starlingx/vault-armada-app
Code Issues Proposed changes

Add configuration for pod termination wait time

Browse Source 
Adding new configuration options for pod termination wait sequence. The
options set the number of times the new vault-manager pod will check
that the old vault-manager pod is still running, and the number of
seconds to wait between each check.
The total default wait time is now 60s.

Test Plan:
PASS vault build succesfully with the changes
PASS vault sanity on AIO-SX
PASS Test the new helm values

Story: 2010930
Task: 49476

Change-Id: Ie0d4c1fffccf59618cb10bc1e201468f5ffceed0
Signed-off-by: Tae Park <tae.park@windriver.com>
This commit is contained in:
Tae Park 2024-01-29 15:56:36 -05:00
parent 7c22500b16
commit 6fccda0818
3 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
vault-helm/debian/deb_folder/patches/0001-Add-vault-manager-termination-wait-time.patch Normal file
View File

@ -0,0 +1,42 @@
From 06b5719c35c7e75b776ce7bd08c6df32c2dcf9cd Mon Sep 17 00:00:00 2001
From: Tae Park <tae.park@windriver.com>
Date: Mon, 29 Jan 2024 15:24:37 -0500
Subject: [PATCH] Add vault manager termination wait time
Adding configure options for maximum number of tries for checking
PVC removal, and time slept between each tries. Changed the
default to 60 seconds total wait time
Signed-off-by: Tae Park <tae.park@windriver.com>
---
values.yaml | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/values.yaml b/values.yaml
index 1bce118..487b44a 100644
--- a/values.yaml
+++ b/values.yaml
@@ -114,6 +114,20 @@ manager:
# client_version: v1.28
client_version: ""
+ waitTermination:
+ # During upgrade of the application from PVC storage to storage
+ # using kubernetes, wait for previous version of vault manager
+ # to terminate before proceding with the conversion of storage from PVC to
+ # kubernetes secrets.
+ #
+ # The maximum tries before proceding with the conversion of storage
+ # from PVC to kubernetes secrets.
+ maxTries: 12
+
+ # Number of seconds slept between each tries before proceding with
+ # the conversion of storage from PVC to kubernetes secrets.
+ sleepTime: 5
+
# Debugging option to improve log reading, allow more verbose logging
# DEBUG: 1
# INFO: 2
--
2.25.1

1
vault-helm/debian/deb_folder/patches/series
View File

@ -3,3 +3,4 @@
0001-Add-log-level-option-for-vault-manager.patch 0001-Add-log-level-option-for-vault-manager.patch
0001-Add-manager-pause-request-to-helm-values.yaml.patch 0001-Add-manager-pause-request-to-helm-values.yaml.patch
0001-Update-vault-version-to-1.14.8.patch 0001-Update-vault-version-to-1.14.8.patch
0001-Add-vault-manager-termination-wait-time.patch

9
vault-helm/vault-helm/helm-charts/vault-init.yaml
View File

@ -68,8 +68,8 @@ data:
# Maximum seconds to wait for vault-manager pod to exit # Maximum seconds to wait for vault-manager pod to exit
# Vault-manager is not responding to SIGTERM, so will take 30 # Vault-manager is not responding to SIGTERM, so will take 30
# seconds # seconds
TERMINATE_TRIES_MAX=6 TERMINATE_TRIES_MAX={{ .Values.manager.waitTermination.maxTries }}
TERMINATE_TRIES_SLEEP=5 TERMINATE_TRIES_SLEEP={{ .Values.manager.waitTermination.sleepTime }}
# Vault key share configuration # Vault key share configuration
KEY_SECRET_SHARES=5 KEY_SECRET_SHARES=5
@ -1518,6 +1518,11 @@ data:
count=$((count-1)) count=$((count-1))
done done
if [ $count -eq 0 ]; then
log $WARNING "Maximum time reached waiting" \
"for the previous pod to be terminated."
fi
convertPVC convertPVC
} }