Merge pull request #307 from cwilson21/master

Issue #306 : Adding the ability to use overrides
StackStorm · May 17, 2022 · dceceed · dceceed
2 parents fd4e222 + fb10e50
commit dceceed
Show file tree

Hide file tree

Showing 19 changed files with 245 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@
 * Switch st2 to `v3.7` as a new default stable version (#274)
 * Upgrade MongoDB `v4.0` -> `v4.4` as 4.0 has reached its EOL. (#304)
 * Migrate from `python 3.6` `Ubuntu Bionic` to `python 3.8` `Ubuntu Focal` as a base StackStorm OS (StackStorm/st2-dockerfiles#54)
+* Add support for use of overrides that are available in `v3.7` of st2 via helm charts. (#306)
 
 ## v0.90.0
 * Advanced Feature: Make securityContext (on Deployments/Jobs) and podSecurityContext (on Pods) configurable. This allows dropping all capabilities, for example. You can override the securityContext for `st2actionrunner`, `st2sensorcontainer`, and `st2client` if your actions or sensors need, for example, additional capabilites that the rest of StackStorm does not need. (#271) (by @cognifloyd)

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -210,6 +210,23 @@ define this here as well to simplify comparison with packs-volume-mounts
   {{- end }}
 {{- end -}}
 
+#Inserted for override ability to happen via helm charts
+
+{{- define "stackstorm-ha.overrides-config-mounts" -}}
+  {{- if .Values.st2.overrides }}
+- name: st2-overrides-vol
+  mountPath: /opt/stackstorm/overrides
+  {{- end }}
+{{- end -}}
+
+{{- define "stackstorm-ha.overrides-configs" -}}
+  {{- if .Values.st2.overrides }}
+- name: st2-overrides-vol
+  configMap:
+    name: {{ .Release.Name }}-st2-overrides-configs
+  {{- end }}
+{{- end -}}
+
 {{/*
 For custom st2packs-initContainers reduce duplicity by defining them here once
 Merge packs and virtualenvs from st2 with those from st2packs images

diff --git a/templates/configmaps_overrides.yaml b/templates/configmaps_overrides.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.st2.overrides }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-st2-overrides-configs
+  annotations:
+    description: StackStorm override configs defined in helm values, shipped in (or copied to) '/opt/stackstorm/overrides'
+  labels:
+    app: st2
+    tier: backend
+    vendor: stackstorm
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ toYaml .Values.st2.overrides | indent 2 }}
+{{- end }}
diff --git a/templates/deployments.yaml b/templates/deployments.yaml
@@ -1700,6 +1700,9 @@ spec:
         checksum/auth: {{ include (print $.Template.BasePath "/secrets_st2auth.yaml") . | sha256sum }}
         checksum/ssh: {{ include (print $.Template.BasePath "/secrets_ssh.yaml") . | sha256sum }}
         checksum/datastore-key: {{ include (print $.Template.BasePath "/secrets_datastore_crypto_key.yaml") . | sha256sum }}
+        {{- if .Values.st2.overrides }}
+        checksum/overrides: {{ include (print $.Template.BasePath "/configmaps_overrides.yaml") . | sha256sum }}
+        {{- end }}
         {{- if .Values.st2client.postStartScript }}
         checksum/post-start-script: {{ .Values.st2client.postStartScript | sha256sum }}
         {{- end }}
@@ -1773,6 +1776,7 @@ spec:
         - name: st2-rbac-mappings-vol
           mountPath: /opt/stackstorm/rbac/mappings/
         {{- end }}
+        {{- include "stackstorm-ha.overrides-config-mounts" . | nindent 8 }}
         - name: st2client-config-vol
           mountPath: /root/.st2/
         - name: st2-ssh-key-vol
@@ -1824,6 +1828,7 @@ spec:
           configMap:
             name: {{ .Release.Name }}-st2-rbac-mappings
         {{- end }}
+        {{- include "stackstorm-ha.overrides-configs" . | nindent 8 }}
         - name: st2client-config-vol
           emptyDir:
             medium: Memory

