From ac43977557fda009efb02564568468257c3b395a Mon Sep 17 00:00:00 2001 From: QuantumEnigmaa Date: Mon, 15 Jan 2024 17:10:43 +0100 Subject: [PATCH 1/7] Helm: add ruler specific service account Signed-off-by: QuantumEnigmaa --- .../helm/charts/mimir-distributed/CHANGELOG.md | 1 + .../mimir-distributed/templates/_helpers.tpl | 14 +++++++++++++- .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 14 ++++++++++++++ .../helm/charts/mimir-distributed/values.yaml | 6 ++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ .../templates/ruler/ruler-dep.yaml | 2 +- .../templates/ruler/ruler-sa.yaml | 13 +++++++++++++ 45 files changed, 315 insertions(+), 22 deletions(-) create mode 100644 operations/helm/charts/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml create mode 100644 operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml diff --git a/operations/helm/charts/mimir-distributed/CHANGELOG.md b/operations/helm/charts/mimir-distributed/CHANGELOG.md index 4611356e112..be605b37953 100644 --- a/operations/helm/charts/mimir-distributed/CHANGELOG.md +++ b/operations/helm/charts/mimir-distributed/CHANGELOG.md @@ -31,6 +31,7 @@ Entries should include a reference to the Pull Request that introduced the chang * [CHANGE] Rollout-operator: remove default CPU limit. #7125 * [ENHANCEMENT] Add `jaegerReporterMaxQueueSize` Helm value for all components where configuring `JAEGER_REPORTER_MAX_QUEUE_SIZE` makes sense, and override the Jaeger client's default value of 100 for components expected to generate many trace spans. #7068 #7086 * [ENHANCEMENT] Rollout-operator: upgraded to v0.10.1. #7125 +* [ENHANCEMENT] Add the possibility to create a dedicated serviceAccount for the `ruler` component. ## 5.2.0 diff --git a/operations/helm/charts/mimir-distributed/templates/_helpers.tpl b/operations/helm/charts/mimir-distributed/templates/_helpers.tpl index 17199aa762e..4c2113c5ca3 100644 --- a/operations/helm/charts/mimir-distributed/templates/_helpers.tpl +++ b/operations/helm/charts/mimir-distributed/templates/_helpers.tpl @@ -64,7 +64,7 @@ For compatibility and to support upgrade from enterprise-metrics chart calculate {{- end -}} {{/* -Create the name of the service account +Create the name of the general service account */}} {{- define "mimir.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} @@ -74,6 +74,18 @@ Create the name of the service account {{- end -}} {{- end -}} +{{/* +Create the name of the ruler service account +*/}} +{{- define "mimir.ruler.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{- $sa := default (include "mimir.fullname" .) .Values.serviceAccount.name }} +{{- printf "%s-%s" $sa "ruler" }} +{{- else -}} + {{ default (include "mimir.serviceAccountName" .) .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create the app name for clients. Defaults to the same logic as "mimir.fullname", and default client expects "prometheus". */}} diff --git a/operations/helm/charts/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/charts/mimir-distributed/templates/ruler/ruler-dep.yaml index 6488401b073..589d3518556 100644 --- a/operations/helm/charts/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/charts/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -23,7 +23,7 @@ spec: {{- include "mimir.podAnnotations" (dict "ctx" . "component" "ruler") | nindent 8 }} namespace: {{ .Release.Namespace | quote }} spec: - serviceAccountName: {{ template "mimir.serviceAccountName" . }} + serviceAccountName: {{ template "mimir.ruler.serviceAccountName" . }} {{- if .Values.ruler.priorityClassName }} priorityClassName: {{ .Values.ruler.priorityClassName }} {{- end }} diff --git a/operations/helm/charts/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/charts/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..0ae78bb4571 --- /dev/null +++ b/operations/helm/charts/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,14 @@ +{{- if .Values.ruler.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "mimir.serviceAccountName" . }} + labels: + {{- include "mimir.labels" (dict "ctx" .) | nindent 4 }} + {{- with .Values.ruler.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.ruler.serviceAccount.annotations | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/operations/helm/charts/mimir-distributed/values.yaml b/operations/helm/charts/mimir-distributed/values.yaml index 04f0c279dc5..beadf81da14 100644 --- a/operations/helm/charts/mimir-distributed/values.yaml +++ b/operations/helm/charts/mimir-distributed/values.yaml @@ -1090,6 +1090,12 @@ ruler: service: annotations: {} labels: {} + + serviceAccount: + create: true + name: + annotations: {} + labels: {} resources: requests: diff --git a/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 23c29a9032a..d0beaf1661e 100644 --- a/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: enterprise-https-values-mimir + serviceAccountName: enterprise-https-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..0b64f1d94b9 --- /dev/null +++ b/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: enterprise-https-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: enterprise-https-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 5dc9978c59d..597ae363f34 100644 --- a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: gateway-enterprise-values-mimir + serviceAccountName: gateway-enterprise-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..8370df8836c --- /dev/null +++ b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gateway-enterprise-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: gateway-enterprise-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 1988161e777..193ee88ccb1 100644 --- a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: gateway-nginx-values-mimir + serviceAccountName: gateway-nginx-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..88e9ab0ba53 --- /dev/null +++ b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gateway-nginx-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: gateway-nginx-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index bd417a0aa8b..188ddf3651a 100644 --- a/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: graphite-enabled-values-mimir + serviceAccountName: graphite-enabled-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..ee4d4f2520f --- /dev/null +++ b/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: graphite-enabled-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: graphite-enabled-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index e5b8594db51..328d934db63 100644 --- a/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: large-values-mimir + serviceAccountName: large-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..1f93f5a80ec --- /dev/null +++ b/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: large-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: large-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 29e2e2edc5f..07560613aef 100644 --- a/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: metamonitoring-values-mimir + serviceAccountName: metamonitoring-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..754f33a2981 --- /dev/null +++ b/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metamonitoring-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: metamonitoring-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index b61c3476a0a..e0bf372e3f0 100644 --- a/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: openshift-values-mimir + serviceAccountName: openshift-values-mimir-ruler securityContext: runAsNonRoot: true seccompProfile: diff --git a/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..d0dad0da03e --- /dev/null +++ b/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: openshift-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: openshift-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 73137c400b0..448ff2025d3 100644 --- a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: scheduler-name-values-mimir + serviceAccountName: scheduler-name-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..251141a94ba --- /dev/null +++ b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: scheduler-name-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: scheduler-name-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 223f4f643a4..3cfae6c2360 100644 --- a/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: small-values-mimir + serviceAccountName: small-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..a0cae6bda6e --- /dev/null +++ b/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: small-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: small-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 0e476e7527e..d1917348262 100644 --- a/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -37,7 +37,7 @@ spec: minio-secret-version: "42" namespace: "citestns" spec: - serviceAccountName: test-enterprise-configmap-values-mimir + serviceAccountName: test-enterprise-configmap-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..bfdf45c723b --- /dev/null +++ b/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-enterprise-configmap-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-enterprise-configmap-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index e5576b2c865..925cc4ce27f 100644 --- a/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-enterprise-k8s-1.25-values-mimir + serviceAccountName: test-enterprise-k8s-1.25-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..dbaf83d24c9 --- /dev/null +++ b/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-enterprise-k8s-1.25-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-enterprise-k8s-1.25-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index b5b10f36c74..a546ccb26ed 100644 --- a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -33,7 +33,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-enterprise-legacy-label-values-enterprise-metrics + serviceAccountName: test-enterprise-legacy-label-values-enterprise-metrics-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..163cb2974d7 --- /dev/null +++ b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-enterprise-legacy-label-values-enterprise-metrics + labels: + app: enterprise-metrics + heritage: Helm + release: test-enterprise-legacy-label-values + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index a362178b70f..fedadc7eb3a 100644 --- a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-enterprise-values-mimir + serviceAccountName: test-enterprise-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..9ecf47c4c43 --- /dev/null +++ b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-enterprise-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-enterprise-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 7cfed3b546f..15b9e4c8b9c 100644 --- a/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-ingress-values-mimir + serviceAccountName: test-ingress-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..d092ec3f893 --- /dev/null +++ b/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-ingress-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-ingress-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 08d06b1e8d1..410e672afde 100644 --- a/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-oss-k8s-1.25-values-mimir + serviceAccountName: test-oss-k8s-1.25-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..1541f0b7a54 --- /dev/null +++ b/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-oss-k8s-1.25-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-oss-k8s-1.25-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index a81cf636c91..2448c80f095 100644 --- a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-oss-logical-multizone-values-mimir + serviceAccountName: test-oss-logical-multizone-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..d8f8ac606ff --- /dev/null +++ b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-oss-logical-multizone-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-oss-logical-multizone-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index f8bf0e59f45..fc722338d69 100644 --- a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-oss-multizone-values-mimir + serviceAccountName: test-oss-multizone-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..a2d4faf0e67 --- /dev/null +++ b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-oss-multizone-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-oss-multizone-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 0784266bcd3..05a6b5375eb 100644 --- a/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-oss-topology-spread-constraints-values-mimir + serviceAccountName: test-oss-topology-spread-constraints-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..a322adb2973 --- /dev/null +++ b/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-oss-topology-spread-constraints-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-oss-topology-spread-constraints-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 2a543f63650..13744b7b31f 100644 --- a/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -37,7 +37,7 @@ spec: minio-secret-version: "42" namespace: "citestns" spec: - serviceAccountName: test-oss-values-mimir + serviceAccountName: test-oss-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..ee7263b6818 --- /dev/null +++ b/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-oss-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-oss-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" diff --git a/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index ffe0b49b489..d6e67603581 100644 --- a/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -43,7 +43,7 @@ spec: vault.hashicorp.com/agent-inject-secret-root.crt: 'ca-cert-path' namespace: "citestns" spec: - serviceAccountName: test-vault-agent-values-mimir + serviceAccountName: test-vault-agent-values-mimir-ruler securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml new file mode 100644 index 00000000000..1a6a3624c1c --- /dev/null +++ b/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -0,0 +1,13 @@ +--- +# Source: mimir-distributed/templates/ruler/ruler-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-vault-agent-values-mimir + labels: + app.kubernetes.io/name: mimir + app.kubernetes.io/instance: test-vault-agent-values + app.kubernetes.io/managed-by: Helm + annotations: + {} + namespace: "citestns" From 0a40767be12abcf20730052ebf3862f63dbdfa90 Mon Sep 17 00:00:00 2001 From: QuantumEnigmaa Date: Tue, 23 Jan 2024 10:29:30 +0100 Subject: [PATCH 2/7] add suggestions from review Signed-off-by: QuantumEnigmaa --- operations/helm/charts/mimir-distributed/CHANGELOG.md | 2 +- .../helm/charts/mimir-distributed/templates/_helpers.tpl | 4 ++-- .../charts/mimir-distributed/templates/ruler/ruler-sa.yaml | 2 +- operations/helm/charts/mimir-distributed/values.yaml | 3 +++ 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/operations/helm/charts/mimir-distributed/CHANGELOG.md b/operations/helm/charts/mimir-distributed/CHANGELOG.md index d490de17391..a44d61ab8b0 100644 --- a/operations/helm/charts/mimir-distributed/CHANGELOG.md +++ b/operations/helm/charts/mimir-distributed/CHANGELOG.md @@ -42,8 +42,8 @@ Entries should include a reference to the Pull Request that introduced the chang * [ENHANCEMENT] Add `jaegerReporterMaxQueueSize` Helm value for all components where configuring `JAEGER_REPORTER_MAX_QUEUE_SIZE` makes sense, and override the Jaeger client's default value of 100 for components expected to generate many trace spans. #7068 #7086 * [ENHANCEMENT] Rollout-operator: upgraded to v0.10.1. #7125 * [ENHANCEMENT] Query-frontend: configured `-shutdown-delay`, `-server.grpc.keepalive.max-connection-age` and termination grace period to reduce the likelihood of queries hitting terminated query-frontends. #7129 +* [ENHANCEMENT] Add the possibility to create a dedicated serviceAccount for the `ruler` component by setting `ruler.serivceAcount.create` to true in the values. #7132 * [BUGFIX] Metamonitoring: update dashboards to drop unsupported `step` parameter in targets. #7157 -* [ENHANCEMENT] Add the possibility to create a dedicated serviceAccount for the `ruler` component. ## 5.2.0 diff --git a/operations/helm/charts/mimir-distributed/templates/_helpers.tpl b/operations/helm/charts/mimir-distributed/templates/_helpers.tpl index 4c2113c5ca3..127a41ae277 100644 --- a/operations/helm/charts/mimir-distributed/templates/_helpers.tpl +++ b/operations/helm/charts/mimir-distributed/templates/_helpers.tpl @@ -78,11 +78,11 @@ Create the name of the general service account Create the name of the ruler service account */}} {{- define "mimir.ruler.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} +{{- if .Values.ruler.serviceAccount.create -}} {{- $sa := default (include "mimir.fullname" .) .Values.serviceAccount.name }} {{- printf "%s-%s" $sa "ruler" }} {{- else -}} - {{ default (include "mimir.serviceAccountName" .) .Values.serviceAccount.name }} + {{ include "mimir.serviceAccountName" . }} {{- end -}} {{- end -}} diff --git a/operations/helm/charts/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/charts/mimir-distributed/templates/ruler/ruler-sa.yaml index 0ae78bb4571..8993cf19702 100644 --- a/operations/helm/charts/mimir-distributed/templates/ruler/ruler-sa.yaml +++ b/operations/helm/charts/mimir-distributed/templates/ruler/ruler-sa.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "mimir.serviceAccountName" . }} + name: {{ template "mimir.ruler.serviceAccountName" . }} labels: {{- include "mimir.labels" (dict "ctx" .) | nindent 4 }} {{- with .Values.ruler.serviceAccount.labels }} diff --git a/operations/helm/charts/mimir-distributed/values.yaml b/operations/helm/charts/mimir-distributed/values.yaml index 82000400332..42a8bdae293 100644 --- a/operations/helm/charts/mimir-distributed/values.yaml +++ b/operations/helm/charts/mimir-distributed/values.yaml @@ -1119,6 +1119,9 @@ ruler: annotations: {} labels: {} + # -- Dedicated service account for ruler pods. + # If not set, the default service account defined at the begining of this file will be used. + # This service account can be used even if the default one is not set. serviceAccount: create: true name: From 9cca9892da9cdb4ae3bfb24b8ae0dc2107647176 Mon Sep 17 00:00:00 2001 From: QuantumEnigmaa Date: Tue, 23 Jan 2024 11:34:13 +0100 Subject: [PATCH 3/7] disable ruler sa by default --- .../helm/charts/mimir-distributed/values.yaml | 2 +- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- .../templates/ruler/ruler-dep.yaml | 2 +- .../mimir-distributed/templates/ruler/ruler-sa.yaml | 13 ------------- 41 files changed, 21 insertions(+), 281 deletions(-) delete mode 100644 operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml delete mode 100644 operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml diff --git a/operations/helm/charts/mimir-distributed/values.yaml b/operations/helm/charts/mimir-distributed/values.yaml index 42a8bdae293..b53be7fdc8a 100644 --- a/operations/helm/charts/mimir-distributed/values.yaml +++ b/operations/helm/charts/mimir-distributed/values.yaml @@ -1123,7 +1123,7 @@ ruler: # If not set, the default service account defined at the begining of this file will be used. # This service account can be used even if the default one is not set. serviceAccount: - create: true + create: false name: annotations: {} labels: {} diff --git a/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index e12ff2ee11b..42c7d809667 100644 --- a/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: enterprise-https-values-mimir-ruler + serviceAccountName: enterprise-https-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 0b64f1d94b9..00000000000 --- a/operations/helm/tests/enterprise-https-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: enterprise-https-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: enterprise-https-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 8ed903703c8..8a4db59523d 100644 --- a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: gateway-enterprise-values-mimir-ruler + serviceAccountName: gateway-enterprise-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 8370df8836c..00000000000 --- a/operations/helm/tests/gateway-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gateway-enterprise-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: gateway-enterprise-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 21bbfd0b278..04ede7ef6ab 100644 --- a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: gateway-nginx-values-mimir-ruler + serviceAccountName: gateway-nginx-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 88e9ab0ba53..00000000000 --- a/operations/helm/tests/gateway-nginx-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gateway-nginx-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: gateway-nginx-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 2921c5ed0d5..c972938ac41 100644 --- a/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: graphite-enabled-values-mimir-ruler + serviceAccountName: graphite-enabled-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index ee4d4f2520f..00000000000 --- a/operations/helm/tests/graphite-enabled-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: graphite-enabled-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: graphite-enabled-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index d54a5049fbc..8cf448a4eac 100644 --- a/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: large-values-mimir-ruler + serviceAccountName: large-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 1f93f5a80ec..00000000000 --- a/operations/helm/tests/large-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: large-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: large-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 187933d63b2..8adf97a3254 100644 --- a/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: metamonitoring-values-mimir-ruler + serviceAccountName: metamonitoring-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 754f33a2981..00000000000 --- a/operations/helm/tests/metamonitoring-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: metamonitoring-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: metamonitoring-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index c70cc3c3165..96ec6c24a02 100644 --- a/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: openshift-values-mimir-ruler + serviceAccountName: openshift-values-mimir securityContext: runAsNonRoot: true seccompProfile: diff --git a/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index d0dad0da03e..00000000000 --- a/operations/helm/tests/openshift-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: openshift-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: openshift-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 337382882e0..9770c1fd32e 100644 --- a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: scheduler-name-values-mimir-ruler + serviceAccountName: scheduler-name-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 251141a94ba..00000000000 --- a/operations/helm/tests/scheduler-name-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: scheduler-name-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: scheduler-name-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 6442c37d836..256f0a2204b 100644 --- a/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: small-values-mimir-ruler + serviceAccountName: small-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index a0cae6bda6e..00000000000 --- a/operations/helm/tests/small-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: small-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: small-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 378db4963ed..19b3f6072fe 100644 --- a/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -37,7 +37,7 @@ spec: minio-secret-version: "42" namespace: "citestns" spec: - serviceAccountName: test-enterprise-configmap-values-mimir-ruler + serviceAccountName: test-enterprise-configmap-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index bfdf45c723b..00000000000 --- a/operations/helm/tests/test-enterprise-configmap-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-enterprise-configmap-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-enterprise-configmap-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 193c0897133..f7585bb5411 100644 --- a/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-enterprise-k8s-1.25-values-mimir-ruler + serviceAccountName: test-enterprise-k8s-1.25-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index dbaf83d24c9..00000000000 --- a/operations/helm/tests/test-enterprise-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-enterprise-k8s-1.25-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-enterprise-k8s-1.25-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 832caf25421..5923392668e 100644 --- a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -33,7 +33,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-enterprise-legacy-label-values-enterprise-metrics-ruler + serviceAccountName: test-enterprise-legacy-label-values-enterprise-metrics securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 163cb2974d7..00000000000 --- a/operations/helm/tests/test-enterprise-legacy-label-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-enterprise-legacy-label-values-enterprise-metrics - labels: - app: enterprise-metrics - heritage: Helm - release: test-enterprise-legacy-label-values - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index a39914ba6f2..b8fb89e8033 100644 --- a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-enterprise-values-mimir-ruler + serviceAccountName: test-enterprise-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 9ecf47c4c43..00000000000 --- a/operations/helm/tests/test-enterprise-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-enterprise-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-enterprise-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 7ef93dc0e19..76f89f9b55e 100644 --- a/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-ingress-values-mimir-ruler + serviceAccountName: test-ingress-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index d092ec3f893..00000000000 --- a/operations/helm/tests/test-ingress-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-ingress-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-ingress-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index c85069a1e10..ddde3aa1f9d 100644 --- a/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-oss-k8s-1.25-values-mimir-ruler + serviceAccountName: test-oss-k8s-1.25-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 1541f0b7a54..00000000000 --- a/operations/helm/tests/test-oss-k8s-1.25-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-oss-k8s-1.25-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-oss-k8s-1.25-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index af33f011e66..9056f0ed870 100644 --- a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-oss-logical-multizone-values-mimir-ruler + serviceAccountName: test-oss-logical-multizone-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index d8f8ac606ff..00000000000 --- a/operations/helm/tests/test-oss-logical-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-oss-logical-multizone-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-oss-logical-multizone-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index e6b73af0bdc..f2f551fa88c 100644 --- a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-oss-multizone-values-mimir-ruler + serviceAccountName: test-oss-multizone-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index a2d4faf0e67..00000000000 --- a/operations/helm/tests/test-oss-multizone-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-oss-multizone-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-oss-multizone-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 0c078540290..4e7668791c6 100644 --- a/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -36,7 +36,7 @@ spec: annotations: namespace: "citestns" spec: - serviceAccountName: test-oss-topology-spread-constraints-values-mimir-ruler + serviceAccountName: test-oss-topology-spread-constraints-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index a322adb2973..00000000000 --- a/operations/helm/tests/test-oss-topology-spread-constraints-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-oss-topology-spread-constraints-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-oss-topology-spread-constraints-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index 8150fee6fcc..2420f6599ff 100644 --- a/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -37,7 +37,7 @@ spec: minio-secret-version: "42" namespace: "citestns" spec: - serviceAccountName: test-oss-values-mimir-ruler + serviceAccountName: test-oss-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index ee7263b6818..00000000000 --- a/operations/helm/tests/test-oss-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-oss-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-oss-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" diff --git a/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml b/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml index bc17e909015..3d048454c14 100644 --- a/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml +++ b/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-dep.yaml @@ -43,7 +43,7 @@ spec: vault.hashicorp.com/agent-inject-secret-root.crt: 'ca-cert-path' namespace: "citestns" spec: - serviceAccountName: test-vault-agent-values-mimir-ruler + serviceAccountName: test-vault-agent-values-mimir securityContext: fsGroup: 10001 runAsGroup: 10001 diff --git a/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml b/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml deleted file mode 100644 index 1a6a3624c1c..00000000000 --- a/operations/helm/tests/test-vault-agent-values-generated/mimir-distributed/templates/ruler/ruler-sa.