From 717d72485bc2b48c41e57dd4eb338da34d1c8ed8 Mon Sep 17 00:00:00 2001 From: Dae Seong Kim Date: Tue, 16 Jan 2018 20:41:49 +0900 Subject: [PATCH] fix jobs to create a secret can work on upgrade This PS fixes the jobs falling into a crash loop state when upgrading charts. 'kubectl create' command cannot overwrite if a secret already exists. But 'kubectl apply' command can do it. Change-Id: Idd6eea06892a30e36e51a9b1130fd7cd84ff65cf --- ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl | 2 +- ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl | 4 ++-- .../bin/provisioner/cephfs/_client-key-manager.sh.tpl | 2 +- .../bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl | 2 +- ceph/templates/job-cephfs-client-key.yaml | 1 + ceph/templates/job-keyring.yaml | 1 + ceph/templates/job-namespace-client-key.yaml | 1 + ceph/templates/job-storage-admin-keys.yaml | 1 + cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +- cinder/templates/bin/_storage-init.sh.tpl | 2 +- cinder/templates/job-backup-storage-init.yaml | 1 + cinder/templates/job-storage-init.yaml | 1 + glance/templates/bin/_storage-init.sh.tpl | 2 +- glance/templates/job-storage-init.yaml | 1 + gnocchi/templates/bin/_storage-init.sh.tpl | 2 +- gnocchi/templates/job-storage-init.yaml | 1 + 16 files changed, 17 insertions(+), 9 deletions(-) diff --git a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl index 875e7de9..78d6cfdd 100644 --- a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl +++ b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl @@ -47,7 +47,7 @@ type: Opaque data: ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} ) EOF - } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f - + } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f - fi } diff --git a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl index 2f75d4f5..9521b368 100644 --- a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl +++ b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl @@ -49,7 +49,7 @@ type: Opaque data: ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} ) EOF - } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f - + } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f - fi } #create_kube_key @@ -71,7 +71,7 @@ type: kubernetes.io/rbd data: key: $( echo ${CEPH_KEYRING} | base64 | tr -d '\n' ) EOF - } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f - + } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f - fi } #create_kube_storage_key diff --git a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl index 8593e6dd..fe06a087 100644 --- a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl +++ b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl @@ -37,7 +37,7 @@ type: "${secret_type}" data: key: $( echo ${ceph_key} ) EOF - } | kubectl create --namespace ${kube_namespace} -f - + } | kubectl apply --namespace ${kube_namespace} -f - } if ! kubectl get --namespace ${DEPLOYMENT_NAMESPACE} secrets ${PVC_CEPH_CEPHFS_STORAGECLASS_USER_SECRET_NAME}; then diff --git a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl index 6123f84a..5711ae39 100644 --- a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl +++ b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl @@ -37,7 +37,7 @@ type: "${secret_type}" data: key: $( echo ${ceph_key} ) EOF - } | kubectl create --namespace ${kube_namespace} -f - + } | kubectl apply --namespace ${kube_namespace} -f - } ceph_activate_namespace ${DEPLOYMENT_NAMESPACE} "kubernetes.io/rbd" ${PVC_CEPH_RBD_STORAGECLASS_USER_SECRET_NAME} "$(echo ${CEPH_RBD_KEY} | jq -r '.data | .[]')" diff --git a/ceph/templates/job-cephfs-client-key.yaml b/ceph/templates/job-cephfs-client-key.yaml index 90e0a2ee..c1e43ddc 100644 --- a/ceph/templates/job-cephfs-client-key.yaml +++ b/ceph/templates/job-cephfs-client-key.yaml @@ -36,6 +36,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/ceph/templates/job-keyring.yaml b/ceph/templates/job-keyring.yaml index d548377c..9faa9a43 100644 --- a/ceph/templates/job-keyring.yaml +++ b/ceph/templates/job-keyring.yaml @@ -37,6 +37,7 @@ rules: verbs: - get - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/ceph/templates/job-namespace-client-key.yaml b/ceph/templates/job-namespace-client-key.yaml index 295cb613..4f35712e 100644 --- a/ceph/templates/job-namespace-client-key.yaml +++ b/ceph/templates/job-namespace-client-key.yaml @@ -36,6 +36,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/ceph/templates/job-storage-admin-keys.yaml b/ceph/templates/job-storage-admin-keys.yaml index a5cb19cd..d1bbee6c 100644 --- a/ceph/templates/job-storage-admin-keys.yaml +++ b/ceph/templates/job-storage-admin-keys.yaml @@ -33,6 +33,7 @@ rules: verbs: - get - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl index 75b39a67..239aa8c6 100644 --- a/cinder/templates/bin/_backup-storage-init.sh.tpl +++ b/cinder/templates/bin/_backup-storage-init.sh.tpl @@ -63,6 +63,6 @@ type: kubernetes.io/rbd data: key: $( echo ${ENCODED_KEYRING} ) EOF - kubectl create --namespace ${NAMESPACE} -f ${SECRET} + kubectl apply --namespace ${NAMESPACE} -f ${SECRET} fi diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl index 3398d710..1a4b11c2 100644 --- a/cinder/templates/bin/_storage-init.sh.tpl +++ b/cinder/templates/bin/_storage-init.sh.tpl @@ -60,6 +60,6 @@ type: kubernetes.io/rbd data: key: $( echo ${ENCODED_KEYRING} ) EOF - kubectl create --namespace ${NAMESPACE} -f ${SECRET} + kubectl apply --namespace ${NAMESPACE} -f ${SECRET} fi diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml index 2b3d2352..ebd94bdd 100644 --- a/cinder/templates/job-backup-storage-init.yaml +++ b/cinder/templates/job-backup-storage-init.yaml @@ -34,6 +34,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml index 81037069..3c30b135 100644 --- a/cinder/templates/job-storage-init.yaml +++ b/cinder/templates/job-storage-init.yaml @@ -34,6 +34,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl index 895d4b27..ea57b49e 100644 --- a/glance/templates/bin/_storage-init.sh.tpl +++ b/glance/templates/bin/_storage-init.sh.tpl @@ -62,7 +62,7 @@ type: kubernetes.io/rbd data: key: $( echo ${ENCODED_KEYRING} ) EOF - kubectl create --namespace ${NAMESPACE} -f ${SECRET} + kubectl apply --namespace ${NAMESPACE} -f ${SECRET} elif [ "x$STORAGE_BACKEND" == "xradosgw" ]; then radosgw-admin user stats --uid="${RADOSGW_USERNAME}" || \ radosgw-admin user create \ diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml index 04da8dbb..1445554b 100644 --- a/glance/templates/job-storage-init.yaml +++ b/glance/templates/job-storage-init.yaml @@ -34,6 +34,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/gnocchi/templates/bin/_storage-init.sh.tpl b/gnocchi/templates/bin/_storage-init.sh.tpl index 34109468..e25eb0c1 100644 --- a/gnocchi/templates/bin/_storage-init.sh.tpl +++ b/gnocchi/templates/bin/_storage-init.sh.tpl @@ -57,4 +57,4 @@ type: kubernetes.io/rbd data: key: $( echo ${ENCODED_KEYRING} ) EOF -kubectl create --namespace ${NAMESPACE} -f ${SECRET} +kubectl apply --namespace ${NAMESPACE} -f ${SECRET} diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml index e4744f58..c75b0744 100644 --- a/gnocchi/templates/job-storage-init.yaml +++ b/gnocchi/templates/job-storage-init.yaml @@ -34,6 +34,7 @@ rules: - get - create - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding