable(params.components.rolloutOperator), // Ingress Configuration gateway: { [if params.components.gateway.enabled then 'enabledNonEnterprise']: params.components.gateway.enabled, @@ -102,6 +100,7 @@ local openshift = if isOpenshift then com.makeMergeable({ runAsUser: null, }, }, + // even when we don't deploy the rollout-operator, we need to define the pod security context rollout_operator: { podSecurityContext: { fsGroup: null, @@ -137,12 +136,6 @@ local images = com.makeMergeable({ }, }, }, - rollout_operator: { - image: { - repository: '%(registry)s/%(repository)s' % params.images.rolloutOperator, - [if std.objectHas(params.images.rolloutOperator, 'tag') then 'tag']: params.images.rolloutOperator.tag, - }, - }, }); local global = com.makeMergeable({ @@ -156,9 +149,6 @@ local global = com.makeMergeable({ bucketSecretVersion: '%s' % params.s3.auth.secretVersion, }, }, - minio: { - enabled: false, - }, [if params.monitoring then 'metaMonitoring']: { serviceMonitor: { enabled: params.monitoring, @@ -280,9 +270,28 @@ local ingress = com.makeMergeable({ }, }); +// hardcoded removal of rollout-operator +local hardNope = com.makeMergeable({ + minio: { + enabled: false, + }, + rollout_operator: { + enabled: false, + }, + store_gateway: { + zoneAwareReplication: { + enabled: if hasRolloutOperator && params.global.zoneAwareReplication.enabled then true else false, + }, + }, + ingester: { + zoneAwareReplication: { + enabled: if hasRolloutOperator && params.global.zoneAwareReplication.enabled then true else false, + }, + }, +}); { ['%s-components' % inv.parameters._instance]: components + caches, ['%s-configs' % inv.parameters._instance]: openshift + images + global + mimir + ingress, - ['%s-overrides' % inv.parameters._instance]: params.helm_values, + ['%s-overrides' % inv.parameters._instance]: params.helm_values + hardNope, } diff --git a/component/main.jsonnet b/component/main.jsonnet index 673c9dcb..f2551231 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -36,6 +36,10 @@ local secrets = com.generateResources( } + com.makeMergeable(params.secrets), function(name) kube.Secret(name) { metadata+: { + labels+: { + 'app.kubernetes.io/managed-by': 'commodore', + 'app.kubernetes.io/name': name, + }, namespace: params.namespace.name, }, } @@ -45,7 +49,13 @@ local secrets = com.generateResources( // Define outputs below { [if params.namespace.create then '00_namespace']: kube.Namespace(params.namespace.name) { - metadata+: com.makeMergeable(params.namespace.metadata), + metadata+: { + labels+: { + 'app.kubernetes.io/managed-by': 'commodore', + 'app.kubernetes.io/name': params.namespace, + [if params.global.zoneAwareReplication.enabled then 'rollout-operator.syn.tools/allow']: '', + }, + } + com.makeMergeable(params.namespace.metadata), }, '01_secrets': secrets, // Empty file to make sure the directory is created. Later used in patching alerts. @@ -53,6 +63,10 @@ local secrets = com.generateResources( '20_prometheus_rule': prom.generateRules('mimir-custom', { 'mimir-custom.rules': params.alerts.additionalRules }) { metadata+: { + labels+: { + 'app.kubernetes.io/managed-by': 'commodore', + 'app.kubernetes.io/name': 'mimir-custom', + }, namespace: params.namespace.name, }, }, diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 9a65745d..f741de14 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -74,9 +74,6 @@ images: nginx: registry: docker.io repository: nginxinc/nginx-unprivileged - rolloutOperator: - registry: docker.io - repository: grafana/rollout-operator ---- example:: + @@ -92,8 +89,6 @@ images: tag: latest nginx: tag: latest - rolloutOperator: - tag: latest ---- Configures the image registry, repository and tag. @@ -192,7 +187,6 @@ default:: components: storeGateway: enabled: true - storage: {} ---- The store-gateway component, which is stateful, queries blocks from long-term storage. @@ -226,14 +220,29 @@ default:: components: ingester: enabled: true - storage: {} ---- The ingester is a stateful component that processes the most recently ingested samples and makes them available for querying. Queriers read recent data from ingesters and older data from long-term object storage via store-gateways. +=== `components.kafka` -=== `components.compactor` +[horizontal] +type:: dict +default:: ++ +[source,yaml] +---- +components: + kafka: + enabled: false +---- + +Grafana Mimir supports using Kafka as the first layer of ingestion in the ingest storage architecture. +This configuration allows for scalable, decoupled ingestion that separates write and read paths to improve performance and resilience. + + +=== `components.gateway` [horizontal] type:: dict @@ -242,17 +251,14 @@ default:: [source,yaml] ---- components: - compactor: + gateway: enabled: true ---- -The compactor increases query performance and reduces long-term storage usage by combining blocks. - -Compacting multiple blocks of a given tenant into a single, optimized larger block. -This deduplicates chunks and reduces the size of the index, resulting in reduced storage costs. -Querying fewer blocks is faster, so it also increases query speed. +The Mimir unified gateway is a critical component for query, write, and alert paths. +It improves performance and simplifies deployments by acting as a single entry point for all Mimir requests. -=== `components.rolloutOperator` +=== `components.compactor` [horizontal] type:: dict @@ -261,10 +267,16 @@ default:: [source,yaml] ---- components: - rolloutOperator: + compactor: enabled: true ---- +The compactor increases query performance and reduces long-term storage usage by combining blocks. + +Compacting multiple blocks of a given tenant into a single, optimized larger block. +This deduplicates chunks and reduces the size of the index, resulting in reduced storage costs. +Querying fewer blocks is faster, so it also increases query speed. + === `components.alertmanager` @@ -277,13 +289,8 @@ default:: components: alertmanager: enabled: true - overridesExporter: - enabled: true - ruler: - enabled: true ---- -The Mimir Alertmanager adds multi-tenancy support and horizontal scalability to the Prometheus Alertmanager. The Mimir Alertmanager is an optional component that accepts alert notifications from the Mimir ruler. === `components.overridesExporter` @@ -828,7 +835,7 @@ secrets: .htpasswd: "?{vaultkv:${cluster:tenant}/${cluster:name}/example-mimir/htpasswd}" helm_values: - nginx: + gateway: basicAuth: enabled: true existingSecret: mimir-nginx-htpasswd diff --git a/postprocess/fixup-securitycontext.jsonnet b/postprocess/fixup-securitycontext.jsonnet deleted file mode 100644 index d0cda4df..00000000 --- a/postprocess/fixup-securitycontext.jsonnet +++ /dev/null @@ -1,8 +0,0 @@ -local com = import 'lib/commodore.libjsonnet'; -local inv = com.inventory(); -local params = inv.parameters.mimir; -local isOpenshift = std.member([ 'openshift4', 'oke' ], inv.parameters.facts.distribution); - -local dir = std.extVar('output_path'); - -if isOpenshift && params.components.rolloutOperator.enabled then com.fixupDir(dir, std.prune) else {} diff --git a/tests/extra-config.yml b/tests/extra-config.yml index b9e82230..9805c715 100644 --- a/tests/extra-config.yml +++ b/tests/extra-config.yml @@ -1,4 +1,7 @@ # Overwrite parameters here +applications: + - rollout-operator + parameters: kapitan: dependencies: @@ -23,8 +26,6 @@ parameters: tag: latest nginx: tag: latest - rolloutOperator: - tag: latest preset: small components: @@ -52,8 +53,6 @@ parameters: nameOverride: mimir-nginx kafka: enabled: true - rolloutOperator: - enabled: true caches: results: @@ -78,7 +77,6 @@ parameters: appuio.io/node-class: plus zoneAwareReplication: enabled: true - nginxResolverOverride: '172.30.0.10' config: tenantFederation: true diff --git a/tests/golden/defaults/defaults/defaults/00_namespace.yaml b/tests/golden/defaults/defaults/defaults/00_namespace.yaml index be02cdb5..db2ca993 100644 --- a/tests/golden/defaults/defaults/defaults/00_namespace.yaml +++ b/tests/golden/defaults/defaults/defaults/00_namespace.yaml @@ -3,5 +3,10 @@ kind: Namespace metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: + create: true + metadata: {} + name: defaults name: defaults name: defaults diff --git a/tests/golden/defaults/defaults/defaults/01_secrets.yaml b/tests/golden/defaults/defaults/defaults/01_secrets.yaml index 725e82a0..ff2076b2 100644 --- a/tests/golden/defaults/defaults/defaults/01_secrets.yaml +++ b/tests/golden/defaults/defaults/defaults/01_secrets.yaml @@ -4,6 +4,8 @@ kind: Secret metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: defaults-bucket-secret name: defaults-bucket-secret name: defaults-bucket-secret namespace: defaults diff --git a/tests/golden/defaults/defaults/defaults/20_prometheus_rule.yaml b/tests/golden/defaults/defaults/defaults/20_prometheus_rule.yaml index 02da1386..3871e1e3 100644 --- a/tests/golden/defaults/defaults/defaults/20_prometheus_rule.yaml +++ b/tests/golden/defaults/defaults/defaults/20_prometheus_rule.yaml @@ -2,6 +2,8 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: mimir-custom name: mimir-custom name: mimir-custom namespace: defaults diff --git a/tests/golden/extra-config/extra-config/extra-config/00_namespace.yaml b/tests/golden/extra-config/extra-config/extra-config/00_namespace.yaml index c36e33c9..dc7dd5c2 100644 --- a/tests/golden/extra-config/extra-config/extra-config/00_namespace.yaml +++ b/tests/golden/extra-config/extra-config/extra-config/00_namespace.yaml @@ -3,5 +3,11 @@ kind: Namespace metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: + create: true + metadata: {} + name: extra-config name: extra-config + rollout-operator.syn.tools/allow: '' name: extra-config diff --git a/tests/golden/extra-config/extra-config/extra-config/01_secrets.yaml b/tests/golden/extra-config/extra-config/extra-config/01_secrets.yaml index 4b921a16..e0911166 100644 --- a/tests/golden/extra-config/extra-config/extra-config/01_secrets.yaml +++ b/tests/golden/extra-config/extra-config/extra-config/01_secrets.yaml @@ -4,6 +4,8 @@ kind: Secret metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: extra-config-bucket-secret name: extra-config-bucket-secret name: extra-config-bucket-secret namespace: extra-config @@ -18,6 +20,8 @@ kind: Secret metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: extra-config-nginx-htpasswd name: extra-config-nginx-htpasswd name: extra-config-nginx-htpasswd namespace: extra-config @@ -31,6 +35,8 @@ kind: Secret metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: metrics-receive-example-com-tls name: metrics-receive-example-com-tls name: metrics-receive-example-com-tls namespace: extra-config diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/replica-templates-custom-resource-definition.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/replica-templates-custom-resource-definition.yaml deleted file mode 100644 index 5463dc14..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/replica-templates-custom-resource-definition.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: replicatemplates.rollout-operator.grafana.com -spec: - group: rollout-operator.grafana.com - names: - categories: - - all - kind: ReplicaTemplate - plural: replicatemplates - singular: replicatemplate - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Status replicas - jsonPath: .status.replicas - name: StatusReplicas - type: string - - description: Spec replicas - jsonPath: .spec.replicas - name: SpecReplicas - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - labelSelector: - type: string - replicas: - default: 1 - minimum: 0 - type: integer - type: object - status: - properties: - replicas: - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .spec.labelSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/zone-aware-pod-disruption-budget-custom-resource-definition.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/zone-aware-pod-disruption-budget-custom-resource-definition.yaml deleted file mode 100644 index b5fab2d1..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/zone-aware-pod-disruption-budget-custom-resource-definition.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: zoneawarepoddisruptionbudgets.rollout-operator.grafana.com -spec: - group: rollout-operator.grafana.com - names: - kind: ZoneAwarePodDisruptionBudget - plural: zoneawarepoddisruptionbudgets - shortNames: - - zdpb - singular: zoneawarepoddisruptionbudget - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - maxUnavailable: - description: The number of pods that can be unavailable within a - zone or partition. - minimum: 0 - type: integer - maxUnavailablePercentage: - description: Calculate the maxUnavailable value as a percentage - of the StatefulSet's spec.Replica count. This option is not supported - when using podNamePartitionRegex. - maximum: 100 - minimum: 0 - type: integer - podNamePartitionRegex: - description: A regular expression for returning a partition name - given a pod name. This field is optional and should only be used - when the ZoneAwarePodDisruptionBudget is to be scoped to a partition, - such as a multi-zone ingester deployment with ingest_storage_enabled. - Enabling this changes the ZPDB functionality such that minAvailability - is applied across ALL zones for a given partition. When not enabled, - the minAvailability is applied to pods within the eviction zone - assuming there are no disruptions in the other zones. - type: string - podNameRegexGroup: - description: The regular expression group number that contains the - partition name. This field is only required when the podNamePartitionRegex - field is set and has more then one subexpression grouping. The - default value is 1. - minimum: 1 - type: integer - selector: - description: A selector for finding pods and statefulsets that this - ZoneAwarePodDisruptionBudget applies to. - properties: - matchLabels: - additionalProperties: - type: string - type: object - required: - - matchLabels - type: object - required: - - selector - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/deployment.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/deployment.yaml deleted file mode 100644 index 8a09b35b..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/deployment.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: extra-config-rollout-operator - namespace: extra-config -spec: - minReadySeconds: 10 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/name: rollout-operator - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - template: - metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/name: rollout-operator - namespace: extra-config - spec: - containers: - - args: - - -kubernetes.namespace=extra-config - - -server-tls.enabled=true - - -server-tls.self-signed-cert.secret-name=certificate - - -server-tls.self-signed-cert.dns-name=extra-config-rollout-operator.extra-config.svc - image: docker.io/grafana/rollout-operator:latest - imagePullPolicy: IfNotPresent - name: rollout-operator - ports: - - containerPort: 8001 - name: http-metrics - protocol: TCP - - containerPort: 8443 - name: https - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: 200Mi - requests: - cpu: 100m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - nodeSelector: - appuio.io/node-class: plus - securityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - seccompProfile: - type: RuntimeDefault - serviceAccountName: extra-config-rollout-operator diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/no-downscale-webhook.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/no-downscale-webhook.yaml deleted file mode 100644 index 2b2659cb..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/no-downscale-webhook.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - grafana.com/inject-rollout-operator-ca: 'true' - grafana.com/namespace: extra-config - helm.sh/chart: rollout-operator-0.37.1 - name: no-downscale-extra-config -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: extra-config-rollout-operator - namespace: extra-config - path: /admission/no-downscale - port: 443 - failurePolicy: Fail - name: no-downscale-extra-config.grafana.com - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: extra-config - rules: - - apiGroups: - - apps - apiVersions: - - v1 - operations: - - UPDATE - resources: - - statefulsets - - statefulsets/scale - scope: Namespaced - sideEffects: None diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/pod-eviction-webhook.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/pod-eviction-webhook.yaml deleted file mode 100644 index 2c4fd3c5..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/pod-eviction-webhook.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - grafana.com/inject-rollout-operator-ca: 'true' - grafana.com/namespace: extra-config - helm.sh/chart: rollout-operator-0.37.1 - name: pod-eviction-extra-config -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: extra-config-rollout-operator - namespace: extra-config - path: /admission/pod-eviction - port: 443 - failurePolicy: Fail - name: pod-eviction-extra-config.grafana.com - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: extra-config - rules: - - apiGroups: - - '' - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods/eviction - scope: Namespaced - sideEffects: None diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/prepare-downscale-webhook.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/prepare-downscale-webhook.yaml deleted file mode 100644 index 417a79e8..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/prepare-downscale-webhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - grafana.com/inject-rollout-operator-ca: 'true' - grafana.com/namespace: extra-config - helm.sh/chart: rollout-operator-0.37.1 - name: prepare-downscale-extra-config -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: extra-config-rollout-operator - namespace: extra-config - path: /admission/prepare-downscale - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: prepare-downscale-extra-config.grafana.com - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: extra-config - rules: - - apiGroups: - - apps - apiVersions: - - v1 - operations: - - UPDATE - resources: - - statefulsets - - statefulsets/scale - scope: Namespaced - sideEffects: NoneOnDryRun - timeoutSeconds: 10 diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/role.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/role.yaml deleted file mode 100644 index c388901e..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/role.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: extra-config-rollout-operator - namespace: extra-config -rules: - - apiGroups: - - '' - resources: - - pods - verbs: - - list - - get - - watch - - delete - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - list - - get - - watch - - patch - - apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - update - - apiGroups: - - rollout-operator.grafana.com - resources: - - zoneawarepoddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - rollout-operator.grafana.com - resources: - - replicatemplates/scale - - replicatemplates/status - verbs: - - get - - patch diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/rolebinding.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/rolebinding.yaml deleted file mode 100644 index 17b4f7c5..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: extra-config-rollout-operator - namespace: extra-config -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extra-config-rollout-operator -subjects: - - kind: ServiceAccount - name: extra-config-rollout-operator diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/service.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/service.yaml deleted file mode 100644 index ab2f786f..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: extra-config-rollout-operator - namespace: extra-config -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/name: rollout-operator - type: ClusterIP diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/serviceaccount.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/serviceaccount.yaml deleted file mode 100644 index 20f02bec..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: extra-config-rollout-operator - namespace: extra-config diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole-binding.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole-binding.yaml deleted file mode 100644 index 04eed36e..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: extra-config-rollout-operator-webhook-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: extra-config-rollout-operator-webhook-clusterrole -subjects: - - kind: ServiceAccount - name: extra-config-rollout-operator - namespace: extra-config diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole.yaml deleted file mode 100644 index cab68b00..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: extra-config-rollout-operator-webhook-clusterrole -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - list - - patch - - watch diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role-binding.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role-binding.yaml deleted file mode 100644 index 3bd50c7a..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role-binding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: extra-config-rollout-operator-webhook-rolebinding - namespace: extra-config -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extra-config-rollout-operator-webhook-role -subjects: - - kind: ServiceAccount - name: extra-config-rollout-operator - namespace: extra-config diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role.yaml deleted file mode 100644 index 384fec54..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: extra-config-rollout-operator-webhook-role - namespace: extra-config -rules: - - apiGroups: - - '' - resourceNames: - - certificate - resources: - - secrets - verbs: - - update - - get - - apiGroups: - - '' - resources: - - secrets - verbs: - - create diff --git a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/zone-aware-pod-disruption-budget-validating-webhook.yaml b/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/zone-aware-pod-disruption-budget-validating-webhook.yaml deleted file mode 100644 index f3bd27ee..00000000 --- a/tests/golden/extra-config/extra-config/extra-config/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/zone-aware-pod-disruption-budget-validating-webhook.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/instance: extra-config - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - grafana.com/inject-rollout-operator-ca: 'true' - grafana.com/namespace: extra-config - helm.sh/chart: rollout-operator-0.37.1 - name: zpdb-validation-extra-config -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: extra-config-rollout-operator - namespace: extra-config - path: /admission/zpdb-validation - port: 443 - failurePolicy: Fail - name: zpdb-validation-extra-config.grafana.com - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: extra-config - rules: - - apiGroups: - - rollout-operator.grafana.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - zoneawarepoddisruptionbudgets - scope: Namespaced - sideEffects: None diff --git a/tests/golden/extra-config/extra-config/extra-config/20_prometheus_rule.yaml b/tests/golden/extra-config/extra-config/extra-config/20_prometheus_rule.yaml index 9c16119c..8c137007 100644 --- a/tests/golden/extra-config/extra-config/extra-config/20_prometheus_rule.yaml +++ b/tests/golden/extra-config/extra-config/extra-config/20_prometheus_rule.yaml @@ -2,6 +2,8 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: mimir-custom name: mimir-custom name: mimir-custom namespace: extra-config diff --git a/tests/golden/legacy/legacy/legacy/00_namespace.yaml b/tests/golden/legacy/legacy/legacy/00_namespace.yaml index d7e4531f..7e104fc1 100644 --- a/tests/golden/legacy/legacy/legacy/00_namespace.yaml +++ b/tests/golden/legacy/legacy/legacy/00_namespace.yaml @@ -3,5 +3,10 @@ kind: Namespace metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: + create: true + metadata: {} + name: legacy name: legacy name: legacy diff --git a/tests/golden/legacy/legacy/legacy/01_secrets.yaml b/tests/golden/legacy/legacy/legacy/01_secrets.yaml index e1b1f9f8..7319e9f1 100644 --- a/tests/golden/legacy/legacy/legacy/01_secrets.yaml +++ b/tests/golden/legacy/legacy/legacy/01_secrets.yaml @@ -4,6 +4,8 @@ kind: Secret metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: legacy-bucket-secret name: legacy-bucket-secret name: legacy-bucket-secret namespace: legacy diff --git a/tests/golden/legacy/legacy/legacy/20_prometheus_rule.yaml b/tests/golden/legacy/legacy/legacy/20_prometheus_rule.yaml index 663c3528..737d82a2 100644 --- a/tests/golden/legacy/legacy/legacy/20_prometheus_rule.yaml +++ b/tests/golden/legacy/legacy/legacy/20_prometheus_rule.yaml @@ -2,6 +2,8 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: mimir-custom name: mimir-custom name: mimir-custom namespace: legacy diff --git a/tests/golden/openshift/openshift/openshift/00_namespace.yaml b/tests/golden/openshift/openshift/openshift/00_namespace.yaml index bd587915..43150159 100644 --- a/tests/golden/openshift/openshift/openshift/00_namespace.yaml +++ b/tests/golden/openshift/openshift/openshift/00_namespace.yaml @@ -3,5 +3,11 @@ kind: Namespace metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: + create: true + metadata: {} + name: openshift name: openshift + rollout-operator.syn.tools/allow: '' name: openshift diff --git a/tests/golden/openshift/openshift/openshift/01_secrets.yaml b/tests/golden/openshift/openshift/openshift/01_secrets.yaml index 3d9de8af..5279d762 100644 --- a/tests/golden/openshift/openshift/openshift/01_secrets.yaml +++ b/tests/golden/openshift/openshift/openshift/01_secrets.yaml @@ -4,6 +4,8 @@ kind: Secret metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: openshift-bucket-secret name: openshift-bucket-secret name: openshift-bucket-secret namespace: openshift diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/replica-templates-custom-resource-definition.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/replica-templates-custom-resource-definition.yaml deleted file mode 100644 index 5463dc14..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/replica-templates-custom-resource-definition.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: replicatemplates.rollout-operator.grafana.com -spec: - group: rollout-operator.grafana.com - names: - categories: - - all - kind: ReplicaTemplate - plural: replicatemplates - singular: replicatemplate - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Status replicas - jsonPath: .status.replicas - name: StatusReplicas - type: string - - description: Spec replicas - jsonPath: .spec.replicas - name: SpecReplicas - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - labelSelector: - type: string - replicas: - default: 1 - minimum: 0 - type: integer - type: object - status: - properties: - replicas: - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .spec.labelSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/zone-aware-pod-disruption-budget-custom-resource-definition.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/zone-aware-pod-disruption-budget-custom-resource-definition.yaml deleted file mode 100644 index b5fab2d1..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/crds/zone-aware-pod-disruption-budget-custom-resource-definition.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: zoneawarepoddisruptionbudgets.rollout-operator.grafana.com -spec: - group: rollout-operator.grafana.com - names: - kind: ZoneAwarePodDisruptionBudget - plural: zoneawarepoddisruptionbudgets - shortNames: - - zdpb - singular: zoneawarepoddisruptionbudget - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - maxUnavailable: - description: The number of pods that can be unavailable within a - zone or partition. - minimum: 0 - type: integer - maxUnavailablePercentage: - description: Calculate the maxUnavailable value as a percentage - of the StatefulSet's spec.Replica count. This option is not supported - when using podNamePartitionRegex. - maximum: 100 - minimum: 0 - type: integer - podNamePartitionRegex: - description: A regular expression for returning a partition name - given a pod name. This field is optional and should only be used - when the ZoneAwarePodDisruptionBudget is to be scoped to a partition, - such as a multi-zone ingester deployment with ingest_storage_enabled. - Enabling this changes the ZPDB functionality such that minAvailability - is applied across ALL zones for a given partition. When not enabled, - the minAvailability is applied to pods within the eviction zone - assuming there are no disruptions in the other zones. - type: string - podNameRegexGroup: - description: The regular expression group number that contains the - partition name. This field is only required when the podNamePartitionRegex - field is set and has more then one subexpression grouping. The - default value is 1. - minimum: 1 - type: integer - selector: - description: A selector for finding pods and statefulsets that this - ZoneAwarePodDisruptionBudget applies to. - properties: - matchLabels: - additionalProperties: - type: string - type: object - required: - - matchLabels - type: object - required: - - selector - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/deployment.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/deployment.yaml deleted file mode 100644 index 778898e1..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: openshift-rollout-operator - namespace: openshift -spec: - minReadySeconds: 10 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/name: rollout-operator - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - template: - metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/name: rollout-operator - namespace: openshift - spec: - containers: - - args: - - -kubernetes.namespace=openshift - - -server-tls.enabled=true - - -server-tls.self-signed-cert.secret-name=certificate - - -server-tls.self-signed-cert.dns-name=openshift-rollout-operator.openshift.svc - image: docker.io/grafana/rollout-operator:v0.32.0 - imagePullPolicy: IfNotPresent - name: rollout-operator - ports: - - containerPort: 8001 - name: http-metrics - protocol: TCP - - containerPort: 8443 - name: https - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: 200Mi - requests: - cpu: 100m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: openshift-rollout-operator diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/no-downscale-webhook.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/no-downscale-webhook.yaml deleted file mode 100644 index 4f291c55..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/no-downscale-webhook.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - grafana.com/inject-rollout-operator-ca: 'true' - grafana.com/namespace: openshift - helm.sh/chart: rollout-operator-0.37.1 - name: no-downscale-openshift -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: openshift-rollout-operator - namespace: openshift - path: /admission/no-downscale - port: 443 - failurePolicy: Fail - name: no-downscale-openshift.grafana.com - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: openshift - rules: - - apiGroups: - - apps - apiVersions: - - v1 - operations: - - UPDATE - resources: - - statefulsets - - statefulsets/scale - scope: Namespaced - sideEffects: None diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/pod-eviction-webhook.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/pod-eviction-webhook.yaml deleted file mode 100644 index ec263021..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/pod-eviction-webhook.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - grafana.com/inject-rollout-operator-ca: 'true' - grafana.com/namespace: openshift - helm.sh/chart: rollout-operator-0.37.1 - name: pod-eviction-openshift -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: openshift-rollout-operator - namespace: openshift - path: /admission/pod-eviction - port: 443 - failurePolicy: Fail - name: pod-eviction-openshift.grafana.com - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: openshift - rules: - - apiGroups: - - '' - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods/eviction - scope: Namespaced - sideEffects: None diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/prepare-downscale-webhook.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/prepare-downscale-webhook.yaml deleted file mode 100644 index 73cb8ec5..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/prepare-downscale-webhook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - grafana.com/inject-rollout-operator-ca: 'true' - grafana.com/namespace: openshift - helm.sh/chart: rollout-operator-0.37.1 - name: prepare-downscale-openshift -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: openshift-rollout-operator - namespace: openshift - path: /admission/prepare-downscale - port: 443 - failurePolicy: Fail - matchPolicy: Equivalent - name: prepare-downscale-openshift.grafana.com - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: openshift - rules: - - apiGroups: - - apps - apiVersions: - - v1 - operations: - - UPDATE - resources: - - statefulsets - - statefulsets/scale - scope: Namespaced - sideEffects: NoneOnDryRun - timeoutSeconds: 10 diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/role.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/role.yaml deleted file mode 100644 index b35b9483..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/role.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: openshift-rollout-operator - namespace: openshift -rules: - - apiGroups: - - '' - resources: - - pods - verbs: - - list - - get - - watch - - delete - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - list - - get - - watch - - patch - - apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - update - - apiGroups: - - rollout-operator.grafana.com - resources: - - zoneawarepoddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - rollout-operator.grafana.com - resources: - - replicatemplates/scale - - replicatemplates/status - verbs: - - get - - patch diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/rolebinding.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/rolebinding.yaml deleted file mode 100644 index fc534f23..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: openshift-rollout-operator - namespace: openshift -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: openshift-rollout-operator -subjects: - - kind: ServiceAccount - name: openshift-rollout-operator diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/service.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/service.yaml deleted file mode 100644 index 1383c42c..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: openshift-rollout-operator - namespace: openshift -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/instance: openshift - app.kubernetes.io/name: rollout-operator - type: ClusterIP diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/serviceaccount.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/serviceaccount.yaml deleted file mode 100644 index 4de8b0f1..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - helm.sh/chart: rollout-operator-0.37.1 - name: openshift-rollout-operator - namespace: openshift diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole-binding.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole-binding.yaml deleted file mode 100644 index 9ed6ca7a..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: openshift-rollout-operator-webhook-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: openshift-rollout-operator-webhook-clusterrole -subjects: - - kind: ServiceAccount - name: openshift-rollout-operator - namespace: openshift diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole.yaml deleted file mode 100644 index 8c73ea24..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: openshift-rollout-operator-webhook-clusterrole -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - list - - patch - - watch diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role-binding.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role-binding.yaml deleted file mode 100644 index e985fa84..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role-binding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: openshift-rollout-operator-webhook-rolebinding - namespace: openshift -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: openshift-rollout-operator-webhook-role -subjects: - - kind: ServiceAccount - name: openshift-rollout-operator - namespace: openshift diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role.yaml deleted file mode 100644 index ae5aa3c4..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/webhook-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: openshift-rollout-operator-webhook-role - namespace: openshift -rules: - - apiGroups: - - '' - resourceNames: - - certificate - resources: - - secrets - verbs: - - update - - get - - apiGroups: - - '' - resources: - - secrets - verbs: - - create diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/zone-aware-pod-disruption-budget-validating-webhook.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/zone-aware-pod-disruption-budget-validating-webhook.yaml deleted file mode 100644 index 88c9b9d6..00000000 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/charts/rollout_operator/templates/zone-aware-pod-disruption-budget-validating-webhook.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/instance: openshift - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rollout-operator - app.kubernetes.io/version: v0.32.0 - grafana.com/inject-rollout-operator-ca: 'true' - grafana.com/namespace: openshift - helm.sh/chart: rollout-operator-0.37.1 - name: zpdb-validation-openshift -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: openshift-rollout-operator - namespace: openshift - path: /admission/zpdb-validation - port: 443 - failurePolicy: Fail - name: zpdb-validation-openshift.grafana.com - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: openshift - rules: - - apiGroups: - - rollout-operator.grafana.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - zoneawarepoddisruptionbudgets - scope: Namespaced - sideEffects: None diff --git a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/templates/rolebinding.yaml b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/templates/rolebinding.yaml index 6b732a94..a10471bb 100644 --- a/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/templates/rolebinding.yaml +++ b/tests/golden/openshift/openshift/openshift/10_mimir_distributed/mimir-distributed/templates/rolebinding.yaml @@ -16,5 +16,3 @@ roleRef: subjects: - kind: ServiceAccount name: openshift-mimir - - kind: ServiceAccount - name: openshift-mimir-distributed diff --git a/tests/golden/openshift/openshift/openshift/20_prometheus_rule.yaml b/tests/golden/openshift/openshift/openshift/20_prometheus_rule.yaml index 37d4ba16..de807d35 100644 --- a/tests/golden/openshift/openshift/openshift/20_prometheus_rule.yaml +++ b/tests/golden/openshift/openshift/openshift/20_prometheus_rule.yaml @@ -2,6 +2,8 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: mimir-custom name: mimir-custom name: mimir-custom namespace: openshift diff --git a/tests/golden/preset-large/preset-large/preset-large/00_namespace.yaml b/tests/golden/preset-large/preset-large/preset-large/00_namespace.yaml index a7fa9be7..51cbf13b 100644 --- a/tests/golden/preset-large/preset-large/preset-large/00_namespace.yaml +++ b/tests/golden/preset-large/preset-large/preset-large/00_namespace.yaml @@ -3,5 +3,10 @@ kind: Namespace metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: + create: true + metadata: {} + name: preset-large name: preset-large name: preset-large diff --git a/tests/golden/preset-large/preset-large/preset-large/01_secrets.yaml b/tests/golden/preset-large/preset-large/preset-large/01_secrets.yaml index e0b3471b..ec5296dd 100644 --- a/tests/golden/preset-large/preset-large/preset-large/01_secrets.yaml +++ b/tests/golden/preset-large/preset-large/preset-large/01_secrets.yaml @@ -4,6 +4,8 @@ kind: Secret metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: preset-large-bucket-secret name: preset-large-bucket-secret name: preset-large-bucket-secret namespace: preset-large diff --git a/tests/golden/preset-large/preset-large/preset-large/20_prometheus_rule.yaml b/tests/golden/preset-large/preset-large/preset-large/20_prometheus_rule.yaml index 616136e7..ad156ed4 100644 --- a/tests/golden/preset-large/preset-large/preset-large/20_prometheus_rule.yaml +++ b/tests/golden/preset-large/preset-large/preset-large/20_prometheus_rule.yaml @@ -2,6 +2,8 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: mimir-custom name: mimir-custom name: mimir-custom namespace: preset-large diff --git a/tests/golden/preset-small/preset-small/preset-small/00_namespace.yaml b/tests/golden/preset-small/preset-small/preset-small/00_namespace.yaml index 758402e1..ae425024 100644 --- a/tests/golden/preset-small/preset-small/preset-small/00_namespace.yaml +++ b/tests/golden/preset-small/preset-small/preset-small/00_namespace.yaml @@ -3,5 +3,10 @@ kind: Namespace metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: + create: true + metadata: {} + name: preset-small name: preset-small name: preset-small diff --git a/tests/golden/preset-small/preset-small/preset-small/01_secrets.yaml b/tests/golden/preset-small/preset-small/preset-small/01_secrets.yaml index 91ee82bb..8efed729 100644 --- a/tests/golden/preset-small/preset-small/preset-small/01_secrets.yaml +++ b/tests/golden/preset-small/preset-small/preset-small/01_secrets.yaml @@ -4,6 +4,8 @@ kind: Secret metadata: annotations: {} labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: preset-small-bucket-secret name: preset-small-bucket-secret name: preset-small-bucket-secret namespace: preset-small diff --git a/tests/golden/preset-small/preset-small/preset-small/20_prometheus_rule.yaml b/tests/golden/preset-small/preset-small/preset-small/20_prometheus_rule.yaml index 646f9bd8..7201673c 100644 --- a/tests/golden/preset-small/preset-small/preset-small/20_prometheus_rule.yaml +++ b/tests/golden/preset-small/preset-small/preset-small/20_prometheus_rule.yaml @@ -2,6 +2,8 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: mimir-custom name: mimir-custom name: mimir-custom namespace: preset-small diff --git a/tests/openshift.yml b/tests/openshift.yml index 6fc96fd2..f0356a28 100644 --- a/tests/openshift.yml +++ b/tests/openshift.yml @@ -1,3 +1,6 @@ +applications: + - rollout-operator + parameters: kapitan: dependencies: @@ -44,8 +47,6 @@ parameters: replicas: 1 persistentVolume: size: 20Gi - rolloutOperator: - enabled: true caches: results: From 47a10a5b99e4025b9438062a7b551e6452a4a3f5 Mon Sep 17 00:00:00 2001 From: Debakel Orakel Date: Thu, 7 May 2026 10:14:00 +0200 Subject: [PATCH 2/2] Apply suggestions from review --- component/helm_values.jsonnet | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/component/helm_values.jsonnet b/component/helm_values.jsonnet index f3121438..5c3c20de 100644 --- a/component/helm_values.jsonnet +++ b/component/helm_values.jsonnet @@ -20,7 +20,12 @@ local s3endpoint = // Global Params and Zone Aware Replication local globalConfig = params.global + com.makeMergeable({ nodeSelector: std.get(params, 'globalNodeSelector', params.global.nodeSelector), - zoneAwareReplication: if hasRolloutOperator then params.global.zoneAwareReplication else std.trace('rollout-operator must be installed', {}), + zoneAwareReplication: params.global.zoneAwareReplication { + enabled: if params.global.zoneAwareReplication.enabled then + // Assert that zone aware replication is only enabled if rollout-operator is installed + if hasRolloutOperator then true else error 'rollout-operator must be installed for zone-aware replication' + else false, + }, }); local components = com.makeMergeable({ @@ -271,7 +276,7 @@ local ingress = com.makeMergeable({ }); // hardcoded removal of rollout-operator -local hardNope = com.makeMergeable({ +local hardRestrictions = com.makeMergeable({ minio: { enabled: false, }, @@ -293,5 +298,5 @@ local hardNope = com.makeMergeable({ { ['%s-components' % inv.parameters._instance]: components + caches, ['%s-configs' % inv.parameters._instance]: openshift + images + global + mimir + ingress, - ['%s-overrides' % inv.parameters._instance]: params.helm_values + hardNope, + ['%s-overrides' % inv.parameters._instance]: params.helm_values + hardRestrictions, }