Add isApplication functionality for openbao pods

Adding the isApplication function described in https://wiki.openstack.org/wiki/StarlingX/Containers/Applications/HowToAddNewFluxCDAppInSTX#7.4_Select_CPU_Cores_for_pods. to Openbao pods. The function will have dedicated values in values.yaml to switch the server pod, injector pod, and csi pod between application and platform cores. The server pod will require a manual restart to update the label, while the other two pods will automatically restart once the label change is applied. Currently the default strategy for the server pods is to only update info after the server pod is deleted. The previous method of using sysinv to switch labels has been removed. Test Plan: PASS Modified helm chart applies with no errors PASS Check pods and validate the correct labeling PASS Labels do not change with wrong values in values.yaml PASS For injector and csi pods, the pods restart with the changed labels after using helm-override-update to change isApplication value PASS For server pods, the pods restart with the changed labels after using helm-override-update to change isApplication value, and then deleting the pod. Story: 2011244 Task: 51632 Change-Id: Ibdc962fc8fb326767180946fbfdc1264344cc8c4 Signed-off-by: Tae Park <tae.park@windriver.com>
2025-01-24 10:58:36 -05:00 · 2025-01-24 10:58:36 -05:00 · 101d137cb2
commit 101d137cb2
parent 3933710c66
5 changed files with 142 additions and 54 deletions
--- a/helm-charts/upstream/openbao-helm/debian/deb_folder/patches/0003-Fix-agent-image-registry-in-injector-deployment.patch
+++ b/helm-charts/upstream/openbao-helm/debian/deb_folder/patches/0003-Fix-agent-image-registry-in-injector-deployment.patch
--- a/helm-charts/upstream/openbao-helm/debian/deb_folder/patches/0003-Fix-helm-template-for-server-annotations.patch
+++ b/helm-charts/upstream/openbao-helm/debian/deb_folder/patches/0003-Fix-helm-template-for-server-annotations.patch
@ -1,33 +0,0 @@
-From d92aafc376d718d1b0cd802b51129839c9f5b01a Mon Sep 17 00:00:00 2001
-From: Tae Park <tae.park@windriver.com>
-Date: Mon, 16 Dec 2024 14:51:11 -0500
-Subject: [PATCH] Fix helm template for server annotations
-
-The current version of openbao-helm has bug in the server annotation
-template. A values.yaml with empty server annotation produces a
-server-statefulset.yaml containing a key
-spec.template.metadata.annotations with no assigned value.  This patch
-updates the logic in the template to not create empty yaml key.
-
-Signed-off-by: Tae Park <tae.park@windriver.com>
---
- charts/openbao/templates/_helpers.tpl | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/charts/openbao/templates/_helpers.tpl b/charts/openbao/templates/_helpers.tpl
-index 08c71ee..1fecef9 100644
--- a/charts/openbao/templates/_helpers.tpl
-+++ b/charts/openbao/templates/_helpers.tpl
-@@ -447,7 +447,9 @@ Sets the injector deployment update strategy
- Sets extra pod annotations
- */}}
- {{- define "openbao.annotations" }}
-+  {{- if or (.Values.server.annotations) (.Values.server.configAnnotation) }}
-       annotations:
-+  {{- end }}
-   {{- if .Values.server.configAnnotation }}
-         openbao.hashicorp.com/config-checksum: {{ include "openbao.config" . | sha256sum }}
-   {{- end }}
--
-2.34.1
-
--- a/helm-charts/upstream/openbao-helm/debian/deb_folder/patches/0004-Add-isApplication-functionality-for-openbao-pods.patch
+++ b/helm-charts/upstream/openbao-helm/debian/deb_folder/patches/0004-Add-isApplication-functionality-for-openbao-pods.patch
@ -0,0 +1,140 @@
+From c5b39d180ad80673b5cbf176bda1ce3558b213ae Mon Sep 17 00:00:00 2001
+From: Tae Park <tae.park@windriver.com>
+Date: Fri, 24 Jan 2025 10:51:17 -0500
+Subject: [PATCH] Add isApplication functionality for openbao pods
+
+Adding the isApplication function described in
+https://wiki.openstack.org/wiki/StarlingX/Containers/Applications/HowToAddNewFluxCDAppInSTX#7.4_Select_CPU_Cores_for_pods.
+to Openbao pods. The function will have dedicated values in values.yaml
+to switch the server pod, injector pod, and csi pod between application
+and platform cores.
+
+Signed-off-by: Tae Park <tae.park@windriver.com>
+---
+ charts/openbao/templates/_helpers.tpl          | 11 +++++++----
+ charts/openbao/templates/csi-daemonset.yaml    |  1 +
+ .../openbao/templates/injector-deployment.yaml |  1 +
+ .../openbao/templates/server-statefulset.yaml  |  1 +
+ charts/openbao/values.yaml                     | 18 ++++++++++++++++++
+ 5 files changed, 28 insertions(+), 4 deletions(-)
+
+diff --git a/charts/openbao/templates/_helpers.tpl b/charts/openbao/templates/_helpers.tpl
+index 08c71ee..a61042d 100644
+--- a/charts/openbao/templates/_helpers.tpl
+++ b/charts/openbao/templates/_helpers.tpl
+@@ -448,6 +448,7 @@ Sets extra pod annotations
+ */}}
+ {{- define "openbao.annotations" }}
+       annotations:
+        app.starlingx.io/config-checksum: {{ toYaml .Values.server.labels | sha256sum }}
+   {{- if .Values.server.configAnnotation }}
+         openbao.hashicorp.com/config-checksum: {{ include "openbao.config" . | sha256sum }}
+   {{- end }}
+@@ -464,9 +465,10 @@ Sets extra pod annotations
+ {{/*
+ Sets extra injector pod annotations
+ */}}
+-{{- define "injector.annotations" -}}
+-  {{- if .Values.injector.annotations }}
+{{- define "injector.annotations" }}
+       annotations:
+        app.starlingx.io/config-checksum: {{ toYaml .Values.injector.labels | sha256sum }}
+  {{- if .Values.injector.annotations }}
+         {{- $tp := typeOf .Values.injector.annotations }}
+         {{- if eq $tp "string" }}
+           {{- tpl .Values.injector.annotations . | nindent 8 }}
+@@ -953,9 +955,10 @@ Sets the CSI provider affinity for pod placement.
+ {{/*
+ Sets extra CSI provider pod annotations
+ */}}
+-{{- define "csi.pod.annotations" -}}
+-  {{- if .Values.csi.pod.annotations }}
+{{- define "csi.pod.annotations" }}
+       annotations:
+        app.starlingx.io/config-checksum: {{ toYaml .Values.csi.labels | sha256sum }}
+  {{- if .Values.csi.pod.annotations }}
+       {{- $tp := typeOf .Values.csi.pod.annotations }}
+       {{- if eq $tp "string" }}
+         {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+diff --git a/charts/openbao/templates/csi-daemonset.yaml b/charts/openbao/templates/csi-daemonset.yaml
+index 1ace436..53b51f6 100644
+--- a/charts/openbao/templates/csi-daemonset.yaml
+++ b/charts/openbao/templates/csi-daemonset.yaml
+@@ -34,6 +34,7 @@ spec:
+       labels:
+         app.kubernetes.io/name: {{ template "openbao.name" . }}-csi-provider
+         app.kubernetes.io/instance: {{ .Release.Name }}
+        app.starlingx.io/component: {{ ternary "application" "platform" .Values.csi.labels.isApplication }}
+         {{- if  .Values.csi.pod.extraLabels -}}
+           {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+         {{- end -}}
+diff --git a/charts/openbao/templates/injector-deployment.yaml b/charts/openbao/templates/injector-deployment.yaml
+index d66f6d1..d4a1a53 100644
+--- a/charts/openbao/templates/injector-deployment.yaml
+++ b/charts/openbao/templates/injector-deployment.yaml
+@@ -29,6 +29,7 @@ spec:
+       labels:
+         app.kubernetes.io/name: {{ template "openbao.name" . }}-agent-injector
+         app.kubernetes.io/instance: {{ .Release.Name }}
+        app.starlingx.io/component: {{ ternary "application" "platform" .Values.injector.labels.isApplication }}
+         component: webhook
+         {{- if  .Values.injector.extraLabels -}}
+           {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+diff --git a/charts/openbao/templates/server-statefulset.yaml b/charts/openbao/templates/server-statefulset.yaml
+index c4f0840..3c704cd 100644
+--- a/charts/openbao/templates/server-statefulset.yaml
+++ b/charts/openbao/templates/server-statefulset.yaml
+@@ -38,6 +38,7 @@ spec:
+         helm.sh/chart: {{ template "openbao.chart" . }}
+         app.kubernetes.io/name: {{ template "openbao.name" . }}
+         app.kubernetes.io/instance: {{ .Release.Name }}
+        app.starlingx.io/component: {{ ternary "application" "platform" .Values.server.labels.isApplication }}
+         component: server
+         {{- if  .Values.server.extraLabels -}}
+           {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+diff --git a/charts/openbao/values.yaml b/charts/openbao/values.yaml
+index bc82fc8..6d34869 100644
+--- a/charts/openbao/values.yaml
+++ b/charts/openbao/values.yaml
+@@ -369,6 +369,12 @@ injector:
+   #     maxUnavailable: 25%
+   #   type: RollingUpdate
+ 
+  # For setting the "app.starlingx.io/component" label for Openbao injector pod
+  # Setting this to "true" will make the pod run on "application" cores,
+  # While setting this to "false" will make the pod run on "platform" cores.
+  labels:
+    isApplication: false
+
+ server:
+   # If true, or "-" with global.enabled true, OpenBao server will be installed.
+   # See openbao.mode in _helpers.tpl for implementation details.
+@@ -1038,6 +1044,12 @@ server:
+   # Should the server pods run on the host network
+   hostNetwork: false
+ 
+  # For setting the "app.starlingx.io/component" label for Openbao server pod
+  # Setting this to "true" will make the pod run on "application" cores,
+  # While setting this to "false" will make the pod run on "platform" cores.
+  labels:
+    isApplication: false
+
+ # OpenBao UI
+ ui:
+   # True if you want to create a Service entry for the OpenBao UI.
+@@ -1256,6 +1268,12 @@ csi:
+   # for the available command line flags.
+   extraArgs: []
+ 
+  # For setting the "app.starlingx.io/component" label for Openbao csi pod
+  # Setting this to "true" will make the pod run on "application" cores,
+  # While setting this to "false" will make the pod run on "platform" cores.
+  labels:
+    isApplication: false
+
+ # OpenBao is able to collect and publish various runtime metrics.
+ # Enabling this feature requires setting adding `telemetry{}` stanza to
+ # the OpenBao configuration. There are a few examples included in the `config` sections above.
+-- 
+2.34.1
+
--- a/helm-charts/upstream/openbao-helm/debian/deb_folder/patches/series
+++ b/helm-charts/upstream/openbao-helm/debian/deb_folder/patches/series
@ -1,4 +1,4 @@
 0001-Add-yaml-for-Starlingx-image-handling.patch
 0002-update-includeConfigAnnotation-to-match-README-value.patch
-0003-Fix-helm-template-for-server-annotations.patch
-0004-Fix-agent-image-registry-in-injector-deployment.patch
+0003-Fix-agent-image-registry-in-injector-deployment.patch
+0004-Add-isApplication-functionality-for-openbao-pods.patch
--- a/python3-k8sapp-openbao/k8sapp_openbao/k8sapp_openbao/helm/openbao.py
+++ b/python3-k8sapp-openbao/k8sapp_openbao/k8sapp_openbao/helm/openbao.py
@ -99,30 +99,11 @@ class OpenbaoHelm(base.FluxCDBaseHelm):
                new_chart_overrides
            )

-        user_chosen_affinity = new_chart_overrides.get(
-            app_constants.HELM_CHART_COMPONENT_LABEL) \
-            if new_chart_overrides else None
-
-        if user_chosen_affinity in self.SUPPORTED_COMPONENT_OVERRIDES:
-            affinity = user_chosen_affinity
-        else:
-            affinity = self.DEFAULT_AFFINITY
-            LOG.warn((f'User override for core affinity {user_chosen_affinity} '
-                      f'is invalid, using default of {self.DEFAULT_AFFINITY}'))
-
        overrides = {
            common.HELM_NS_OPENBAO: {
                app_constants.HELM_OPENBAO_SERVER_POD: {
                    'ha': {
                        'replicas': ha_replicas,
-                    },
-                    self.LABEL_PARAMETER: {
-                        app_constants.HELM_CHART_COMPONENT_LABEL: affinity
-                    }
-                },
-                app_constants.HELM_OPENBAO_INJECTOR_POD: {
-                    self.LABEL_PARAMETER: {
-                        app_constants.HELM_CHART_COMPONENT_LABEL: affinity
                    }
                },
            }