chore: migrate the workaround to the helm chart

In cases where it is not possible to execute any commands when validating helm charts, this workaround can now be triggered through the helm chart itself.
desmax74 · Mar 13, 2024 · 0585db5 · 0585db5
1 parent 52e2fcf
commit 0585db5
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 28 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -314,32 +314,6 @@ jobs:
           echo "APP_DOMAIN=$APP_DOMAIN" >> $GITHUB_ENV
           echo "NAMESPACE=trustification" >> $GITHUB_ENV
 
-      # Workaround for [helm#10733](https://github.com/helm/helm/issues/10733):
-      - name: Create workaround PV
-        run: |
-          kubectl create -f - << __EOF__
-          apiVersion: v1
-          kind: PersistentVolume
-          metadata:
-            name: pv-workaround
-          spec:
-            accessModes:
-              - ReadWriteOnce
-            capacity:
-              storage: 20Gi
-            claimRef:
-              apiVersion: v1
-              kind: PersistentVolumeClaim
-              name: v11y-walker
-              namespace: trustification
-            persistentVolumeReclaimPolicy: Delete
-            storageClassName: standard
-            volumeMode: Filesystem
-            hostPath:
-              type: DirectoryOrCreate
-              path: /var/local-path-provisioner/pv-workaround
-          __EOF__
-
       - name: Create namespace
         run: |
           kubectl create ns $NAMESPACE
@@ -365,7 +339,7 @@ jobs:
       - name: Install chart-testing
         run: |
           ct install \
-            --helm-extra-set-args "--values deploy/k8s/values-minikube.yaml --set-string appDomain=$APP_DOMAIN --set-string image.version=ci --set-string image.registry=localhost" \
+            --helm-extra-set-args "--values deploy/k8s/values-minikube.yaml --set-string appDomain=$APP_DOMAIN --set-string image.version=ci --set-string image.registry=localhost --set workarounds.initCronJobPvcs=true" \
             --helm-extra-args "--timeout 10m --debug" \
             --namespace $NAMESPACE --charts deploy/k8s/charts/trustification \
             --target-branch ${{ github.event.repository.default_branch }}

diff --git a/deploy/k8s/charts/trustification/templates/workarounds/010-helm-wait-issue.yaml b/deploy/k8s/charts/trustification/templates/workarounds/010-helm-wait-issue.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.modules.v11yWalker.enabled }}
+{{- if .Values.workarounds.initCronJobPvcs }}
+
+{{/*
+For more details "why" this is necessary, see the description of the field .workarounds.initCronJobPvcs.
+
+In order to trigger the creation of a volume, and getting the PVC out of the `WaitForFirstConsumer` state, we
+simply create a pod.
+
+**NOTE:** This pod will claim the PVC and thus might prevent the CronJob from working correctly. Do not use this in
+production!
+*/}}
+
+{{- $mod := dict "root" . "name" "init-pvc-v11y-walker" "component" "v11y"  -}}
+{{- $ref := dict "root" . "name" "v11y-walker" "component" "v11y" -}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "trustification.common.name" $mod }}
+  labels:
+    {{- include "trustification.common.labels" $mod | nindent 12 }}
+
+spec:
+  backoffLimit: 1000
+  completions: 1
+  parallelism: 1
+  ttlSecondsAfterFinished: 600
+
+  template:
+    metadata:
+      labels:
+        {{- include "trustification.common.selectorLabels" $mod | nindent 12 }}
+    spec:
+      restartPolicy: OnFailure
+      volumes:
+        - name: init
+          persistentVolumeClaim:
+            claimName: {{ include "trustification.common.name" $ref }}
+      containers:
+        - image: registry.access.redhat.com/ubi9/ubi-minimal:latest
+          name: init
+          command: ["/bin/true"]
+          volumeMounts:
+            - mountPath: /mnt
+              name: init
+{{- end }}
+{{- end }}
diff --git a/deploy/k8s/charts/trustification/values.schema.json b/deploy/k8s/charts/trustification/values.schema.json
diff --git a/deploy/k8s/charts/trustification/values.schema.yaml b/deploy/k8s/charts/trustification/values.schema.yaml
@@ -48,6 +48,9 @@ properties:
   index:
     $ref: "#/definitions/IndexConfig"
 
+  workarounds:
+    $ref: "#/definitions/WorkaroundConfig"
+
   openshift:
     type: object
     additionalProperties: false
@@ -1200,3 +1203,22 @@ definitions:
         $ref: "#/definitions/ByteSize"
       jsonLimit:
         $ref: "#/definitions/ByteSize"
+
+  WorkaroundConfig:
+    type: object
+    properties:
+      initCronJobPvcs:
+        type: boolean
+        default: false
+        description: |
+          When using `--wait` with `helm`, then `helm` will wait for all resources to be created, including all PVCs.
+          
+          However, some storage controllers will lazy-bind PVCs, which in the case of `CronJob` with PVCs will make
+          Helm wait forever.
+          
+          Also see: https://github.com/helm/helm/issues/10733
+          
+          **NOTE:** This workaround can be used to create a persistent volume during the deployment. Which might be
+          good enough for use cases where it is required to use `--wait`. But it might not be what you want in
+          production.
+
diff --git a/deploy/k8s/charts/trustification/values.yaml b/deploy/k8s/charts/trustification/values.yaml
@@ -208,3 +208,5 @@ modules:
     enabled: false
     image: {}
     rust: {}
+
+workarounds: {}