Add configuration for pod termination wait time

Adding new configuration options for pod termination wait sequence. The options set the number of times the new vault-manager pod will check that the old vault-manager pod is still running, and the number of seconds to wait between each check. The total default wait time is now 60s. Test Plan: PASS vault build succesfully with the changes PASS vault sanity on AIO-SX PASS Test the new helm values Story: 2010930 Task: 49476 Change-Id: Ie0d4c1fffccf59618cb10bc1e201468f5ffceed0 Signed-off-by: Tae Park <tae.park@windriver.com>
2024-01-29 15:56:36 -05:00 · 2024-01-29 15:56:36 -05:00 · 6fccda0818
parent 7c22500b16
commit 6fccda0818
3 changed files with 50 additions and 2 deletions
--- a/vault-helm/debian/deb_folder/patches/0001-Add-vault-manager-termination-wait-time.patch
+++ b/vault-helm/debian/deb_folder/patches/0001-Add-vault-manager-termination-wait-time.patch
@ -0,0 +1,42 @@
+From 06b5719c35c7e75b776ce7bd08c6df32c2dcf9cd Mon Sep 17 00:00:00 2001
+From: Tae Park <tae.park@windriver.com>
+Date: Mon, 29 Jan 2024 15:24:37 -0500
+Subject: [PATCH] Add vault manager termination wait time
+
+Adding configure options for maximum number of tries for checking
+PVC removal, and time slept between each tries. Changed the
+default to 60 seconds total wait time
+
+Signed-off-by: Tae Park <tae.park@windriver.com>
+---
+ values.yaml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/values.yaml b/values.yaml
+index 1bce118..487b44a 100644
+--- a/values.yaml
+++ b/values.yaml
+@@ -114,6 +114,20 @@ manager:
+     #      client_version: v1.28
+     client_version: ""
+ 
+  waitTermination:
+    # During upgrade of the application from PVC storage to storage
+    # using kubernetes, wait for previous version of vault manager
+    # to terminate before proceding with the conversion of storage from PVC to
+    # kubernetes secrets.
+    #
+    # The maximum tries before proceding with the conversion of storage
+    # from PVC to kubernetes secrets.
+    maxTries: 12
+
+    # Number of seconds slept between each tries before proceding with
+    # the conversion of storage from PVC to kubernetes secrets.
+    sleepTime: 5
+
+   # Debugging option to improve log reading, allow more verbose logging
+   #   DEBUG: 1
+   #    INFO: 2
+-- 
+2.25.1
+
--- a/vault-helm/debian/deb_folder/patches/series
+++ b/vault-helm/debian/deb_folder/patches/series
@ -3,3 +3,4 @@
 0001-Add-log-level-option-for-vault-manager.patch
 0001-Add-manager-pause-request-to-helm-values.yaml.patch
 0001-Update-vault-version-to-1.14.8.patch
+0001-Add-vault-manager-termination-wait-time.patch
--- a/vault-helm/vault-helm/helm-charts/vault-init.yaml
+++ b/vault-helm/vault-helm/helm-charts/vault-init.yaml
@ -68,8 +68,8 @@ data:
    # Maximum seconds to wait for vault-manager pod to exit
    # Vault-manager is not responding to SIGTERM, so will take 30
    # seconds
-    TERMINATE_TRIES_MAX=6
-    TERMINATE_TRIES_SLEEP=5
+    TERMINATE_TRIES_MAX={{ .Values.manager.waitTermination.maxTries }}
+    TERMINATE_TRIES_SLEEP={{ .Values.manager.waitTermination.sleepTime }}

    # Vault key share configuration
    KEY_SECRET_SHARES=5
@ -1518,6 +1518,11 @@ data:
            count=$((count-1))
        done

+        if [ $count -eq 0 ]; then
+            log $WARNING "Maximum time reached waiting" \
+                "for the previous pod to be terminated."
+        fi
+
        convertPVC
    }