fix jobs to create a secret can work on upgrade

This PS fixes the jobs falling into a crash loop state when upgrading charts. 'kubectl create' command cannot overwrite if a secret already exists. But 'kubectl apply' command can do it. Change-Id: Idd6eea06892a30e36e51a9b1130fd7cd84ff65cf
2018-01-16 20:41:49 +09:00 · 2018-01-16 20:41:49 +09:00 · 717d72485b
commit 717d72485b
parent db2276055e
16 changed files with 17 additions and 9 deletions
--- a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl
+++ b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl
@ -47,7 +47,7 @@ type: Opaque
 data:
  ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} )
 EOF
-    } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+    } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
  fi
 }
--- a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl
+++ b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl
@ -49,7 +49,7 @@ type: Opaque
 data:
  ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} )
 EOF
-    } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+    } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
  fi
 }
 #create_kube_key <ceph_key> <ceph_keyring_name> <ceph_keyring_template> <kube_secret_name>
@ -71,7 +71,7 @@ type: kubernetes.io/rbd
 data:
  key: $( echo ${CEPH_KEYRING} | base64 | tr -d '\n' )
 EOF
-    } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+    } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
  fi
 }
 #create_kube_storage_key <ceph_key> <kube_secret_name>
--- a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl
+++ b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl
@ -37,7 +37,7 @@ type: "${secret_type}"
 data:
  key: $( echo ${ceph_key} )
 EOF
-  } | kubectl create --namespace ${kube_namespace} -f -
+  } | kubectl apply --namespace ${kube_namespace} -f -
 }
 if ! kubectl get --namespace ${DEPLOYMENT_NAMESPACE} secrets ${PVC_CEPH_CEPHFS_STORAGECLASS_USER_SECRET_NAME}; then
--- a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl
+++ b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl
@ -37,7 +37,7 @@ type: "${secret_type}"
 data:
  key: $( echo ${ceph_key} )
 EOF
-  } | kubectl create --namespace ${kube_namespace} -f -
+  } | kubectl apply --namespace ${kube_namespace} -f -
 }
 ceph_activate_namespace ${DEPLOYMENT_NAMESPACE} "kubernetes.io/rbd" ${PVC_CEPH_RBD_STORAGECLASS_USER_SECRET_NAME} "$(echo ${CEPH_RBD_KEY} | jq -r '.data | .[]')"
--- a/ceph/templates/job-cephfs-client-key.yaml
+++ b/ceph/templates/job-cephfs-client-key.yaml
@ -36,6 +36,7 @@ rules:
      - get
      - create
      - update
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
--- a/ceph/templates/job-keyring.yaml
+++ b/ceph/templates/job-keyring.yaml
@ -37,6 +37,7 @@ rules:
    verbs:
      - get
      - create
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
--- a/ceph/templates/job-namespace-client-key.yaml
+++ b/ceph/templates/job-namespace-client-key.yaml
@ -36,6 +36,7 @@ rules:
      - get
      - create
      - update
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
--- a/ceph/templates/job-storage-admin-keys.yaml
+++ b/ceph/templates/job-storage-admin-keys.yaml
@ -33,6 +33,7 @@ rules:
    verbs:
      - get
      - create
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
@ -63,6 +63,6 @@ type: kubernetes.io/rbd
 data:
  key: $( echo ${ENCODED_KEYRING} )
 EOF
-  kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+  kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
 fi
--- a/cinder/templates/bin/_storage-init.sh.tpl
+++ b/cinder/templates/bin/_storage-init.sh.tpl
@ -60,6 +60,6 @@ type: kubernetes.io/rbd
 data:
  key: $( echo ${ENCODED_KEYRING} )
 EOF
-  kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+  kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
 fi
--- a/cinder/templates/job-backup-storage-init.yaml
+++ b/cinder/templates/job-backup-storage-init.yaml
@ -34,6 +34,7 @@ rules:
      - get
      - create
      - update
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
--- a/cinder/templates/job-storage-init.yaml
+++ b/cinder/templates/job-storage-init.yaml
@ -34,6 +34,7 @@ rules:
      - get
      - create
      - update
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
--- a/glance/templates/bin/_storage-init.sh.tpl
+++ b/glance/templates/bin/_storage-init.sh.tpl
@ -62,7 +62,7 @@ type: kubernetes.io/rbd
 data:
  key: $( echo ${ENCODED_KEYRING} )
 EOF
-  kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+  kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
 elif [ "x$STORAGE_BACKEND" == "xradosgw" ]; then
  radosgw-admin user stats --uid="${RADOSGW_USERNAME}" || \
    radosgw-admin user create \
--- a/glance/templates/job-storage-init.yaml
+++ b/glance/templates/job-storage-init.yaml
@ -34,6 +34,7 @@ rules:
      - get
      - create
      - update
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
--- a/gnocchi/templates/bin/_storage-init.sh.tpl
+++ b/gnocchi/templates/bin/_storage-init.sh.tpl
@ -57,4 +57,4 @@ type: kubernetes.io/rbd
 data:
  key: $( echo ${ENCODED_KEYRING} )
 EOF
-kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
--- a/gnocchi/templates/job-storage-init.yaml
+++ b/gnocchi/templates/job-storage-init.yaml
@ -34,6 +34,7 @@ rules:
      - get
      - create
      - update
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding