From bcdcd7de3556f3d6fdc7048506d3f5a32c5cfd14 Mon Sep 17 00:00:00 2001
From: Kaloyan Kotlarski <kaloyan.kotlarski@storpool.com>
Date: Wed, 10 Jan 2024 08:42:29 +0000
Subject: [PATCH] fix: Generate the corresponding RBAC for Octavia health
 manager

The service account used by the Octavia health manager pod lacks
the proper Role and Role Bindings. These are generated by specifying
the static correct static dependency key when creating the respective
service account.

This commit specifies that the health_manager key must be used so
that proper Role and Role Binding are created.

Change-Id: Ib66fb822edd03c8f67642f4791efb75985d5dc44
---
 octavia/Chart.yaml                              | 2 +-
 octavia/templates/daemonset-health-manager.yaml | 2 +-
 releasenotes/notes/octavia.yaml                 | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/octavia/Chart.yaml b/octavia/Chart.yaml
index 0444b58d37..10ad88ce44 100644
--- a/octavia/Chart.yaml
+++ b/octavia/Chart.yaml
@@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Octavia
 name: octavia
-version: 0.2.9
+version: 0.2.10
 home: https://docs.openstack.org/octavia/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Octavia/OpenStack_Project_Octavia_vertical.png
 sources:
diff --git a/octavia/templates/daemonset-health-manager.yaml b/octavia/templates/daemonset-health-manager.yaml
index a355e86ed8..ff935af3e6 100644
--- a/octavia/templates/daemonset-health-manager.yaml
+++ b/octavia/templates/daemonset-health-manager.yaml
@@ -154,7 +154,7 @@ spec:
 {{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "health_manager" -}}
 {{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
 
-{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{ tuple $envAll "health_manager" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 {{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "octavia.health_manager.daemonset" | toString | fromYaml }}
 {{- $configmap_yaml := "octavia.configmap.etc" }}
 {{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
diff --git a/releasenotes/notes/octavia.yaml b/releasenotes/notes/octavia.yaml
index b2c9cea91b..c612294dd3 100644
--- a/releasenotes/notes/octavia.yaml
+++ b/releasenotes/notes/octavia.yaml
@@ -13,4 +13,5 @@ octavia:
   - 0.2.7 Use HTTP probe instead of TCP probe
   - 0.2.8 Define service_type in keystone_authtoken to support application credentials with access rules
   - 0.2.9 Use default timeout and retry configs for haproxy_amphora
+  - 0.2.10 Fix generating health_manager Role and RoleBinding
 ...