add useExistingRole option - to support running in specific namespace…

[KlavsKlavsen]

…s without needing clusteradmin privs

This is a repost of helm/charts#23953

This adds support for running on kubernetes setups (such as is typical in openshift) where you only have access to your own namespaces.

I've gotten this support merged in both Prometheus and Grafana charts and
I'd really like to get it in this last chart I use for our Prometheus setup ;)

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please log a ticket with the Linux Foundation Helpdesk: https://support.linuxfoundation.org/
• Should you encounter any issues with the Linux Foundation Helpdesk, send a message to the backup e-mail support address at: login-issues@jira.linuxfoundation.org

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-ci-robot]

Welcome @KlavsKlavsen!

It looks like this is your first PR to kubernetes/kube-state-metrics 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/kube-state-metrics has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[KlavsKlavsen]

CLA signed

[lilic]

/assign @mrueg

@KlavsKlavsen you need to push an empty commit to validate the CLA again, I believe the command is gone now to revalidate. Thanks for the PR!

[mrueg]

Thanks for your contribution and apologies it takes so long to get this change in.

[KlavsKlavsen]

Rebased - ready for merge.. ?

[mrueg]

/approve

[KlavsKlavsen]

@mrueg only missing an /lgtm label CI says ?

[scottrigby]

/hold

Lets please wait for CI to be fully resolved before merging this.

1. Current PR we hope will fix it: Remove kube-state-metrics gh-pages branch status checks test-infra#20322
2. We will then be testing required checks on a low stakes PR (Add gh-pages Readme #1335, which just adds a README to the gh-pages branch)
3. Once that succeeds, we will want to release the version of the chart that's now in master (before this PR, otherwise end users won't have access to it)
4. From that point on we can merge PRs like this which make changes to the initial chart and create new releases

[KlavsKlavsen]

The fix has been merged 6 days ago.. Hows the "simple PR" going? it seems to be stalled.

[mrueg]

@KlavsKlavsen during this time of the year, please be aware that responses might take longer.
I'm waiting for @scottrigby to remove the hold.

[scottrigby]

@KlavsKlavsen the PR isn't the problem, it's test infra that needs to remove required checks from the gh-pages branch. I'm not a repo admin so the feedback loop is slower - and much slower right now because repo maintainers are away over the holidays (as they should be!) 😃

If this PR were merged before that is resolved, it would not create a chart release. Backfilling that release would then have to be a manual process - more annoying and confusing to end users than just waiting to merge the PR.

Hope that helps explain it. Happy new year! Looking forward to resolving this soon.

[KlavsKlavsen]

@scottrigby Hi Scott and a good new year to you :) - I see version of chart has been updated.. Is everything in place for merging this, or ?

[scottrigby]

@KlavsKlavsen Not yet. @tariq1890 and I are trying to schedule a collab session. I would think we will find a time for this very soon. Feel free to also follow along or join in Slack chat: https://kubernetes.slack.com/archives/CJJ529RUY/p1609938365003800

[tariq1890]

the range makes sense over here. I see that the {{- end -}} is placed correctly. I am just confused by the range block used in role.yaml

[KlavsKlavsen]

The range block in role - is because a Clusterrole must be ONLY once.. But when operating on only a few namespaces - each must have the relevant role.. so there must be a role per namespace we operate on (as it's NOT a ClusterRole - it only affects the individual namespace and lives within it).
I hope that makes it clearer :)

[KlavsKlavsen]

and there USED to be a clusterrole.yaml and a role.yaml- but I was asked to merge the two - as they were 99% identical.

[tariq1890]

@KlavsKlavsen You have my sincere apologies for making you wait for this PR for so long. But I am afraid that we can only merge this PR once we go live with kube-state-metrics v2.0 (correct me if I am mistaken @mrueg ).

The reason is that .Values.namespace is intended to be a single value field. We need to use the --namespaces field and that change has been made only in v2.0.

As a frequent user of helm charts myself, I feel it's in the best interest of open source users and maintainers to make the helm charts have the same cadence as that of the binary. In light of this, I think we should merge and publish this change only when kube-state-metrics v2 is released.

[tariq1890]

Suggested change

	{{- range (split "," $.Values.namespace) }}
	{{- range (split "," $.Values.namespaces) }}

[jaanhio]

hey @tariq1890 @KlavsKlavsen , i think this suggested change may have been accidentally missed.

may i know if the chart is going to use namespaces moving forward? a little confusing as the values.yaml specified use of namespaces (field used in rolebinding.yaml) but this role.yaml template is expecting namespace instead.

[KlavsKlavsen]

You are absolutely correct Jianhao. (namespace was before 2.0 - its called namespaces in 2.0+). This chart has since been moved to https://github.com/prometheus-community/helm-charts/blob/d6ae19c6bb7089bd0080952ca6f98b68177e3dcb/charts/kube-state-metrics/templates/role.yaml#L3 - where it still lists namespace instead of namespaces - even though it has moved to 2.0.

[tariq1890]

Suggested change

	{{- range (split "," $.Values.namespace) }}
	{{- range (split "," $.Values.namespaces) }}

[mrueg]

@KlavsKlavsen You have my sincere apologies for making you wait for this PR for so long. But I am afraid that we can only merge this PR once we go live with kube-state-metrics v2.0 (correct me if I am mistaken @mrueg ).

The reason is that .Values.namespace is intended to be a single value field. We need to use the --namespaces field and that change has been made only in v2.0.

As a frequent user of helm charts myself, I feel it's in the best interest of open source users and maintainers to make the helm charts have the same cadence as that of the binary. In light of this, I think we should merge and publish this change only when kube-state-metrics v2 is released.

Let's keep this change on ksm-v1.9.x to be able to move forward and integrate it. I'm tracking v2 changes in
#1358

[KlavsKlavsen]

In upstream 1.9 branch - the docs says: --namespace string Comma-separated list of namespaces to be enabled. Defaults to ""

So it has the exact same use for kube-state-metrics in 1.9.x as it has in 2.x - its just gotten an extra s for clarification.

So I'm not quite sure what you're referring to here, namespace also in 1.9.x supported multiple namespaces. ?

[KlavsKlavsen]

The reason is that .Values.namespace is intended to be a single value field. We need to use the --namespaces field and that change has been made only in v2.0.

In upstream 1.9 branch - the docs says: --namespace string Comma-separated list of namespaces to be enabled. Defaults to ""

So it has the exact same use for kube-state-metrics in 1.9.x as it has in 2.x - its just gotten an extra s for clarification.

So I'm not quite sure what you're referring to here ?

[mrueg]

@KlavsKlavsen Thanks for the quick turnaround, can you remove 22057b4 (we release this for ksm-v1.x) and I'll make sure to get it merged immediately.

[KlavsKlavsen]

reverted the change to support 2.x. I'll gladly submit a PR for 2.x with that small commit if you like.. I don't know where you keep the 2.x kube-state-metrics version of the chart though and how you want it.. :)

[mrueg]

@KlavsKlavsen I meant removing the commit, not reverting. While at it, can you stash the commits into a single one? Thanks!

[KlavsKlavsen]

@KlavsKlavsen I meant removing the commit, not reverting. While at it, can you stash the commits into a single one? Thanks!

Squashed all commits into one :)

[mrueg]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: KlavsKlavsen, mrueg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• charts/kube-state-metrics/OWNERS [mrueg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment