From bae069f34cc1322bfb15525ef736d9362bff9dfa Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 13:15:11 -0500
Subject: [PATCH 01/17] added upgrade job
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/_helpers.tpl | 13 +++++
chart/templates/bigbang/upgrade/job.yaml | 49 +++++++++++++++++++
.../bigbang/upgrade/networkPolicy.yaml | 28 +++++++++++
chart/templates/bigbang/upgrade/role.yaml | 15 ++++++
.../bigbang/upgrade/roleBinding.yaml | 19 +++++++
.../bigbang/upgrade/serviceAccount.yaml | 11 +++++
6 files changed, 135 insertions(+)
create mode 100644 chart/templates/bigbang/upgrade/_helpers.tpl
create mode 100644 chart/templates/bigbang/upgrade/job.yaml
create mode 100644 chart/templates/bigbang/upgrade/networkPolicy.yaml
create mode 100644 chart/templates/bigbang/upgrade/role.yaml
create mode 100644 chart/templates/bigbang/upgrade/roleBinding.yaml
create mode 100644 chart/templates/bigbang/upgrade/serviceAccount.yaml
diff --git a/chart/templates/bigbang/upgrade/_helpers.tpl b/chart/templates/bigbang/upgrade/_helpers.tpl
new file mode 100644
index 0000000..fe7e9b1
--- /dev/null
+++ b/chart/templates/bigbang/upgrade/_helpers.tpl
@@ -0,0 +1,13 @@
+{{- define "mimir.shouldDeployUpgradeResources" -}}
+{{/* Define upgradeVersion inside the template so it's available when the template is used */}}
+{{- $upgradeVersion := "5.5.1-bb.5" -}}
+{{- if and .Release.IsUpgrade index .Values "minio-tenant" "enabled" -}}
+ {{- $mimirVersion := lookup "apps/v1" "StatefulSet" .Release.Namespace "mimir-mimir-ingester-zone-a" -}}
+ {{- if $mimirVersion -}}
+ {{- $currentVersion := dig "metadata" "labels" "helm.sh/chart" "<missing>" $mimirVersion | trimPrefix "mimir-distributed" -}}
+ {{- if semverCompare (print "<" $upgradeVersion) $currentVersion -}}
+true
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/chart/templates/bigbang/upgrade/job.yaml b/chart/templates/bigbang/upgrade/job.yaml
new file mode 100644
index 0000000..a3aaa58
--- /dev/null
+++ b/chart/templates/bigbang/upgrade/job.yaml
@@ -0,0 +1,49 @@
+{{- if eq (include "mimir.shouldDeployUpgradeResources" .) "true" }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ .Values.upgradeJob.name }}
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-upgrade
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
+spec:
+ template:
+ metadata:
+ spec:
+ automountServiceAccountToken: true
+ imagePullSecrets:
+ - name: {{ .Values.upgradeJob.image.pullSecrets }}
+ serviceAccountName: {{ .Values.upgradeJob.serviceAccount }}
+ containers:
+ - name: {{ .Values.upgradeJob.name }}
+ image: {{ .Values.upgradeJob.image.repository }}:{{ .Values.upgradeJob.image.tag }}
+ imagePullPolicy: {{ .Values.upgradeJob.image.imagePullPolicy }}
+ command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ # Delete the existing MinIO Tenant and check if successful
+ if kubectl delete tenant mimir-mimir-minio-tenant -n {{ .Release.Namespace }}; then
+ echo "MinIO Tenant deleted successfully."
+ else
+ echo "[ERROR] Failed to delete MinIO." >&2
+ exit 1
+ fi
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 100m
+ memory: 256Mi
+ securityContext:
+ capabilities:
+ drop: ["ALL"]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ runAsGroup: 1000
+ restartPolicy: Never
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/bigbang/upgrade/networkPolicy.yaml b/chart/templates/bigbang/upgrade/networkPolicy.yaml
new file mode 100644
index 0000000..3082444
--- /dev/null
+++ b/chart/templates/bigbang/upgrade/networkPolicy.yaml
@@ -0,0 +1,28 @@
+{{- if eq (include "mimir.shouldDeployUpgradeResources" .) "true" }}
+ {{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: api-egress-upgrade-job
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-upgrade
+ "helm.sh/hook-weight": "-10"
+ "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
+spec:
+ egress:
+ - to:
+ - ipBlock:
+ cidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+ {{- if eq .Values.networkPolicies.controlPlaneCidr "0.0.0.0/0" }}
+ # ONLY Block requests to AWS metadata IP
+ except:
+ - 169.254.169.254/32
+ {{- end }}
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Values.upgradeJob.name }}
+ policyTypes:
+ - Egress
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/bigbang/upgrade/role.yaml b/chart/templates/bigbang/upgrade/role.yaml
new file mode 100644
index 0000000..0fb04e6
--- /dev/null
+++ b/chart/templates/bigbang/upgrade/role.yaml
@@ -0,0 +1,15 @@
+{{- if include "mimir.shouldDeployUpgradeResources" . }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ .Values.upgradeJob.role }}
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-upgrade
+ "helm.sh/hook-weight": "-10"
+ "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
+rules:
+- apiGroups: ["apps"]
+ resources: ["statefulsets"]
+ verbs: ["get", "list", "delete"]
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/bigbang/upgrade/roleBinding.yaml b/chart/templates/bigbang/upgrade/roleBinding.yaml
new file mode 100644
index 0000000..6b28782
--- /dev/null
+++ b/chart/templates/bigbang/upgrade/roleBinding.yaml
@@ -0,0 +1,19 @@
+{{- if include "mimir.shouldDeployUpgradeResources" . }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ .Values.upgradeJob.roleBinding }}
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-upgrade
+ "helm.sh/hook-weight": "-10"
+ "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ .Values.upgradeJob.role }}
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.upgradeJob.serviceAccount }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/bigbang/upgrade/serviceAccount.yaml b/chart/templates/bigbang/upgrade/serviceAccount.yaml
new file mode 100644
index 0000000..e8b5937
--- /dev/null
+++ b/chart/templates/bigbang/upgrade/serviceAccount.yaml
@@ -0,0 +1,11 @@
+{{- if include "mimir.shouldDeployUpgradeResources" . }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.upgradeJob.serviceAccount }}
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-upgrade
+ "helm.sh/hook-weight": "-10"
+ "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
+{{- end }}
\ No newline at end of file
--
GitLab
From cae7a6ad2bbc5ed6c4a6cc67e1218c7dcd639aa4 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 13:27:24 -0500
Subject: [PATCH 02/17] added upgradejob values to yaml
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/_helpers.tpl | 2 +-
chart/values.yaml | 14 ++++++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/chart/templates/bigbang/upgrade/_helpers.tpl b/chart/templates/bigbang/upgrade/_helpers.tpl
index fe7e9b1..3b44133 100644
--- a/chart/templates/bigbang/upgrade/_helpers.tpl
+++ b/chart/templates/bigbang/upgrade/_helpers.tpl
@@ -1,7 +1,7 @@
{{- define "mimir.shouldDeployUpgradeResources" -}}
{{/* Define upgradeVersion inside the template so it's available when the template is used */}}
{{- $upgradeVersion := "5.5.1-bb.5" -}}
-{{- if and .Release.IsUpgrade index .Values "minio-tenant" "enabled" -}}
+{{- if and .Release.IsUpgrade (index .Values "minio-tenant" "enabled") .Values.autoRollingUpgrade.enabled -}}
{{- $mimirVersion := lookup "apps/v1" "StatefulSet" .Release.Namespace "mimir-mimir-ingester-zone-a" -}}
{{- if $mimirVersion -}}
{{- $currentVersion := dig "metadata" "labels" "helm.sh/chart" "<missing>" $mimirVersion | trimPrefix "mimir-distributed" -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index a903e22..e2da72f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -215,6 +215,20 @@ istio:
# PERMISSIVE = Allow both plain text and mutual TLS traffic
mode: STRICT
+autoRollingUpgrade:
+ enabled: true
+
+upgradeJob:
+ name: mimir-upgrade-job
+ image:
+ repository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
+ tag: v1.30.9
+ imagePullPolicy: IfNotPresent
+ pullSecrets: private-registry
+ serviceAccount: upgrade-job-svc-account
+ role: upgrade-role
+ roleBinding: upgrade-rolebinding
+
bbtests:
enabled: false
cypress:
--
GitLab
From 576d31fca5ba36df681840c3630698786af8a640 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 13:28:11 -0500
Subject: [PATCH 03/17] updated changelog
Signed-off-by: Kliu <kliu@vivsoft.io>
---
CHANGELOG.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6270ad3..cc0338d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
### Changed
- MinIO Tenant Pool from 4 to 1 server
+- Added pre-upgrade job to remove MinIO Tenant Pool prior to upgrade
## [5.5.1-bb.4] 2025-01-31
### Added
--
GitLab
From c40bb5849faa828272572762ddb88ddbf45b27ef Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 13:30:05 -0500
Subject: [PATCH 04/17] changed the upgrade job enable in values.yaml
Signed-off-by: Kliu <kliu@vivsoft.io>
---
README.md | 9 +++++++++
chart/templates/bigbang/upgrade/_helpers.tpl | 2 +-
chart/values.yaml | 4 +---
3 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 1688fae..cb45035 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,15 @@ helm install mimir chart/
| istio.enabled | bool | `false` | Toggle istio configuration |
| istio.hardened | object | `{"alloy":{"enabled":true,"namespaces":["monitoring"],"principals":["cluster.local/ns/monitoring/sa/monitoring-alloy"]},"customAuthorizationPolicies":[],"customServiceEntries":[],"enabled":false,"grafana":{"enabled":true,"namespaces":["monitoring"],"principals":["cluster.local/ns/monitoring/sa/monitoring-grafana"]},"minio":{"enabled":true},"minioOperator":{"enabled":true,"namespaces":["minio-operator"],"principals":["cluster.local/ns/minio-operator/sa/minio-operator"]},"outboundTrafficPolicyMode":"REGISTRY_ONLY","prometheus":{"enabled":true,"namespaces":["monitoring"],"principals":["cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"]}}` | Default peer authentication values |
| istio.mtls.mode | string | `"STRICT"` | STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic |
+| upgradeJob.enabled | bool | `true` | |
+| upgradeJob.name | string | `"mimir-upgrade-job"` | |
+| upgradeJob.image.repository | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"` | |
+| upgradeJob.image.tag | string | `"v1.30.9"` | |
+| upgradeJob.image.imagePullPolicy | string | `"IfNotPresent"` | |
+| upgradeJob.image.pullSecrets | string | `"private-registry"` | |
+| upgradeJob.serviceAccount | string | `"upgrade-job-svc-account"` | |
+| upgradeJob.role | string | `"upgrade-role"` | |
+| upgradeJob.roleBinding | string | `"upgrade-rolebinding"` | |
| bbtests.enabled | bool | `false` | |
| bbtests.cypress.enabled | bool | `true` | |
| bbtests.cypress.artifacts | bool | `true` | |
diff --git a/chart/templates/bigbang/upgrade/_helpers.tpl b/chart/templates/bigbang/upgrade/_helpers.tpl
index 3b44133..a08a800 100644
--- a/chart/templates/bigbang/upgrade/_helpers.tpl
+++ b/chart/templates/bigbang/upgrade/_helpers.tpl
@@ -1,7 +1,7 @@
{{- define "mimir.shouldDeployUpgradeResources" -}}
{{/* Define upgradeVersion inside the template so it's available when the template is used */}}
{{- $upgradeVersion := "5.5.1-bb.5" -}}
-{{- if and .Release.IsUpgrade (index .Values "minio-tenant" "enabled") .Values.autoRollingUpgrade.enabled -}}
+{{- if and .Release.IsUpgrade (index .Values "minio-tenant" "enabled") .Values.upgradeJob.enabled -}}
{{- $mimirVersion := lookup "apps/v1" "StatefulSet" .Release.Namespace "mimir-mimir-ingester-zone-a" -}}
{{- if $mimirVersion -}}
{{- $currentVersion := dig "metadata" "labels" "helm.sh/chart" "<missing>" $mimirVersion | trimPrefix "mimir-distributed" -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index e2da72f..5991f72 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -215,10 +215,8 @@ istio:
# PERMISSIVE = Allow both plain text and mutual TLS traffic
mode: STRICT
-autoRollingUpgrade:
- enabled: true
-
upgradeJob:
+ enabled: true
name: mimir-upgrade-job
image:
repository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
--
GitLab
From 1b9f5468f13dfc276cee6edd898a20c6540692c5 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 13:34:52 -0500
Subject: [PATCH 05/17] fixed _helper.tpl for upgrade semver
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/_helpers.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/templates/bigbang/upgrade/_helpers.tpl b/chart/templates/bigbang/upgrade/_helpers.tpl
index a08a800..80e8a6e 100644
--- a/chart/templates/bigbang/upgrade/_helpers.tpl
+++ b/chart/templates/bigbang/upgrade/_helpers.tpl
@@ -4,7 +4,7 @@
{{- if and .Release.IsUpgrade (index .Values "minio-tenant" "enabled") .Values.upgradeJob.enabled -}}
{{- $mimirVersion := lookup "apps/v1" "StatefulSet" .Release.Namespace "mimir-mimir-ingester-zone-a" -}}
{{- if $mimirVersion -}}
- {{- $currentVersion := dig "metadata" "labels" "helm.sh/chart" "<missing>" $mimirVersion | trimPrefix "mimir-distributed" -}}
+ {{- $currentVersion := dig "metadata" "labels" "helm.sh/chart" "<missing>" $mimirVersion | trimPrefix "mimir-distributed-" -}}
{{- if semverCompare (print "<" $upgradeVersion) $currentVersion -}}
true
{{- end -}}
--
GitLab
From 29db6c433e54359d9b60d5d9c1cfb54616b91616 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 13:55:38 -0500
Subject: [PATCH 06/17] changed upgradejob to lookup helmrelease version
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/_helpers.tpl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/chart/templates/bigbang/upgrade/_helpers.tpl b/chart/templates/bigbang/upgrade/_helpers.tpl
index 80e8a6e..9b6221e 100644
--- a/chart/templates/bigbang/upgrade/_helpers.tpl
+++ b/chart/templates/bigbang/upgrade/_helpers.tpl
@@ -2,9 +2,9 @@
{{/* Define upgradeVersion inside the template so it's available when the template is used */}}
{{- $upgradeVersion := "5.5.1-bb.5" -}}
{{- if and .Release.IsUpgrade (index .Values "minio-tenant" "enabled") .Values.upgradeJob.enabled -}}
- {{- $mimirVersion := lookup "apps/v1" "StatefulSet" .Release.Namespace "mimir-mimir-ingester-zone-a" -}}
+ {{- $mimirVersion := lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "bigbang" "mimir" -}}
{{- if $mimirVersion -}}
- {{- $currentVersion := dig "metadata" "labels" "helm.sh/chart" "<missing>" $mimirVersion | trimPrefix "mimir-distributed-" -}}
+ {{- $currentVersion := index $helmRelease.status.history 0 "chartVersion" -}}
{{- if semverCompare (print "<" $upgradeVersion) $currentVersion -}}
true
{{- end -}}
--
GitLab
From 2d3dfbdec04f68ba4aa35594037ea6f5b8d31451 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 14:02:29 -0500
Subject: [PATCH 07/17] changed the helmrelease
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/_helpers.tpl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/chart/templates/bigbang/upgrade/_helpers.tpl b/chart/templates/bigbang/upgrade/_helpers.tpl
index 9b6221e..c97114d 100644
--- a/chart/templates/bigbang/upgrade/_helpers.tpl
+++ b/chart/templates/bigbang/upgrade/_helpers.tpl
@@ -2,8 +2,8 @@
{{/* Define upgradeVersion inside the template so it's available when the template is used */}}
{{- $upgradeVersion := "5.5.1-bb.5" -}}
{{- if and .Release.IsUpgrade (index .Values "minio-tenant" "enabled") .Values.upgradeJob.enabled -}}
- {{- $mimirVersion := lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "bigbang" "mimir" -}}
- {{- if $mimirVersion -}}
+ {{- $helmRelease := lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "bigbang" "mimir" -}}
+ {{- if $helmRelease -}}
{{- $currentVersion := index $helmRelease.status.history 0 "chartVersion" -}}
{{- if semverCompare (print "<" $upgradeVersion) $currentVersion -}}
true
--
GitLab
From 02ebaf72a34e601d7dadc5211458c3a74f4ac478 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 14:28:19 -0500
Subject: [PATCH 08/17] bumped chart tag and updated readme
Signed-off-by: Kliu <kliu@vivsoft.io>
---
CHANGELOG.md | 6 +++++-
README.md | 2 +-
chart/Chart.yaml | 2 +-
chart/templates/bigbang/upgrade/role.yaml | 4 ++--
4 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index cc0338d..9ab07bd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,11 +3,15 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
+## [5.5.1-bb.6] 2025-02-26
+### Added
+
+- Added pre-upgrade job to remove MinIO Tenant Pool prior to upgrade
+
## [5.5.1-bb.5] 2025-02-14
### Changed
- MinIO Tenant Pool from 4 to 1 server
-- Added pre-upgrade job to remove MinIO Tenant Pool prior to upgrade
## [5.5.1-bb.4] 2025-01-31
### Added
diff --git a/README.md b/README.md
index cb45035..1cec15e 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# mimir
-   
+   
Grafana Mimir
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 25c2440..3a2aeae 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: mimir
description: Grafana Mimir
type: application
-version: 5.5.1-bb.5
+version: 5.5.1-bb.6
appVersion: 2.14.2
icon: https://raw.githubusercontent.com/grafana/grafana/main/public/img/grafana_icon.svg
sources:
diff --git a/chart/templates/bigbang/upgrade/role.yaml b/chart/templates/bigbang/upgrade/role.yaml
index 0fb04e6..cba5d8f 100644
--- a/chart/templates/bigbang/upgrade/role.yaml
+++ b/chart/templates/bigbang/upgrade/role.yaml
@@ -9,7 +9,7 @@ metadata:
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
rules:
-- apiGroups: ["apps"]
- resources: ["statefulsets"]
+- apiGroups: ["minio.min.io/v2"]
+ resources: ["tenants"]
verbs: ["get", "list", "delete"]
{{- end }}
\ No newline at end of file
--
GitLab
From a3416d6f6acaa1a5a5231957c82663da99705a4b Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 14:42:01 -0500
Subject: [PATCH 09/17] fixed apigroup for role
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/role.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/templates/bigbang/upgrade/role.yaml b/chart/templates/bigbang/upgrade/role.yaml
index cba5d8f..d2f32a2 100644
--- a/chart/templates/bigbang/upgrade/role.yaml
+++ b/chart/templates/bigbang/upgrade/role.yaml
@@ -9,7 +9,7 @@ metadata:
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
rules:
-- apiGroups: ["minio.min.io/v2"]
+- apiGroups: ["minio.min.io"]
resources: ["tenants"]
verbs: ["get", "list", "delete"]
{{- end }}
\ No newline at end of file
--
GitLab
From 2522dd1d173b72023db77430460c0c03c6221bd4 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 15:58:24 -0500
Subject: [PATCH 10/17] fixed deletion
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/job.yaml | 54 +++++++++++++++++++++---
1 file changed, 47 insertions(+), 7 deletions(-)
diff --git a/chart/templates/bigbang/upgrade/job.yaml b/chart/templates/bigbang/upgrade/job.yaml
index a3aaa58..ab77b81 100644
--- a/chart/templates/bigbang/upgrade/job.yaml
+++ b/chart/templates/bigbang/upgrade/job.yaml
@@ -24,13 +24,53 @@ spec:
- "/bin/bash"
- "-c"
- |
- # Delete the existing MinIO Tenant and check if successful
- if kubectl delete tenant mimir-mimir-minio-tenant -n {{ .Release.Namespace }}; then
- echo "MinIO Tenant deleted successfully."
- else
- echo "[ERROR] Failed to delete MinIO." >&2
- exit 1
- fi
+ # Enable error handling
+ set -e # Exit on first error
+ trap 'echo "Error occurred at line $LINENO"; exit 1' ERR
+
+ # Step 1: Delete the tenant
+ echo "Deleting tenant 'mimir-mimir-minio-tenant' in namespace 'mimir'..."
+ kubectl delete tenant mimir-mimir-minio-tenant -n mimir || {
+ echo "Tenant deletion failed or was already deleted.";
+ exit 1;
+ }
+
+ # Step 2: Remove finalizers from all matching PVs and delete them
+ echo "Removing finalizers and deleting Persistent Volumes..."
+
+ kubectl get pv -o json | jq -r '
+ .items[] |
+ select(.spec.claimRef.namespace=="mimir" and (.spec.claimRef.name | test("^data[0-9]-mimir-mimir-minio-tenant-pool-.*"))) |
+ .metadata.name' | while read -r pv; do
+ echo "Patching PV: $pv"
+ kubectl patch pv "$pv" --type=json -p '[{"op": "remove", "path": "/metadata/finalizers"}]' || {
+ echo "Failed to remove finalizer from PV: $pv";
+ continue;
+ }
+
+ echo "Deleting PV: $pv"
+ kubectl delete pv "$pv" --force --grace-period=0 || {
+ echo "Failed to delete PV: $pv";
+ continue;
+ }
+ done
+
+ # Step 3: Delete all PVCs that contain 'data*-mimir*' in their name
+ echo "Deleting Persistent Volume Claims (PVCs) that match 'data*-mimir*'..."
+
+ kubectl get pvc -n mimir -o json | jq -r '
+ .items[] |
+ select(.metadata.name | test("data.*-mimir.*")) |
+ .metadata.name' | while read -r pvc; do
+ echo "Deleting PVC: $pvc"
+ kubectl delete pvc "$pvc" -n mimir || {
+ echo "Failed to delete PVC: $pvc";
+ continue;
+ }
+ done
+
+ echo "Cleanup completed!"
+
resources:
requests:
cpu: 100m
--
GitLab
From cdba0979f741b51aedd5f043670544306d148016 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 17:02:01 -0500
Subject: [PATCH 11/17] changed base
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/values.yaml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/chart/values.yaml b/chart/values.yaml
index 5991f72..4048b5d 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -219,8 +219,10 @@ upgradeJob:
enabled: true
name: mimir-upgrade-job
image:
- repository: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl
- tag: v1.30.9
+ # -- image repository for upgradeJob
+ repository: registry1.dso.mil/ironbank/big-bang/base
+ # -- image tag for upgradeJob
+ tag: 2.1.0
imagePullPolicy: IfNotPresent
pullSecrets: private-registry
serviceAccount: upgrade-job-svc-account
--
GitLab
From 94a8609216b61d1a83fda0b39c55861705e92d7f Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 18:45:33 -0500
Subject: [PATCH 12/17] updated shell script to better handle race conditions
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/job.yaml | 45 ++++++++++++++----------
1 file changed, 27 insertions(+), 18 deletions(-)
diff --git a/chart/templates/bigbang/upgrade/job.yaml b/chart/templates/bigbang/upgrade/job.yaml
index ab77b81..5670761 100644
--- a/chart/templates/bigbang/upgrade/job.yaml
+++ b/chart/templates/bigbang/upgrade/job.yaml
@@ -24,48 +24,57 @@ spec:
- "/bin/bash"
- "-c"
- |
- # Enable error handling
set -e # Exit on first error
trap 'echo "Error occurred at line $LINENO"; exit 1' ERR
# Step 1: Delete the tenant
echo "Deleting tenant 'mimir-mimir-minio-tenant' in namespace 'mimir'..."
kubectl delete tenant mimir-mimir-minio-tenant -n mimir || {
- echo "Tenant deletion failed or was already deleted.";
- exit 1;
+ echo "Tenant deletion failed or was already deleted.";
+ exit 1;
}
- # Step 2: Remove finalizers from all matching PVs and delete them
- echo "Removing finalizers and deleting Persistent Volumes..."
+ # Step 2: Remove finalizers from all matching PVs
+ echo "Removing finalizers from Persistent Volumes..."
+
+ # Create an array to hold PV names that will be patched
+ pv_list=()
kubectl get pv -o json | jq -r '
- .items[] |
- select(.spec.claimRef.namespace=="mimir" and (.spec.claimRef.name | test("^data[0-9]-mimir-mimir-minio-tenant-pool-.*"))) |
- .metadata.name' | while read -r pv; do
+ .items[] |
+ select(.spec.claimRef.namespace=="mimir" and (.spec.claimRef.name | test("^data[0-9]-mimir-mimir-minio-tenant-pool-.*"))) |
+ .metadata.name' | while read -r pv; do
echo "Patching PV: $pv"
kubectl patch pv "$pv" --type=json -p '[{"op": "remove", "path": "/metadata/finalizers"}]' || {
- echo "Failed to remove finalizer from PV: $pv";
- continue;
+ echo "Failed to remove finalizer from PV: $pv";
+ continue;
}
+ # If patching is successful, add PV to the list for deletion later
+ pv_list+=("$pv")
+ done
+
+ # Step 3: Delete all matching PVs
+ echo "Deleting Persistent Volumes..."
+ for pv in "${pv_list[@]}"; do
echo "Deleting PV: $pv"
kubectl delete pv "$pv" --force --grace-period=0 || {
- echo "Failed to delete PV: $pv";
- continue;
+ echo "Failed to delete PV: $pv";
+ continue;
}
done
- # Step 3: Delete all PVCs that contain 'data*-mimir*' in their name
+ # Step 4: Delete all PVCs that contain 'data*-mimir*' in their name
echo "Deleting Persistent Volume Claims (PVCs) that match 'data*-mimir*'..."
kubectl get pvc -n mimir -o json | jq -r '
- .items[] |
- select(.metadata.name | test("data.*-mimir.*")) |
- .metadata.name' | while read -r pvc; do
+ .items[] |
+ select(.metadata.name | test("data.*-mimir.*")) |
+ .metadata.name' | while read -r pvc; do
echo "Deleting PVC: $pvc"
kubectl delete pvc "$pvc" -n mimir || {
- echo "Failed to delete PVC: $pvc";
- continue;
+ echo "Failed to delete PVC: $pvc";
+ continue;
}
done
--
GitLab
From 3d199eab4aeae74221ed632e5df52381fc0d2866 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 19:14:58 -0500
Subject: [PATCH 13/17] updated shell
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/job.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/chart/templates/bigbang/upgrade/job.yaml b/chart/templates/bigbang/upgrade/job.yaml
index 5670761..97431a7 100644
--- a/chart/templates/bigbang/upgrade/job.yaml
+++ b/chart/templates/bigbang/upgrade/job.yaml
@@ -29,7 +29,7 @@ spec:
# Step 1: Delete the tenant
echo "Deleting tenant 'mimir-mimir-minio-tenant' in namespace 'mimir'..."
- kubectl delete tenant mimir-mimir-minio-tenant -n mimir || {
+ kubectl delete tenant mimir-mimir-minio-tenant -n mimir --wait=true || {
echo "Tenant deletion failed or was already deleted.";
exit 1;
}
@@ -58,7 +58,7 @@ spec:
echo "Deleting Persistent Volumes..."
for pv in "${pv_list[@]}"; do
echo "Deleting PV: $pv"
- kubectl delete pv "$pv" --force --grace-period=0 || {
+ kubectl delete pv "$pv" --wait=true || {
echo "Failed to delete PV: $pv";
continue;
}
@@ -72,7 +72,7 @@ spec:
select(.metadata.name | test("data.*-mimir.*")) |
.metadata.name' | while read -r pvc; do
echo "Deleting PVC: $pvc"
- kubectl delete pvc "$pvc" -n mimir || {
+ kubectl delete pvc "$pvc" -n mimir --wait=true || {
echo "Failed to delete PVC: $pvc";
continue;
}
--
GitLab
From 63c3adcd24d610be1e635c26fae33156d549624c Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 19:20:31 -0500
Subject: [PATCH 14/17] updated error handling pre-upgrade job
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/job.yaml | 6 +++---
chart/templates/bigbang/upgrade/role.yaml | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/chart/templates/bigbang/upgrade/job.yaml b/chart/templates/bigbang/upgrade/job.yaml
index 97431a7..f8f64c2 100644
--- a/chart/templates/bigbang/upgrade/job.yaml
+++ b/chart/templates/bigbang/upgrade/job.yaml
@@ -47,7 +47,7 @@ spec:
echo "Patching PV: $pv"
kubectl patch pv "$pv" --type=json -p '[{"op": "remove", "path": "/metadata/finalizers"}]' || {
echo "Failed to remove finalizer from PV: $pv";
- continue;
+ exit 1;
}
# If patching is successful, add PV to the list for deletion later
@@ -60,7 +60,7 @@ spec:
echo "Deleting PV: $pv"
kubectl delete pv "$pv" --wait=true || {
echo "Failed to delete PV: $pv";
- continue;
+ exit 1;
}
done
@@ -74,7 +74,7 @@ spec:
echo "Deleting PVC: $pvc"
kubectl delete pvc "$pvc" -n mimir --wait=true || {
echo "Failed to delete PVC: $pvc";
- continue;
+ exit 1;
}
done
diff --git a/chart/templates/bigbang/upgrade/role.yaml b/chart/templates/bigbang/upgrade/role.yaml
index d2f32a2..5c69cfb 100644
--- a/chart/templates/bigbang/upgrade/role.yaml
+++ b/chart/templates/bigbang/upgrade/role.yaml
@@ -9,7 +9,7 @@ metadata:
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
rules:
-- apiGroups: ["minio.min.io"]
- resources: ["tenants"]
+- apiGroups: ["minio.min.io",""]
+ resources: ["tenants","persistentvolumeclaims","persistentvolumes"]
verbs: ["get", "list", "delete"]
{{- end }}
\ No newline at end of file
--
GitLab
From d9367d02b24aa9afe494417a0353dc66e7aa6849 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Wed, 26 Feb 2025 19:29:10 -0500
Subject: [PATCH 15/17] updated wait function for upgrade job
Signed-off-by: Kliu <kliu@vivsoft.io>
---
chart/templates/bigbang/upgrade/job.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/chart/templates/bigbang/upgrade/job.yaml b/chart/templates/bigbang/upgrade/job.yaml
index f8f64c2..9392fa5 100644
--- a/chart/templates/bigbang/upgrade/job.yaml
+++ b/chart/templates/bigbang/upgrade/job.yaml
@@ -29,7 +29,7 @@ spec:
# Step 1: Delete the tenant
echo "Deleting tenant 'mimir-mimir-minio-tenant' in namespace 'mimir'..."
- kubectl delete tenant mimir-mimir-minio-tenant -n mimir --wait=true || {
+ kubectl delete tenant mimir-mimir-minio-tenant -n mimir || {
echo "Tenant deletion failed or was already deleted.";
exit 1;
}
@@ -58,7 +58,7 @@ spec:
echo "Deleting Persistent Volumes..."
for pv in "${pv_list[@]}"; do
echo "Deleting PV: $pv"
- kubectl delete pv "$pv" --wait=true || {
+ kubectl delete pv "$pv" || {
echo "Failed to delete PV: $pv";
exit 1;
}
@@ -72,13 +72,13 @@ spec:
select(.metadata.name | test("data.*-mimir.*")) |
.metadata.name' | while read -r pvc; do
echo "Deleting PVC: $pvc"
- kubectl delete pvc "$pvc" -n mimir --wait=true || {
+ kubectl delete pvc "$pvc" -n mimir || {
echo "Failed to delete PVC: $pvc";
exit 1;
}
done
- echo "Cleanup completed!"
+ echo "MinIO Tenant Cleanup completed!"
resources:
requests:
--
GitLab
From c99b55972d427d7161e5506f1880b71128fdb82c Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Thu, 27 Feb 2025 11:43:25 -0500
Subject: [PATCH 16/17] moved the changes back to bb.5
Signed-off-by: Kliu <kliu@vivsoft.io>
---
CHANGELOG.md | 8 ++------
README.md | 6 +++---
chart/Chart.yaml | 2 +-
3 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9ab07bd..ca0058b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,15 +3,11 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
-## [5.5.1-bb.6] 2025-02-26
-### Added
-
-- Added pre-upgrade job to remove MinIO Tenant Pool prior to upgrade
-
-## [5.5.1-bb.5] 2025-02-14
+## [5.5.1-bb.5] 2025-02-26
### Changed
- MinIO Tenant Pool from 4 to 1 server
+- Added pre-upgrade job to remove MinIO Tenant Pool prior to upgrade
## [5.5.1-bb.4] 2025-01-31
### Added
diff --git a/README.md b/README.md
index 1cec15e..8a5da37 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# mimir
-   
+   
Grafana Mimir
@@ -58,8 +58,8 @@ helm install mimir chart/
| istio.mtls.mode | string | `"STRICT"` | STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic |
| upgradeJob.enabled | bool | `true` | |
| upgradeJob.name | string | `"mimir-upgrade-job"` | |
-| upgradeJob.image.repository | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"` | |
-| upgradeJob.image.tag | string | `"v1.30.9"` | |
+| upgradeJob.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | image repository for upgradeJob |
+| upgradeJob.image.tag | string | `"2.1.0"` | image tag for upgradeJob |
| upgradeJob.image.imagePullPolicy | string | `"IfNotPresent"` | |
| upgradeJob.image.pullSecrets | string | `"private-registry"` | |
| upgradeJob.serviceAccount | string | `"upgrade-job-svc-account"` | |
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 3a2aeae..25c2440 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: mimir
description: Grafana Mimir
type: application
-version: 5.5.1-bb.6
+version: 5.5.1-bb.5
appVersion: 2.14.2
icon: https://raw.githubusercontent.com/grafana/grafana/main/public/img/grafana_icon.svg
sources:
--
GitLab
From 772c0ffe7de62026ff1875c77d464ef9db3c6b52 Mon Sep 17 00:00:00 2001
From: Kliu <kliu@vivsoft.io>
Date: Thu, 27 Feb 2025 11:46:11 -0500
Subject: [PATCH 17/17] move to upgrade
Signed-off-by: Kliu <kliu@vivsoft.io>
---
CHANGELOG.md | 8 ++++++--
README.md | 2 +-
chart/Chart.yaml | 2 +-
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ca0058b..9ab07bd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,11 +3,15 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
-## [5.5.1-bb.5] 2025-02-26
+## [5.5.1-bb.6] 2025-02-26
+### Added
+
+- Added pre-upgrade job to remove MinIO Tenant Pool prior to upgrade
+
+## [5.5.1-bb.5] 2025-02-14
### Changed
- MinIO Tenant Pool from 4 to 1 server
-- Added pre-upgrade job to remove MinIO Tenant Pool prior to upgrade
## [5.5.1-bb.4] 2025-01-31
### Added
diff --git a/README.md b/README.md
index 8a5da37..bcc2bd4 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# mimir
-   
+   
Grafana Mimir
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 25c2440..3a2aeae 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: mimir
description: Grafana Mimir
type: application
-version: 5.5.1-bb.5
+version: 5.5.1-bb.6
appVersion: 2.14.2
icon: https://raw.githubusercontent.com/grafana/grafana/main/public/img/grafana_icon.svg
sources:
--
GitLab