Create vault manager class for lifecycle code

Creating a new vault manager class within vault.py, so that sysinv can interact with the new vault manager helm chart. The get_override function is modified so that the new vault manager fluxcd override is properly applied. Test Plan: PASS AIO-SX vault sanity PASS AIO-DX plus 1 worker vault fresh install and sanity PASS Vault HA test for AIO-DX plus 1 worker PASS Disable new vault manager helm chart with system helm-chart-attribute-modify Story: 2010929 Task: 49600 Change-Id: I71f0050a9cfd1be1c867f13926c84827d74f71de Signed-off-by: Tae Park <tae.park@windriver.com>
2024-03-14 13:07:16 -04:00 · 2024-03-14 13:07:16 -04:00 · b00a768784
commit b00a768784
parent 96c4965be3
5 changed files with 128 additions and 6 deletions
--- a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/constants.py
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/common/constants.py
@ -11,6 +11,8 @@
 HELM_APP_VAULT = 'vault'
 HELM_RELEASE_VAULT = 'sva-vault'
 HELM_CHART_VAULT = 'vault'
+HELM_RELEASE_VAULT_MANAGER = 'sva-vault-manager'
+HELM_CHART_VAULT_MANAGER = 'vault-manager'
 HELM_CHART_NS_VAULT = 'vault'
 HELM_VAULT_SERVER_POD = 'server'
 HELM_VAULT_MANAGER_POD = 'manager'
--- a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault.py
@ -96,11 +96,6 @@ class VaultHelm(base.FluxCDBaseHelm):
                        app_constants.HELM_CHART_COMPONENT_LABEL: affinity
                    }
                },
-                app_constants.HELM_VAULT_MANAGER_POD: {
-                    self.LABEL_PARAMETER: {
-                        app_constants.HELM_CHART_COMPONENT_LABEL: affinity
-                    }
-                },
            }
        }

--- a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault_manager.py
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault_manager.py
@ -0,0 +1,122 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+"""Application helm class"""
+
+from k8sapp_vault.common import constants as app_constants
+
+from oslo_log import log as logging
+
+from sysinv.common import constants
+from sysinv.common import exception
+
+from sysinv.helm import base
+from sysinv.helm import common
+
+from sysinv.db import api as dbapi
+
+import yaml
+
+LOG = logging.getLogger(__name__)
+
+
+class VaultManagerHelm(base.FluxCDBaseHelm):
+    """Class to encapsulate helm operations for the vault manager chart"""
+
+    SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
+        [common.HELM_NS_VAULT]
+
+    SUPPORTED_APP_NAMESPACES = {
+        constants.HELM_APP_VAULT:
+            base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_VAULT],
+    }
+
+    SUPPORTED_COMPONENT_OVERRIDES = ['application', 'platform']
+    DEFAULT_AFFINITY = 'platform'
+    LABEL_PARAMETER = 'extraLabels'
+
+    CHART = app_constants.HELM_CHART_VAULT_MANAGER
+    HELM_RELEASE = app_constants.HELM_RELEASE_VAULT_MANAGER
+
+    def get_namespaces(self):
+        """Return the list of supported namespaces"""
+        return self.SUPPORTED_NAMESPACES
+
+    def get_master_worker_host_count(self):
+        """Read the number of nodes with worker function"""
+        controller = len(self.dbapi.ihost_get_by_personality(constants.CONTROLLER))
+        worker = len(self.dbapi.ihost_get_by_personality(constants.WORKER))
+        return controller + worker
+
+    def get_overrides(self, namespace=None):
+        """Return the system overrides"""
+        if self.get_master_worker_host_count() >= 3:
+            ha_replicas = 3
+        else:
+            ha_replicas = 1
+
+        dbapi_instance = dbapi.get_instance()
+
+        db_app = dbapi_instance.kube_app_get(app_constants.HELM_APP_VAULT)
+
+        # User chart overrides
+        new_chart_overrides = self._get_helm_overrides(
+            dbapi_instance,
+            db_app,
+            app_constants.HELM_CHART_VAULT_MANAGER,
+            app_constants.HELM_CHART_NS_VAULT,
+            'user_overrides')
+
+        user_chosen_affinity = new_chart_overrides.get(
+            app_constants.HELM_CHART_COMPONENT_LABEL) \
+            if new_chart_overrides else None
+
+        if user_chosen_affinity in self.SUPPORTED_COMPONENT_OVERRIDES:
+            affinity = user_chosen_affinity
+        else:
+            affinity = self.DEFAULT_AFFINITY
+            LOG.warn((f'User override for core affinity {user_chosen_affinity} '
+                      f'is invalid, using default of {self.DEFAULT_AFFINITY}'))
+
+        overrides = {
+            common.HELM_NS_VAULT: {
+                app_constants.HELM_VAULT_SERVER_POD: {
+                    'ha': {
+                        'replicas': ha_replicas,
+                    }
+                },
+                app_constants.HELM_VAULT_MANAGER_POD: {
+                    self.LABEL_PARAMETER: {
+                        app_constants.HELM_CHART_COMPONENT_LABEL: affinity
+                    }
+                },
+            }
+        }
+
+        if namespace in self.SUPPORTED_NAMESPACES:
+            return overrides[namespace]
+        if namespace:
+            raise exception.InvalidHelmNamespace(chart=self.CHART,
+                                                 namespace=namespace)
+        return overrides
+
+    @staticmethod
+    def _get_helm_overrides(dbapi_instance, app, chart, namespace,
+                            type_of_overrides):
+        """Helper function for querying helm overrides from db."""
+        helm_overrides = {}
+        try:
+            helm_overrides = dbapi_instance.helm_override_get(
+                app_id=app.id,
+                name=chart,
+                namespace=namespace,
+            )[type_of_overrides]
+
+            if isinstance(helm_overrides, str):
+                helm_overrides = yaml.safe_load(helm_overrides)
+        except exception.HelmOverrideNotFound:
+            LOG.debug("Overrides for this chart not found, nothing to be done.")
+        return helm_overrides
--- a/python3-k8sapp-vault/k8sapp_vault/setup.cfg
+++ b/python3-k8sapp-vault/k8sapp_vault/setup.cfg
@ -34,6 +34,7 @@ systemconfig.helm_applications =

 systemconfig.helm_plugins.vault =
    001_vault = k8sapp_vault.helm.vault:VaultHelm
+    002_vault-manager = k8sapp_vault.helm.vault_manager:VaultManagerHelm

 systemconfig.app_lifecycle =
    vault = k8sapp_vault.lifecycle.lifecycle_vault:VaultAppLifecycleOperator
--- a/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault-manager/vault-manager-static-overrides.yaml
+++ b/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault-manager/vault-manager-static-overrides.yaml
@ -15,4 +15,6 @@ manager:
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Exists"
      effect: "NoSchedule"
-  unsealWaitIntervals: 0
+  unsealWaitIntervals: 0
+  imagePullSecrets:
+    - name: default-registry-key