Merge pull request prometheus-community#13 from reddit/bugfix-k8s-vpc-deployment

Patch K8s SPC yaml to re-use a specific role

Author: ianbibby

infrared/manifest.star

@@ -182,3 +182,27 @@ def patch_node_specialization(d):
             toleration.value = "prod-vpc"
 
 patch_resources("apps", "v1", "deployment", patch_node_specialization, name = fullname)
+
+#
+# Patching required because the deployments will create their own SPC's using the configured name.
+# This results in convention-based role names to exist, but we want to stick to a specific role name ("service_postgres_exporter").
+#
+spc_patch = """
+spec:
+  parameters:
+    objects: |
+      - objectName: postgres-exporter.yaml
+        secretPath: secret/postgres-exporter/config
+        secretKey: current
+    roleName: service_postgres_exporter
+  provider: vault
+status: {}
+"""
+
+patch_resources_yaml(
+    "secrets-store.csi.x-k8s.io",
+    "v1alpha1",
+    "SecretProviderClass",
+    name = "k8s-vpc-postgres-exporter-deployment-exporter-secrets",
+    patch = spc_patch,
+)