From 2342110c8b6a2af9ebc1d014687df98d85500268 Mon Sep 17 00:00:00 2001 From: Aline Abler Date: Fri, 20 Sep 2024 15:15:43 +0200 Subject: [PATCH] Use "namespaced" RBAC mode by default --- class/defaults.yml | 7 +++++-- component/main.jsonnet | 2 +- tests/defaults.yml | 2 +- .../loki/templates/backend/clusterrole.yaml | 20 ------------------- .../templates/backend/clusterrolebinding.yaml | 18 ----------------- 5 files changed, 7 insertions(+), 42 deletions(-) delete mode 100644 tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml delete mode 100644 tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml diff --git a/class/defaults.yml b/class/defaults.yml index 591d15f..58973b1 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -102,6 +102,9 @@ parameters: deploymentMode: SimpleScalable + rbac: + namespaced: true + backend: nodeSelector: ${loki:globalNodeSelector} replicas: 3 @@ -184,8 +187,8 @@ parameters: dnsNamespace: openshift-dns image: - # -- Overrides the Docker registry globally for all images - registry: ${loki:images:global:registry} + # -- Overrides the Docker registry globally for all images + registry: ${loki:images:global:registry} sidecar: nodeSelector: ${loki:globalNodeSelector} diff --git a/component/main.jsonnet b/component/main.jsonnet index 66a85ca..f1db08a 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -21,7 +21,7 @@ local secrets = com.generateResources( { [if params.namespace.create then '00_namespace']: kube.Namespace(params.namespace.name) { - metadata+: com.makeMergeable(params.namespace.metadata), + metadata+: com.makeMergeable(params.namespace.metadata), }, '01_secrets': secrets, // Empty file to make sure the directory is created. Later used in patching alerts. diff --git a/tests/defaults.yml b/tests/defaults.yml index 127f555..0f6f257 100644 --- a/tests/defaults.yml +++ b/tests/defaults.yml @@ -8,4 +8,4 @@ parameters: output_path: vendor/lib/alert-patching.libsonnet - type: https source: https://raw.githubusercontent.com/appuio/component-openshift4-monitoring/v5.5.1/lib/openshift4-monitoring-prom.libsonnet - output_path: vendor/lib/prom.libsonnet + output_path: vendor/lib/prom.libsonnet diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml deleted file mode 100644 index 48fb299..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: loki - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.1.1 - helm.sh/chart: loki-6.12.0 - name: loki-clusterrole -rules: - - apiGroups: - - '' - resources: - - configmaps - - secrets - verbs: - - get - - watch - - list diff --git a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml b/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml deleted file mode 100644 index e384479..0000000 --- a/tests/golden/defaults/loki/loki/10_helm_loki/loki/templates/backend/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: loki - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: loki - app.kubernetes.io/version: 3.1.1 - helm.sh/chart: loki-6.12.0 - name: loki-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: loki-clusterrole -subjects: - - kind: ServiceAccount - name: loki - namespace: syn-loki