From 717d72485bc2b48c41e57dd4eb338da34d1c8ed8 Mon Sep 17 00:00:00 2001 From: Dae Seong Kim Date: Tue, 16 Jan 2018 20:41:49 +0900 Subject: [PATCH] fix jobs to create a secret can work on upgrade This PS fixes the jobs falling into a crash loop state when upgrading charts. 'kubectl create' command cannot overwrite if a secret already exists. But 'kubectl apply' command can do it. Change-Id: Idd6eea06892a30e36e51a9b1130fd7cd84ff65cf --- ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl | 2 +- ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl | 4 ++-- .../bin/provisioner/cephfs/_client-key-manager.sh.tpl | 2 +- .../bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl | 2 +- ceph/templates/job-cephfs-client-key.yaml | 1 + ceph/templates/job-keyring.yaml | 1 + ceph/templates/job-namespace-client-key.yaml | 1 + ceph/templates/job-storage-admin-keys.yaml | 1 + cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +- cinder/templates/bin/_storage-init.sh.tpl | 2 +- cinder/templates/job-backup-storage-init.yaml | 1 + cinder/templates/job-storage-init.yaml | 1 + glance/templates/bin/_storage-init.sh.tpl | 2 +- glance/templates/job-storage-init.yaml | 1 + gnocchi/templates/bin/_storage-init.sh.tpl | 2 +- gnocchi/templates/job-storage-init.yaml | 1 + 16 files changed, 17 insertions(+), 9 deletions(-) diff --git a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl index 875e7de95e..78d6cfdd5a 100644 --- a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl +++ b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl @@ -47,7 +47,7 @@ type: Opaque data: ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} ) EOF - } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f - + } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f - fi } diff --git a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl index 2f75d4f536..9521b36837 100644 --- a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl +++ b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl @@ -49,7 +49,7 @@ type: Opaque data: ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} ) EOF - } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f - + } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f - fi } #create_kube_key @@ -71,7 +71,7 @@ type: kubernetes.io/rbd data: key: $( echo ${CEPH_KEYRING} | base64 | tr -d '\n' ) EOF - } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f - + } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f - fi } #create_kube_storage_key diff --git a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl index 8593e6dd9b..fe06a08733 100644 --- a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl +++ b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl @@ -37,7 +37,7 @@ type: "${secret_type}" data: key: $( echo ${ceph_key} ) EOF - } | kubectl create --namespace ${kube_namespace} -f - + } | kubectl apply --namespace ${kube_namespace} -f - } if ! kubectl get --namespace ${DEPLOYMENT_NAMESPACE} secrets ${PVC_CEPH_CEPHFS_STORAGECLASS_USER_SECRET_NAME}; then diff --git a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl index 6123f84af7..5711ae39aa 100644 --- a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl +++ b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl @@ -37,7 +37,7 @@ type: "${secret_type}" data: key: $( echo ${ceph_key} ) EOF - } | kubectl create --namespace ${kube_namespace} -f - + } | kubectl apply --namespace ${kube_namespace} -f - } ceph_activate_namespace ${DEPLOYMENT_NAMESPACE} "kubernetes.io/rbd" ${PVC_CEPH_RBD_STORAGECLASS_USER_SECRET_NAME} "$(echo ${CEPH_RBD_KEY} | jq -r '.data | .[]')" diff --git a/ceph/templates/job-cephfs-client-key.yaml b/ceph/templates/job-cephfs-client-key.yaml index 90e0a2eef4..c1e43ddc98 100644 --- a/ceph/templates/job-cephfs-client-key.yaml +++ b/ceph/templates/job-cephfs-client-key.yaml @@ -36,6 +36,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/ceph/templates/job-keyring.yaml b/ceph/templates/job-keyring.yaml index d548377cb0..9faa9a43f3 100644 --- a/ceph/templates/job-keyring.yaml +++ b/ceph/templates/job-keyring.yaml @@ -37,6 +37,7 @@ rules: verbs: - get - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/ceph/templates/job-namespace-client-key.yaml b/ceph/templates/job-namespace-client-key.yaml index 295cb6134b..4f35712ec1 100644 --- a/ceph/templates/job-namespace-client-key.yaml +++ b/ceph/templates/job-namespace-client-key.yaml @@ -36,6 +36,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/ceph/templates/job-storage-admin-keys.yaml b/ceph/templates/job-storage-admin-keys.yaml index a5cb19cd9d..d1bbee6c37 100644 --- a/ceph/templates/job-storage-admin-keys.yaml +++ b/ceph/templates/job-storage-admin-keys.yaml @@ -33,6 +33,7 @@ rules: verbs: - get - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl index 75b39a6709..239aa8c650 100644 --- a/cinder/templates/bin/_backup-storage-init.sh.tpl +++ b/cinder/templates/bin/_backup-storage-init.sh.tpl @@ -63,6 +63,6 @@ type: kubernetes.io/rbd data: key: $( echo ${ENCODED_KEYRING} ) EOF - kubectl create --namespace ${NAMESPACE} -f ${SECRET} + kubectl apply --namespace ${NAMESPACE} -f ${SECRET} fi diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl index 3398d71041..1a4b11c2a3 100644 --- a/cinder/templates/bin/_storage-init.sh.tpl +++ b/cinder/templates/bin/_storage-init.sh.tpl @@ -60,6 +60,6 @@ type: kubernetes.io/rbd data: key: $( echo ${ENCODED_KEYRING} ) EOF - kubectl create --namespace ${NAMESPACE} -f ${SECRET} + kubectl apply --namespace ${NAMESPACE} -f ${SECRET} fi diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml index 2b3d235242..ebd94bdd62 100644 --- a/cinder/templates/job-backup-storage-init.yaml +++ b/cinder/templates/job-backup-storage-init.yaml @@ -34,6 +34,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml index 8103706931..3c30b1354f 100644 --- a/cinder/templates/job-storage-init.yaml +++ b/cinder/templates/job-storage-init.yaml @@ -34,6 +34,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl index 895d4b2741..ea57b49e47 100644 --- a/glance/templates/bin/_storage-init.sh.tpl +++ b/glance/templates/bin/_storage-init.sh.tpl @@ -62,7 +62,7 @@ type: kubernetes.io/rbd data: key: $( echo ${ENCODED_KEYRING} ) EOF - kubectl create --namespace ${NAMESPACE} -f ${SECRET} + kubectl apply --namespace ${NAMESPACE} -f ${SECRET} elif [ "x$STORAGE_BACKEND" == "xradosgw" ]; then radosgw-admin user stats --uid="${RADOSGW_USERNAME}" || \ radosgw-admin user create \ diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml index 04da8dbbeb..1445554b3d 100644 --- a/glance/templates/job-storage-init.yaml +++ b/glance/templates/job-storage-init.yaml @@ -34,6 +34,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/gnocchi/templates/bin/_storage-init.sh.tpl b/gnocchi/templates/bin/_storage-init.sh.tpl index 341094689b..e25eb0c172 100644 --- a/gnocchi/templates/bin/_storage-init.sh.tpl +++ b/gnocchi/templates/bin/_storage-init.sh.tpl @@ -57,4 +57,4 @@ type: kubernetes.io/rbd data: key: $( echo ${ENCODED_KEYRING} ) EOF -kubectl create --namespace ${NAMESPACE} -f ${SECRET} +kubectl apply --namespace ${NAMESPACE} -f ${SECRET} diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml index e4744f5800..c75b074439 100644 --- a/gnocchi/templates/job-storage-init.yaml +++ b/gnocchi/templates/job-storage-init.yaml @@ -34,6 +34,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding