From 717d72485bc2b48c41e57dd4eb338da34d1c8ed8 Mon Sep 17 00:00:00 2001
From: Dae Seong Kim <powerds0111@gmail.com>
Date: Tue, 16 Jan 2018 20:41:49 +0900
Subject: [PATCH] fix jobs to create a secret can work on upgrade
This PS fixes the jobs falling into a crash loop state
when upgrading charts.
'kubectl create' command cannot overwrite if a secret already
exists. But 'kubectl apply' command can do it.
Change-Id: Idd6eea06892a30e36e51a9b1130fd7cd84ff65cf
---
ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl | 2 +-
ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl | 4 ++--
.../bin/provisioner/cephfs/_client-key-manager.sh.tpl | 2 +-
.../bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl | 2 +-
ceph/templates/job-cephfs-client-key.yaml | 1 +
ceph/templates/job-keyring.yaml | 1 +
ceph/templates/job-namespace-client-key.yaml | 1 +
ceph/templates/job-storage-admin-keys.yaml | 1 +
cinder/templates/bin/_backup-storage-init.sh.tpl | 2 +-
cinder/templates/bin/_storage-init.sh.tpl | 2 +-
cinder/templates/job-backup-storage-init.yaml | 1 +
cinder/templates/job-storage-init.yaml | 1 +
glance/templates/bin/_storage-init.sh.tpl | 2 +-
glance/templates/job-storage-init.yaml | 1 +
gnocchi/templates/bin/_storage-init.sh.tpl | 2 +-
gnocchi/templates/job-storage-init.yaml | 1 +
16 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl
index 875e7de95e..78d6cfdd5a 100644
--- a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl
+++ b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl
@@ -47,7 +47,7 @@ type: Opaque
data:
${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} )
EOF
- } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+ } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
fi
}
diff --git a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl
index 2f75d4f536..9521b36837 100644
--- a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl
+++ b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl
@@ -49,7 +49,7 @@ type: Opaque
data:
${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} )
EOF
- } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+ } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
fi
}
#create_kube_key <ceph_key> <ceph_keyring_name> <ceph_keyring_template> <kube_secret_name>
@@ -71,7 +71,7 @@ type: kubernetes.io/rbd
data:
key: $( echo ${CEPH_KEYRING} | base64 | tr -d '\n' )
EOF
- } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+ } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
fi
}
#create_kube_storage_key <ceph_key> <kube_secret_name>
diff --git a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl
index 8593e6dd9b..fe06a08733 100644
--- a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl
+++ b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl
@@ -37,7 +37,7 @@ type: "${secret_type}"
data:
key: $( echo ${ceph_key} )
EOF
- } | kubectl create --namespace ${kube_namespace} -f -
+ } | kubectl apply --namespace ${kube_namespace} -f -
}
if ! kubectl get --namespace ${DEPLOYMENT_NAMESPACE} secrets ${PVC_CEPH_CEPHFS_STORAGECLASS_USER_SECRET_NAME}; then
diff --git a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl
index 6123f84af7..5711ae39aa 100644
--- a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl
+++ b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl
@@ -37,7 +37,7 @@ type: "${secret_type}"
data:
key: $( echo ${ceph_key} )
EOF
- } | kubectl create --namespace ${kube_namespace} -f -
+ } | kubectl apply --namespace ${kube_namespace} -f -
}
ceph_activate_namespace ${DEPLOYMENT_NAMESPACE} "kubernetes.io/rbd" ${PVC_CEPH_RBD_STORAGECLASS_USER_SECRET_NAME} "$(echo ${CEPH_RBD_KEY} | jq -r '.data | .[]')"
diff --git a/ceph/templates/job-cephfs-client-key.yaml b/ceph/templates/job-cephfs-client-key.yaml
index 90e0a2eef4..c1e43ddc98 100644
--- a/ceph/templates/job-cephfs-client-key.yaml
+++ b/ceph/templates/job-cephfs-client-key.yaml
@@ -36,6 +36,7 @@ rules:
- get
- create
- update
+ - patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
diff --git a/ceph/templates/job-keyring.yaml b/ceph/templates/job-keyring.yaml
index d548377cb0..9faa9a43f3 100644
--- a/ceph/templates/job-keyring.yaml
+++ b/ceph/templates/job-keyring.yaml
@@ -37,6 +37,7 @@ rules:
verbs:
- get
- create
+ - patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
diff --git a/ceph/templates/job-namespace-client-key.yaml b/ceph/templates/job-namespace-client-key.yaml
index 295cb6134b..4f35712ec1 100644
--- a/ceph/templates/job-namespace-client-key.yaml
+++ b/ceph/templates/job-namespace-client-key.yaml
@@ -36,6 +36,7 @@ rules:
- get
- create
- update
+ - patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
diff --git a/ceph/templates/job-storage-admin-keys.yaml b/ceph/templates/job-storage-admin-keys.yaml
index a5cb19cd9d..d1bbee6c37 100644
--- a/ceph/templates/job-storage-admin-keys.yaml
+++ b/ceph/templates/job-storage-admin-keys.yaml
@@ -33,6 +33,7 @@ rules:
verbs:
- get
- create
+ - patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
index 75b39a6709..239aa8c650 100644
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -63,6 +63,6 @@ type: kubernetes.io/rbd
data:
key: $( echo ${ENCODED_KEYRING} )
EOF
- kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
fi
diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl
index 3398d71041..1a4b11c2a3 100644
--- a/cinder/templates/bin/_storage-init.sh.tpl
+++ b/cinder/templates/bin/_storage-init.sh.tpl
@@ -60,6 +60,6 @@ type: kubernetes.io/rbd
data:
key: $( echo ${ENCODED_KEYRING} )
EOF
- kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
fi
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
index 2b3d235242..ebd94bdd62 100644
--- a/cinder/templates/job-backup-storage-init.yaml
+++ b/cinder/templates/job-backup-storage-init.yaml
@@ -34,6 +34,7 @@ rules:
- get
- create
- update
+ - patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
index 8103706931..3c30b1354f 100644
--- a/cinder/templates/job-storage-init.yaml
+++ b/cinder/templates/job-storage-init.yaml
@@ -34,6 +34,7 @@ rules:
- get
- create
- update
+ - patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl
index 895d4b2741..ea57b49e47 100644
--- a/glance/templates/bin/_storage-init.sh.tpl
+++ b/glance/templates/bin/_storage-init.sh.tpl
@@ -62,7 +62,7 @@ type: kubernetes.io/rbd
data:
key: $( echo ${ENCODED_KEYRING} )
EOF
- kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
elif [ "x$STORAGE_BACKEND" == "xradosgw" ]; then
radosgw-admin user stats --uid="${RADOSGW_USERNAME}" || \
radosgw-admin user create \
diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml
index 04da8dbbeb..1445554b3d 100644
--- a/glance/templates/job-storage-init.yaml
+++ b/glance/templates/job-storage-init.yaml
@@ -34,6 +34,7 @@ rules:
- get
- create
- update
+ - patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
diff --git a/gnocchi/templates/bin/_storage-init.sh.tpl b/gnocchi/templates/bin/_storage-init.sh.tpl
index 341094689b..e25eb0c172 100644
--- a/gnocchi/templates/bin/_storage-init.sh.tpl
+++ b/gnocchi/templates/bin/_storage-init.sh.tpl
@@ -57,4 +57,4 @@ type: kubernetes.io/rbd
data:
key: $( echo ${ENCODED_KEYRING} )
EOF
-kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml
index e4744f5800..c75b074439 100644
--- a/gnocchi/templates/job-storage-init.yaml
+++ b/gnocchi/templates/job-storage-init.yaml
@@ -34,6 +34,7 @@ rules:
- get
- create
- update
+ - patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding