From 511cbf66e7530cc54c6610f6032a62bfd48b1e03 Mon Sep 17 00:00:00 2001
From: Bezalel Brandwine <bbrandwine@armosec.io>
Date: Wed, 20 Jul 2022 09:09:10 +0300
Subject: [PATCH] Fix rolling update issues - collector reporting from 2 pods
 in parallel - dandling pods of various deployments on some systems

---
 ...ctor-deployment.yaml => armo-collector-statefulset.yaml} | 5 ++++-
 .../templates/armo-kubescape-deployment.yaml                | 6 ++++++
 .../templates/armo-notification-service-deployment.yaml     | 6 ++++++
 .../templates/armo-vuln-scanner-deployment.yaml             | 6 ++++++
 .../templates/armo-websocket-deployment.yaml                | 6 ++++++
 charts/armo-components/values.yaml                          | 2 +-
 6 files changed, 29 insertions(+), 2 deletions(-)
 rename charts/armo-components/templates/{armo-collector-deployment.yaml => armo-collector-statefulset.yaml} (93%)

diff --git a/charts/armo-components/templates/armo-collector-deployment.yaml b/charts/armo-components/templates/armo-collector-statefulset.yaml
similarity index 93%
rename from charts/armo-components/templates/armo-collector-deployment.yaml
rename to charts/armo-components/templates/armo-collector-statefulset.yaml
index 43f2774..e9fe698 100644
--- a/charts/armo-components/templates/armo-collector-deployment.yaml
+++ b/charts/armo-components/templates/armo-collector-statefulset.yaml
@@ -2,7 +2,9 @@
 {{ template "account_guid" . }}
 {{ template "cluster_name" . }}
 apiVersion: apps/v1
-kind: Deployment
+# statefulset is needed in order to avoid to pods reporting from the same cluster in parallel.
+# parallel reporting will cause Kubescape SaaS to miss identify the cluster liveness status
+kind: StatefulSet
 metadata:
   name: {{ .Values.armoCollector.name }}
   namespace: {{ .Values.armoNameSpace }}
@@ -10,6 +12,7 @@ metadata:
     app: {{ .Values.armoCollector.name }}
     tier: {{ .Values.global.namespaceTier}}
 spec:
+  serviceName: ""
   replicas: {{ .Values.armoCollector.replicaCount }}
   selector:
     matchLabels:
diff --git a/charts/armo-components/templates/armo-kubescape-deployment.yaml b/charts/armo-components/templates/armo-kubescape-deployment.yaml
index 17b2a16..626d831 100644
--- a/charts/armo-components/templates/armo-kubescape-deployment.yaml
+++ b/charts/armo-components/templates/armo-kubescape-deployment.yaml
@@ -11,6 +11,12 @@ metadata:
     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
 spec:
   replicas: {{ .Values.armoKubescape.replicaCount }}
+  revisionHistoryLimit: 2
+  strategy:
+    rollingUpdate:
+      maxSurge: 0%
+      maxUnavailable: 100%
+    type: RollingUpdate
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ .Values.armoKubescape.name }}
diff --git a/charts/armo-components/templates/armo-notification-service-deployment.yaml b/charts/armo-components/templates/armo-notification-service-deployment.yaml
index d75d8d6..d07a238 100644
--- a/charts/armo-components/templates/armo-notification-service-deployment.yaml
+++ b/charts/armo-components/templates/armo-notification-service-deployment.yaml
@@ -10,6 +10,12 @@ metadata:
     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
 spec:
   replicas: {{ .Values.armoNotificationService.replicaCount }}
+  revisionHistoryLimit: 2
+  strategy:
+    rollingUpdate:
+      maxSurge: 0%
+      maxUnavailable: 100%
+    type: RollingUpdate
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ .Values.armoNotificationService.name }}
diff --git a/charts/armo-components/templates/armo-vuln-scanner-deployment.yaml b/charts/armo-components/templates/armo-vuln-scanner-deployment.yaml
index 87e2c61..4ce82a5 100644
--- a/charts/armo-components/templates/armo-vuln-scanner-deployment.yaml
+++ b/charts/armo-components/templates/armo-vuln-scanner-deployment.yaml
@@ -11,6 +11,12 @@ metadata:
     tier: {{ .Values.global.namespaceTier}}
 spec:
   replicas: {{ .Values.armoVulnScanner.replicaCount }}
+  revisionHistoryLimit: 2
+  strategy:
+    rollingUpdate:
+      maxSurge: 0%
+      maxUnavailable: 100%
+    type: RollingUpdate
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ .Values.armoVulnScanner.name }}
diff --git a/charts/armo-components/templates/armo-websocket-deployment.yaml b/charts/armo-components/templates/armo-websocket-deployment.yaml
index ebc939b..cda2b96 100644
--- a/charts/armo-components/templates/armo-websocket-deployment.yaml
+++ b/charts/armo-components/templates/armo-websocket-deployment.yaml
@@ -9,6 +9,12 @@ metadata:
     tier: {{ .Values.global.namespaceTier}}
 spec:
   replicas: {{ .Values.armoWebsocket.replicaCount }}
+  revisionHistoryLimit: 2
+  strategy:
+    rollingUpdate:
+      maxSurge: 0%
+      maxUnavailable: 100%
+    type: RollingUpdate
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ .Values.armoWebsocket.name }}
diff --git a/charts/armo-components/values.yaml b/charts/armo-components/values.yaml
index 470bf85..20c30bc 100644
--- a/charts/armo-components/values.yaml
+++ b/charts/armo-components/values.yaml
@@ -217,7 +217,7 @@ armoWebsocket:
   image:
     # -- source code: https://github.com/armosec/k8s-ca-websocket (private repo)
     repository: quay.io/armosec/action-trigger
-    tag: v0.0.35
+    tag: v0.0.39
     pullPolicy: Always
 
   service: