Commit Graph

62 Commits (master)

Author SHA1 Message Date
Al Bailey 53dbb19a52 Include py39 tests as part of zuul for this repo
The py39 job was mis-named and was using the wrong
file filter pattern to trigger it from running.

The test_helm base unit test class was removed from sysinv,
as part of remove-armada-helmv2 work in March
so adding stub unit tests so tox will not report an
empty test run.

pylint directives are now updated based on the debian
upper constraints, and the unit tests are now validated
by pylint.

tox.ini is cleaned up since python3 is now the only
supported version of python

These changes have no runtime impact. This only
affects tox and zuul.

Test Plan:
  PASS: build-pkgs -c -p python3-k8sapp-portieris
  PASS: tox

Closes-Bug: #2024005
Related-Bug: #1942909
Change-Id: Iece6e78a98b30111cadb62156e413dd19dd62a37
Signed-off-by: Al Bailey <al.bailey@windriver.com>
2023-06-15 18:26:31 +00:00
Rahul Roshan Kachchap 06daaf3f37 Fixed script to include portieris-certs helm chart
Updated script to include portieris-certs
helm chart which was missing from the tarball.

PASS: Build pkgs
PASS: system-application apply portieris

Story: 2010590
Task: 47768

Change-Id: Ia5262bc64071336429c432574626b5606e721b2f
Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
2023-05-11 18:01:13 +00:00
Zuul 6e56e5dc8e Merge "Enable application auto_update" 2023-05-03 14:12:22 +00:00
Jerry Sun 5379f449f3 Enable application auto_update
This commit enables auto_update for the Portieris application.
This will automatically update the application if a new tarball
is patched to an existing system

Test Cases:

PASS: Build load with this change. Make another change to boost
      portieris application version. Apply portieris. Replace
      portieris tarball with the boosted version. Ensure that
      system application-show and system application-list shows
      that the application has been updated to the new version

Story: 2010628
Task: 47926

Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Change-Id: Ic567b42b6864a2e9a009453788f9e963116ff910
2023-05-02 10:01:16 -04:00
Davlet Panech d9774a950b Fix github mirroring for this repo
Updating the rsa ssh host key based on:
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

Note: In the future, StarlingX should have a zuul job and
secret setup for all repos so we do not need to do this
for every repo.

Needed to rename the secret, because zuul fails if like-named
secrets have diffent values in different branches of the same
repo.

Partial-Bug: #2015246
Change-Id: I0f5167d84feb90ad6473f461ae9a824042779247
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
2023-04-28 12:38:52 -04:00
Zuul e7aabfcce3 Merge "Add label 'app.starlingx.io/component=platform' to namespace" 2023-04-10 20:48:20 +00:00
Karla Felix 52b1721376 Add label 'app.starlingx.io/component=platform' to namespace
Add support to 'app.starlingx.io/component' to be overwritten
by user override, with possible values being 'platform' and
'application'. With 'platform' being the default value.This
change will also restart the pods if the label in namespace
change.

Test Plan:

PASS: Install portieris and check with 'kubectl edit namespace
      portieris' if the 'app.starlingx.io/component' with value
      'platform'.
PASS: Add 'app.starlingx.io/component: application' to user override
      and check if 'app.starlingx.component' changes to 'application'.
PASS: Use 'system application-apply portieris' when there is a change
      to be applied to 'app.starlingx.component' and verify if the pod
      is restarted.
PASS: Change the 'app.starlingx.io/component' to a not supported value
      during user override apply and verify if 'app.starlingx.io/component'
      still 'platform' or 'application'.
PASS: Run tox.ini tests to the current patch of this review.

Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Change-Id: If215ed95c3d0d57b3555019880b90baa7e2e22b8
2023-04-10 15:16:34 -03:00
Rahul Roshan Kachchap 0595fa9c4b Remove psp-rolebinding from portieris-aramda-app
Removed the psp-rolebinding helm chart from being
packaged as part of portieris-armada-app.

PASS: Build pkgs
PASS: system-application apply portieris
PASS: application pkg doesn't consist psp-rolebinding
      helm chart

Story: 2010590
Task: 47768

Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
Change-Id: I9a5c6c8900c0b9793a2313d3065356ec0333ddb2
2023-04-01 02:57:46 -04:00
Zuul 064e0223f7 Merge "Update debian packages for pkg-versioning" 2023-03-20 19:00:38 +00:00
Manoel Benedito Neto 744ce465ce Update debian packages for pkg-versioning
The Debian packaging meta_data file has been changed to reflect all the
latest git commits under the directory, pointed as usable, and to
improve pkg-versioning addressing the first commit as start point to
build packages.

This ensures that any new code submissions under those
directories will increment the versions.

The commit SHA b2f895c371 was chosen to be the BASE_SRCREV of the
portieris-helm's metadata because is the commit that points to the
start of "portieris-helm" directory. The PKG_GITREVCOUNT is set to
true to count git revisions relative to portieris-helm's folder.
(portieris-helm version updated from .stx.4 to .stx.13)

The previous commit SHA chosen to be the BASE_SRCREV of the
python3-k8sapp-portieris's metadata points to the first commit of the
repository. Instead of using this commit SHA, 0677d5def2 was chosen to
be the BASE_SRCREV because is the commit that introduces the package
to the project.
(python3-k8sapp-portieris version was modified from .stx.51 to .stx.52)

The previous commit SHA chosen to be the BASE_SRCREV of the
stx-portieris-helm's metadata points to the first commit of the
repository. Instead of using this commit SHA,b2f895c371 was chosen to
be the BASE_SRCREV of the metadata because is the commit that points
to the start of "stx-portieris-helm" directory. The commit SHA
d0c56528d2 was chosen to be the FILES_GITREVCOUNT of this package
because is the commit that adds the "helm-charts" directory of the
repository referenced in the "src_files".

It is added both GITREVCOUNT and FILES_GITREVCOUNT to calculate the
relevant git commits of "src_path" and "src_files" to this package's
revision.
(stx-portieris-helm version was modified from .stx.51 to .stx.52)

stx_patch is added to revision section to maintain the upversioning of
python3-k8sapp-portieris and stx-portieris-helm packages.

Test Plan:
PASS: Verify packages versions are updated as expected
PASS: build-pkgs -c -p portieris-helm
PASS: build-pkgs -c -p python3-k8sapp-portieris
PASS: build-pkgs -c -p stx-portieris-helm

Story: 2010550
Task: 47499

Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
Change-Id: I827955199b38674dae8ca8cb7c9dd7c8e8caa21d
2023-03-16 22:28:28 +00:00
Leonardo Fagundes Luz Serrano 707f564b7f Updated app tarball version
Currently, the debian build system produces a debian package version
with the format: "1.0-1.stx.<revision>"

The rules file then parses this deb pkg version at build time
to produce the app tarball version, which always comes up to
be "1.0-1" at this time [1]. This commit changes the app tarball
version calculation so that the resulting tarball version will
be "1.0-<revision>" [2].

This correction is necessary because the application framework
cannot update an app between instances with the same version.

This commit is part of a set of commits updating the app tarball
version calculation to all apps based off of [3].

[1]: /usr/local/share/applications/helm/<APPNAME>-1.0-1.tgz
[2]: /usr/local/share/applications/helm/<APPNAME>-1.0-<N>.tgz

[3]: https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/872628

Test Plan:
pass - build-pkg
pass - tarball version updated

Story: 2010542
Task: 47529

Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: Ie6b80807fd4d127e4c61a51e8b21b4b95f2b304f
2023-03-02 14:50:08 -03:00
Leonardo Fagundes Luz Serrano 3bfc502572 Standardize app configs
Fixed versioning and adjusted some build files
to bring them as close to a standard as possible.

- Removed centos files
- Added version tracking via PKG_GITREVCOUNT
- Fixed mismatch in plugin name, set to python3-k8sapp-<app>
- Standardized plugin debian files (rules, *.install)
- Plugin wheels saved to /plugin instead of /plugin/<app>

Test Plan:
PASS - Build-pkgs -a
PASS - Build-image
PASS - Install, bootstrap, unlock
PASS - app tarball contains wheel file
PASS - wheel versioning updated properly

Story: 2010542
Task: 47190

Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I1532a8281868b1d921f3f23658ccef294235e636
2023-01-24 11:24:23 -03:00
Zuul 5c5c967215 Merge "Upversion helm charts to v0.13.1" 2023-01-24 13:24:22 +00:00
Jerry Sun ad30826ea0 Upversion helm charts to v0.13.1
This commit upversions the portieris helm charts to 0.13.1,
which is the newest version at the time. This commit also aligns
our patches to the new helm charts.
- the issues addessed by patch 0001 has been merged upstream, so
  the patch was removed
- tolerations and image pull secrets are handled by helm overrides
  so the patches were removed
- some patches on code that have been removed upstream were removed

The behavior for portieris changed a bit since our old version.
In the old version, the default behavior is to allow all deployments.
Namespaces with an imagepolicy will follow that imagepolicy.
In the new version(0.13.1), the default behavior is to deny all
deployments. This commit adds a permissive cluster image policy
to allow all deployments, keeping it in line with the old behavior
and preventing any interference with things like kube-system and
our other applications.

Test Cases:

PASS: Build new ISO and ensure the new application tarball uses the
      new v0.13.1 helm charts
PASS: Apply portieris and ensure it uses the new v0.13.1 image
PASS: Apply an imagepolicy. Ensure a signed image can be deployed
      in a pod and an unsigned image cannot be deployed in a pod
PASS: remove and reapply application

Story: 2010394
Task: 47071
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Change-Id: Ica6efa081a7b2c1e1358add609b274d6b121bb12
2023-01-20 14:23:27 -05:00
Al Bailey 8bf9693737 Update tox.ini to work with tox 4
This change will allow this repo to pass zuul now
that this has merged:
https://review.opendev.org/c/zuul/zuul-jobs/+/866943

Tox 4 deprecated whitelist_externals.
Replace whitelist_externals with allowlist_externals

Partial-Bug: #2000399

Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ib19e9522e005531fceb87a74d86222ac222377b1
2022-12-23 16:06:59 +00:00
Leonardo Fagundes Luz Serrano 98f856811d appfwk: set flux reconciliation interval to 1m
Set reconciliation interval for all flux helm resources to 1m
to allow it to manage resources by itself in a reasonable time
interval.

Test Plan (tested as part of [1]):
PASS: bootstrap
PASS: unlocked enabled available
PASS: apps applied
PASS: inspect flux pod logs for errors
PASS: re-test known trigger for 1996747 and 1995748
PASS: re-test known trigger 1997368

[1] https://review.opendev.org/c/starlingx/config/+/866862

Partial-Bug: 1999032

Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I514c719106ca7cff29bbf75a09f45fb6e4fb6366
2022-12-07 19:30:52 +00:00
Yue Tao 9c0c3f57bc portieris-armada-app: update debian_iso_image.inc
Move the packages of "portieris-armada-app" from stx-std.lst
to debian_iso_image.inc

A subsequent commit will be sent to clean up stx-std.lst.

Test Plan:

Pass: build-pkgs -c -a
Pass: build-image
Pass: boot

Story: 2008862
Task: 46924

Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I8c202a80e1ec6a2c05291007c94aa728fbb70568
2022-11-23 11:21:08 +08:00
Zuul 960e9eddf6 Merge "Fix zuul failures during setup" 2022-11-15 12:39:14 +00:00
Boovan Rajendran 88ee0c59df Use control-plane label for Tolerations
Upstream has deprecated 'node-role.kubernetes.io/master'
to use 'node-role.kubernetes.io/control-plane' in k8s 1.24.

Platform and applications need to be updated to use 'control-plane'
with nodeSelector/Tolerations so we may move away from 'master'.

