From cff08356a90aa1a3119e37014484af470a5c441d Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Mon, 11 Mar 2024 16:48:38 +0100 Subject: [PATCH 1/5] fix(tests): add security context to ldap pod --- tests/templates/kuttl/ldap/2-install-openldap.yaml.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/templates/kuttl/ldap/2-install-openldap.yaml.j2 b/tests/templates/kuttl/ldap/2-install-openldap.yaml.j2 index c9e2cdc1..28cf55fb 100644 --- a/tests/templates/kuttl/ldap/2-install-openldap.yaml.j2 +++ b/tests/templates/kuttl/ldap/2-install-openldap.yaml.j2 @@ -38,6 +38,12 @@ commands: app.kubernetes.io/name: openldap spec: serviceAccountName: "druid-ldap-sa" + # + # The security context below is necessary to avoid the following error on OpenShift: + # /opt/bitnami/scripts/openldap/setup.sh: line 102: /opt/bitnami/openldap/sbin/slappasswd: Operation not permitted + # + securityContext: + fsGroup: 1000 containers: - name: openldap image: docker.io/bitnami/openldap:2.5 From a0a141db7d3e60bd2521802175697a387c84498a Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Mon, 11 Mar 2024 16:59:54 +0100 Subject: [PATCH 2/5] Raise memory limit to 2Gi --- rust/crd/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs index 3cd92835..914650e0 100644 --- a/rust/crd/src/lib.rs +++ b/rust/crd/src/lib.rs @@ -361,7 +361,7 @@ impl SupersetConfig { max: Some(Quantity("1200m".to_owned())), }, memory: MemoryLimitsFragment { - limit: Some(Quantity("1000Mi".to_owned())), + limit: Some(Quantity("2Gi".to_owned())), runtime_limits: NoRuntimeLimitsFragment {}, }, storage: SupersetStorageConfigFragment {}, From 4b4c39e1c03a8a81c79fe2ac437509ddb253130b Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Mon, 11 Mar 2024 17:17:12 +0100 Subject: [PATCH 3/5] fix(tests): add service accounts to keycloak and python deployments --- ...yaml => 50-install-test-container.yaml.j2} | 30 +++++++++++++++++++ ...keycloak.yaml => install-keycloak.yaml.j2} | 30 +++++++++++++++++++ 2 files changed, 60 insertions(+) rename tests/templates/kuttl/oidc/{50-install-test-container.yaml => 50-install-test-container.yaml.j2} (65%) rename tests/templates/kuttl/oidc/{install-keycloak.yaml => install-keycloak.yaml.j2} (83%) diff --git a/tests/templates/kuttl/oidc/50-install-test-container.yaml b/tests/templates/kuttl/oidc/50-install-test-container.yaml.j2 similarity index 65% rename from tests/templates/kuttl/oidc/50-install-test-container.yaml rename to tests/templates/kuttl/oidc/50-install-test-container.yaml.j2 index 0d04647d..d1199711 100644 --- a/tests/templates/kuttl/oidc/50-install-test-container.yaml +++ b/tests/templates/kuttl/oidc/50-install-test-container.yaml.j2 @@ -1,4 +1,33 @@ --- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: python +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: python +{% if test_scenario['values']['openshift'] == 'true' %} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: python +subjects: + - kind: ServiceAccount + name: python +roleRef: + kind: Role + name: python + apiGroup: rbac.authorization.k8s.io +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep metadata: @@ -21,6 +50,7 @@ spec: labels: app: python spec: + serviceAccountName: python securityContext: fsGroup: 1000 containers: diff --git a/tests/templates/kuttl/oidc/install-keycloak.yaml b/tests/templates/kuttl/oidc/install-keycloak.yaml.j2 similarity index 83% rename from tests/templates/kuttl/oidc/install-keycloak.yaml rename to tests/templates/kuttl/oidc/install-keycloak.yaml.j2 index e9127b97..7197df2f 100644 --- a/tests/templates/kuttl/oidc/install-keycloak.yaml +++ b/tests/templates/kuttl/oidc/install-keycloak.yaml.j2 @@ -69,6 +69,7 @@ spec: labels: app: $INSTANCE_NAME spec: + serviceAccountName: keycloak containers: - name: keycloak image: quay.io/keycloak/keycloak:23.0.4 @@ -138,3 +139,32 @@ spec: server: caCert: secretClass: tls +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: keycloak +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: keycloak +{% if test_scenario['values']['openshift'] == 'true' %} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{% endif %} +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: keycloak +subjects: + - kind: ServiceAccount + name: keycloak +roleRef: + kind: Role + name: keycloak + apiGroup: rbac.authorization.k8s.io From fe5ff545083b78c6ac669972f375e0c867e608ca Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Mon, 11 Mar 2024 17:25:15 +0100 Subject: [PATCH 4/5] Update changelog --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 417df87a..adbd4e68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,19 +9,24 @@ - Add support for OpenID Connect ([#423]). - Support versions `2.1.3`, `3.0.3`, `3.1.0` ([#457]). +### Changed + +- Raise memory requests and limits for Superset pods to 2Gi ([#468]). + ### Fixed - BREAKING: Fixed various issues in the CRD structure. `clusterConfig.credentialsSecret` is now mandatory ([#429]). ### Removed -- Rmoved support for version `2.1.0` ([#457]). +- Removed support for version `2.1.0` ([#457]). [#423]: https://github.com/stackabletech/superset-operator/pull/423 [#429]: https://github.com/stackabletech/superset-operator/pull/429 [#431]: https://github.com/stackabletech/superset-operator/pull/431 [#448]: https://github.com/stackabletech/superset-operator/pull/448 [#457]: https://github.com/stackabletech/superset-operator/pull/457 +[#468]: https://github.com/stackabletech/superset-operator/pull/468 ## [23.11.0] - 2023-11-24 From 7dd4b978a2f65716febae153928134fcce37d0b4 Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Mon, 11 Mar 2024 17:48:15 +0100 Subject: [PATCH 5/5] fix(tests): add the druid op as a test dependency --- tests/release.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/release.yaml b/tests/release.yaml index 3391fffc..42574af8 100644 --- a/tests/release.yaml +++ b/tests/release.yaml @@ -12,5 +12,7 @@ releases: operatorVersion: 0.0.0-dev listener: operatorVersion: 0.0.0-dev + druid: + operatorVersion: 0.0.0-dev superset: operatorVersion: 0.0.0-dev