The application framework lifecycle constants were split into two
files, sysinv/helm/lifecycle_constants.py and sysinv/common/constants.py.
Aiming to facilitate the split of the application framework into a
separate application in the future, the review: https://review.opendev.org/c/starlingx/config/+/936252
moved the lifecycle variables to helm/lifecycle_contants file.
This commit updates all references that pointed to the lifecycles
constants at sysinv/common/constants.py file, changing them to point to
the new variables in sysinv/helm/lifecycle_contants.py
Test plan:
PASS: build-pkgs && build-image
PASS: AIO-SX fresh install
PASS: Upload, apply, remove, delete, update and upgrade portieris app.
Story: 2011242
Task: 51576
Depends-on: https://review.opendev.org/c/starlingx/config/+/936252
Change-Id: I8d5fc5dff877aa3915de612326d903fb92ce1ba1
Signed-off-by: Edson Dias <edson.dias@windriver.com>
This fixes the nonetype error seen during lifecycle hooks issued during
platform backup. An additional none check was added so that a none type
does not get passed to the rstrip function that caused the issue.
Test Plan:
PASS With the changes, no lifecycle error is caused by the portieris
app during platform backup.
PASS Portieris application sanity test
Closes-bug: 2087987
Change-Id: I4c7204f5aaa72871a5818be834249e7274cbaff7
Signed-off-by: Tae Park <tae.park@windriver.com>
The webhook from portieris is configured to fail if the app cannot
respond, as a safety measure. However, during upgrades, this causes
issues when portieris itself and the other apps are updated.
This change modifies the lifecycle from portieris to disable the
webhook upon a manual update. This is done by change the application's
overrides, that will be used to recreate the webhook upon apply.
It also creates another lifecycle action to remove the changes once
the app is updated.
Test plan:
PASS: Performed stx 8 -> stx 10 upgrade activation and portieris w/ no
overrides. Observed that after portieris update, the overrides are
changed and the webhook is disabled once the app is upgraded.
Observed that after completing the update, the overrides are
removed and the webhook is reconfigured to default value.
PASS: Performed stx 8 -> stx 10 upgrade activation and portieris w/
overrides for the webhook. Observed that after portieris update,
the overrides are changed and the webhook is disabled once the
app is upgraded. Observed that after completing the update, the
overrides are changed back to previous values and the webhook is
reconfigured to this values.
PASS: Deployed stx 10 and applied portieris. Tested basic functionality
w/ policy restrictive to unsigned images. Deployed two pods with
busybox image, one signed (allowed) and the other unsigned
(disallowed).
Story: 2010676
Task: 51215
Change-Id: Ie5012a205b51f2db2e5f3e75ed31a7cf1ccdd83d
Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com>
Making minor package issues for porteris. The changes include: remove
redundant .patch file in portieris-helm/files folder, update version
for portieris-helm helm chart by updating debver in meta_data.yaml
and adding new entry in the changelog.
Test Plan:
PASS Validate that the .patch file still existing in the correct
directory is applied in the package build
PASS Validate correct version for portieris-helm helm chart
PASS Application sanity test
Story: 2011086
Task: 50957
Change-Id: I163479beef8e1db7b3f72f18db09bbee7889e878
Signed-off-by: Tae Park <tae.park@windriver.com>
Adding support for configuring liveness and readiness probe times, and
changing the values from initial settings to lower the CPU usage. The
new values are configured in the static override file.
Test Plan:
PASS Validate new values for probes
PASS Application sanity test
Story: 2011086
Task: 50946
Change-Id: I2e65237f2ed8e6703a11155aa60f5c24a8d14222
Signed-off-by: Tae Park <tae.park@windriver.com>
Hardcoding the selector.matchLabels.app to "portieris" to match
spec.template.metadata.labels.app value in deployment.yaml. This should
allow the portieris pods to be cordonned properly, so that the
kubernetes upgrades can be done.
Test Plan:
PASS Build portieris application
PASS Application sanity test
PASS With the patch applied, perform a kubernetes upgrade on AIOSX
Closes-bug: 2078063
Change-Id: Ib1ef4d7cdde62bc29fa9534fb77bc82a0666bcdc
Signed-off-by: Tae Park <tae.park@windriver.com>
Right now, portieris app is using beta
versions of the Fluxcd and Helm APIs, and for
this reason, some warnings are being thrown.
This change aims to update api versions, removing
beta values following this logic:
Fluxcd:
- source.toolkit.fluxcd.io/v1beta1
+ source.toolkit.fluxcd.io/v1
Helm:
- helm.toolkit.fluxcd.io/v2beta1
+ helm.toolkit.fluxcd.io/v2
No changes to yaml file structure are required
for this change.
Test Plan:
PASS: Build ISO & Bootstrap AIO-SX.
PASS: Upload and apply portieris app.
PASS: Confirm that sysinv.log does not have any
warnings about beta versions related to
portieris.
Story: 2011129
Task: 50427
Change-Id: Ic7011c2522c1d1fbe03471cce95c8a457bf7d1b3
Signed-off-by: Edson Dias <edson.dias@windriver.com>
Upversioning portieris from v0.13.10 to v0.13.16.
Test Plan:
PASS Apply new verison of Portieris. Apply an imagepolicy.
Ensure that a signed image can be used and an unsigned
image is denied according to the imagepolicy.
PASS Remove all user created imagepolicies and try to use
the unsigned image. Ensure that by default,
unsigned images are allowed.
Story: 2011086
Task: 50292
Change-Id: I69bd056bd47949924e4ce8bea4f40ea1d06d7e96
Signed-off-by: Tae Park <tae.park@windriver.com>
Updating portieris for auto chart version incrementation. Restructuring
debian packaging, and separating portieris-certs into a new package.
Test Plan:
PASS Validate each chart builds from a clean build env
PASS Validate application tarball is created correctly
PASS Validate chart version increments by 1 for each change
PASS Validate application cycle (upload/apply/remove/delete) for
AIO-SX
Story: 2010929
Task: 50225
Change-Id: I8e6ce77b779f6c7ef4d4bad60f77e13cba53d867
Signed-off-by: Tae Park <tae.park@windriver.com>
Add the minimum Kubernetes version supported to the application metadata
file.
The minimum Kubernetes version is set to 1.24.4 and should be changed
accordingly for future application updates.
The "supported_k8s_version:minimum" field is optional but it will become
mandatory in the near future.
This also contains a fix to properly trigger the Tox metadata checks.
Test Plan
PASS: build-pkgs && build-image
PASS: Apply application
Story: 2010929
Task: 49499
Change-Id: I817f46f247c8de3dc2d25ad2c5b8e53e764649f7
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
This commit upversions Portieris to version 0.13.10. The upversioning
addresses CVEs in the previons (0.13.1) Portieris image.
The additional toleration is to allow Portieris pods to be scheduled.
Without it, application apply fails. The taint used to be "master"
in older releases, but has been changed to "control-plane". Keeping
both for backwards compatibility and upgrades.
Test Cases:
PASS: Apply new verison of Portieris. Apply an imagepolicy. Ensure
that a signed image can be used and an unsigned image is denied
according to the imagepolicy.
PASS: Remove all user created imagepolicies and try to use the
unsigned image. Ensure that by default, unsigned images are
allowed.
Closes-bug: 2051611
Change-Id: Id621d91ed41a705035713ff59439f59211e035f5
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
This change will automatically adjust versioning of the application
tarball and python plugins to reflect the same version reported by
SW_VERION in /etc/build.info.
Test plan:
PASS: build-pkgs -a & build-image
PASS: Confirm that the tarball version matches the platform version
PASS: Apply application
Story: 2010929
Task: 49348
Change-Id: If778a0e80a332ec15636f4f27ed245dfed09e8a3
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
Previously, in this review:
https://review.opendev.org/c/starlingx/portieris-armada-app/+/903790
Changes were made to eliminate extra APP metadata.yaml files,
however, the portieris-helm meatadata debian packaging meta_data.yaml
file reference the file which was removed. That effected the
build system. Removing this file from the meta_data.yaml
corrects the issue.
