oidc-auth-armada-app

History

Joaci Morais 2930b099f2 Fix oidc-auth-apps upgrade. This commit fixes two issues: 1 - In meta_data.yml the BASE_SRCREV was pointing to a stx.8.0 commit, not allowing the secret-observer helm-chart version to be automatically detected. 2 - During upgrade the new dex pod was stuck in a pending status and never been allow to be scheduled due a podAntiAffinity rule. This rule was ineffective because of a missing label issue fixed by this commit: https://review.opendev.org/c/starlingx/oidc-auth-armada-app/+/913336 The bug being fixed here is a side effect of the above commit. The dex deployment object rollingUpdate strategy was 25% on both maxUnavailable and maxSurge which for one replica would result in 0, not allowing any pod to be scheduled. The maxUnavailable of 1, allows the old pod to be terminated before being replaced by the new one. was: strategy: rollingUpdate: maxUnavailable: 25% maxSurge: 25% type: RollingUpdate now: strategy: rollingUpdate: maxUnavailable: 1 maxSurge: 1 type: RollingUpdate The strategy is similar to the what is done by cert-manager pods and this will allow the pod to be scheduled. Test Plan: PASS: Deploy a stx.8.0 AIO-SX, build the OIDC tarball bumped-up, perform the oidc-auth-app upgrade process manually. Check if oidc-auth-app was successfully upgraded and if its pods are running. PASS: Deploy a stx.8.0 AIO-SX, configure the OIDC app, built an ISO for stx.9.0, perform a full upgrade process from stx.8.0 to stx.9.0 Check if oidc-auth-app was successfully upgraded. Closes-Bug: 2067929 Change-Id: If432644e2781ad1dcbdf2b364203637b0329893c Signed-off-by: Joaci Morais <joaci.demorais@windriver.com>	2024-06-04 13:53:38 -03:00
..
debian	Fix oidc-auth-apps upgrade.	2024-06-04 13:53:38 -03:00
secret-observer-helm	Auto-increment chart versions	2024-03-05 13:45:03 -07:00

Joaci Morais 2930b099f2 Fix oidc-auth-apps upgrade.

This commit fixes two issues:

1 - In meta_data.yml the BASE_SRCREV was pointing to a stx.8.0
commit, not allowing the secret-observer helm-chart version to be
automatically detected.

2 - During upgrade the new dex pod was stuck in a pending status and
never been allow to be scheduled due a podAntiAffinity rule.

This rule was ineffective because of a missing label issue fixed by
this commit:
https://review.opendev.org/c/starlingx/oidc-auth-armada-app/+/913336
The bug being fixed here is a side effect of the above commit.

The dex deployment object rollingUpdate strategy was 25% on both
maxUnavailable and maxSurge which for one replica would result in 0,
not allowing any pod to be scheduled. The maxUnavailable of 1, allows
the old pod to be terminated before being replaced by the new one.

was:

strategy:
  rollingUpdate:
    maxUnavailable: 25%
    maxSurge: 25%
  type: RollingUpdate

now:

strategy:
  rollingUpdate:
    maxUnavailable: 1
    maxSurge: 1
  type: RollingUpdate

The strategy is similar to the what is done by cert-manager pods
and this will allow the pod to be scheduled.

Test Plan:

PASS: Deploy a stx.8.0 AIO-SX, build the OIDC tarball bumped-up,
perform the oidc-auth-app upgrade process manually. Check
if oidc-auth-app was successfully upgraded and if its pods are
running.

PASS: Deploy a stx.8.0 AIO-SX, configure the OIDC app, built an
ISO for stx.9.0, perform a full upgrade process from stx.8.0 to
stx.9.0 Check if oidc-auth-app was successfully upgraded.

Closes-Bug: 2067929

Change-Id: If432644e2781ad1dcbdf2b364203637b0329893c
Signed-off-by: Joaci Morais <joaci.demorais@windriver.com>

2024-06-04 13:53:38 -03:00

debian

Fix oidc-auth-apps upgrade.

2024-06-04 13:53:38 -03:00

secret-observer-helm

Auto-increment chart versions

2024-03-05 13:45:03 -07:00