76 Commits

Author SHA1 Message Date
Edson Dias
c80454ef79 Update references to appframework lifecycle constants.
The application framework lifecycle constants were split into two
files, sysinv/helm/lifecycle_constants.py and sysinv/common/constants.py.
Aiming to facilitate the split of the application framework into a
separate application in the future, the review: https://review.opendev.org/c/starlingx/config/+/936252
moved the lifecycle variables to helm/lifecycle_contants file.

This commit updates all references that pointed to the lifecycles
constants at sysinv/common/constants.py file, changing them to point to
the new variables in sysinv/helm/lifecycle_contants.py

Test plan:
PASS: build-pkgs && build-image
PASS: AIO-SX fresh install
PASS: Upload, apply, remove, delete, update and upgrade portieris app.

Story: 2011242
Task: 51576
Depends-on: https://review.opendev.org/c/starlingx/config/+/936252

Change-Id: I8d5fc5dff877aa3915de612326d903fb92ce1ba1
Signed-off-by: Edson Dias <edson.dias@windriver.com>
vf/stx.trixie
2025-01-21 15:06:08 -03:00
Tae Park
1087029151 Fix nonetype error in lifecycle override update
This fixes the nonetype error seen during lifecycle hooks issued during
platform backup. An additional none check was added so that a none type
does not get passed to the rstrip function that caused the issue.

Test Plan:
PASS    With the changes, no lifecycle error is caused by the portieris
        app during platform backup.
PASS    Portieris application sanity test

Closes-bug: 2087987

Change-Id: I4c7204f5aaa72871a5818be834249e7274cbaff7
Signed-off-by: Tae Park <tae.park@windriver.com>
vr/stx.10.0
2024-11-12 11:47:47 -05:00
Marcelo de Castro Loebens
5423d6711b Disable portieris webhook during upgrade
The webhook from portieris is configured to fail if the app cannot
respond, as a safety measure. However, during upgrades, this causes
issues when portieris itself and the other apps are updated.

This change modifies the lifecycle from portieris to disable the
webhook upon a manual update. This is done by change the application's
overrides, that will be used to recreate the webhook upon apply.

It also creates another lifecycle action to remove the changes once
the app is updated.

Test plan:
PASS: Performed stx 8 -> stx 10 upgrade activation and portieris w/ no
      overrides. Observed that after portieris update, the overrides are
      changed and the webhook is disabled once the app is upgraded.
      Observed that after completing the update, the overrides are
      removed and the webhook is reconfigured to default value.

PASS: Performed stx 8 -> stx 10 upgrade activation and portieris w/
      overrides for the webhook. Observed that after portieris update,
      the overrides are changed and the webhook is disabled once the
      app is upgraded. Observed that after completing the update, the
      overrides are changed back to previous values and the webhook is
      reconfigured to this values.

PASS: Deployed stx 10 and applied portieris. Tested basic functionality
      w/ policy restrictive to unsigned images. Deployed two pods with
      busybox image, one signed (allowed) and the other unsigned
      (disallowed).

Story: 2010676
Task: 51215

Change-Id: Ie5012a205b51f2db2e5f3e75ed31a7cf1ccdd83d
Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com>
vf/caracal
2024-10-25 08:54:25 -04:00
Tae Park
93d3cef997 Fix minor application package errors
Making minor package issues for porteris. The changes include: remove
redundant .patch file in portieris-helm/files folder, update version
for portieris-helm helm chart by updating debver in meta_data.yaml
and adding new entry in the changelog.

Test Plan:
PASS    Validate that the .patch file still existing in the correct
directory is applied in the package build
PASS    Validate correct version for portieris-helm helm chart
PASS    Application sanity test

Story: 2011086
Task: 50957

Change-Id: I163479beef8e1db7b3f72f18db09bbee7889e878
Signed-off-by: Tae Park <tae.park@windriver.com>
2024-09-03 10:46:21 -04:00
Tae Park
e15a0dad94 Adjust liveness/readiness probe configurations
Adding support for configuring liveness and readiness probe times, and
changing the values from initial settings to lower the CPU usage. The
new values are configured in the static override file.

Test Plan:
PASS    Validate new values for probes
PASS    Application sanity test

Story: 2011086
Task: 50946

Change-Id: I2e65237f2ed8e6703a11155aa60f5c24a8d14222
Signed-off-by: Tae Park <tae.park@windriver.com>
2024-08-30 15:52:47 -04:00
Tae Park
476872b1b7 Hardcode app label selector
Hardcoding the selector.matchLabels.app to "portieris" to match
spec.template.metadata.labels.app value in deployment.yaml. This should
allow the portieris pods to be cordonned properly, so that the
kubernetes upgrades can be done.

Test Plan:
PASS    Build portieris application
PASS    Application sanity test
PASS    With the patch applied, perform a kubernetes upgrade on AIOSX

Closes-bug: 2078063

Change-Id: Ib1ef4d7cdde62bc29fa9534fb77bc82a0666bcdc
Signed-off-by: Tae Park <tae.park@windriver.com>
2024-08-29 09:07:45 -04:00
Edson Dias
b600b373ba Update helm/fluxcd api version.
Right now, portieris app is using beta
versions of the Fluxcd and Helm APIs, and for
this reason, some warnings are being thrown.

This change aims to update api versions, removing
beta values following this logic:
Fluxcd:
  - source.toolkit.fluxcd.io/v1beta1
  + source.toolkit.fluxcd.io/v1

Helm:
  - helm.toolkit.fluxcd.io/v2beta1
  + helm.toolkit.fluxcd.io/v2

No changes to yaml file structure are required
for this change.

Test Plan:
PASS: Build ISO & Bootstrap AIO-SX.
PASS: Upload and apply portieris app.
PASS: Confirm that sysinv.log does not have any
      warnings about beta versions related to
      portieris.

Story: 2011129
Task: 50427

Change-Id: Ic7011c2522c1d1fbe03471cce95c8a457bf7d1b3
Signed-off-by: Edson Dias <edson.dias@windriver.com>
2024-06-25 12:01:04 -03:00
Tae Park
a8e9592344 Upversion Portieris to v0.13.16
Upversioning portieris from v0.13.10 to v0.13.16.

Test Plan:
PASS	Apply new verison of Portieris. Apply an imagepolicy.
	Ensure that a signed image can be used and an unsigned
	image is denied according to the imagepolicy.
PASS	Remove all user created imagepolicies and try to use
	the unsigned image. Ensure that by default,
	unsigned images are allowed.

Story: 2011086
Task: 50292

Change-Id: I69bd056bd47949924e4ce8bea4f40ea1d06d7e96
Signed-off-by: Tae Park <tae.park@windriver.com>
2024-06-07 11:29:28 -04:00
Tae Park
e30c59ad79 Update for automatic increment chart versions
Updating portieris for auto chart version incrementation. Restructuring
debian packaging, and separating portieris-certs into a new package.

Test Plan:
PASS	Validate each chart builds from a clean build env
PASS	Validate application tarball is created correctly
PASS	Validate chart version increments by 1 for each change
PASS	Validate application cycle (upload/apply/remove/delete) for
AIO-SX

Story: 2010929
Task: 50225

Change-Id: I8e6ce77b779f6c7ef4d4bad60f77e13cba53d867
Signed-off-by: Tae Park <tae.park@windriver.com>
2024-06-03 15:08:09 -04:00
Igor Soares
419816d74a Add minimum Kubernetes version supported
Add the minimum Kubernetes version supported to the application metadata
file.

The minimum Kubernetes version is set to 1.24.4 and should be changed
accordingly for future application updates.

The "supported_k8s_version:minimum" field is optional but it will become
mandatory in the near future.

This also contains a fix to properly trigger the Tox metadata checks.

Test Plan
PASS: build-pkgs && build-image
PASS: Apply application

Story: 2010929
Task: 49499

Change-Id: I817f46f247c8de3dc2d25ad2c5b8e53e764649f7
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
vf/bookworm vr/stx.9.0
2024-02-06 11:18:04 -03:00
Jerry Sun
444c592d61 Upversion Portieris to 0.13.10
This commit upversions Portieris to version 0.13.10. The upversioning
addresses CVEs in the previons (0.13.1) Portieris image.

