You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(orchestrator): use versioned name for the DB creation Job to avoid immutable upgrade errors (#427)
The `<release>-create-sonataflow-database` Job uses a fixed name across
chart versions. When a field in the rendered pod spec changes between
versions (e.g. the pinned PostgreSQL image digest), an in-place
`helm upgrade` of an Orchestrator-enabled release tries to patch the
Job's immutable `spec.template` and fails:
Job.batch "<release>-create-sonataflow-database" is invalid:
spec.template: ... field is immutable
Use a versioned name `<release>-create-sf-db-<chart-version>` so each
chart version gets a distinct Job (recreated instead of patched).
This is the minimal part of #407 needed to fix the upgrade; the
fail-hard / configurable backoffLimit changes (RHDHBUGS-2577) are
intentionally left out of the 1.10 line.
Fixes RHDHBUGS-3325. Targets 1.10.1.
Signed-off-by: Gustavo Lira <guga.java@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Lucas <lyoon@redhat.com>
Copy file name to clipboardExpand all lines: charts/must-gather/README.md
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ A Helm chart for running the RHDH Must-Gather diagnostic tool on Kubernetes
12
12
13
13
| Name | Email | Url |
14
14
| ---- | ------ | --- |
15
-
| Red Hat ||<https://redhat.com>|
15
+
| Red Hat ||https://redhat.com|
16
16
17
17
## Source Code
18
18
@@ -108,7 +108,7 @@ The command removes all the Kubernetes resources associated with the chart and d
108
108
| Key | Description | Type | Default |
109
109
|-----|-------------|------|---------|
110
110
| affinity | Affinity rules for pod scheduling | object |`{}`|
111
-
| dataHolder | Runs alongside the gather container and stays alive so you can exec in and retrieve the output. | object |`{"resources":{"limits":{"cpu":"100m","ephemeral-storage":"64Mi","memory":"128Mi"},"requests":{"cpu":"50m","ephemeral-storage":"32Mi","memory":"64Mi"}}}`|
111
+
| dataHolder |Data holder container configuration -- Runs alongside the gather container and stays alive so you can exec in and retrieve the output. | object |`{"resources":{"limits":{"cpu":"100m","ephemeral-storage":"64Mi","memory":"128Mi"},"requests":{"cpu":"50m","ephemeral-storage":"32Mi","memory":"64Mi"}}}`|
112
112
| dataHolder.resources | Resource requests and limits for the data-holder container | object |`{"limits":{"cpu":"100m","ephemeral-storage":"64Mi","memory":"128Mi"},"requests":{"cpu":"50m","ephemeral-storage":"32Mi","memory":"64Mi"}}`|
@@ -123,7 +123,7 @@ The command removes all the Kubernetes resources associated with the chart and d
123
123
| gather.heapDump.remoteDir | Directory in container where heap dumps are written for SIGUSR2 method. Must be writable inside the gather container. | string |`""`|
124
124
| gather.heapDump.timeout | Timeout in seconds for heap dump collection | string |`""`|
| gather.namespaces | Example: ["rhdh-prod", "rhdh-staging"]| list |`[]`|
126
+
| gather.namespaces |Limit collection to specific namespaces (only effective when rbac.scope is "cluster"). -- Ignored when rbac.scope is "namespace" (collection is restricted to the release namespace). -- Example: ["rhdh-prod", "rhdh-staging"]| list |`[]`|
127
127
| gather.since | Relative time for log collection (e.g., "2h", "30m") | string |`""`|
| rbac.rules | a rule here does not require disabling the corresponding gather.with* flag. | object |`{"backstages":true,"ingresses":true,"knative":true,"olm":true,"platform":true,"routes":true,"sonataflow":true}`|
146
+
| rbac.rules |Control which API-group rules are included in the Role/ClusterRole. -- Disable a rule if the installing user cannot grant those permissions -- (Kubernetes requires you to already hold any permission you grant). -- The gather script handles missing permissions gracefully, so disabling -- a rule here does not require disabling the corresponding gather.with* flag. | object |`{"backstages":true,"ingresses":true,"knative":true,"olm":true,"platform":true,"routes":true,"sonataflow":true}`|
| rbac.scope | Scope of the RBAC role: "cluster" creates a ClusterRole with cluster-wide read access; -- "namespace" creates a namespace-scoped Role limited to the release namespace only -- (gather.namespaces is ignored; collection is restricted to the release namespace) | string |`"cluster"`|
154
155
| resources | Resource requests and limits for the gather container | object |`{"limits":{"cpu":"500m","ephemeral-storage":"128Mi","memory":"512Mi"},"requests":{"cpu":"100m","ephemeral-storage":"64Mi","memory":"128Mi"}}`|
| serviceAccount | Service account configuration | object |`{"annotations":{},"name":"","tokenExpirationSeconds":3600}`|
157
158
| serviceAccount.annotations | Annotations to add to the service account | object |`{}`|
158
-
| serviceAccount.name | If not set, a name is generated using the fullname template. | string |`""`|
159
-
| serviceAccount.tokenExpirationSeconds | into the gather init container (minimum 600). | int |`3600`|
159
+
| serviceAccount.name |The name of the service account to use. -- If not set, a name is generated using the fullname template. | string |`""`|
160
+
| serviceAccount.tokenExpirationSeconds |Expiration (in seconds) for the bound service account token projected -- into the gather init container (minimum 600). | int |`3600`|
| test | Helm test configuration | object |`{"enabled":true,"image":{"digest":"","pullPolicy":"","registry":"docker.io","repository":"bitnami/kubectl","tag":"latest"}}`|
162
163
| test.enabled | Enable the Helm test | bool |`true`|
0 commit comments