starlingx/oidc-auth-armada-app
Code Issues Proposed changes

Fix oidc-auth-apps upgrade.

Browse Source 
This commit fixes two issues:

1 - In meta_data.yml the BASE_SRCREV was pointing to a stx.8.0
commit, not allowing the secret-observer helm-chart version to be
automatically detected.

2 - During upgrade the new dex pod was stuck in a pending status and
never been allow to be scheduled due a podAntiAffinity rule.

This rule was ineffective because of a missing label issue fixed by
this commit:
https://review.opendev.org/c/starlingx/oidc-auth-armada-app/+/913336
The bug being fixed here is a side effect of the above commit.

The dex deployment object rollingUpdate strategy was 25% on both
maxUnavailable and maxSurge which for one replica would result in 0,
not allowing any pod to be scheduled. The maxUnavailable of 1, allows
the old pod to be terminated before being replaced by the new one.

was:

strategy:
  rollingUpdate:
    maxUnavailable: 25%
    maxSurge: 25%
  type: RollingUpdate

now:

strategy:
  rollingUpdate:
    maxUnavailable: 1
    maxSurge: 1
  type: RollingUpdate

The strategy is similar to the what is done by cert-manager pods
and this will allow the pod to be scheduled.

Test Plan:

PASS: Deploy a stx.8.0 AIO-SX, build the OIDC tarball bumped-up,
perform the oidc-auth-app upgrade process manually. Check
if oidc-auth-app was successfully upgraded and if its pods are
running.

PASS: Deploy a stx.8.0 AIO-SX, configure the OIDC app, built an
ISO for stx.9.0, perform a full upgrade process from stx.8.0 to
stx.9.0 Check if oidc-auth-app was successfully upgraded.

Closes-Bug: 2067929

Change-Id: If432644e2781ad1dcbdf2b364203637b0329893c
Signed-off-by: Joaci Morais <joaci.demorais@windriver.com>
This commit is contained in:
Joaci Morais 2024-05-24 11:26:12 -03:00
parent 9c337fe0c9
commit 2930b099f2
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
helm-charts/custom/secret-observer-helm/debian/meta_data.yaml
View File

@ -7,6 +7,5 @@ src_files:
revision: revision:
dist: $STX_DIST dist: $STX_DIST
GITREVCOUNT: GITREVCOUNT:
stx_patch: 1 SRC_DIR: ${MY_REPO}/stx/helm-charts/secret-observer/secret-observer/helm-charts/secret-observer
SRC_DIR: ${MY_REPO}/stx/oidc-auth-armada-app/helm-charts/custom/secret-observer-helm/secret-observer-helm BASE_SRCREV: 57d1f3cbc390f72c503edc8744de718694b2549a
BASE_SRCREV: 2a5db63dc246d1e2cdbc964b40e7530c035b2b1e

8
stx-oidc-auth-helm/stx-oidc-auth-helm/fluxcd-manifests/dex/dex-static-overrides.yaml
View File

@ -1,5 +1,5 @@
# #
# Copyright (c) 2022-2023 Wind River Systems, Inc. # Copyright (c) 2022-2024 Wind River Systems, Inc.
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
@ -64,3 +64,9 @@ affinity:
values: values:
- dex - dex
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
strategy:
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
type: RollingUpdate