Merge branch 'master' into rsync

StackStorm · May 9, 2024 · dfaaca9 · dfaaca9
2 parents c0774d6 + 496fc58
commit dfaaca9
Show file tree

Hide file tree

Showing 23 changed files with 459 additions and 155 deletions.
diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml
@@ -35,7 +35,7 @@ jobs:
         # We should periodically check to see if another fork has taken over maintenance,
         # as the de-facto "best" fork has changed several times over the years.
         run: |
-          helm plugin install https://github.com/quintush/helm-unittest --version v0.2.11
+          helm plugin install https://github.com/helm-unittest/helm-unittest.git  --version v0.4.4
 
       - name: Install chart dependencies
         run: |
@@ -44,4 +44,4 @@ jobs:
       - name: Run helm-unittest
         # by default looks for tests/*_test.yaml
         run: |
-          helm unittest --color --helm3 -f 'tests/unit/*_test.yaml' .
+          helm unittest --color -f 'tests/unit/*_test.yaml' .
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,13 +1,18 @@
 # Changelog
 
 ## Development
-* Fix syntax with ensure-packs-volumes-are-writable job (#403) (by @skiedude)
+* Updated our tests/unit to support newer versions of `unittests` - for now bumping to `v0.4.4` as `v0.5.0` has a bug that impacts us (see helm-unittest/helm-unittest#329), but testing around the bug shows `v0.5.x` should also "just work" (#414) (by @jk464)
+* Use `rsync` to copy pack contents when available, falling back to `cp`. (#414) (by @cognifloyd)
+* Support non-root container environments when copying pack contents (#414) (by @Stealthii)
+
+## v1.1.0
+* Fix syntax with ensure-packs-volumes-are-writable job (#403, #411) (by @skiedude)
 * Add securityContext support to custom st2packs images, extra_hooks jobs; Also fallback to st2actionrunner securityContext for misc init container jobs and pods. (#410) (by @cognifloyd)
 * Stop generating the DataStore Secret (#385) and checksum labels (#391) when existing secret provided or disabled (by @bmarick)
 * Stop generating the checksum labels for Auth Secret (#392) when existing secret provided or disabled (by @bmarick)
 * Use `image.pullPolicy` for all containers including init containers that use `image.utilityImage`. (#397) (by @jk464)
-* Use `rsync` to copy pack contents when available, falling back to `cp`. (#414) (by @cognifloyd)
-* Support non-root container environments when copying pack contents (#414) (by @Stealthii)
+* Add new `image.entrypoint` value to simplify using a custom entry point like `dumb-init` or `pid1` (if installed in the image). (#413) (by @cognifloyd)
+* Improve Deployments migration in `migrations/v1.0/standardize-labels.sh` by temporarily orphaning the old ReplicaSets. (#412) (by @cognifloyd)
 
 ## v1.0.0
 * Bump to latest CircleCI orb versions ([email protected] and [email protected] by @ZoeLeah)

diff --git a/Chart.yaml b/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 # StackStorm version which refers to Docker images tag
 appVersion: "3.8"
 name: stackstorm-ha
-version: 1.0.0
+version: 1.1.0
 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment.
 home: https://stackstorm.com/
 icon: https://landscape.cncf.io/logos/stack-storm.svg

diff --git a/migrations/v1.0/standardize-labels.sh b/migrations/v1.0/standardize-labels.sh
@@ -7,6 +7,12 @@
 # so that helm upgrade will not create duplicate resources. The new label
 # selectors do not match the old labels, so this script adds the new labels
 # to the old resources. Thus, the new selectors will update them.
+#
+# NOTE: This will orphan all Pods, but they will be adopted by the new Deployments.
+# Specifically, we delete Deployment using propogationPolicy=Orphan,
+# and then when Helm creates the Deployments again, the selector will match the
+# current ReplicaSets (and their Pods) because we added the new labels.
+# Finally, the standard k8s Deployment upgrade will gradually replace old Pods.
 
 # These env vars need to be set to use this script:
 #   RELEASE_NAME (same as .Release.Name)
@@ -19,6 +25,9 @@ RELEASE_NAME=${RELEASE_NAME:-st2}
 NAMESPACE=${NAMESPACE:-default}
 CHART_NAME=${CHART_NAME:-stackstorm-ha} # see Chart.yaml
 
+echo RELEASE_NAME=${RELEASE_NAME}
+echo NAMESPACE=${NAMESPACE}
+echo CHART_NAME=${CHART_NAME}
 
 function klabel_app_instance() {
 	kind=${1}
@@ -40,6 +49,17 @@ function klabel_app_name() {
 		"app.kubernetes.io/name=${app}"
 }
 
+function kdelete_cascade_orphan() {
+	kind=${1}
+	app=${2}
+	kubectl delete "${kind}" \
+		-n "${NAMESPACE}" \
+		-l "vendor=stackstorm" \
+		-l "release=${RELEASE_NAME}" \
+		-l "app=${app}" \
+		--cascade=orphan
+}
+
 function k_get_app_names() {
 	kind=${1}
 	app=${2}
@@ -51,14 +71,17 @@ function k_get_app_names() {
 	| jq -r '.items[] | select(.metadata.name | test("'"${app}"'")).metadata.labels.app'
 }
 
+echo
 echo "Adding label app.kubernetes.io/instance=${RELEASE_NAME} (which will replace release=${RELEASE_NAME}) ..."
+echo
 
 for kind in ConfigMap Secret Ingress Service ServiceAccount Deployment ReplicaSet Pod Job; do
 	klabel_app_instance ${kind}
 done
 
 echo
 echo "Adding label app.kubernetes.io/name=<app> (which will replace app=<app>) ..."
+echo
 
 klabel_app_name ConfigMap st2
 klabel_app_name Secret st2
@@ -83,10 +106,12 @@ deployment_apps=(
 	st2workflowengine
 )
 for app in "${deployment_apps[@]}"; do
-	echo "Deployment app=${app} ..."
-	klabel_app_name Deployment ${app}
+	echo "ReplicaSet and Pods from Deployment app=${app} ..."
 	klabel_app_name ReplicaSet ${app}
 	klabel_app_name Pod ${app}
+	echo "Deleting Deployment app=${app} (orphaning the ReplicaSets)..."
+	kdelete_cascade_orphan Deployment ${app}
+	# do not delete ReplicaSet or the Deployment will not adopt the pods
 done
 
 service_apps=(
@@ -115,3 +140,7 @@ done
 
 klabel_app_name ConfigMap st2tests
 klabel_app_name Pod st2tests
+
+echo
+echo "ReplicaSets from Deployments have been orphaned, but new Deployments will adopt them."
+echo "Make sure to run helm upgrade soon to create the new Deployments."
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -181,6 +181,12 @@ Reduce duplication of the st2.*.conf volume details
 {{- end }}
 {{- end -}}
 
+{{- define "stackstorm-ha.st2-entrypoint" -}}
+  {{- range $.Values.image.entrypoint }}
+- {{ toYaml . }}
+  {{- end }}
+{{- end -}}
+
 # Override CMD CLI parameters passed to the startup of all pods to add support for /etc/st2/st2.secrets.conf
 {{- define "stackstorm-ha.st2-config-file-parameters" -}}
 - --config-file=/etc/st2/st2.conf

diff --git a/templates/deployments.yaml b/templates/deployments.yaml
@@ -38,8 +38,8 @@ spec:
           {{- toYaml .Values.st2auth.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -76,6 +76,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2auth
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2auth.env }}
@@ -176,8 +177,8 @@ spec:
           {{- toYaml .Values.st2api.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       {{- if .Values.st2.packs.images }}
@@ -203,6 +204,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2api
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2api.env }}
@@ -314,8 +316,8 @@ spec:
           {{- toYaml .Values.st2stream.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -335,6 +337,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2stream
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2stream.env }}
@@ -423,8 +426,8 @@ spec:
           {{- toYaml .Values.st2web.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       terminationGracePeriodSeconds: {{ .Values.st2web.terminationGracePeriodSeconds | default 30 }}
@@ -562,8 +565,8 @@ spec:
           {{- toYaml .Values.st2rulesengine.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -580,6 +583,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2rulesengine
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2rulesengine.env }}
@@ -679,8 +683,8 @@ spec:
           {{- toYaml .Values.st2timersengine.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -697,6 +701,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2timersengine
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2timersengine.env }}
@@ -786,8 +791,8 @@ spec:
         {{- end }}
     spec:
       terminationGracePeriodSeconds: {{ .Values.st2workflowengine.terminationGracePeriodSeconds | default 300 }}
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -804,6 +809,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2workflowengine
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2workflowengine.env }}
@@ -904,8 +910,8 @@ spec:
           {{- toYaml .Values.st2scheduler.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -922,6 +928,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2scheduler
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2scheduler.env }}
@@ -1020,8 +1027,8 @@ spec:
           {{- toYaml .Values.st2notifier.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -1038,6 +1045,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2notifier
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2notifier.env }}
@@ -1165,8 +1173,8 @@ spec:
           {{- toYaml $sensor.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if $.Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ $.Values.image.pullSecret }}
       {{- end }}
       {{- if $.Values.st2.packs.images }}
@@ -1213,6 +1221,7 @@ spec:
           {{- toYaml . | nindent 10 }}
         {{- end }}
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2sensorcontainer
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
           {{- if $one_sensor_per_pod }}{{/* only in st2.packs.sensors[] */}}
@@ -1345,8 +1354,8 @@ spec:
       hostAliases:
         {{- toYaml .Values.st2actionrunner.hostAliases | nindent 8 }}
       {{- end }}
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       {{- if .Values.st2.packs.images }}
@@ -1375,6 +1384,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2actionrunner
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2actionrunner.env }}
@@ -1491,8 +1501,8 @@ spec:
           {{- toYaml .Values.st2garbagecollector.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -1509,6 +1519,7 @@ spec:
         #livenessProbe:
         #readinessProbe:
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - /opt/stackstorm/st2/bin/st2garbagecollector
           {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }}
         {{- if .Values.st2garbagecollector.env }}
@@ -1604,11 +1615,11 @@ spec:
           {{- toYaml .Values.st2client.annotations | nindent 8 }}
         {{- end }}
     spec:
-      imagePullSecrets:
       {{- if .Values.st2.packs.images }}
         {{- include "stackstorm-ha.packs-pullSecrets" . | nindent 6 }}
       {{- end }}
       {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
       - name: {{ .Values.image.pullSecret }}
       {{- end }}
       initContainers:
@@ -1690,6 +1701,7 @@ spec:
           mountPath: /post-start.sh
           subPath: post-start.sh
         command:
+          {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }}
           - 'bash'
           - '-ec'
           - 'while true; do sleep 999; done'