From 0f9806e9b001ff87b1220dd623c5f76a1e091907 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Mon, 3 Nov 2025 16:07:12 +0300 Subject: [PATCH] [api] Delete previous instance when changing type ## What this PR does It was observed during upgrades to the `cozystack-api` Helm release that when enabling the local endpoint for the traffic locality feature, hence switching from a deployment to a daemonset, the deployment may remain unpruned and the pods of the deployment will continue to run indefinitely. This patch adds a post-upgrade hook that explicitly deletes the deployment in case it exists and was not pruned. ### Release-note ```release-note [api] Delete the cozystack-api deployment in a post-upgrade hook when migrating to a daemonset and vice-versa. ``` Signed-off-by: Timofei Larkin --- .../core/platform/bundles/paas-hosted.yaml | 4 + .../system/cozystack-api/templates/hook.yaml | 87 +++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 packages/system/cozystack-api/templates/hook.yaml diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 93593673..560578c7 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -40,6 +40,10 @@ releases: chart: cozy-cozystack-api namespace: cozy-system dependsOn: [cozystack-controller] + values: + cozystackAPI: + localK8sAPIEndpoint: + enabled: false - name: cozystack-controller releaseName: cozystack-controller diff --git a/packages/system/cozystack-api/templates/hook.yaml b/packages/system/cozystack-api/templates/hook.yaml new file mode 100644 index 00000000..3c6b3080 --- /dev/null +++ b/packages/system/cozystack-api/templates/hook.yaml @@ -0,0 +1,87 @@ +{{- $shouldRunUpdateHook := false }} +{{- $previousKind := "Deployment" }} +{{- $previousKindPlural := "deployments" }} +{{- if not .Values.cozystackAPI.localK8sAPIEndpoint.enabled }} + {{- $previousKind = "DaemonSet" }} + {{- $previousKindPlural = "daemonsets" }} +{{- end }} +{{- $previous := lookup "apps/v1" $previousKind .Release.Namespace "cozystack-api" }} +{{- if $previous }} + {{- $shouldRunUpdateHook = true }} +{{- end }} + +{{- if $shouldRunUpdateHook }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "cozystack-api-hook" + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-weight: "1" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +spec: + template: + metadata: + labels: + policy.cozystack.io/allow-to-apiserver: "true" + spec: + serviceAccountName: "cozystack-api-hook" + containers: + - name: kubectl + image: docker.io/alpine/k8s:1.33.4 + command: + - sh + args: + - -exc + - |- + kubectl --namespace={{ .Release.Namespace }} delete --ignore-not-found \ + {{ $previousKindPlural }}.apps cozystack-api + restartPolicy: Never +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-weight: "1" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + name: "cozystack-api-hook" +rules: +- apiGroups: + - "apps" + resources: + - "{{ $previousKindPlural }}" + verbs: + - get + - delete + resourceNames: + - "cozystack-api" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "cozystack-api-hook" + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-weight: "1" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "cozystack-api-hook" +subjects: + - kind: ServiceAccount + name: "cozystack-api-hook" + namespace: "{{ .Release.Namespace }}" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "cozystack-api-hook" + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-weight: "1" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +{{- end }} +