Merge pull request #1471 from smerle33/rbac/add/rollout-restart

feat(geoipupdates): rbac enhancement to allow rollout restart

charts/geoipupdates/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 description: MaxMind GeoIP database updater
 name: geoipupdates
-version: 2.2.0
+version: 2.2.1
 appVersion: "v7.1.0"
 maintainers:
 - email: jenkins-infra-team@googlegroups.com

charts/geoipupdates/templates/_helpers.tpl

@@ -50,3 +50,24 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
+
+{{/*
+rollout expand
+*/}}
+{{- define "geoipupdate.rollout" -}}
+{{- if .Values.geoipupdate.rolloutrestart -}}
+{{- if .Values.geoipupdate.rolloutrestart.enable -}}
+{{- $result := "" -}}
+{{- range .Values.geoipupdate.rolloutrestart.restarts -}}
+{{- $namespace := .namespace -}}
+{{- $deployments := .deployments | join "," -}}
+{{- if $result -}}
+{{- $result = printf "%s;%s:%s" $result $namespace $deployments -}}
+{{- else -}}
+{{- $result = printf "%s:%s" $namespace $deployments -}}
+{{- end -}}
+{{- end -}}
+{{ $result }}
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/geoipupdates/templates/cronjob.yaml

@@ -51,6 +51,12 @@ spec:
                 - name: STORAGE_FILESHARE
                   value: {{ . }}
                 {{- end }}
+                {{- if .Values.geoipupdate.rolloutrestart }}
+                {{- if .Values.geoipupdate.rolloutrestart.enable }}
+                - name: GEOIPUPDATE_ROLLOUT
+                  value: {{ include "geoipupdate.rollout" . }}
+                {{- end }}
+                {{- end }}
               envFrom:
               - secretRef:
                   name: {{ include "geoipupdate.fullname" . }}

charts/geoipupdates/templates/rbac.yaml

@@ -28,3 +28,35 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: {{ include "geoipupdate.fullname" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "geoipupdate.fullname" . }}-rolloutrestart
+  labels:
+{{ include "geoipupdate.labels" . | indent 4 }}
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "patch", "list", "watch"]
+---
+{{- if .Values.geoipupdate.rolloutrestart -}}
+{{- if .Values.geoipupdate.rolloutrestart.enable -}}
+{{- range .Values.geoipupdate.rolloutrestart.restarts }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "geoipupdate.fullname" $ }}-rolloutrestart-{{ .namespace }}
+  namespace: {{ .namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "geoipupdate.fullname" $ }}-rolloutrestart
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ $.Release.Namespace }}
+    name: {{ include "geoipupdate.fullname" $ }}
+---
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/geoipupdates/tests/custom_values_test.yaml

@@ -33,6 +33,9 @@ tests:
       - equal:
           path: spec.jobTemplate.spec.template.spec.containers[0].env[0].name
           value: GEOIPUPDATE_DRYRUN
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env[0].value
+          value: "true"
       - equal:
           path: spec.jobTemplate.spec.template.spec.containers[0].env[1].name
           value: GEOIPUPDATE_EDITION_IDS
@@ -51,3 +54,9 @@ tests:
       - equal:
           path: spec.jobTemplate.spec.template.spec.containers[0].env[3].value
           value: myfileshare
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env[4].name
+          value: GEOIPUPDATE_ROLLOUT
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env[4].value
+          value: "updates-jenkins-io:updates-jenkins-io-content-secured-mirrorbits,updates-jenkins-io-content-unsecured-mirrorbits;get-jenkins-io:get-jenkins-io-mirrorbits"

charts/geoipupdates/tests/defaults_test.yaml

@@ -45,3 +45,5 @@ tests:
           path: spec.jobTemplate.spec.template.spec.containers[0].env[2].name
       - notExists:
           path: spec.jobTemplate.spec.template.spec.containers[0].env[3].name
+      - notExists:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env[4].name

charts/geoipupdates/tests/values/custom_geoipupdater.yaml

@@ -9,3 +9,13 @@ geoipupdate:
   storage_name: "mystoragename"
   storage_fileshare: "myfileshare"
   cron: '0 6 * * *' # default to every day at 6AM
+  rolloutrestart:
+    enable: true
+    restarts:
+      - namespace: updates-jenkins-io
+        deployments:
+          - updates-jenkins-io-content-secured-mirrorbits
+          - updates-jenkins-io-content-unsecured-mirrorbits
+      - namespace: get-jenkins-io
+        deployments:
+          - get-jenkins-io-mirrorbits

charts/geoipupdates/values.yaml

@@ -16,6 +16,16 @@ geoipupdate:
   storage_name: ""
   storage_fileshare: ""
   cron: '0 4 * * *' # default to every day at 4AM
+  # rolloutrestart:
+  #   enable: false
+  #   restarts:
+  #     - namespace: updates-jenkins-io
+  #       deployments:
+  #         - updates-jenkins-io-content-secured-mirrorbits
+  #         - updates-jenkins-io-content-unsecured-mirrorbits
+  #     - namespace: get-jenkins-io
+  #       deployments:
+  #         - get-jenkins-io-mirrorbits
 podSecurityContext: {}
 # fsGroup: 2000
 containerSecurityContext: {}