Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add possibility to customise clusterrole name #237

Merged
merged 1 commit into from
Dec 4, 2023
Merged

Add possibility to customise clusterrole name #237

merged 1 commit into from
Dec 4, 2023

Conversation

ppawlowski
Copy link
Contributor

@ppawlowski ppawlowski commented Dec 1, 2023
edited
Loading

Description

Increase configuration flexibility by adding a possibility to customise clusterrole name.
The reason for adding this feature is an attempt to install multiple FlowFuse apps on the same Kubernetes cluster. Since ClusterRole is a cluster-level object, the name must be unique.

Related Issue(s)

Checklist

  • I have read the contribution guidelines
  • Suitable unit/system level tests have been added and they pass
  • Documentation has been updated
    • Upgrade instructions
    • Configuration details
    • Concepts
  • Changes flowforge.yml?
    • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
    • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production

Labels

  • Backport needed? -> add the backport label
  • Includes a DB migration? -> add the area:migration label

@ppawlowski ppawlowski requested a review from hardillb December 1, 2023 17:57
@hardillb
Copy link
Contributor

hardillb commented Dec 1, 2023

Check this PR where I had to revert similar for breaking upgrades #159

@ppawlowski
Copy link
Contributor Author

Check this PR where I had to revert similar for breaking upgrades #159

Yep, an upgrade may fail on existing installations since AFAIK clusterrole name field is immutable. That is why I left a default value as it is but at the same time, if there is such a need, I allowed customising the name.
I have updated the PR description to explain the reason for the change.

@ppawlowski
Copy link
Contributor Author

AFAIK clusterrole name field is immutable

I was not sure about it so I verified it.
The clusterrole name change introduced in #148 was not properly implemented. Indeed, changing clusterole name without recreating rolebinding object is not possible and ends up in:

Error: UPGRADE FAILED: an error occurred while rolling back the release. original upgrade error: cannot patch "create-pod" with kind RoleBinding: RoleBinding.rbac.authorization.k8s.io "create-pod" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"newRoleName"}: cannot change roleRef: no ClusterRole with the name "create-pod" found

My change modifies rolebinding name as well so the problem does not exist during the upgrade process.

@hardillb hardillb merged commit 17f32b8 into main Dec 4, 2023
26 checks passed
@hardillb hardillb deleted the feat-custom-clusterrole-name branch December 4, 2023 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hardillb hardillb hardillb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ppawlowski @hardillb