Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

teams rewrite secret/env functionality #3799

Merged
merged 8 commits into from
Jan 17, 2025
Merged

teams rewrite secret/env functionality #3799

merged 8 commits into from
Jan 17, 2025

Conversation

kaelanspatel
Copy link
Contributor

@kaelanspatel kaelanspatel commented Jan 6, 2025
edited
Loading

What does this PR change?

Implements supporting helm changes for new RBAC teams. This includes token signing secret and teams helm config configmap mountings, env var configuration, and a config block in Values.yaml.

Does this PR rely on any other PRs?

See linked KCM PR.

How does this PR impact users? (This is the kind of thing that goes in release notes!)

See linked KCM PR.

Links to Issues or tickets this PR addresses or fixes

Adds ability to configure new Teams functionality in 2.6.0, including enable/disable, blocking invalid configurations of rbac, and configuring teams via helm values and/or mounting a secret.

What risks are associated with merging this PR? What is required to fully test this PR?

The risks are likely minimal, though testing should be performed for downgrade/upgrade scenarios.

How was this PR tested?

See linked KCM PR for general auth testing.
Tested no-rbac auth config, simple rbac auth config, self-created configmap config, and config with helm-created configmap.

Have you made an update to documentation? If so, please provide the corresponding PR.

In progress.

Sean-Holcomb
Sean-Holcomb reviewed Jan 7, 2025
View reviewed changes
Copy link
Contributor

@Sean-Holcomb Sean-Holcomb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering if we should take a stand here a split out rbac from having duplicate entries in saml and oidc

cost-analyzer/templates/aggregator-statefulset.yaml Outdated Show resolved Hide resolved
cost-analyzer/templates/cost-analyzer-deployment-template.yaml Outdated Show resolved Hide resolved
@Sean-Holcomb Sean-Holcomb mentioned this pull request Jan 7, 2025
Merged
@kaelanspatel kaelanspatel marked this pull request as ready for review January 9, 2025 21:15
@nealormsbee
Copy link
Member

I am wondering if we should take a stand here a split out rbac from having duplicate entries in saml and oidc

@Sean-Holcomb @kaelanspatel what do we need to do to make progress here? Never opposed to simplifying the Helm values, but if that'll add ~days to the cycle getting this merged, I'd ask to take that stand another time. We have folks waiting on the new and improved RBAC capabilities.

@kaelanspatel
Copy link
Contributor Author

@nealormsbee Just simplifying and testing the config this morning, should be done with it and a draft for the associated setup docs by EoD today.

@nealormsbee
Copy link
Member

You the man! Thanks.

@kaelanspatel
Copy link
Contributor Author

For posterity, latest change adds/changes:

  • Removes explicit teamsEnabled or rbacTeams.enabled flags for existing implicit enablement of teams by specifying oidc/saml.rbac.enabled without groups. This is to facilitate a smooth upgrade. Existing env functionality not changed.
  • Renames rbacTeams to teams.
  • Adds a configmap name under teams that, if specified, overrides any other helm config and uses an existing configmap defined by the user.
  • Fixes issues relating to the first change.

@nealormsbee
Copy link
Member

Bumping this one gents. Looks like the lint checker is just failing on two bad links in the README.

@kaelanspatel kaelanspatel enabled auto-merge (squash) January 16, 2025 21:17
@nikovacevic
Copy link
Contributor

Not sure but I think that the README links should be updated to https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodMonitor

@nealormsbee nealormsbee disabled auto-merge January 16, 2025 23:17
@nealormsbee nealormsbee enabled auto-merge (rebase) January 16, 2025 23:18
@nealormsbee nealormsbee disabled auto-merge January 16, 2025 23:18
@kaelanspatel kaelanspatel merged commit 7b12dd6 into develop Jan 17, 2025
19 of 20 checks passed
@kaelanspatel kaelanspatel deleted the kaelan-rbac-rewrite branch January 17, 2025 00:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sean-Holcomb Sean-Holcomb Sean-Holcomb left review comments

@nikovacevic nikovacevic nikovacevic approved these changes

@ameijer ameijer ameijer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kaelanspatel @nealormsbee @nikovacevic @ameijer @Sean-Holcomb