Closed rssnyder closed 1 year ago
@mdmilic any thoughts on my changes per your review?
@rssnyder you should link JIRA ticket to this PR (for future selves). E.g. we usually use format feat: [PL-12345]: some nice title
which is enforced in other repos and automatically links your JIRA, but having any kind of JIRA ref is fine (i.e. just PL-12345)
@AnupamIO tests below:
install with ccm.visibility=true
and k8sPermissionsType=CLUSTER_VIEWER
, show role/binding are created
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ helm upgrade -i zira-work-again --namespace harness-delegate-ng --create-namespace \
./harness-delegate-ng \
--set delegateName=zira-work-again \
--set accountId=wlgELJ0TTre5aZhzpt8gVA \
--set delegateToken=xxxxx= \
--set managerEndpoint=https://app.harness.io/gratis \
--set delegateDockerImage=harness/delegate:23.06.79707 \
--set replicas=1 --set upgrader.enabled=false --set ccm.visibility=true --set k8sPermissionsType=CLUSTER_VIEWER
Release "zira-work-again" does not exist. Installing it now.
NAME: zira-work-again
LAST DEPLOYED: Wed Aug 2 12:27:50 2023
NAMESPACE: harness-delegate-ng
STATUS: deployed
REVISION: 1
TEST SUITE: None
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrole | grep ccm
zira-work-again-ccm-visibility 2023-08-02T17:27:50Z
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrolebinding | grep ccm
zira-work-again-ccm-visibility-roleBinding ClusterRole/zira-work-again-ccm-visibility 15s
install with ccm.visibility=true
and k8sPermissionsType=CLUSTER_ADMIN
, show role/binding are not created
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ helm upgrade -i zira-work-again --namespace harness-delegate-ng --create-namespace \
./harness-delegate-ng \
--set delegateName=zira-work-again \
--set accountId=wlgELJ0TTre5aZhzpt8gVA \
--set delegateToken=xxxxxxx= \
--set managerEndpoint=https://app.harness.io/gratis \
--set delegateDockerImage=harness/delegate:23.06.79707 \
--set replicas=1 --set upgrader.enabled=false --set ccm.visibility=true --set k8sPermissionsType=CLUSTER_ADMIN
Release "zira-work-again" has been upgraded. Happy Helming!
NAME: zira-work-again
LAST DEPLOYED: Wed Aug 2 12:28:19 2023
NAMESPACE: harness-delegate-ng
STATUS: deployed
REVISION: 2
TEST SUITE: None
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrole | grep ccm
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrolebinding | grep ccm
install with ccm.visibility=false
and k8sPermissionsType=CLUSTER_VIEWER
, show role/binding are not created
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ helm upgrade -i zira-work-again --namespace harness-delegate-ng --create-namespace \
./harness-delegate-ng \
--set delegateName=zira-work-again \
--set accountId=wlgELJ0TTre5aZhzpt8gVA \
--set delegateToken=xxxxxx= \
--set managerEndpoint=https://app.harness.io/gratis \
--set delegateDockerImage=harness/delegate:23.06.79707 \
--set replicas=1 --set upgrader.enabled=false --set ccm.visibility=false --set k8sPermissionsType=CLUSTER_VIEWER
Release "zira-work-again" has been upgraded. Happy Helming!
NAME: zira-work-again
LAST DEPLOYED: Wed Aug 2 12:28:38 2023
NAMESPACE: harness-delegate-ng
STATUS: deployed
REVISION: 3
TEST SUITE: None
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrole | grep ccm
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrolebinding | grep ccm
install with ccm.visibility=true
and k8sPermissionsType=CLUSTER_VIEWER
, show role/binding are created
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ helm upgrade -i zira-work-again --namespace harness-delegate-ng --create-namespace \
./harness-delegate-ng \
--set delegateName=zira-work-again \
--set accountId=wlgELJ0TTre5aZhzpt8gVA \
--set delegateToken=xxxxx= \
--set managerEndpoint=https://app.harness.io/gratis \
--set delegateDockerImage=harness/delegate:23.06.79707 \
--set replicas=1 --set upgrader.enabled=false --set ccm.visibility=true --set k8sPermissionsType=CLUSTER_VIEWER
Release "zira-work-again" has been upgraded. Happy Helming!
NAME: zira-work-again
LAST DEPLOYED: Wed Aug 2 12:28:52 2023
NAMESPACE: harness-delegate-ng
STATUS: deployed
REVISION: 4
TEST SUITE: None
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrole | grep ccm
zira-work-again-ccm-visibility 2023-08-02T17:28:52Z
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrolebinding | grep ccm
zira-work-again-ccm-visibility-roleBinding ClusterRole/zira-work-again-ccm-visibility 4s
show content of role matches template
zira ➜ delegate-helm-chart git:(feat/ccm-cost-access) ✗ k get clusterrole zira-work-again-ccm-visibility -o=yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
meta.helm.sh/release-name: zira-work-again
meta.helm.sh/release-namespace: harness-delegate-ng
creationTimestamp: "2023-08-02T17:28:52Z"
labels:
app.kubernetes.io/instance: zira-work-again
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: zira-work-again
harness.io/name: zira-work-again
helm.sh/chart: harness-delegate-ng-1.0.10
name: zira-work-again-ccm-visibility
resourceVersion: "936"
uid: e7a99e60-4139-43fe-aa04-1bf1d9c3d0d2
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/proxy
- events
- namespaces
- persistentvolumes
- persistentvolumeclaims
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- statefulsets
- deployments
- daemonsets
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- get
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
Adding CCM visibility clusterrole to delegate helm chart.
Why? When new customers are setting up CCM for k8s they have to deploy a delegate first, and then add the cluster visibility role later. This is only given to you in the UI, which leads to issues when infra teams are tasked with rolling out the delegate over many clusters and do not want to go to the harness UI every time.
This gives the customers an easier onboarding flow for enrolling clusters into CCM.
Previous flow:
New flow: