[rollout-operator] Always set server-tls.self-signed-cert.dns-name #3989
Conversation
Signed-off-by: tanner <[email protected]>
kimxogus
force-pushed
the
fix/rollout-operator-cert-dna-name
branch
from
92c6f2c to
71ecb43
Compare
|
I've also removed default cert name defaults to chart fullname. Current default |
won't this break the existing installations? From what I saw the rollout-operator creates the certificate with that name itself. But this also means we need some secret name. I'm not sure how this will work if you change the secret name during an upgrade. At the very least, let's do this in a separate PR. Right now I think the priority should be to get the rollout-operator working correctly in mimir-distributed 6.0.0 and the secret name is only a cosmetic change |
|
i'm happy to merge this if you undo the secret name change. i think it's unnecessary for a bugfix PR |
dimitarvdimitrov
changed the title
CI is failing because of the same change. The generated role is now invalid |
|
@dimitarvdimitrov That change will recreate rollout-operator pod and then the pod will create the cert secret too. This won't break existing installations. |
|
@dimitarvdimitrov Is there a script to generate helm doc automatically? |
kimxogus
changed the title
Signed-off-by: tanner <[email protected]>
kimxogus
force-pushed
the
fix/rollout-operator-cert-dna-name
branch
from
f1718ba to
a9fa603
Compare
kimxogus
changed the title
|
the CI uses this i'll find a second reviewer and merge this |
This includes a fix for server-tls.self-signed-cert.dns-name which was always set to `rollout-operator.NAMESPACE.svc` instead of using the full release name. This broke rollout operator functionality when upgrading statefulsets. See: grafana/helm-charts#3989
|
@dimitarvdimitrov Thank you for quick review and merge. I opened a separate PR #3990 |
Upgrades the rollout-operator chart dependency to 0.37.1. This includes a fix from grafana/helm-charts#3989 where server-tls.self-signed-cert.dns-name was always set to `rollout-operator.NAMESPACE.svc` instead of using the full release name (e.g., `mimir-rollout-operator.NAMESPACE.svc`). This broke the rollout operator and prevented upgrading statefulsets. related to #13338
Upgrades the rollout-operator chart dependency to 0.37.1. This includes a fix from grafana/helm-charts#3989 where server-tls.self-signed-cert.dns-name was always set to `rollout-operator.NAMESPACE.svc` instead of using the full release name (e.g., `mimir-rollout-operator.NAMESPACE.svc`). This broke the rollout operator and prevented upgrading statefulsets. related to #13338 (cherry picked from commit 16aa2be)
…7.1 (#13361) Upgrades the rollout-operator chart dependency to 0.37.1. This includes a fix from grafana/helm-charts#3989 where server-tls.self-signed-cert.dns-name was always set to `rollout-operator.NAMESPACE.svc` instead of using the full release name (e.g., `mimir-rollout-operator.NAMESPACE.svc`). This broke the rollout operator and prevented upgrading statefulsets. closes #13338 (cherry picked from commit 16aa2be)
…rafana#3989) * fix(rollout-operator): Fix rollout-operator cert's dns name Signed-off-by: tanner <[email protected]> * bump patch version Signed-off-by: tanner <[email protected]> --------- Signed-off-by: tanner <[email protected]>
…rafana#3989) * fix(rollout-operator): Fix rollout-operator cert's dns name Signed-off-by: tanner <[email protected]> * bump patch version Signed-off-by: tanner <[email protected]> --------- Signed-off-by: tanner <[email protected]>
2 participants
In mimir helm chart with helm release name
mimir, this should bemimir-rollout-operator.NAMESPACE.svc, but it's alwaysrollout-operator.NAMESPACE.svcunless.Values.fullnameOverrideis set.This broke mimir's rollout operator and upgrading any statefulsets in the namespace.