The additional toleration is to allow Portieris pods to be scheduled.
Without it, application apply fails. The taint used to be "master"
in older releases, but has been changed to "control-plane". Keeping
both for backwards compatibility and upgrades.

Test Cases:

PASS: Apply new verison of Portieris. Apply an imagepolicy. Ensure
      that a signed image can be used and an unsigned image is denied
      according to the imagepolicy.
PASS: Remove all user created imagepolicies and try to use the
      unsigned image. Ensure that by default, unsigned images are
      allowed.

Closes-bug: 2051611
Change-Id: Id621d91ed41a705035713ff59439f59211e035f5
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2024-02-01 10:31:53 -05:00
Igor Soares
4dcd07bd95 Application versioning based on build release
This change will automatically adjust versioning of the application
tarball and python plugins to reflect the same version reported by
SW_VERION in /etc/build.info.

Test plan:
PASS: build-pkgs -a & build-image
PASS: Confirm that the tarball version matches the platform version
PASS: Apply application

Story: 2010929
Task: 49348

Change-Id: If778a0e80a332ec15636f4f27ed245dfed09e8a3
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
vf/kernel-6.6
2023-12-29 12:18:17 -03:00
Reed, Joshua
531a8b7154 Remove src file from portieris-helm deb meta_data.yaml
Previously, in this review:
https://review.opendev.org/c/starlingx/portieris-armada-app/+/903790

Changes were made to eliminate extra APP metadata.yaml files,
however, the portieris-helm meatadata debian packaging meta_data.yaml
file reference the file which was removed.  That effected the
build system.  Removing this file from the meta_data.yaml
corrects the issue.

Test Plan:
PASS - Make sure stx build functions as normal during downloader
       step.

Story: 2010929
Task: 49279

Change-Id: Ie10d1297692948494da2f29998bb7e76808c590b
Signed-off-by: Reed, Joshua <Joshua.Reed@windriver.com>
2023-12-19 07:35:45 -07:00
Reed, Joshua
c19b614247 Update app Zuul Check Jobs.
Modify code to conform to flake8 and pylint.

Jobs are now flake8, pylint, py39 and metadata.

Test Plan
PASS - All zuul jobs pass as expected.

Story: 2010929
Task: 49279

Change-Id: I7e105edccbff006423ada7ab1f99449822dd09bc
Signed-off-by: Reed, Joshua <Joshua.Reed@windriver.com>
2023-12-15 12:54:44 -07:00
Al Bailey
53dbb19a52 Include py39 tests as part of zuul for this repo
The py39 job was mis-named and was using the wrong
file filter pattern to trigger it from running.

The test_helm base unit test class was removed from sysinv,
as part of remove-armada-helmv2 work in March
so adding stub unit tests so tox will not report an
empty test run.

pylint directives are now updated based on the debian
upper constraints, and the unit tests are now validated
by pylint.

tox.ini is cleaned up since python3 is now the only
supported version of python

These changes have no runtime impact. This only
affects tox and zuul.

Test Plan:
  PASS: build-pkgs -c -p python3-k8sapp-portieris
  PASS: tox

Closes-Bug: #2024005
Related-Bug: #1942909
Change-Id: Iece6e78a98b30111cadb62156e413dd19dd62a37
Signed-off-by: Al Bailey <al.bailey@windriver.com>
vf/antelope
2023-06-15 18:26:31 +00:00
Rahul Roshan Kachchap
06daaf3f37 Fixed script to include portieris-certs helm chart
Updated script to include portieris-certs
helm chart which was missing from the tarball.

PASS: Build pkgs
PASS: system-application apply portieris

Story: 2010590
Task: 47768

Change-Id: Ia5262bc64071336429c432574626b5606e721b2f
Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
2023-05-11 18:01:13 +00:00
Zuul
6e56e5dc8e Merge "Enable application auto_update" 2023-05-03 14:12:22 +00:00
Jerry Sun
5379f449f3 Enable application auto_update
This commit enables auto_update for the Portieris application.
This will automatically update the application if a new tarball
is patched to an existing system

Test Cases:

PASS: Build load with this change. Make another change to boost
      portieris application version. Apply portieris. Replace
      portieris tarball with the boosted version. Ensure that
      system application-show and system application-list shows
      that the application has been updated to the new version

Story: 2010628
Task: 47926

Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Change-Id: Ic567b42b6864a2e9a009453788f9e963116ff910
2023-05-02 10:01:16 -04:00
Davlet Panech
d9774a950b Fix github mirroring for this repo
Updating the rsa ssh host key based on:
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

Note: In the future, StarlingX should have a zuul job and
secret setup for all repos so we do not need to do this
for every repo.

Needed to rename the secret, because zuul fails if like-named
secrets have diffent values in different branches of the same
repo.

Partial-Bug: #2015246
Change-Id: I0f5167d84feb90ad6473f461ae9a824042779247
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
2023-04-28 12:38:52 -04:00
Zuul
e7aabfcce3 Merge "Add label 'app.starlingx.io/component=platform' to namespace" 2023-04-10 20:48:20 +00:00
Karla Felix
52b1721376 Add label 'app.starlingx.io/component=platform' to namespace
Add support to 'app.starlingx.io/component' to be overwritten
by user override, with possible values being 'platform' and
'application'. With 'platform' being the default value.This
change will also restart the pods if the label in namespace
change.

Test Plan:

PASS: Install portieris and check with 'kubectl edit namespace
      portieris' if the 'app.starlingx.io/component' with value
      'platform'.
PASS: Add 'app.starlingx.io/component: application' to user override
      and check if 'app.starlingx.component' changes to 'application'.
PASS: Use 'system application-apply portieris' when there is a change
      to be applied to 'app.starlingx.component' and verify if the pod
      is restarted.
PASS: Change the 'app.starlingx.io/component' to a not supported value
      during user override apply and verify if 'app.starlingx.io/component'
      still 'platform' or 'application'.
PASS: Run tox.ini tests to the current patch of this review.

Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Change-Id: If215ed95c3d0d57b3555019880b90baa7e2e22b8
2023-04-10 15:16:34 -03:00
Rahul Roshan Kachchap
0595fa9c4b Remove psp-rolebinding from portieris-aramda-app
Removed the psp-rolebinding helm chart from being
packaged as part of portieris-armada-app.

PASS: Build pkgs
PASS: system-application apply portieris
PASS: application pkg doesn't consist psp-rolebinding
      helm chart

Story: 2010590
Task: 47768

Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
Change-Id: I9a5c6c8900c0b9793a2313d3065356ec0333ddb2
2023-04-01 02:57:46 -04:00
Zuul
064e0223f7 Merge "Update debian packages for pkg-versioning" 2023-03-20 19:00:38 +00:00
Manoel Benedito Neto
744ce465ce Update debian packages for pkg-versioning
The Debian packaging meta_data file has been changed to reflect all the
latest git commits under the directory, pointed as usable, and to
improve pkg-versioning addressing the first commit as start point to
build packages.

This ensures that any new code submissions under those
directories will increment the versions.

The commit SHA b2f895c371 was chosen to be the BASE_SRCREV of the
portieris-helm's metadata because is the commit that points to the
start of "portieris-helm" directory. The PKG_GITREVCOUNT is set to
true to count git revisions relative to portieris-helm's folder.
(portieris-helm version updated from .stx.4 to .stx.13)

The previous commit SHA chosen to be the BASE_SRCREV of the
python3-k8sapp-portieris's metadata points to the first commit of the
repository. Instead of using this commit SHA, 0677d5def2 was chosen to
be the BASE_SRCREV because is the commit that introduces the package
to the project.
(python3-k8sapp-portieris version was modified from .stx.51 to .stx.52)

The previous commit SHA chosen to be the BASE_SRCREV of the
stx-portieris-helm's metadata points to the first commit of the
repository. Instead of using this commit SHA,b2f895c371 was chosen to
be the BASE_SRCREV of the metadata because is the commit that points
to the start of "stx-portieris-helm" directory. The commit SHA
d0c56528d2 was chosen to be the FILES_GITREVCOUNT of this package
because is the commit that adds the "helm-charts" directory of the
repository referenced in the "src_files".

