Make runner Role/RoleBinding reconciliation idempotent
requested to merge khaossolutions/gitops/gitlab-runner-operator:fix/runner-rolebinding-idempotency into master
This MR updates the runner app Role/RoleBinding reconciliation functions to be idempotent. If they already exist in a Runner namespace they are now updated if diverged. If a Runner CR is created within the Operator namespace the gitlab-runner-app-rolebinding which serves as template will be updated too with the correct namespace in the subjects/namespace ref.
Additionally, in the future when a new Operator version will ship an updated gitlab-runner-app-role all existing gitlab-runner-app-role in all namespaces with an active Runner CR will be updated too.
Fixes #61 (closed)
How to test
- Install the Operator with the catalog-source from this MR in a custom namespace.
- Since the catalog source from the operator registry will be a certified Operator bundle, find the
gitlab-runner-app-rolebindingin the Operator namespace - and re-add
gitlab-runner-systemassubjects/namespaceref to it (undo what the certification removed). - Create a Runner CR in the Operator namespace and the
subjects/namespaceref should be updated to the correct Operator namespace.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-runner-app-rolebinding
namespace: gitlab-runner-operator
uid: 38ee6fc3-ae47-4ad7-91fc-687d019f3d86
resourceVersion: '122166818'
creationTimestamp: '2022-04-15T09:32:38Z'
managedFields:
- manager: catalog
operation: Update
apiVersion: rbac.authorization.k8s.io/v1
time: '2022-04-15T09:32:38Z'
fieldsType: FieldsV1
fieldsV1:
'f:roleRef': {}
- manager: manager
operation: Update
apiVersion: rbac.authorization.k8s.io/v1
time: '2022-04-15T09:38:47Z'
fieldsType: FieldsV1
fieldsV1:
'f:subjects': {}
subjects:
- kind: ServiceAccount
name: gitlab-runner-sa
namespace: gitlab-runner-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gitlab-runner-app-roleEdited by Em Karisch