diff --git a/templates/jobs.yaml b/templates/jobs.yaml
@@ -416,6 +416,9 @@ spec:
         # TODO: Investigate/propose running Helm hook only on condition when ConfigMap or Secret has changed
         checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }}
         checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") . | sha256sum }}
+        {{- if .Values.st2.overrides }}
+        checksum/overrides: {{ include (print $.Template.BasePath "/configmaps_overrides.yaml") . | sha256sum }}
+        {{- end }}
         {{- if .Values.jobs.annotations }}
           {{- toYaml .Values.jobs.annotations | nindent 8 }}
         {{- end }}
@@ -474,12 +477,14 @@ spec:
         {{- end }}
         {{- end }}
         volumeMounts:
+        {{- include "stackstorm-ha.overrides-config-mounts" . | nindent 8 }}
         {{- include "stackstorm-ha.st2-config-volume-mounts" . | nindent 8 }}
         {{- include "stackstorm-ha.packs-volume-mounts-for-register-job" . | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume-mount" . | nindent 8 }}
         # TODO: Find out default resource limits for this specific service (#5)
         #resources:
       volumes:
+        {{- include "stackstorm-ha.overrides-configs" . | nindent 8 }}
         {{- include "stackstorm-ha.st2-config-volume" . | nindent 8 }}
         {{- include "stackstorm-ha.packs-volumes" . | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume" . | nindent 8 }}
@@ -540,6 +545,9 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") $ | sha256sum }}
         checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") $ | sha256sum }}
+        {{- if $.Values.st2.overrides }}
+        checksum/overrides: {{ include (print $.Template.BasePath "/configmaps_overrides.yaml") $ | sha256sum }}
+        {{- end }}
         {{- if $.Values.jobs.annotations }}
           {{- toYaml $.Values.jobs.annotations | nindent 8 }}
         {{- end }}
@@ -605,6 +613,7 @@ spec:
         volumeMounts:
         - name: st2client-config-vol
           mountPath: /root/.st2/
+        {{- include "stackstorm-ha.overrides-config-mounts" $ | nindent 8 }}
         {{- include "stackstorm-ha.st2-config-volume-mounts" $ | nindent 8 }}
         {{- include "stackstorm-ha.packs-volume-mounts-for-register-job" $ | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume-mount" $ | nindent 8 }}
@@ -615,6 +624,7 @@ spec:
         - name: st2client-config-vol
           emptyDir:
             medium: Memory
+        {{- include "stackstorm-ha.overrides-configs" $ | nindent 8 }}
         {{- include "stackstorm-ha.st2-config-volume" $ | nindent 8 }}
         {{- include "stackstorm-ha.packs-volumes" $ | nindent 8 }}
         {{- include "stackstorm-ha.pack-configs-volume" $ | nindent 8 }}

diff --git a/tests/unit/custom_annotations_test.yaml b/tests/unit/custom_annotations_test.yaml
@@ -9,6 +9,7 @@ templates:
   - services.yaml
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml

diff --git a/tests/unit/dns_test.yaml b/tests/unit/dns_test.yaml
@@ -6,6 +6,7 @@ templates:
   - jobs.yaml
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml
@@ -23,7 +24,7 @@ tests:
       - deployments.yaml
       - jobs.yaml
     set:
-      st2: 
+      st2:
         packs: { sensors: [] } # ensure only 1 sensor
         rbac: { enabled: true } # enable rbac job
       jobs:
@@ -54,7 +55,7 @@ tests:
           - name: ndots
             value: "2"
           - name: edns0
-      st2: 
+      st2:
         packs: { sensors: [] } # ensure only 1 sensor
         rbac: { enabled: true } # enable rbac job
       jobs:

diff --git a/tests/unit/env_test.yaml b/tests/unit/env_test.yaml
@@ -6,6 +6,7 @@ templates:
   - jobs.yaml
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml

diff --git a/tests/unit/image_pull_test.yaml b/tests/unit/image_pull_test.yaml
@@ -7,6 +7,7 @@ templates:
   - service-account.yaml
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml

diff --git a/tests/unit/labels_test.yaml b/tests/unit/labels_test.yaml
@@ -5,6 +5,7 @@ templates:
   - jobs.yaml
   - services.yaml
 
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_post-start-scripts.yaml
   - configmaps_rbac.yaml

