Overwrite PSP enable option for kube ver. 1.25+

Adding a check under get_override function for vault. This checks if PSP is enabled by the user for systems with kubernetes version 1.25 and above, and if it is, then it will be disabled. Test Plan: PASS Unit Tests PASS User override with global.psp.enable=true will be changed to false during first/repeated application-apply PASS User override with global.psp.enable=true will be changed to false during application-update PASS Vault application install PASS Vault application update after kubernetes upgrade from version 1.24 to 1.25 or newer PASS AIO-SX vault sanity Story: 2011073 Task: 49799 Change-Id: Ia78e5a0c4423ff110a31d002904e82dee2316d65 Signed-off-by: Tae Park <tae.park@windriver.com>
2024-04-02 09:52:04 -04:00 · 2024-04-02 09:52:04 -04:00 · 53db02a48e
commit 53db02a48e
parent b00a768784
1 changed files with 41 additions and 0 deletions
--- a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py
@ -12,6 +12,7 @@ from oslo_log import log as logging

 from sysinv.common import constants
 from sysinv.common import exception
+from sysinv.common import kubernetes

 from sysinv.helm import base
 from sysinv.helm import common
@ -70,6 +71,34 @@ class VaultHelm(base.FluxCDBaseHelm):
            app_constants.HELM_CHART_NS_VAULT,
            'user_overrides')

+        k8s_version = ""
+
+        try:
+            kube = kubernetes.KubeOperator()
+            k8s_version = kube.kube_get_kubernetes_version()
+        except exception.KubeNotConfigured:
+            # Do not check for psp override if kubernetes is not configured yet
+            pass
+
+        if (k8s_version >= "v1.25.1"
+                and new_chart_overrides
+                and "global" in new_chart_overrides.keys()
+                and "psp" in new_chart_overrides["global"].keys()
+                and "enable" in new_chart_overrides["global"]["psp"].keys()
+                and new_chart_overrides["global"]["psp"]["enable"] is True):
+            LOG.info("PSP must be disabled for kubernetes version 1.25 and onwards, "
+                        "as the feature is depreciated. User helm override will be changed "
+                        "so that global.psp.enabled is false")
+            new_chart_overrides["global"]["psp"]["enable"] = False
+            self._update_helm_overrides(
+                dbapi_instance,
+                db_app,
+                app_constants.HELM_CHART_VAULT,
+                app_constants.HELM_CHART_NS_VAULT,
+                'user_overrides',
+                new_chart_overrides
+            )
+
        user_chosen_affinity = new_chart_overrides.get(
            app_constants.HELM_CHART_COMPONENT_LABEL) \
            if new_chart_overrides else None
@ -123,3 +152,15 @@ class VaultHelm(base.FluxCDBaseHelm):
        except exception.HelmOverrideNotFound:
            LOG.debug("Overrides for this chart not found, nothing to be done.")
        return helm_overrides
+
+    @staticmethod
+    def _update_helm_overrides(dbapi_instance, app, chart, namespace,
+                            type_of_overrides, value):
+        """Helper function for updating helm overrides to db."""
+        helm_overrides = {type_of_overrides: yaml.safe_dump(value)}
+        dbapi_instance.helm_override_update(
+            app_id=app.id,
+            name=chart,
+            namespace=namespace,
+            values=helm_overrides
+        )