Merge "Add debian package for armada"

This commit is contained in:
Zuul 2021-11-16 21:48:14 +00:00 committed by Gerrit Code Review
commit 02845aa5e1
24 changed files with 706 additions and 0 deletions

View File

@ -0,0 +1,5 @@
armada-helm-toolkit (1.0-1) unstable; urgency=medium
* Initial release.
-- Daniel Safta <daniel.safta@windriver.com> Thu, 04 Nov 2021 14:00:42 +0000

View File

@ -0,0 +1,13 @@
Source: armada-helm-toolkit
Section: admin
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13), helm, chartmuseum, procps
Standards-Version: 4.4.1
Homepage: https://www.starlingx.io
Package: armada-helm-toolkit
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: Openstack-Helm-Infra helm-toolkit chart.
helm-toolkit used in building armada.

View File

@ -0,0 +1,29 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: openstack-helm-infra
Source: https://github.com/openstack/openstack-helm-infra
Files: *
Copyright: (c) 2013-2021 Wind River Systems, Inc
License: Apache-2
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2021 Wind River Systems, Inc
License: Apache-2
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

View File

@ -0,0 +1,23 @@
#!/usr/bin/make -f
export ROOT = debian/armada-helm-toolkit
export APP_FOLDER = $(ROOT)/usr/lib/helm
export APP_NAME = armada-helm-toolkit
%:
dh $@
override_dh_auto_build:
# Host a server for the charts
chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." &
sleep 2
helm repo add local http://localhost:8879/charts
# Make the charts. These produce tgz files
make helm-toolkit
pkill chartmuseum
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(APP_FOLDER)
install -p -D -m 755 helm-toolkit-0.1.0.tgz $(APP_FOLDER)/armada-helm-toolkit-0.1.0.tgz

View File

@ -0,0 +1,20 @@
#!/bin/bash
set -x
PKG_BUILD_NAME=$1
PKG="openstack-helm-infra"
PKG_BUILD_ROOT=$(realpath `pwd`/${PKG_BUILD_NAME})
mkdir -p ${PKG_BUILD_ROOT}
pushd ${PKG_BUILD_ROOT}
# Local mirror workaround until CGCS_BASE mirror is supported.
STX_MIRROR=$(realpath "/import/mirrors/starlingx")
# Download armada-helm-toolkit helm source package.
ARMADA_HELM_TOOLKIT_PKG="openstack-helm-infra-c9d6676bf9a5aceb311dc31dadd07cba6a3d6392.tar.gz"
ARMADA_HELM_TOOLKIT_SRC_PATH=$(realpath ${STX_MIRROR}/downloads/${ARMADA_HELM_TOOLKIT_PKG})
cp ${ARMADA_HELM_TOOLKIT_SRC_PATH} ${PKG_BUILD_ROOT}
# Extract the armada tar file.
tar xfz ${ARMADA_HELM_TOOLKIT_PKG}
cp -pr ${PKG}/* ${PKG_BUILD_ROOT}

View File

@ -0,0 +1,7 @@
---
debname: armada-helm-toolkit
debver: 1.0-1
dl_hook: dl_hook
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

View File

@ -0,0 +1,40 @@
From 47315e28d44cff586f6fff026dd00e61c2c77bcd Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 9 Jan 2019 20:11:33 -0500
Subject: [PATCH 1/4] Allow multiple containers per daemonset pod
Remove code that restricted daemonset pods to single containers.
Container names will default to name from helm chart template.
Required for nova cold migrations to work.
Story: 2003876
Task: 26735
Change-Id: Icce660415d43baefbbf768a785c5dedf04ea2930
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit 7ca30319f418cd39db5ecf44cce5fb5fe39c458e)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 -------
1 file changed, 7 deletions(-)
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
index e352bc9..10ab166 100644
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
@@ -225,13 +225,6 @@ limitations under the License.
{{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }}
{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }}
- {{/* set container name
- assume not more than one container is defined */}}
- {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }}
- {{- $_ := set $container "name" $current_dict.dns_1123_name }}
- {{- $cont_list := list $container }}
- {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }}
-
{{/* cross-reference configmap name to container volume definitions */}}
{{- $_ := set $context.Values "__volume_list" list }}
{{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }}
--
2.7.4

View File

@ -0,0 +1,26 @@
From ac3f9db5ac1a19af71136752f5709ba1da55d201 Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Mon, 11 Feb 2019 11:29:03 -0500
Subject: [PATCH 2/4] Add imagePullSecrets in service account
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
index b4cf1a6..2f4113b 100644
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@@ -44,6 +44,8 @@ kind: ServiceAccount
metadata:
name: {{ $saName }}
namespace: {{ $saNamespace }}
+imagePullSecrets:
+ - name: default-registry-key
{{- range $k, $v := $deps -}}
{{- if eq $k "services" }}
{{- range $serv := $v }}
--
2.16.5

View File

@ -0,0 +1,65 @@
From b3829fef30e76fdf498fa1d0d35185f642dce5f6 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Mon, 8 Apr 2019 02:12:39 -0400
Subject: [PATCH 4/4] Partial revert of
31e3469d28858d7b5eb6355e88b6f49fd62032be
Suspect that new use of mergeOverwrite vs. merge is breaking the
per-host DaemonSet overrides.
Signed-off-by: Robert Church <robert.church@windriver.com>
---
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
index 10ab166..ab1177a 100644
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
@@ -49,10 +49,10 @@ limitations under the License.
{{- $override_conf_copy := $host_data.conf }}
{{/* Deep copy to prevent https://storyboard.openstack.org/#!/story/2005936 */}}
{{- $root_conf_copy := omit ($context.Values.conf | toYaml | fromYaml) "overrides" }}
- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }}
+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }}
{{- $root_conf_copy2 := dict "conf" $merged_dict }}
{{- $context_values := omit (omit ($context.Values | toYaml | fromYaml) "conf") "__daemonset_list" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $current_dict "nodeData" $root_conf_copy4 }}
@@ -89,10 +89,10 @@ limitations under the License.
{{- $override_conf_copy := $label_data.conf }}
{{/* Deep copy to prevent https://storyboard.openstack.org/#!/story/2005936 */}}
{{- $root_conf_copy := omit ($context.Values.conf | toYaml | fromYaml) "overrides" }}
- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }}
+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }}
{{- $root_conf_copy2 := dict "conf" $merged_dict }}
{{- $context_values := omit (omit ($context.Values | toYaml | fromYaml) "conf") "__daemonset_list" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }}
@@ -187,7 +187,7 @@ limitations under the License.
{{- $root_conf_copy1 := omit $context.Values.conf "overrides" }}
{{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }}
{{- $context_values := omit $context.Values "conf" }}
- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }}
+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }}
{{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }}
{{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }}
@@ -198,7 +198,7 @@ limitations under the License.
{{- range $current_dict := $context.Values.__daemonset_list }}
{{- $context_novalues := omit $context "Values" }}
- {{- $merged_dict := mergeOverwrite $context_novalues $current_dict.nodeData }}
+ {{- $merged_dict := merge $current_dict.nodeData $context_novalues }}
{{- $_ := set $current_dict "nodeData" $merged_dict }}
{{/* Deep copy original daemonset_yaml */}}
{{- $_ := set $context.Values "__daemonset_yaml" ($daemonset_yaml | toYaml | fromYaml) }}
--
2.7.4

View File

@ -0,0 +1,46 @@
From 326fcd76f54d7c099f4c3da6c31eefe0eef2e236 Mon Sep 17 00:00:00 2001
From: Ovidiu Poncea <ovidiu.poncea@windriver.com>
Date: Mon, 29 Jul 2019 08:00:01 -0400
Subject: [PATCH] Fix pod restarts on all workers when worker added/removed
---
helm-toolkit/templates/utils/_daemonset_overrides.tpl | 4 ++--
helm-toolkit/templates/utils/_hash.tpl | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
index ab1177a..e564869 100644
--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl
+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl
@@ -215,7 +215,7 @@ limitations under the License.
name uniqueness */}}
{{- $_ := set $current_dict "dns_1123_name" dict }}
{{- if hasKey $current_dict "matchExpressions" }}
- {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | quote | sha256sum | trunc 8))) }}
+ {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | toJson | sha256sum | trunc 8))) }}
{{- else }}
{{- $_ := set $current_dict "dns_1123_name" $name_format2 }}
{{- end }}
@@ -258,7 +258,7 @@ limitations under the License.
{{- if not $context.Values.__daemonset_yaml.spec.template.metadata }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "metadata" dict }}{{- end }}
{{- if not $context.Values.__daemonset_yaml.spec.template.metadata.annotations }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata "annotations" dict }}{{- end }}
{{- $cmap := list $current_dict.dns_1123_name $current_dict.nodeData | include $configmap_include }}
- {{- $values_hash := $cmap | quote | sha256sum }}
+ {{- $values_hash := $cmap | toJson | sha256sum }}
{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata.annotations "configmap-etc-hash" $values_hash }}
{{/* generate configmap */}}
diff --git a/helm-toolkit/templates/utils/_hash.tpl b/helm-toolkit/templates/utils/_hash.tpl
index 1041ec0..e419e3b 100644
--- a/helm-toolkit/templates/utils/_hash.tpl
+++ b/helm-toolkit/templates/utils/_hash.tpl
@@ -19,5 +19,5 @@ limitations under the License.
{{- $context := index . 1 -}}
{{- $last := base $context.Template.Name }}
{{- $wtf := $context.Template.Name | replace $last $name -}}
-{{- include $wtf $context | sha256sum | quote -}}
+{{- include $wtf $context | toJson | sha256sum | quote -}}
{{- end -}}
--
2.7.4

View File

@ -0,0 +1,4 @@
0001-Allow-multiple-containers-per-daemonset-pod.patch
0002-Add-imagePullSecrets-in-service-account.patch
0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch

View File

@ -0,0 +1 @@
dir-or-file-in-opt

View File

@ -0,0 +1,5 @@
armada (0.2.0-0) unstable; urgency=medium
* Initial release.
-- Daniel Safta <daniel.safta@windriver.com> Thu, 04 Nov 2021 14:00:42 +0000

View File

@ -0,0 +1,14 @@
Source: armada
Section: admin
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13), helm, chartmuseum, procps,armada-helm-toolkit
Standards-Version: 4.4.1
Homepage: https://www.starlingx.io
Package: armada
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: An orchestrator for managing a collection of Kubernetes Helm charts.
Armada is a tool for managing multiple Helm charts with
dependencies by centralizing all configurations in a single Armada YAML.

View File

@ -0,0 +1,29 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: armada
Source: https://opendev.org/airship/armada.git
Files: *
Copyright: (c) 2013-2021 Wind River Systems, Inc
License: Apache-2
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2021 Wind River Systems, Inc
License: Apache-2
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

View File

@ -0,0 +1,32 @@
#!/usr/bin/make -f
export ROOT = debian/armada
export APP_FOLDER = $(ROOT)/opt/extracharts
export CHARTS_STAGING = charts
export APP_NAME = armada
export APP_NAME_FULL = $(CHARTS_STAGING)/$(APP_NAME)
%:
dh $@
override_dh_auto_build:
# Host a server for the charts
cp /usr/lib/helm/armada-helm-toolkit-0.1.0.tgz ./charts
chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="./charts" &
sleep 2
helm repo add local http://localhost:8879/charts
helm dependency update $(APP_NAME_FULL)
helm lint $(APP_NAME_FULL)
rm -v -f ./requirements.lock ./requirements.yaml
helm template --set pod.resources.enabled=true $(APP_NAME_FULL)
helm package $(APP_NAME_FULL)
pkill chartmuseum
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(APP_FOLDER)
install -p -D -m 755 armada-0.1.0.tgz $(APP_FOLDER)

View File

@ -0,0 +1,23 @@
#!/bin/bash
set -x
PKG_BUILD_NAME=$1
PKG="armada"
PKG_BUILD_ROOT=$(realpath `pwd`/${PKG_BUILD_NAME})
mkdir -p ${PKG_BUILD_ROOT}
pushd ${PKG_BUILD_ROOT}
# Local mirror workaround until CGCS_BASE mirror is supported.
STX_MIRROR=$(realpath "/import/mirrors/starlingx")
# Download armada helm source package.
ARMADA_PKG="armada-7ef4b8643b5ec5216a8f6726841e156c0aa54a1a.tar.gz"
ARMADA_SRC_PATH=$(realpath ${STX_MIRROR}/downloads/${ARMADA_PKG})
cp ${ARMADA_SRC_PATH} ${PKG_BUILD_ROOT}
# Extract the armada tar file.
tar xfz ${ARMADA_PKG}
cp -pr ${PKG}/charts ${PKG_BUILD_ROOT}
rm -rf ${ARMADA_PKG}
rm -rf ${PKG}

View File

@ -0,0 +1,7 @@
---
debname: armada
debver: 0.2.0-0
dl_hook: dl_hook
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

View File

@ -0,0 +1,114 @@
From 8c6cc4c0ad5569d7de3615463f7d8c4dd7429e63 Mon Sep 17 00:00:00 2001
From: Thiago Brito <thiago.brito@windriver.com>
Date: Thu, 22 Apr 2021 20:00:51 -0300
Subject: [PATCH] Add Helm v2 client initialization using tiller
postStart exec
This adds helm v2 client initialization using the tiller
container postStart exec to access helm v2 binary.
This will perform 'helm init', removes the default repos
'stable' and 'local', and add valid repos that were provided
as overrides. Note that helm will only add repos that exist.
This expects overrides in this format:
conf:
tiller:
charts_url: 'http://192.168.204.1:8080/helm_charts'
repo_names:
- 'starlingx'
- 'stx-platform'
repos:
stable: https://kubernetes-charts.storage.googleapis.com
This gives the following result:
helmv2-cli -- helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
starlingx http://192.168.204.1:8080/helm_charts/starlingx
stx-platform http://192.168.204.1:8080/helm_charts/stx-platform
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
---
charts/armada/templates/deployment-api.yaml | 33 +++++++++++++++++++++
charts/armada/values.yaml | 10 +++++++
2 files changed, 43 insertions(+)
diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml
index 562e3d0..483ec0b 100644
--- a/charts/armada/templates/deployment-api.yaml
+++ b/charts/armada/templates/deployment-api.yaml
@@ -186,6 +186,39 @@ spec:
- -trace
{{- end }}
lifecycle:
+ postStart:
+ exec:
+ command:
+ - sh
+ - "-c"
+ - |
+ /bin/sh <<'EOF'
+ # Delay initialization since postStart handler runs asynchronously and there
+ # is no guarantee it is called before the Containers entrypoint.
+ sleep 5
+ # Initialize Helm v2 client.
+ export HELM_HOST=:{{ .Values.conf.tiller.port }}
+ /helm init --client-only --skip-refresh
+
+ # Moving the ln up so eventual errors on the next commands doesn't prevent
+ # having helm available
+ ln -s -f /helm /tmp/helm
+
+ # Removes all repos available so we don't get an error removing what
+ # doesn't exist anymore or error re-adding an existing repo
+ /helm repo list | awk '(NR>1){print $1}' | xargs --no-run-if-empty /helm repo rm
+{{- if .Values.conf.tiller.repos }}
+ {{- range $name, $repo := .Values.conf.tiller.repos }}
+ /helm repo add {{ $name }} {{ $repo }}
+ {{- end }}
+{{- end }}
+{{- if .Values.conf.tiller.repo_names }}
+ {{- range .Values.conf.tiller.repo_names }}
+ /helm repo add {{ . }} {{ $envAll.Values.conf.tiller.charts_url }}/{{ . }}
+ {{- end }}
+{{- end }}
+ exit 0
+ EOF
preStop:
exec:
command:
diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml
index 3a4427e..da45810 100644
--- a/charts/armada/values.yaml
+++ b/charts/armada/values.yaml
@@ -220,6 +220,10 @@ conf:
# Note: Defaulting to the (default) kubernetes grace period, as anything
# greater than that will have no effect.
prestop_sleep: 30
+ # Helm v2 initialization
+ charts_url: null
+ repo_names: []
+ repos: {}
monitoring:
prometheus:
@@ -325,7 +329,13 @@ pod:
volumes:
- name: kubernetes-client-cache
emptyDir: {}
+ - name: tiller-tmp
+ emptyDir: {}
volumeMounts:
+ - name: tiller-tmp
+ # /tmp is now readOnly due to the security_context on L288, so
+ # mounting an emptyDir
+ mountPath: /tmp
- name: kubernetes-client-cache
# Should be the `$HOME/.kube` of the `runAsUser` above
# as this is where tiller's kubernetes client roots its cache dir.
--
2.17.1

View File

@ -0,0 +1,66 @@
From 96e49fcc6d6b988d03a61261511abf64a0af2e2a Mon Sep 17 00:00:00 2001
From: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Date: Tue, 11 May 2021 21:04:18 +0300
Subject: [PATCH] Tiller wait for postgres database ping
Networking might not be correctly initialized when tiller starts.
Modify the pod command to wait for networking to be available before
starting up tiller.
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
---
charts/armada/templates/deployment-api.yaml | 31 +++++++++++++--------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml
index 69036c0..3816366 100644
--- a/charts/armada/templates/deployment-api.yaml
+++ b/charts/armada/templates/deployment-api.yaml
@@ -167,24 +167,31 @@ spec:
- name: TILLER_HISTORY_MAX
value: {{ .Values.conf.tiller.history_max | quote }}
command:
- - /tiller
+ - sh
+ - -c
+ - |
+ /bin/sh <<'EOF'
{{- if .Values.conf.tiller.storage }}
- - --storage={{ .Values.conf.tiller.storage }}
{{- if and (eq .Values.conf.tiller.storage "sql") (.Values.conf.tiller.sql_dialect) (.Values.conf.tiller.sql_connection) }}
- - --sql-dialect={{ .Values.conf.tiller.sql_dialect }}
- - --sql-connection-string={{ .Values.conf.tiller.sql_connection }}
+ while ! /bin/busybox nc -vz -w 1 {{ .Values.conf.tiller.sql_endpoint_ip}} 5432; do continue; done;
{{- end }}
{{- end }}
- - -listen
- - ":{{ .Values.conf.tiller.port }}"
- - -probe-listen
- - ":{{ .Values.conf.tiller.probe_port }}"
- - -logtostderr
- - -v
- - {{ .Values.conf.tiller.verbosity | quote }}
+ /tiller \
+{{- if .Values.conf.tiller.storage }}
+ --storage={{ .Values.conf.tiller.storage }} \
+{{- if and (eq .Values.conf.tiller.storage "sql") (.Values.conf.tiller.sql_dialect) (.Values.conf.tiller.sql_connection) }}
+ --sql-dialect={{ .Values.conf.tiller.sql_dialect }} \
+ --sql-connection-string={{ .Values.conf.tiller.sql_connection }} \
+{{- end }}
+{{- end }}
+ -listen ":{{ .Values.conf.tiller.port }}" \
+ -probe-listen ":{{ .Values.conf.tiller.probe_port }}" \
+ -logtostderr \
+ -v {{ .Values.conf.tiller.verbosity | quote }} \
{{- if .Values.conf.tiller.trace }}
- - -trace
+ -trace
{{- end }}
+ EOF
lifecycle:
postStart:
exec:
--
2.30.0

View File

@ -0,0 +1,45 @@
From be3167e5342f2730ef43012d8fe4f3782c6ef468 Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Wed, 12 May 2021 02:38:52 -0400
Subject: [PATCH 3/3] Update the liveness probe to verify postgres connectivity
Change the tillerLivenessProbeTemplate to test the connectivity to the
postgres backend. We will override the periodSeconds and
failureThreshold when installing the helm chart to trigger a restart of
the tiller pod over a swact when the postgres DB/server moves from one
controller to the other.
This will help guarantee that the tiller connection is always
reestablished if the connectivity to the postgres backend fails.
Signed-off-by: Robert Church <robert.church@windriver.com>
---
charts/armada/templates/deployment-api.yaml | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml
index bf23fb2..2b65494 100644
--- a/charts/armada/templates/deployment-api.yaml
+++ b/charts/armada/templates/deployment-api.yaml
@@ -28,10 +28,14 @@ httpGet:
{{- end }}
{{- define "tillerLivenessProbeTemplate" }}
-httpGet:
- path: /liveness
- port: {{ .Values.conf.tiller.probe_port }}
- scheme: HTTP
+exec:
+ command:
+ - nc
+ - -vz
+ - -w
+ - "1"
+ - {{ .Values.conf.tiller.sql_endpoint_ip}}
+ - "5432"
{{- end }}
{{- if .Values.manifests.deployment_api }}
--
2.16.6

View File

@ -0,0 +1,30 @@
From e13416638b103fde04feb31027c3148c9685cf7f Mon Sep 17 00:00:00 2001
From: Robert Church <robert.church@windriver.com>
Date: Sat, 15 May 2021 16:16:41 -0400
Subject: [PATCH 4/4] Update postgres liveness check to support IPv6 addresses
Templating will add square brackets for IPv6 addresses which are
interpreted as an array vs. a string. Quote this so that it interpreted
correctly.
Signed-off-by: Robert Church <robert.church@windriver.com>
---
charts/armada/templates/deployment-api.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml
index 2b65494..5c4825c 100644
--- a/charts/armada/templates/deployment-api.yaml
+++ b/charts/armada/templates/deployment-api.yaml
@@ -34,7 +34,7 @@ exec:
- -vz
- -w
- "1"
- - {{ .Values.conf.tiller.sql_endpoint_ip}}
+ - "{{ .Values.conf.tiller.sql_endpoint_ip }}"
- "5432"
{{- end }}
--
2.16.6

View File

@ -0,0 +1,57 @@
From 8f38dcdc7ba6448487283d14a745b8c299c47a13 Mon Sep 17 00:00:00 2001
From: Enzo Candotti <enzo.candotti@windriver.com>
Date: Wed, 6 Oct 2021 18:25:10 -0300
Subject: [PATCH] Add toleration to armada-api
---
charts/armada/templates/deployment-api.yaml | 4 ++++
charts/armada/templates/tests/test-armada-api.yaml | 4 ++++
charts/armada/values.yaml | 2 ++
3 files changed, 10 insertions(+)
diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml
index d4eff7a..1859d99 100644
--- a/charts/armada/templates/deployment-api.yaml
+++ b/charts/armada/templates/deployment-api.yaml
@@ -108,6 +108,10 @@ spec:
initContainers:
{{ tuple $envAll "api" $mounts_armada_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ dict "envAll" $envAll "application" "armada" "container" "armada_api_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{- with .Values.pod.tolerations.api }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
containers:
- name: armada-api
{{ tuple $envAll "api" | include "helm-toolkit.snippets.image" | indent 10 }}
diff --git a/charts/armada/templates/tests/test-armada-api.yaml b/charts/armada/templates/tests/test-armada-api.yaml
index a467fc9..2733cfe 100644
--- a/charts/armada/templates/tests/test-armada-api.yaml
+++ b/charts/armada/templates/tests/test-armada-api.yaml
@@ -32,6 +32,10 @@ metadata:
spec:
{{ dict "envAll" $envAll "application" "api_test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
restartPolicy: Never
+{{- with .Values.pod.tolerations.api }}
+ tolerations:
+{{ toYaml . | indent 4 }}
+{{- end }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
containers:
diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml
index e583947..247b15e 100644
--- a/charts/armada/values.yaml
+++ b/charts/armada/values.yaml
@@ -206,6 +206,8 @@ monitoring:
port: 8000
pod:
+ tolerations:
+ api: []
mandatory_access_control:
type: apparmor
armada-api:
--
2.25.1

View File

@ -0,0 +1,5 @@
0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch
0002-Tiller-wait-for-postgres-database-ping.patch
0003-Update-the-liveness-probe-to-verify-postgres-connect.patch
0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch
0005-Add-toleration-to-armada-api.patch