Skip to content

Fixes accidentally deleted serviceaccount and rolebinding objects #909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Nov 23, 2024
Merged

Fixes accidentally deleted serviceaccount and rolebinding objects #909

merged 10 commits into from
Nov 23, 2024

Conversation

soenkeliebau
Copy link
Member

@soenkeliebau soenkeliebau commented Nov 21, 2024
edited by siegfriedweber
Loading

Description

Currently it is possible that servieAccount and roleBinding objects accidentally get deleted if multiple clusters of the same type (airflow, zookeeper, ...) get deployed to the same namespace and one of them gets deleted.

The issue is, that we don't name the serviceaccount and rolebinding objects after the clustername, but they are named the same for all cluster, so bacially just "airflow-rolebinding" and "airflow-serviceaccount" across the board.
When you new deploy two airflows into the same namespace and delete the wrong one of them again (the wrong one being the last that was deployed) then the rolebinding and serviceaccount are gone as well and the other cluster stops working as well.

Reason for "the last one" being the one that kills it is, because the ownerreferences of the rolebinding and serviceaccount point at this and the delete gets propagated to these two objects that are still needed by the other clusters.

This PR fixes how the names are built for the serviceAccount and roleBinding objects are created so that they are unique for each cluster.

fixes stackabletech/issues#675

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes
# Author
- [ ] Changes are OpenShift compatible
- [ ] CRD changes approved
- [ ] Integration tests passed (for non trivial changes)

# Reviewer
- [x] Code contains useful comments
- [x] (Integration-)Test cases added
- [x] Changelog updated
- [x] Cargo.toml only contains references to git tags (not specific commits or branches)

# Acceptance
- [ ] Feature Tracker has been updated
- [ ] Proper release label has been added

nightkr
nightkr reviewed Nov 21, 2024
View reviewed changes
@soenkeliebau
Changed role_binding_name and service_account_name to not be public a…
d04b987 
…nymore.

Operators should not call these with potentially wrong parameters, but instead use `build_rbac_resources` to retrieve the objects and read the name from there.
@NickLarsenNZ NickLarsenNZ mentioned this pull request Nov 22, 2024
Closed
@NickLarsenNZ NickLarsenNZ added scheduled-for/2024-11 release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Nov 22, 2024
@NickLarsenNZ
Copy link
Member

Once ready, please add a comment with a one-liner that can be copied into the release notes (if applicable, otherwise drop the release-note label).

@NickLarsenNZ NickLarsenNZ mentioned this pull request Nov 22, 2024
Merged
@soenkeliebau soenkeliebau requested a review from nightkr November 22, 2024 12:48
nightkr
nightkr reviewed Nov 22, 2024
View reviewed changes
soenkeliebau and others added 2 commits November 22, 2024 13:55
@soenkeliebau
Added changelog entry.
eaefb1a
@soenkeliebau @nightkr
Update crates/stackable-operator/src/commons/rbac.rs
c219c2a 
Co-authored-by: Natalie Klestrup Röijezon <nat.roijezon@stackable.tech>
@soenkeliebau soenkeliebau requested a review from nightkr November 22, 2024 14:39
nightkr
nightkr previously approved these changes Nov 22, 2024
View reviewed changes
siegfriedweber
siegfriedweber approved these changes Nov 23, 2024
View reviewed changes
Copy link
Member

@siegfriedweber siegfriedweber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@siegfriedweber siegfriedweber added this pull request to the merge queue Nov 23, 2024
Merged via the queue into main with commit 696023c Nov 23, 2024
10 checks passed
@siegfriedweber siegfriedweber deleted the fix/SUP-148 branch November 23, 2024 10:19
@siegfriedweber siegfriedweber mentioned this pull request Nov 23, 2024
Merged
@lfrancke lfrancke added scheduled-for/25.3.0 release/24.11.1 and removed scheduled-for/25.3.0 release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Dec 4, 2024
@nightkr nightkr mentioned this pull request Apr 8, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@siegfriedweber siegfriedweber siegfriedweber approved these changes

@nightkr nightkr nightkr left review comments

@razvan razvan Awaiting requested review from razvan

@lfrancke lfrancke Awaiting requested review from lfrancke

@NickLarsenNZ NickLarsenNZ Awaiting requested review from NickLarsenNZ

Assignees
No one assigned
Labels
release/24.11.1
Projects
Stackable Engineering
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

serviceAccount and roleBinding objects can accidentally get deleted
5 participants
@soenkeliebau @NickLarsenNZ @nightkr @siegfriedweber @lfrancke