It is added both GITREVCOUNT and FILES_GITREVCOUNT to calculate the
relevant git commits of "src_path" and "src_files" to this package's
revision.
(stx-portieris-helm version was modified from .stx.51 to .stx.52)

stx_patch is added to revision section to maintain the upversioning of
python3-k8sapp-portieris and stx-portieris-helm packages.

Test Plan:
PASS: Verify packages versions are updated as expected
PASS: build-pkgs -c -p portieris-helm
PASS: build-pkgs -c -p python3-k8sapp-portieris
PASS: build-pkgs -c -p stx-portieris-helm

Story: 2010550
Task: 47499

Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
Change-Id: I827955199b38674dae8ca8cb7c9dd7c8e8caa21d
2023-03-16 22:28:28 +00:00
Leonardo Fagundes Luz Serrano
707f564b7f Updated app tarball version
Currently, the debian build system produces a debian package version
with the format: "1.0-1.stx.<revision>"

The rules file then parses this deb pkg version at build time
to produce the app tarball version, which always comes up to
be "1.0-1" at this time [1]. This commit changes the app tarball
version calculation so that the resulting tarball version will
be "1.0-<revision>" [2].

This correction is necessary because the application framework
cannot update an app between instances with the same version.

This commit is part of a set of commits updating the app tarball
version calculation to all apps based off of [3].

[1]: /usr/local/share/applications/helm/<APPNAME>-1.0-1.tgz
[2]: /usr/local/share/applications/helm/<APPNAME>-1.0-<N>.tgz

[3]: https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/872628

Test Plan:
pass - build-pkg
pass - tarball version updated

Story: 2010542
Task: 47529

Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: Ie6b80807fd4d127e4c61a51e8b21b4b95f2b304f
2023-03-02 14:50:08 -03:00
Leonardo Fagundes Luz Serrano
3bfc502572 Standardize app configs
Fixed versioning and adjusted some build files
to bring them as close to a standard as possible.

- Removed centos files
- Added version tracking via PKG_GITREVCOUNT
- Fixed mismatch in plugin name, set to python3-k8sapp-<app>
- Standardized plugin debian files (rules, *.install)
- Plugin wheels saved to /plugin instead of /plugin/<app>

Test Plan:
PASS - Build-pkgs -a
PASS - Build-image
PASS - Install, bootstrap, unlock
PASS - app tarball contains wheel file
PASS - wheel versioning updated properly

Story: 2010542
Task: 47190

Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I1532a8281868b1d921f3f23658ccef294235e636
vr/stx.8.0 __v.stx.test2
2023-01-24 11:24:23 -03:00
Zuul
5c5c967215 Merge "Upversion helm charts to v0.13.1" 2023-01-24 13:24:22 +00:00
Jerry Sun
ad30826ea0 Upversion helm charts to v0.13.1
This commit upversions the portieris helm charts to 0.13.1,
which is the newest version at the time. This commit also aligns
our patches to the new helm charts.
- the issues addessed by patch 0001 has been merged upstream, so
  the patch was removed
- tolerations and image pull secrets are handled by helm overrides
  so the patches were removed
- some patches on code that have been removed upstream were removed

The behavior for portieris changed a bit since our old version.
In the old version, the default behavior is to allow all deployments.
Namespaces with an imagepolicy will follow that imagepolicy.
In the new version(0.13.1), the default behavior is to deny all
deployments. This commit adds a permissive cluster image policy
to allow all deployments, keeping it in line with the old behavior
and preventing any interference with things like kube-system and
our other applications.

Test Cases:

PASS: Build new ISO and ensure the new application tarball uses the
      new v0.13.1 helm charts
PASS: Apply portieris and ensure it uses the new v0.13.1 image
PASS: Apply an imagepolicy. Ensure a signed image can be deployed
      in a pod and an unsigned image cannot be deployed in a pod
PASS: remove and reapply application

Story: 2010394
Task: 47071
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Change-Id: Ica6efa081a7b2c1e1358add609b274d6b121bb12
2023-01-20 14:23:27 -05:00
Al Bailey
8bf9693737 Update tox.ini to work with tox 4
This change will allow this repo to pass zuul now
that this has merged:
https://review.opendev.org/c/zuul/zuul-jobs/+/866943

Tox 4 deprecated whitelist_externals.
Replace whitelist_externals with allowlist_externals

Partial-Bug: #2000399

Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ib19e9522e005531fceb87a74d86222ac222377b1
2022-12-23 16:06:59 +00:00
Leonardo Fagundes Luz Serrano
98f856811d appfwk: set flux reconciliation interval to 1m
Set reconciliation interval for all flux helm resources to 1m
to allow it to manage resources by itself in a reasonable time
interval.

Test Plan (tested as part of [1]):
PASS: bootstrap
PASS: unlocked enabled available
PASS: apps applied
PASS: inspect flux pod logs for errors
PASS: re-test known trigger for 1996747 and 1995748
PASS: re-test known trigger 1997368

[1] https://review.opendev.org/c/starlingx/config/+/866862

Partial-Bug: 1999032

Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I514c719106ca7cff29bbf75a09f45fb6e4fb6366
2022-12-07 19:30:52 +00:00
Yue Tao
9c0c3f57bc portieris-armada-app: update debian_iso_image.inc
Move the packages of "portieris-armada-app" from stx-std.lst
to debian_iso_image.inc

A subsequent commit will be sent to clean up stx-std.lst.

Test Plan:

Pass: build-pkgs -c -a
Pass: build-image
Pass: boot

Story: 2008862
Task: 46924

Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I8c202a80e1ec6a2c05291007c94aa728fbb70568
2022-11-23 11:21:08 +08:00
Zuul
960e9eddf6 Merge "Fix zuul failures during setup" 2022-11-15 12:39:14 +00:00
Boovan Rajendran
88ee0c59df Use control-plane label for Tolerations
Upstream has deprecated 'node-role.kubernetes.io/master'
to use 'node-role.kubernetes.io/control-plane' in k8s 1.24.

Platform and applications need to be updated to use 'control-plane'
with nodeSelector/Tolerations so we may move away from 'master'.

This updates pod Tolerations to support both:
- 'node-role.kubernetes.io/master'
- 'node-role.kubernetes.io/control-plane'

Created new patch file to add Tolerations for deployment and jobs

Note: Portieris is not supported in the current release so we just
need the code inspection for now.

Story: 2010301
Task: 46676

Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
Change-Id: Ic41f7702c3b017ad2dc5c8666184970c94ccee41
2022-10-31 06:26:55 -04:00
Al Bailey
a2afedf732 Fix zuul failures during setup
The ubuntu-jammy nodeset gets selected by default
and is causing problems during setup.

Collecting cffi>=1.1
Failed to build cffi

ubuntu-bionic works if using stein upper-constraints.
ubuntu-focal works if using the debian upper-constraints.

Need to update a file that is monitored by zuul
in order to trigger the failing zuul jobs.

Partial-Bug: 1994843

Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ib6180ec2143526d1f1819a47dc47adc5f27aeb57
2022-10-28 19:42:08 +00:00
Lucas Cavalcante
c89631891d Remove portieris armada app build
As part of Armada deprecation we need to remove all Armada application
builds for all applications that have been migrated to FluxCD.

This patch removes the armada app build from centos and debian.

TEST PLAN:
PASS: Build centos
PASS: Build debian
PASS: deb package does not have armada tarball
PASS: rpm package does not have armada tarball
PASS: FluxCD tarball is unchanged

Story: 2009138
Task: 46095

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: If9b8f0394940fe3802b557626f3ed773e6f616f4
2022-08-24 11:44:35 -03:00
Karla Felix
e7374ffceb Remove --use-deprecated legacy-resolver flag
The pip team is planning to depreciate the
'--use-deprecated legacy-resolver'install option.
While a firm date has yet to be set, We need to be
ready for the change.

Test Plan*:

PASS: Verified that tox runs without issues
PASS: Generate portieris package.
PASS: Upload and apply portieris package and check if pod
      is running.

Note(*): Tested on kubernetes 1.21.8

Closes-bug: 1966072
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Change-Id: Ifc48062f95f3bc44de4a1e1703f9e04b8118d430
vr/stx.7.0
2022-07-04 19:10:51 +00:00
Rei Oliveira
4115b571f9 Debian: Add fluxcd app for portieris
Test Cases:

PASS: Check deb install and application upload + apply on debian
PASS: Perform simple functional test on debian
PASS: Check application remove and delete on debian

Logs: https://paste.opendev.org/show/bUDc0XfuXHLAZByl6m2G/

Story: 2009138
Task: 44647
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Change-Id: I48b240399bdb26dd7e1456ddeb6c273035838b59
2022-05-20 17:29:07 -03:00
Thiago Brito
411f242860 Use fluxcd app by default for portieris
This commit switches portieris to use the fluxcd app by default and
also preserves the armada app on the build for future tests.

TEST PLAN
PASS Build iso and verify apps
PASS Upload
PASS Apply
PASS Verify resources
PASS Remove
PASS Delete

Logs: https://paste.opendev.org/show/bmdUjzPBcSE32jx1Tfjr/

Story: 2009138
Task: 45348

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: If26df1a928c1fb047cf04098e5ee8384a924eb84
2022-05-12 21:00:08 -03:00
Thiago Brito
1195828b58 Fix portieris-app to use upversioned cert-manager
On [1] and [2] cert-manager was migrated to fluxcd and upversioned
to version 1.7.1, but the portieris helm-charts are still creating
CRs with apiVersion v1beta2. This commit fixes it and also fixes
rendering issues for helmv3.

[1] https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/831956
[2] https://review.opendev.org/c/starlingx/cert-manager-armada-app/+/838590


TEST PLAN
PASS build portieris-fluxcd app
PASS Upload
PASS Apply (verified created resources)
PASS Remove
PASS Delete

Logs: https://paste.opendev.org/show/b7dk5CFwtJEtBp8cLAXD/
Cluster State: https://paste.opendev.org/show/bvpBXWhU1GNlOlVuaz6H/

Story: 2009837
Task: 45333

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Ic97e1af44d983044b8e93212459625238a3b6c27
2022-05-11 12:40:48 +00:00
Michel Thebeau
add76dfffb Add FluxCD version of the Portieris app
Add new manifest files to the Portieris app to enable FluxCD support.

The new spec will now generate 2 rpms:
- the original one that contains the armada manifest yaml
- a new one that contains the new FluxCD yaml

TEST PLAN:
- build, ISO image includes in progress fluxcd commits
- verify the armada app version of Portieris
- verify the fluxcd app version of Portieris
- test case for both includes asserting that Portieris is effective at
  enforcing an example policy

The following are soft dependancies (dependancies for fluxcd), the
commit has no depends unless fluxcd is enabled:
 - application framework for fluxcd
 - https://review.opendev.org/c/starlingx/ansible-playbooks/+/828592

Story: 2009138
Task: 44619

Change-Id: Ie88de7506d411b63349012b4c2e1b48be9dfc2a9
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2022-02-28 17:12:53 -05:00
Zuul
653fb1e519 Merge "stx-portieris-helm: remove dl_hook" 2022-01-25 16:30:29 +00:00
Yue Tao
5dd831b1e1 stx-portieris-helm: remove dl_hook
Replace dl_hook with "src_path" and "src_files"

Test Plan:

Pass: successfully build stx-portieris-helm
Pass: No difference comparing with the result of dl_hook

Story: 2009101
Task: 43845

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I498c7b00e46b1687c080cf53db8e42c0faeefa92
2022-01-19 14:30:09 +08:00
Yue Tao
042a2867b7 portieris-helm: remove dl_hook
Add "dl_path" to download the source tarball.

Add "src_files" to copy local files to build directory.

Copy patches to deb_folder/patches, and remove the patching commands
from rules.

Remove dl_hook.

Test Plan:

Pass: successfully build portieris-helm
Pass: No difference comparing with the result of dl_hook

Story: 2009101
Task: 43845

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Change-Id: I128bac3c74e791458d4fcac6d437653abc322206
2022-01-17 10:35:17 +08:00
Tracey Bogue
903861605a Add Debian packaging for portieris app
Create Debian packages for portieris-helm, python-k8sapp-portieris
and stx-portieris-helm packages.

Story: 2009101
Task: 43845

Signed-off-by: Tracey Bogue <tracey.bogue@windriver.com>
Change-Id: I7631737c9b8e5074db5b29c7b3e7f7b7d34e926e
vr/stx.6.0
2021-12-03 09:26:54 -06:00
Scott Little
2a190a253c Add debian_build_layer.cfg file
Story: 2008862

Task: 43154
Signed-off-by: Scott Little <scott.little@windriver.com>
Change-Id: I2d350a5604549c5d727c9e40695187636170ba8b
2021-10-05 14:10:42 -04:00
Zuul
4eafa3f4cd Merge "Add toleration to Portieris deployment and jobs" 2021-10-04 12:20:55 +00:00
Rafael Camargos
ba72513bc6 Add toleration to Portieris deployment and jobs
A toleration needs to be added to all resources that creates pods since
the node-role.kubernetes.io/master taint will be restored to all master
nodes. This will ensure that the pods will run on the master node.

Tested in an AIO-SX by enabling the taint and:

- Deleting pods
- Performing an application update
- Removing and reinstalling the application
- Deleting the MutatingWebhookConfiguration and reapplying the app

In every case mentioned the resources would come up again.

Story: 2009232
Task: 43347
Change-Id: Ida1a152d86fe0bed34a7877644fdc350b3c3698f
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
2021-09-29 22:29:08 -03:00
Charles Short
830017a61c Fix unit tests
Due to a recent change in fm-api's directory structure, unit tests would
fail since the virtualenv would not be able to find fm-api/setup.py.
Adjust the tox.ini to point to the correct directory. Tested locally
by running tox.ini.

Depends-On: https://review.opendev.org/c/starlingx/fault/+/806046

Story: 2009101
Task: 43091

Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I19a40c00cb024681fc40a0b59096af4ea790522e
2021-09-28 14:22:52 -04:00
Michel Thebeau
991f7bf689 run admission webhooks as non-root
The webhooks will not run as root with pod security policies enabled.
The error reported is "container has runAsNonRoot and image will run as
root".

Use the same securityContext as Portieris chart; run as 'portieris'
service account (Values.securityContext.runAsUser)

Fix subsequent jobs that fail with the absent securityContext,
permissions necessary to run those jobs.  Add the 'patch' verb to
customresourcedefinitions for portieris service account.

Depends-On: I4682765efddc217e792b37c659ae5833379bf054
Closes-Bug: 1895722
Change-Id: I8b5206cb6fadd029e6597e3da2b85857133ea95e
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2021-09-17 13:47:08 -04:00
Rafael Camargos
666226d601 Add B&R lifecycle hooks to portieris
Backup & Restore with portieris app fail at controller restore because
its helm chart creates a mutating webhook configuration that blocks pods
creation if the portieris pod isn't running.

The proposed solution is to use the lifecycle operator to delete the
mutating webhook before the backup. With this, the backup of the etcd
etcd database will not contain the webhook and the restore will succeed.

Note that this checks if the mutating webhook is currently present on
the system and after backup and after restore, if necessary, the
portieris app is reapplied in order to recreate the mutating webhook
configuration.

Tested on an AIO-SX by applying portieris and backing up and restoring
the system (with and without the mutating webhook).

Partial-Bug: 1890630
Change-Id: I828deeddccae52b702f11c751775d47170c9ff1e
Depends-on: I4682765efddc217e792b37c659ae5833379bf054
Depends-on: I84cd8afc09c504f7278e57ccce1c089415627620
Signed-off-by: Rafael Camargos <RafaelLucas.Camargos@windriver.com>
2021-09-17 15:57:07 +00:00