This updates pod Tolerations to support both:
- 'node-role.kubernetes.io/master'
- 'node-role.kubernetes.io/control-plane'

Created new patch file to add Tolerations for deployment and jobs

Note: Portieris is not supported in the current release so we just
need the code inspection for now.

Story: 2010301
Task: 46676

Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
Change-Id: Ic41f7702c3b017ad2dc5c8666184970c94ccee41
2022-10-31 06:26:55 -04:00
Al Bailey a2afedf732 Fix zuul failures during setup
The ubuntu-jammy nodeset gets selected by default
and is causing problems during setup.

Collecting cffi>=1.1
Failed to build cffi

ubuntu-bionic works if using stein upper-constraints.
ubuntu-focal works if using the debian upper-constraints.

Need to update a file that is monitored by zuul
in order to trigger the failing zuul jobs.

Partial-Bug: 1994843

Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ib6180ec2143526d1f1819a47dc47adc5f27aeb57
2022-10-28 19:42:08 +00:00
Lucas Cavalcante c89631891d Remove portieris armada app build
As part of Armada deprecation we need to remove all Armada application
builds for all applications that have been migrated to FluxCD.

This patch removes the armada app build from centos and debian.

TEST PLAN:
PASS: Build centos
PASS: Build debian
PASS: deb package does not have armada tarball
PASS: rpm package does not have armada tarball
PASS: FluxCD tarball is unchanged

Story: 2009138
Task: 46095

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: If9b8f0394940fe3802b557626f3ed773e6f616f4
2022-08-24 11:44:35 -03:00
Karla Felix e7374ffceb Remove --use-deprecated legacy-resolver flag
The pip team is planning to depreciate the
'--use-deprecated legacy-resolver'install option.
While a firm date has yet to be set, We need to be
ready for the change.

Test Plan*:

PASS: Verified that tox runs without issues
PASS: Generate portieris package.
PASS: Upload and apply portieris package and check if pod
      is running.

Note(*): Tested on kubernetes 1.21.8

Closes-bug: 1966072
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Change-Id: Ifc48062f95f3bc44de4a1e1703f9e04b8118d430
2022-07-04 19:10:51 +00:00
Rei Oliveira 4115b571f9 Debian: Add fluxcd app for portieris
Test Cases:

PASS: Check deb install and application upload + apply on debian
PASS: Perform simple functional test on debian
PASS: Check application remove and delete on debian

Logs: https://paste.opendev.org/show/bUDc0XfuXHLAZByl6m2G/

Story: 2009138
Task: 44647
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Change-Id: I48b240399bdb26dd7e1456ddeb6c273035838b59
2022-05-20 17:29:07 -03:00
Thiago Brito 411f242860 Use fluxcd app by default for portieris
This commit switches portieris to use the fluxcd app by default and
also preserves the armada app on the build for future tests.

TEST PLAN
PASS Build iso and verify apps
PASS Upload
PASS Apply
PASS Verify resources
PASS Remove
PASS Delete

Logs: https://paste.opendev.org/show/bmdUjzPBcSE32jx1Tfjr/

Story: 2009138
Task: 45348

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: If26df1a928c1fb047cf04098e5ee8384a924eb84
2022-05-12 21:00:08 -03:00
Thiago Brito 1195828b58 Fix portieris-app to use upversioned cert-manager
On [1] and [2] cert-manager was migrated to fluxcd and upversioned
to version 1.7.1, but the portieris helm-charts are still creating
CRs with apiVersion v1beta2. This commit fixes it and also fixes
rendering issues for helmv3.

[1] https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/831956
[2] https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/838590


TEST PLAN
PASS build portieris-fluxcd app
PASS Upload
PASS Apply (verified created resources)
PASS Remove
PASS Delete

Logs: https://paste.opendev.org/show/b7dk5CFwtJEtBp8cLAXD/
Cluster State: https://paste.opendev.org/show/bvpBXWhU1GNlOlVuaz6H/

Story: 2009837
Task: 45333

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Ic97e1af44d983044b8e93212459625238a3b6c27
2022-05-11 12:40:48 +00:00
Michel Thebeau add76dfffb Add FluxCD version of the Portieris app
Add new manifest files to the Portieris app to enable FluxCD support.

The new spec will now generate 2 rpms:
- the original one that contains the armada manifest yaml
- a new one that contains the new FluxCD yaml

TEST PLAN:
- build, ISO image includes in progress fluxcd commits
- verify the armada app version of Portieris
- verify the fluxcd app version of Portieris
- test case for both includes asserting that Portieris is effective at
  enforcing an example policy

The following are soft dependancies (dependancies for fluxcd), the
commit has no depends unless fluxcd is enabled:
 - application framework for fluxcd
 - https://review.opendev.org/c/starlingx/ansible-playbooks/+/828592

Story: 2009138
Task: 44619

Change-Id: Ie88de7506d411b63349012b4c2e1b48be9dfc2a9
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2022-02-28 17:12:53 -05:00
Zuul 653fb1e519 Merge "stx-portieris-helm: remove dl_hook" 2022-01-25 16:30:29 +00:00
Yue Tao 5dd831b1e1 stx-portieris-helm: remove dl_hook
Replace dl_hook with "src_path" and "src_files"

Test Plan:

Pass: successfully build stx-portieris-helm
Pass: No difference comparing with the result of dl_hook

Story: 2009101
Task: 43845

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I498c7b00e46b1687c080cf53db8e42c0faeefa92
2022-01-19 14:30:09 +08:00
Yue Tao 042a2867b7 portieris-helm: remove dl_hook
Add "dl_path" to download the source tarball.

Add "src_files" to copy local files to build directory.

Copy patches to deb_folder/patches, and remove the patching commands
from rules.

Remove dl_hook.

Test Plan:

Pass: successfully build portieris-helm
Pass: No difference comparing with the result of dl_hook

Story: 2009101
Task: 43845

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I128bac3c74e791458d4fcac6d437653abc322206
2022-01-17 10:35:17 +08:00
Tracey Bogue 903861605a Add Debian packaging for portieris app
Create Debian packages for portieris-helm, python-k8sapp-portieris
and stx-portieris-helm packages.

Story: 2009101
Task: 43845

Signed-off-by: Tracey Bogue <tracey.bogue@windriver.com>
Change-Id: I7631737c9b8e5074db5b29c7b3e7f7b7d34e926e
2021-12-03 09:26:54 -06:00
Scott Little 2a190a253c Add debian_build_layer.cfg file
Story: 2008862

Task: 43154
Signed-off-by: Scott Little <scott.little@windriver.com>
Change-Id: I2d350a5604549c5d727c9e40695187636170ba8b
2021-10-05 14:10:42 -04:00
Zuul 4eafa3f4cd Merge "Add toleration to Portieris deployment and jobs" 2021-10-04 12:20:55 +00:00
Rafael Camargos ba72513bc6 Add toleration to Portieris deployment and jobs
A toleration needs to be added to all resources that creates pods since
the node-role.kubernetes.io/master taint will be restored to all master
nodes. This will ensure that the pods will run on the master node.

Tested in an AIO-SX by enabling the taint and:

- Deleting pods
- Performing an application update
- Removing and reinstalling the application
- Deleting the MutatingWebhookConfiguration and reapplying the app

In every case mentioned the resources would come up again.

Story: 2009232
Task: 43347
Change-Id: Ida1a152d86fe0bed34a7877644fdc350b3c3698f
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
2021-09-29 22:29:08 -03:00
Charles Short 830017a61c Fix unit tests
Due to a recent change in fm-api's directory structure, unit tests would
fail since the virtualenv would not be able to find fm-api/setup.py.
Adjust the tox.ini to point to the correct directory. Tested locally
by running tox.ini.

Depends-On: https://review.opendev.org/c/starlingx/fault/+/806046

Story: 2009101
Task: 43091

Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I19a40c00cb024681fc40a0b59096af4ea790522e
2021-09-28 14:22:52 -04:00
Michel Thebeau 991f7bf689 run admission webhooks as non-root
The webhooks will not run as root with pod security policies enabled.
The error reported is "container has runAsNonRoot and image will run as
root".

Use the same securityContext as Portieris chart; run as 'portieris'
service account (Values.securityContext.runAsUser)

Fix subsequent jobs that fail with the absent securityContext,
permissions necessary to run those jobs.  Add the 'patch' verb to
customresourcedefinitions for portieris service account.

Depends-On: I4682765efddc217e792b37c659ae5833379bf054
Closes-Bug: 1895722
Change-Id: I8b5206cb6fadd029e6597e3da2b85857133ea95e
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2021-09-17 13:47:08 -04:00
Rafael Camargos 666226d601 Add B&R lifecycle hooks to portieris
Backup & Restore with portieris app fail at controller restore because
its helm chart creates a mutating webhook configuration that blocks pods
creation if the portieris pod isn't running.

The proposed solution is to use the lifecycle operator to delete the
mutating webhook before the backup. With this, the backup of the etcd
etcd database will not contain the webhook and the restore will succeed.

Note that this checks if the mutating webhook is currently present on
the system and after backup and after restore, if necessary, the
portieris app is reapplied in order to recreate the mutating webhook
configuration.

Tested on an AIO-SX by applying portieris and backing up and restoring
the system (with and without the mutating webhook).

Partial-Bug: 1890630
Change-Id: I828deeddccae52b702f11c751775d47170c9ff1e
Depends-on: I4682765efddc217e792b37c659ae5833379bf054
Depends-on: I84cd8afc09c504f7278e57ccce1c089415627620
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
2021-09-17 15:57:07 +00:00
Zuul db5cf135eb Merge "add toggle to reinstall the admission webhook" 2021-09-17 15:22:10 +00:00
Zuul af6331eac9 Merge "Add pylint py3 portability checks for the k8sapp-portieris" 2021-09-14 18:08:32 +00:00
Bernardo Decco 5af71341cb Add pylint py3 portability checks for the k8sapp-portieris
A lot of work has gone into making sure that StarlingX is python3
compatible. To ensure future compatibility, enable the python3
portability checks. Disable the checks that are raising errors.
Another set of commits will address the offending code.

Story: 2006796
Task: 43207
Signed-off-by: Bernardo Decco <bernardo.deccodesiqueira@windriver.com>
Change-Id: I24509f6f392b070c307c3b05ab2cc802714503c8
2021-09-13 15:21:51 -03:00
Charles Short b6dab01113 Enable py39 tox gate/test for app plugins
Add support for tox testing under Debian Bullseye by
enabling a python3.9 gate and tox target for exercsing
unit tests.

Story: 2009101
Task: 43187

Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: Id00936d92962e50221ebfe714307e96ecbc4e043
2021-09-13 11:48:42 -04:00
Michel Thebeau dad8c42a36 add toggle to reinstall the admission webhook
The backup and restore procedure will set ReapplyAdmissionWebhook to
true to force an "upgrade" of an already installed Portieris
application.  The webhooks job is run on the helm chart's post-upgrade
hook.  The chart value ReapplyAdmissionWebhook is reserved to simplify
its handling by backup and restore.

This resolves the issue of forcing the webhook to reapply after it has
been manually removed before a backup operation.  The 'post-install'
helm.sh/hook for example is only run after the chart is installed.  We
need to trigger the webhook creation after backup and restore
operations.  Setting an application override as follows will trigger an
upgrade of the helm chart when the application is reapplied:

  system helm-override-update \
    --reuse-values \
    portieris portieris portieris \
    --set ReapplyAdmissionWebhook=true

Partial-Bug: 1890630
Change-Id: I4682765efddc217e792b37c659ae5833379bf054
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2021-09-08 09:07:54 -04:00
Michel Thebeau 26b8abf742 Update tox requirements for portieris k8sapp
The restrictions caused pip to fail to find available packages. Delete
requirements until tox starts working.

Partial-Bug: 1890630

Change-Id: I73858baf272bea2184c838b04df0460e9f7643c4
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2021-08-23 08:31:52 -04:00
Michel Thebeau c790b755e9 Add package dependancy for build-avoidance
stx-portieris-helm contains both portieris-helm and
python-k8sapp-portieris.  Declare the relationship so that the
build-avoidance will pick the right package versions When any of these
is updated.

Partial-Bug: 1940309

Change-Id: I07b10b4eb67bf043ece8acaf16afee2243407508
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2021-08-17 12:21:15 -04:00
Michel Thebeau edc1c00f54 Add pull secret for registry.local
Pulling portieris from registry.local will fail without
imagePullSecrets set.  containerd.log shows "failed to resolve
reference" for the image:tag.

Partial-Bug: 1912696
Change-Id: I5dbfaaa80873135d03b7a40304a925817d0380ae
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2021-01-26 18:49:27 +00:00
Don Penney f9b9e04ca2 Remove empty package from python-k8sapp-portieris
Packages defined in a spec with no files do not result in an RPM
produced by the build. On a rebuild, the build tools scan the spec and
sees the package defined but does not find a corresponding RPM, and so
flags the package for a rebuild as a result.

This commit removes the empty package definition from the spec.

Partial-Bug: 1910439
Signed-off-by: Don Penney <don.penney@windriver.com>
Change-Id: I04c6c687b41d8ced41410ccfb432249a0e9cea22
2021-01-06 14:37:04 -05:00
Don Penney cc884b442b Add auto-version for remaining stx/portieris-armada-app packages
Update remaining StarlingX packages with hardcoded TIS_PATCH_VER to
use PKG_GITREVCOUNT where possible, with offsets as needed to ensure
the version is incremented above the hardcoded version.

Story: 2008455
Task: 41464
Signed-off-by: Don Penney <don.penney@windriver.com>
Change-Id: I96794127a2849612f11cdaadaa53bfb2bfe3e93b
2020-12-17 13:22:23 -05:00
Joseph Richard b6305cf4f5 Set default replicaCount to 3
Set default replicaCount to 3, as is the default in upstream portieris.
This should increase resilience if one pod goes down, and improve concurrency.

The replica count can also be overridden with the following command:
  system helm-override-update portieris portieris portieris --set replicaCount=1

Story: 2007348
Task: 39597
Change-Id: I0dec645cf1896e2bfa4f9a5c6dfd8417487712af
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
2020-08-04 12:11:43 -04:00
Joseph Richard fa9574c146 Change prefix from stx to portieris.
Applying platform-integ-apps was causing portieris to be removed,
because its prefix was stx.  Change prefix to portieris to prevent
this.

Also move portieris helm charts to stx-platform repo, for consistency
with other charts.

Closes-bug: 1889935
Change-Id: I72c517c2e9ca8561f0e7e120aefed2936282bd82
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
2020-07-31 17:41:28 -04:00
Joseph Richard 55afdb279e Rename psp chart to portieris-psp-rolebinding
In order to allow uniqueness across helm applications, rename the
psp-rolebinding helm chart to portieris-psp-rolebinding

Also fix up issue with loading psp-rolebinding helm plugin.

Related-bug: 1889019
Story: 2007348
Task: 40430
Change-Id: Ic113732d93d93c6cd154ddc4660ba15f5424c737
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
2020-07-29 16:47:43 +00:00
Joseph Richard b4f0cccebb remove portieris-helm req from stx-portieris-helm
Including portieris-helm as requirement for stx-portieris-helm causes
it to be installed on system.  portieris-helm is included in armada
application, and it not required outside of it, so the package should
not have this dependency.

Story: 2007348
Task: 40414
Change-Id: Ic58883406c38b6237b076b50a587ceea513cafd5
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
2020-07-29 16:45:23 +00:00