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: mimir-distributed/templates/ruler/ruler-sa.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: test-vault-agent-values-mimir - labels: - app.kubernetes.io/name: mimir - app.kubernetes.io/instance: test-vault-agent-values - app.kubernetes.io/managed-by: Helm - annotations: - {} - namespace: "citestns" From 05ae448d262a907e4d235b0de8c4a7449d9aa0af Mon Sep 17 00:00:00 2001 From: QuantumEnigmaa Date: Tue, 23 Jan 2024 11:38:31 +0100 Subject: [PATCH 4/7] add rolebinding to ruler sa Signed-off-by: QuantumEnigmaa --- .../helm/charts/mimir-distributed/templates/rolebinding.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml b/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml index 9bb34a6cf12..7450540671b 100644 --- a/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml +++ b/operations/helm/charts/mimir-distributed/templates/rolebinding.yaml @@ -19,4 +19,8 @@ subjects: - kind: ServiceAccount name: {{ include "rollout-operator.serviceAccountName" . }} {{- end }} +{{- if .Values.ruler.serviceAccount.create }} +- kind: ServiceAccount + name: {{ template "mimir.ruler.serviceAccountName" . }} +{{- end }} {{- end }} From caf86518beb1d2f57c6bb3f7eb37263ffcef818a Mon Sep 17 00:00:00 2001 From: QuantumEnigmaa Date: Mon, 29 Jan 2024 09:31:28 +0100 Subject: [PATCH 5/7] remove trailing space Signed-off-by: QuantumEnigmaa --- operations/helm/charts/mimir-distributed/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/helm/charts/mimir-distributed/values.yaml b/operations/helm/charts/mimir-distributed/values.yaml index 07a2e70035e..73c257685ca 100644 --- a/operations/helm/charts/mimir-distributed/values.yaml +++ b/operations/helm/charts/mimir-distributed/values.yaml @@ -1118,7 +1118,7 @@ ruler: service: annotations: {} labels: {} - + # -- Dedicated service account for ruler pods. # If not set, the default service account defined at the begining of this file will be used. # This service account can be used even if the default one is not set. From 8b3bddd6e1ca75d85d1e104d590f609f0a4c1de7 Mon Sep 17 00:00:00 2001 From: QuantumEnigmaa Date: Mon, 29 Jan 2024 09:54:37 +0100 Subject: [PATCH 6/7] update handling of ruler sa name Signed-off-by: QuantumEnigmaa --- .../helm/charts/mimir-distributed/templates/_helpers.tpl | 6 ++++-- operations/helm/charts/mimir-distributed/values.yaml | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/operations/helm/charts/mimir-distributed/templates/_helpers.tpl b/operations/helm/charts/mimir-distributed/templates/_helpers.tpl index 127a41ae277..9c6e606cca9 100644 --- a/operations/helm/charts/mimir-distributed/templates/_helpers.tpl +++ b/operations/helm/charts/mimir-distributed/templates/_helpers.tpl @@ -78,11 +78,13 @@ Create the name of the general service account Create the name of the ruler service account */}} {{- define "mimir.ruler.serviceAccountName" -}} -{{- if .Values.ruler.serviceAccount.create -}} +{{- if and .Values.ruler.serviceAccount.create (eq .Values.ruler.serviceAccount.name "") -}} {{- $sa := default (include "mimir.fullname" .) .Values.serviceAccount.name }} {{- printf "%s-%s" $sa "ruler" }} +{{- else if and .Values.ruler.serviceAccount.create (not (eq .Values.ruler.serviceAccount.name "")) -}} +{{- .Values.ruler.serviceAccount.name -}} {{- else -}} - {{ include "mimir.serviceAccountName" . }} +{{- include "mimir.serviceAccountName" . -}} {{- end -}} {{- end -}} diff --git a/operations/helm/charts/mimir-distributed/values.yaml b/operations/helm/charts/mimir-distributed/values.yaml index 73c257685ca..bdccba7fef0 100644 --- a/operations/helm/charts/mimir-distributed/values.yaml +++ b/operations/helm/charts/mimir-distributed/values.yaml @@ -1124,7 +1124,7 @@ ruler: # This service account can be used even if the default one is not set. serviceAccount: create: false - name: + name: "" annotations: {} labels: {} From 28423db05740f00d0bbe4d0dc2a8a6737d9164d4 Mon Sep 17 00:00:00 2001 From: QuantumEnigmaa Date: Wed, 7 Feb 2024 10:14:27 +0100 Subject: [PATCH 7/7] add doc comment for ruler sa name Signed-off-by: QuantumEnigmaa --- operations/helm/charts/mimir-distributed/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/operations/helm/charts/mimir-distributed/values.yaml b/operations/helm/charts/mimir-distributed/values.yaml index db29c55ac65..ab2b195e694 100644 --- a/operations/helm/charts/mimir-distributed/values.yaml +++ b/operations/helm/charts/mimir-distributed/values.yaml @@ -1119,6 +1119,8 @@ ruler: # This service account can be used even if the default one is not set. serviceAccount: create: false + # -- Ruler specific service account name. If not set and create is set to true, the default + # name will be the default mimir service account's name with the "-ruler" suffix. name: "" annotations: {} labels: {}