From f994829fcbea79b5b79193ba3f49e40e6c498709 Mon Sep 17 00:00:00 2001 From: Michel Thebeau Date: Thu, 4 Jan 2024 20:04:01 +0000 Subject: [PATCH] override pre-existing anti-affinity commit f7a37e6a, "Removing default injector anti-affinity rules", disables anti-affinity for the injector pod. This is sufficient for future application updates. However, during application-update an old pod that still has anti-affinity will still prevent scheduling of a new pod. This is observed on AIO-SX when testing application-update in preparation for USM. Using injector.strategy.rollingUpdate.maxUnavailable (DeploymentStrategy) set to 100% the old pod will immediately terminate while the new pod waits for its termination. This is the workaround described in the original in starlingx bug: https://bugs.launchpad.net/starlingx/+bug/2030901. Test Plan: PASS AIO-SX vault sanity PASS application-update Partial-Bug: 2030901 Story: 2011073 Task: 50484 Change-Id: I66fe336ece7f1ccd68caa665aabc693f1b9a5c18 Signed-off-by: Michel Thebeau --- .../fluxcd-manifests/vault/vault-static-overrides.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml b/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml index 380daa7..a19ad5f 100644 --- a/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml +++ b/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml @@ -14,6 +14,9 @@ injector: nodeSelector: | node-role.kubernetes.io/control-plane: "" affinity: null + strategy: + rollingUpdate: + maxUnavailable: 100% image: repository: hashicorp/vault-k8s tag: 1.2.1