Test Plan:
PASS - Make sure stx build functions as normal during downloader
step.
Story: 2010929
Task: 49279
Change-Id: Ie10d1297692948494da2f29998bb7e76808c590b
Signed-off-by: Reed, Joshua <Joshua.Reed@windriver.com>
Modify code to conform to flake8 and pylint.
Jobs are now flake8, pylint, py39 and metadata.
Test Plan
PASS - All zuul jobs pass as expected.
Story: 2010929
Task: 49279
Change-Id: I7e105edccbff006423ada7ab1f99449822dd09bc
Signed-off-by: Reed, Joshua <Joshua.Reed@windriver.com>
The py39 job was mis-named and was using the wrong
file filter pattern to trigger it from running.
The test_helm base unit test class was removed from sysinv,
as part of remove-armada-helmv2 work in March
so adding stub unit tests so tox will not report an
empty test run.
pylint directives are now updated based on the debian
upper constraints, and the unit tests are now validated
by pylint.
tox.ini is cleaned up since python3 is now the only
supported version of python
These changes have no runtime impact. This only
affects tox and zuul.
Test Plan:
PASS: build-pkgs -c -p python3-k8sapp-portieris
PASS: tox
Closes-Bug: #2024005
Related-Bug: #1942909
Change-Id: Iece6e78a98b30111cadb62156e413dd19dd62a37
Signed-off-by: Al Bailey <al.bailey@windriver.com>
This commit enables auto_update for the Portieris application.
This will automatically update the application if a new tarball
is patched to an existing system
Test Cases:
PASS: Build load with this change. Make another change to boost
portieris application version. Apply portieris. Replace
portieris tarball with the boosted version. Ensure that
system application-show and system application-list shows
that the application has been updated to the new version
Story: 2010628
Task: 47926
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Change-Id: Ic567b42b6864a2e9a009453788f9e963116ff910
Updating the rsa ssh host key based on:
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
Note: In the future, StarlingX should have a zuul job and
secret setup for all repos so we do not need to do this
for every repo.
Needed to rename the secret, because zuul fails if like-named
secrets have diffent values in different branches of the same
repo.
Partial-Bug: #2015246
Change-Id: I0f5167d84feb90ad6473f461ae9a824042779247
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Add support to 'app.starlingx.io/component' to be overwritten
by user override, with possible values being 'platform' and
'application'. With 'platform' being the default value.This
change will also restart the pods if the label in namespace
change.
Test Plan:
PASS: Install portieris and check with 'kubectl edit namespace
portieris' if the 'app.starlingx.io/component' with value
'platform'.
PASS: Add 'app.starlingx.io/component: application' to user override
and check if 'app.starlingx.component' changes to 'application'.
PASS: Use 'system application-apply portieris' when there is a change
to be applied to 'app.starlingx.component' and verify if the pod
is restarted.
PASS: Change the 'app.starlingx.io/component' to a not supported value
during user override apply and verify if 'app.starlingx.io/component'
still 'platform' or 'application'.
PASS: Run tox.ini tests to the current patch of this review.
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Change-Id: If215ed95c3d0d57b3555019880b90baa7e2e22b8
The Debian packaging meta_data file has been changed to reflect all the
latest git commits under the directory, pointed as usable, and to
improve pkg-versioning addressing the first commit as start point to
build packages.
This ensures that any new code submissions under those
directories will increment the versions.
The commit SHA b2f895c371 was chosen to be the BASE_SRCREV of the
portieris-helm's metadata because is the commit that points to the
start of "portieris-helm" directory. The PKG_GITREVCOUNT is set to
true to count git revisions relative to portieris-helm's folder.
(portieris-helm version updated from .stx.4 to .stx.13)
The previous commit SHA chosen to be the BASE_SRCREV of the
python3-k8sapp-portieris's metadata points to the first commit of the
repository. Instead of using this commit SHA, 0677d5def2 was chosen to
be the BASE_SRCREV because is the commit that introduces the package
to the project.
(python3-k8sapp-portieris version was modified from .stx.51 to .stx.52)
The previous commit SHA chosen to be the BASE_SRCREV of the
stx-portieris-helm's metadata points to the first commit of the
repository. Instead of using this commit SHA,b2f895c371 was chosen to
be the BASE_SRCREV of the metadata because is the commit that points
to the start of "stx-portieris-helm" directory. The commit SHA
d0c56528d2 was chosen to be the FILES_GITREVCOUNT of this package
because is the commit that adds the "helm-charts" directory of the
repository referenced in the "src_files".
It is added both GITREVCOUNT and FILES_GITREVCOUNT to calculate the
relevant git commits of "src_path" and "src_files" to this package's
revision.
(stx-portieris-helm version was modified from .stx.51 to .stx.52)
stx_patch is added to revision section to maintain the upversioning of
python3-k8sapp-portieris and stx-portieris-helm packages.
Test Plan:
PASS: Verify packages versions are updated as expected
PASS: build-pkgs -c -p portieris-helm
PASS: build-pkgs -c -p python3-k8sapp-portieris
PASS: build-pkgs -c -p stx-portieris-helm
Story: 2010550
Task: 47499
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
Change-Id: I827955199b38674dae8ca8cb7c9dd7c8e8caa21d
Currently, the debian build system produces a debian package version
with the format: "1.0-1.stx.<revision>"
The rules file then parses this deb pkg version at build time
to produce the app tarball version, which always comes up to
be "1.0-1" at this time [1]. This commit changes the app tarball
version calculation so that the resulting tarball version will
be "1.0-<revision>" [2].
This correction is necessary because the application framework
cannot update an app between instances with the same version.
This commit is part of a set of commits updating the app tarball
version calculation to all apps based off of [3].
[1]: /usr/local/share/applications/helm/<APPNAME>-1.0-1.tgz
[2]: /usr/local/share/applications/helm/<APPNAME>-1.0-<N>.tgz
[3]: https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/872628
Test Plan:
pass - build-pkg
pass - tarball version updated
Story: 2010542
Task: 47529
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: Ie6b80807fd4d127e4c61a51e8b21b4b95f2b304f
Fixed versioning and adjusted some build files
to bring them as close to a standard as possible.
- Removed centos files
- Added version tracking via PKG_GITREVCOUNT
- Fixed mismatch in plugin name, set to python3-k8sapp-<app>
- Standardized plugin debian files (rules, *.install)
- Plugin wheels saved to /plugin instead of /plugin/<app>
Test Plan:
PASS - Build-pkgs -a
PASS - Build-image
PASS - Install, bootstrap, unlock
PASS - app tarball contains wheel file
PASS - wheel versioning updated properly
Story: 2010542
Task: 47190
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I1532a8281868b1d921f3f23658ccef294235e636
This commit upversions the portieris helm charts to 0.13.1,
which is the newest version at the time. This commit also aligns
our patches to the new helm charts.
- the issues addessed by patch 0001 has been merged upstream, so
the patch was removed
- tolerations and image pull secrets are handled by helm overrides
so the patches were removed
- some patches on code that have been removed upstream were removed
The behavior for portieris changed a bit since our old version.
In the old version, the default behavior is to allow all deployments.
Namespaces with an imagepolicy will follow that imagepolicy.
In the new version(0.13.1), the default behavior is to deny all
deployments. This commit adds a permissive cluster image policy
to allow all deployments, keeping it in line with the old behavior
and preventing any interference with things like kube-system and
our other applications.
Test Cases:
PASS: Build new ISO and ensure the new application tarball uses the
new v0.13.1 helm charts
PASS: Apply portieris and ensure it uses the new v0.13.1 image
PASS: Apply an imagepolicy. Ensure a signed image can be deployed
in a pod and an unsigned image cannot be deployed in a pod
PASS: remove and reapply application
Story: 2010394
Task: 47071
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Change-Id: Ica6efa081a7b2c1e1358add609b274d6b121bb12
This change will allow this repo to pass zuul now
that this has merged:
https://review.opendev.org/c/zuul/zuul-jobs/+/866943
Tox 4 deprecated whitelist_externals.
Replace whitelist_externals with allowlist_externals
Partial-Bug: #2000399
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ib19e9522e005531fceb87a74d86222ac222377b1
Set reconciliation interval for all flux helm resources to 1m
to allow it to manage resources by itself in a reasonable time
interval.
Test Plan (tested as part of [1]):
PASS: bootstrap
PASS: unlocked enabled available
PASS: apps applied
PASS: inspect flux pod logs for errors
PASS: re-test known trigger for 1996747 and 1995748
PASS: re-test known trigger 1997368
[1] https://review.opendev.org/c/starlingx/config/+/866862
Partial-Bug: 1999032
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I514c719106ca7cff29bbf75a09f45fb6e4fb6366
Move the packages of "portieris-armada-app" from stx-std.lst
to debian_iso_image.inc
A subsequent commit will be sent to clean up stx-std.lst.
Test Plan:
Pass: build-pkgs -c -a
Pass: build-image
Pass: boot
Story: 2008862
Task: 46924
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I8c202a80e1ec6a2c05291007c94aa728fbb70568
Upstream has deprecated 'node-role.kubernetes.io/master'
to use 'node-role.kubernetes.io/control-plane' in k8s 1.24.
Platform and applications need to be updated to use 'control-plane'
with nodeSelector/Tolerations so we may move away from 'master'.
This updates pod Tolerations to support both:
- 'node-role.kubernetes.io/master'
- 'node-role.kubernetes.io/control-plane'
Created new patch file to add Tolerations for deployment and jobs
Note: Portieris is not supported in the current release so we just
need the code inspection for now.
Story: 2010301
Task: 46676
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
Change-Id: Ic41f7702c3b017ad2dc5c8666184970c94ccee41
The ubuntu-jammy nodeset gets selected by default
and is causing problems during setup.
Collecting cffi>=1.1
Failed to build cffi
ubuntu-bionic works if using stein upper-constraints.
ubuntu-focal works if using the debian upper-constraints.
Need to update a file that is monitored by zuul
in order to trigger the failing zuul jobs.
Partial-Bug: 1994843
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ib6180ec2143526d1f1819a47dc47adc5f27aeb57
As part of Armada deprecation we need to remove all Armada application
builds for all applications that have been migrated to FluxCD.
This patch removes the armada app build from centos and debian.
TEST PLAN:
PASS: Build centos
PASS: Build debian
PASS: deb package does not have armada tarball
PASS: rpm package does not have armada tarball
PASS: FluxCD tarball is unchanged
Story: 2009138
Task: 46095
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: If9b8f0394940fe3802b557626f3ed773e6f616f4
The pip team is planning to depreciate the
'--use-deprecated legacy-resolver'install option.
While a firm date has yet to be set, We need to be
ready for the change.
Test Plan*:
PASS: Verified that tox runs without issues
PASS: Generate portieris package.
PASS: Upload and apply portieris package and check if pod
is running.
Note(*): Tested on kubernetes 1.21.8
Closes-bug: 1966072
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Change-Id: Ifc48062f95f3bc44de4a1e1703f9e04b8118d430
Test Cases:
PASS: Check deb install and application upload + apply on debian
PASS: Perform simple functional test on debian
PASS: Check application remove and delete on debian
Logs: https://paste.opendev.org/show/bUDc0XfuXHLAZByl6m2G/
Story: 2009138
Task: 44647
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Change-Id: I48b240399bdb26dd7e1456ddeb6c273035838b59
This commit switches portieris to use the fluxcd app by default and
also preserves the armada app on the build for future tests.
TEST PLAN
PASS Build iso and verify apps
PASS Upload
PASS Apply
PASS Verify resources
PASS Remove
PASS Delete
Logs: https://paste.opendev.org/show/bmdUjzPBcSE32jx1Tfjr/
Story: 2009138
Task: 45348
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: If26df1a928c1fb047cf04098e5ee8384a924eb84
Add new manifest files to the Portieris app to enable FluxCD support.
The new spec will now generate 2 rpms:
- the original one that contains the armada manifest yaml
- a new one that contains the new FluxCD yaml
TEST PLAN:
- build, ISO image includes in progress fluxcd commits
- verify the armada app version of Portieris
- verify the fluxcd app version of Portieris
- test case for both includes asserting that Portieris is effective at
enforcing an example policy
The following are soft dependancies (dependancies for fluxcd), the
commit has no depends unless fluxcd is enabled:
- application framework for fluxcd
- https://review.opendev.org/c/starlingx/ansible-playbooks/+/828592
Story: 2009138
Task: 44619
Change-Id: Ie88de7506d411b63349012b4c2e1b48be9dfc2a9
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
Replace dl_hook with "src_path" and "src_files"
Test Plan:
Pass: successfully build stx-portieris-helm
Pass: No difference comparing with the result of dl_hook
Story: 2009101
Task: 43845
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I498c7b00e46b1687c080cf53db8e42c0faeefa92
Add "dl_path" to download the source tarball.
Add "src_files" to copy local files to build directory.
Copy patches to deb_folder/patches, and remove the patching commands
from rules.
Remove dl_hook.
Test Plan:
Pass: successfully build portieris-helm
Pass: No difference comparing with the result of dl_hook
Story: 2009101
Task: 43845
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I128bac3c74e791458d4fcac6d437653abc322206
A toleration needs to be added to all resources that creates pods since
the node-role.kubernetes.io/master taint will be restored to all master
nodes. This will ensure that the pods will run on the master node.
Tested in an AIO-SX by enabling the taint and:
- Deleting pods
- Performing an application update
- Removing and reinstalling the application
- Deleting the MutatingWebhookConfiguration and reapplying the app
In every case mentioned the resources would come up again.
Story: 2009232
Task: 43347
Change-Id: Ida1a152d86fe0bed34a7877644fdc350b3c3698f
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
Due to a recent change in fm-api's directory structure, unit tests would
fail since the virtualenv would not be able to find fm-api/setup.py.
Adjust the tox.ini to point to the correct directory. Tested locally
by running tox.ini.
Depends-On: https://review.opendev.org/c/starlingx/fault/+/806046
Story: 2009101
Task: 43091
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I19a40c00cb024681fc40a0b59096af4ea790522e
The webhooks will not run as root with pod security policies enabled.
The error reported is "container has runAsNonRoot and image will run as
root".
Use the same securityContext as Portieris chart; run as 'portieris'
service account (Values.securityContext.runAsUser)
Fix subsequent jobs that fail with the absent securityContext,
permissions necessary to run those jobs. Add the 'patch' verb to
customresourcedefinitions for portieris service account.
Depends-On: I4682765efddc217e792b37c659ae5833379bf054
Closes-Bug: 1895722
Change-Id: I8b5206cb6fadd029e6597e3da2b85857133ea95e
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
Backup & Restore with portieris app fail at controller restore because
its helm chart creates a mutating webhook configuration that blocks pods
creation if the portieris pod isn't running.
The proposed solution is to use the lifecycle operator to delete the
mutating webhook before the backup. With this, the backup of the etcd
etcd database will not contain the webhook and the restore will succeed.
Note that this checks if the mutating webhook is currently present on
the system and after backup and after restore, if necessary, the
portieris app is reapplied in order to recreate the mutating webhook
configuration.
Tested on an AIO-SX by applying portieris and backing up and restoring
the system (with and without the mutating webhook).
Partial-Bug: 1890630
Change-Id: I828deeddccae52b702f11c751775d47170c9ff1e
Depends-on: I4682765efddc217e792b37c659ae5833379bf054
Depends-on: I84cd8afc09c504f7278e57ccce1c089415627620
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
