From 6fccda08186803996194781a76c6442222a521a4 Mon Sep 17 00:00:00 2001 From: Tae Park Date: Mon, 29 Jan 2024 15:56:36 -0500 Subject: [PATCH] Add configuration for pod termination wait time Adding new configuration options for pod termination wait sequence. The options set the number of times the new vault-manager pod will check that the old vault-manager pod is still running, and the number of seconds to wait between each check. The total default wait time is now 60s. Test Plan: PASS vault build succesfully with the changes PASS vault sanity on AIO-SX PASS Test the new helm values Story: 2010930 Task: 49476 Change-Id: Ie0d4c1fffccf59618cb10bc1e201468f5ffceed0 Signed-off-by: Tae Park --- ...-vault-manager-termination-wait-time.patch | 42 +++++++++++++++++++ vault-helm/debian/deb_folder/patches/series | 1 + .../vault-helm/helm-charts/vault-init.yaml | 9 +++- 3 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 vault-helm/debian/deb_folder/patches/0001-Add-vault-manager-termination-wait-time.patch diff --git a/vault-helm/debian/deb_folder/patches/0001-Add-vault-manager-termination-wait-time.patch b/vault-helm/debian/deb_folder/patches/0001-Add-vault-manager-termination-wait-time.patch new file mode 100644 index 0000000..53c2973 --- /dev/null +++ b/vault-helm/debian/deb_folder/patches/0001-Add-vault-manager-termination-wait-time.patch @@ -0,0 +1,42 @@ +From 06b5719c35c7e75b776ce7bd08c6df32c2dcf9cd Mon Sep 17 00:00:00 2001 +From: Tae Park +Date: Mon, 29 Jan 2024 15:24:37 -0500 +Subject: [PATCH] Add vault manager termination wait time + +Adding configure options for maximum number of tries for checking +PVC removal, and time slept between each tries. Changed the +default to 60 seconds total wait time + +Signed-off-by: Tae Park +--- + values.yaml | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/values.yaml b/values.yaml +index 1bce118..487b44a 100644 +--- a/values.yaml ++++ b/values.yaml +@@ -114,6 +114,20 @@ manager: + # client_version: v1.28 + client_version: "" + ++ waitTermination: ++ # During upgrade of the application from PVC storage to storage ++ # using kubernetes, wait for previous version of vault manager ++ # to terminate before proceding with the conversion of storage from PVC to ++ # kubernetes secrets. ++ # ++ # The maximum tries before proceding with the conversion of storage ++ # from PVC to kubernetes secrets. ++ maxTries: 12 ++ ++ # Number of seconds slept between each tries before proceding with ++ # the conversion of storage from PVC to kubernetes secrets. ++ sleepTime: 5 ++ + # Debugging option to improve log reading, allow more verbose logging + # DEBUG: 1 + # INFO: 2 +-- +2.25.1 + diff --git a/vault-helm/debian/deb_folder/patches/series b/vault-helm/debian/deb_folder/patches/series index e1c20aa..dd9cbb7 100644 --- a/vault-helm/debian/deb_folder/patches/series +++ b/vault-helm/debian/deb_folder/patches/series @@ -3,3 +3,4 @@ 0001-Add-log-level-option-for-vault-manager.patch 0001-Add-manager-pause-request-to-helm-values.yaml.patch 0001-Update-vault-version-to-1.14.8.patch +0001-Add-vault-manager-termination-wait-time.patch diff --git a/vault-helm/vault-helm/helm-charts/vault-init.yaml b/vault-helm/vault-helm/helm-charts/vault-init.yaml index ec83f19..aca4d4e 100644 --- a/vault-helm/vault-helm/helm-charts/vault-init.yaml +++ b/vault-helm/vault-helm/helm-charts/vault-init.yaml @@ -68,8 +68,8 @@ data: # Maximum seconds to wait for vault-manager pod to exit # Vault-manager is not responding to SIGTERM, so will take 30 # seconds - TERMINATE_TRIES_MAX=6 - TERMINATE_TRIES_SLEEP=5 + TERMINATE_TRIES_MAX={{ .Values.manager.waitTermination.maxTries }} + TERMINATE_TRIES_SLEEP={{ .Values.manager.waitTermination.sleepTime }} # Vault key share configuration KEY_SECRET_SHARES=5 @@ -1518,6 +1518,11 @@ data: count=$((count-1)) done + if [ $count -eq 0 ]; then + log $WARNING "Maximum time reached waiting" \ + "for the previous pod to be terminated." + fi + convertPVC }