diff --git a/tests/unit/overrides_test.yaml b/tests/unit/overrides_test.yaml
@@ -0,0 +1,164 @@
+---
+suite: Overrides check
+templates:
+  # primary template files
+  - deployments.yaml
+  - jobs.yaml
+  - service-account.yaml
+
+  # included templates must also be listed
+  - configmaps_overrides.yaml
+  - configmaps_packs.yaml
+  - configmaps_rbac.yaml
+  - configmaps_st2-conf.yaml
+  - configmaps_st2-urls.yaml
+  - configmaps_st2web.yaml
+  - secrets_datastore_crypto_key.yaml
+  - secrets_ssh.yaml
+  - secrets_st2apikeys.yaml
+  - secrets_st2auth.yaml
+  - secrets_st2chatops.yaml
+
+tests:
+  - it: Jobs with overrides mounted
+    template: jobs.yaml
+    set:
+      st2:
+        overrides: #Enabling the overrides mounts in register-content job.
+          _global.yaml: |
+            ---
+            rules:
+              defaults:
+                enabled: false
+        rbac: { enabled: true } # enable rbac job
+        packs: { sensors: [] } # ensure only 1 sensor
+      jobs:
+        extra_hooks: &extra_hooks_jobs
+          - name: upgrade-warning
+            hook: pre-upgrade, pre-rollback
+            hook_weight: -5
+            command: ["st2", "run", "--tail", "custom_pack.warn_about_upgrade"]
+    release:
+      name: st2ha
+    asserts:
+      - hasDocuments:
+          count: 5
+
+      - contains: &overrides_volume
+          path: spec.template.spec.volumes
+          content:
+            name: st2-overrides-vol
+            configMap:
+              name: st2ha-st2-overrides-configs
+        documentIndex: 3 # register_content
+
+
+      - contains: &overrides_mnt
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: st2-overrides-vol
+            mountPath: /opt/stackstorm/overrides
+        documentIndex: 3 # register_content
+
+      - contains: *overrides_mnt
+        documentIndex: 4 #Extra_jobs
+      - contains: *overrides_volume
+        documentIndex: 4 #extra_jobs
+
+      - notContains: *overrides_volume
+        documentIndex: 0
+      - notContains: *overrides_mnt
+        documentIndex: 0
+      - notContains: *overrides_volume
+        documentIndex: 1
+      - notContains: *overrides_mnt
+        documentIndex: 1
+      - notContains: *overrides_volume
+        documentIndex: 2
+      - notContains: *overrides_mnt
+        documentIndex: 2
+
+
+  - it: Deployments with overrides
+    template: deployments.yaml
+    set:
+      st2:
+        overrides: #Enabling the override mounts in register-content job.
+          _global.yaml: |
+            ---
+            rules:
+              defaults:
+                enabled: false
+        packs:
+          sensors: [] # ensure only 1 sensor
+          images: [] # no extra packs to load
+          volumes:
+            enabled: false
+          configs: {} # has one core.yaml config file by default (dicts get merged)
+      st2chatops:
+        enabled: true
+    release:
+      name: st2ha
+    asserts:
+      - hasDocuments:
+          count: 14
+
+
+      - contains: *overrides_volume # always included
+        documentIndex: 12 # st2client
+      - contains: *overrides_mnt # always included
+        documentIndex: 12 # st2client
+
+
+      - notContains: *overrides_volume
+        documentIndex: 1
+      - notContains: *overrides_mnt
+        documentIndex: 1 # st2api
+      - notContains: *overrides_volume
+        documentIndex: 10 # st2actionrunner
+      - notContains: *overrides_mnt
+        documentIndex: 10 # st2actionrunner
+      - notContains: *overrides_volume
+        documentIndex: 0
+      - notContains: *overrides_mnt
+        documentIndex: 0
+      - notContains: *overrides_volume
+        documentIndex: 2
+      - notContains: *overrides_mnt
+        documentIndex: 2
+      - notContains: *overrides_volume
+        documentIndex: 3
+      - notContains: *overrides_mnt
+        documentIndex: 3
+      - notContains: *overrides_volume
+        documentIndex: 4
+      - notContains: *overrides_mnt
+        documentIndex: 4
+      - notContains: *overrides_volume
+        documentIndex: 5
+      - notContains: *overrides_mnt
+        documentIndex: 5
+      - notContains: *overrides_volume
+        documentIndex: 6
+      - notContains: *overrides_mnt
+        documentIndex: 6
+      - notContains: *overrides_volume
+        documentIndex: 7
+      - notContains: *overrides_mnt
+        documentIndex: 7
+      - notContains: *overrides_volume
+        documentIndex: 8
+      - notContains: *overrides_mnt
+        documentIndex: 8
+      - notContains: *overrides_volume # never
+        documentIndex: 9 # st2sensorcontainer
+      - notContains: *overrides_mnt # never
+        documentIndex: 9 # st2sensorcontainer
+      - notContains: *overrides_volume
+        documentIndex: 11
+      - notContains: *overrides_mnt
+        documentIndex: 11
+      - notContains: *overrides_volume
+        documentIndex: 13
+      - notContains: *overrides_mnt
+        documentIndex: 13
diff --git a/tests/unit/packs_volumes_test.yaml b/tests/unit/packs_volumes_test.yaml
@@ -6,6 +6,7 @@ templates:
   - jobs.yaml
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml

diff --git a/tests/unit/placement_test.yaml b/tests/unit/placement_test.yaml
@@ -6,6 +6,7 @@ templates:
   - jobs.yaml
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml

diff --git a/tests/unit/post_start_script_test.yaml b/tests/unit/post_start_script_test.yaml
@@ -6,6 +6,7 @@ templates:
   - configmaps_post-start-script.yaml
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml

diff --git a/tests/unit/resources_test.yaml b/tests/unit/resources_test.yaml
@@ -7,6 +7,7 @@ templates:
   # No jobs resources yet
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml

diff --git a/tests/unit/security_context_test.yaml b/tests/unit/security_context_test.yaml
@@ -6,6 +6,7 @@ templates:
   - jobs.yaml
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml

diff --git a/tests/unit/service_account_test.yaml b/tests/unit/service_account_test.yaml
@@ -8,6 +8,7 @@ templates:
   # ServiceAccount doesn't attach to Jobs
 
   # included templates must also be listed
+  - configmaps_overrides.yaml
   - configmaps_packs.yaml
   - configmaps_rbac.yaml
   - configmaps_st2-conf.yaml