aerospike · sud82 · May 18, 2024 · May 6, 2024 · May 7, 2024 · May 7, 2024
@@ -73,7 +73,7 @@ func (c *AerospikeCluster) Default(operation v1.Operation) admission.Response {
 func (c *AerospikeCluster) setDefaults(asLog logr.Logger) error {
 	// Set maxUnavailable default to 1
 	if !GetBool(c.Spec.DisablePDB) && c.Spec.MaxUnavailable == nil {
-		maxUnavailable := intstr.FromInt(1)
+		maxUnavailable := intstr.FromInt32(1)
 		c.Spec.MaxUnavailable = &maxUnavailable
 	}
 
@@ -403,6 +403,13 @@ func setDefaultNsConf(asLog logr.Logger, configSpec AerospikeConfigSpec,
 					if rackID != nil {
 						// Add rack-id only in rack specific config, not in global config
 						defaultConfs := map[string]interface{}{"rack-id": *rackID}
+
+						// Delete rack-id from namespace in rack specific config if set to 0
+						// This could happen in operator below 3.3.0
+						if id, ok := nsMap["rack-id"]; ok && id == float64(0) && *rackID != 0 {
+							delete(nsMap, "rack-id")
+						}
+
 						if err := setDefaultsInConfigMap(
 							asLog, nsMap, defaultConfs,
 						); err != nil {
@@ -411,6 +418,8 @@ func setDefaultNsConf(asLog logr.Logger, configSpec AerospikeConfigSpec,
 								err,
 							)
 						}
+					} else {
+						delete(nsMap, "rack-id")
 					}
 				} else {
 					// User may have added this key or may have patched object with new smaller rackEnabledNamespace list

@@ -902,9 +902,6 @@ type AerospikePodStatus struct { //nolint:govet // for readability
 	// DynamicConfigUpdateStatus is the status of dynamic config update operation.
 	// Empty "" status means successful update.
 	DynamicConfigUpdateStatus DynamicConfigUpdateStatus `json:"dynamicConfigUpdateStatus,omitempty"`
-
-	// IsSecurityEnabled is true if security is enabled in the pod
-	IsSecurityEnabled bool `json:"isSecurityEnabled"`
 }
 
 // +kubebuilder:object:root=true

@@ -33,7 +33,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/sets"
-	"k8s.io/utils/ptr"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -104,7 +103,7 @@ func (c *AerospikeCluster) ValidateUpdate(oldObj runtime.Object) (admission.Warn
 	}
 
 	// MultiPodPerHost cannot be updated
-	if !ptr.Equal(c.Spec.PodSpec.MultiPodPerHost, old.Spec.PodSpec.MultiPodPerHost) {
+	if GetBool(c.Spec.PodSpec.MultiPodPerHost) != GetBool(old.Spec.PodSpec.MultiPodPerHost) {
 		return nil, fmt.Errorf("cannot update MultiPodPerHost setting")
 	}
 
@@ -118,7 +117,7 @@ func (c *AerospikeCluster) ValidateUpdate(oldObj runtime.Object) (admission.Warn
 	if err := validateAerospikeConfigUpdate(
 		aslog, incomingVersion, outgoingVersion,
 		c.Spec.AerospikeConfig, old.Spec.AerospikeConfig,
-		c.Status.AerospikeConfig, c.Status.Pods,
+		c.Status.AerospikeConfig,
 	); err != nil {
 		return nil, err
 	}
@@ -442,7 +441,7 @@ func (c *AerospikeCluster) validateRackUpdate(
 					if err := validateAerospikeConfigUpdate(
 						aslog, incomingVersion, outgoingVersion,
 						&newRack.AerospikeConfig, &oldRack.AerospikeConfig,
-						rackStatusConfig, c.Status.Pods,
+						rackStatusConfig,
 					); err != nil {
 						return fmt.Errorf(
 							"invalid update in Rack(ID: %d) aerospikeConfig: %v",
@@ -602,14 +601,12 @@ func (c *AerospikeCluster) validateRackConfig(_ logr.Logger) error {
 	}
 
 	// Validate batch upgrade/restart param
-	if err := c.validateBatchSize(c.Spec.RackConfig.RollingUpdateBatchSize,
-		"spec.rackConfig.rollingUpdateBatchSize"); err != nil {
+	if err := c.validateBatchSize(c.Spec.RackConfig.RollingUpdateBatchSize, true); err != nil {
 		return err
 	}
 
 	// Validate batch scaleDown param
-	if err := c.validateBatchSize(c.Spec.RackConfig.ScaleDownBatchSize,
-		"spec.rackConfig.scaleDownBatchSize"); err != nil {
+	if err := c.validateBatchSize(c.Spec.RackConfig.ScaleDownBatchSize, false); err != nil {
 		return err
 	}
 
@@ -627,6 +624,7 @@ func (c *AerospikeCluster) validateRackConfig(_ logr.Logger) error {
 type nsConf struct {
 	noOfRacksForNamespaces int
 	replicationFactor      int
+	scEnabled              bool
 }
 
 func getNsConfForNamespaces(rackConfig RackConfig) map[string]nsConf {
@@ -647,9 +645,13 @@ func getNsConfForNamespaces(rackConfig RackConfig) map[string]nsConf {
 			}
 
 			rf, _ := getNamespaceReplicationFactor(nsInterface.(map[string]interface{}))
+
+			ns := nsInterface.(map[string]interface{})
+			scEnabled := IsNSSCEnabled(ns)
 			nsConfs[nsName] = nsConf{
 				noOfRacksForNamespaces: noOfRacksForNamespaces,
 				replicationFactor:      rf,
+				scEnabled:              scEnabled,
 			}
 		}
 	}
@@ -945,7 +947,7 @@ func readNamesFromLocalCertificate(clientCertSpec *AerospikeOperatorClientCertSp
 		return result, err
 	}
 
-	if len(cert.Subject.CommonName) > 0 {
+	if cert.Subject.CommonName != "" {
 		result[cert.Subject.CommonName] = struct{}{}
 	}
 
@@ -1249,8 +1251,23 @@ func getNamespaceReplicationFactor(nsConf map[string]interface{}) (int, error) {
 }
 
 func validateSecurityConfigUpdate(
-	newVersion, oldVersion string, newSpec, oldSpec *AerospikeConfigSpec, podStatus map[string]AerospikePodStatus,
-) error {
+	newVersion, oldVersion string, newSpec, oldSpec, currentStatus *AerospikeConfigSpec) error {
+	if currentStatus != nil {
+		currentSecurityConfig, err := IsSecurityEnabled(oldVersion, currentStatus)
+		if err != nil {
+			return err
+		}
+
+		desiredSecurityConfig, err := IsSecurityEnabled(newVersion, newSpec)
+		if err != nil {
+			return err
+		}
+
+		if currentSecurityConfig && !desiredSecurityConfig {
+			return fmt.Errorf("cannot disable cluster security in running cluster")
+		}
+	}
+
 	nv, err := lib.CompareVersions(newVersion, "5.7.0")
 	if err != nil {
 		return err
@@ -1261,23 +1278,14 @@ func validateSecurityConfigUpdate(
 		return err
 	}
 
-	isSecurityEnabledPodExist := false
-
-	for pod := range podStatus {
-		if podStatus[pod].IsSecurityEnabled {
-			isSecurityEnabledPodExist = true
-			break
-		}
-	}
-
 	if nv >= 0 || ov >= 0 {
-		return validateSecurityContext(newVersion, oldVersion, newSpec, oldSpec, isSecurityEnabledPodExist)
+		return validateSecurityContext(newVersion, oldVersion, newSpec, oldSpec)
 	}
 
-	return validateEnableSecurityConfig(newSpec, oldSpec, isSecurityEnabledPodExist)
+	return validateEnableSecurityConfig(newSpec, oldSpec)
 }
 
-func validateEnableSecurityConfig(newConfSpec, oldConfSpec *AerospikeConfigSpec, isSecurityEnabledPodExist bool) error {
+func validateEnableSecurityConfig(newConfSpec, oldConfSpec *AerospikeConfigSpec) error {
 	newConf := newConfSpec.Value
 	oldConf := oldConfSpec.Value
 	oldSec, oldSecConfFound := oldConf["security"]
@@ -1291,8 +1299,7 @@ func validateEnableSecurityConfig(newConfSpec, oldConfSpec *AerospikeConfigSpec,
 		oldSecFlag, oldEnableSecurityFlagFound := oldSec.(map[string]interface{})["enable-security"]
 		newSecFlag, newEnableSecurityFlagFound := newSec.(map[string]interface{})["enable-security"]
 
-		if oldEnableSecurityFlagFound && oldSecFlag.(bool) && (!newEnableSecurityFlagFound || !newSecFlag.(bool)) &&
-			isSecurityEnabledPodExist {
+		if oldEnableSecurityFlagFound && oldSecFlag.(bool) && (!newEnableSecurityFlagFound || !newSecFlag.(bool)) {
 			return fmt.Errorf("cannot disable cluster security in running cluster")
 		}
 	}
@@ -1301,8 +1308,7 @@ func validateEnableSecurityConfig(newConfSpec, oldConfSpec *AerospikeConfigSpec,
 }
 
 func validateSecurityContext(
-	newVersion, oldVersion string, newSpec, oldSpec *AerospikeConfigSpec, isSecurityEnabledPodExist bool,
-) error {
+	newVersion, oldVersion string, newSpec, oldSpec *AerospikeConfigSpec) error {
 	ovflag, err := IsSecurityEnabled(oldVersion, oldSpec)
 	if err != nil {
 		if !errors.Is(err, internalerrors.ErrNotFound) {
@@ -1322,7 +1328,7 @@ func validateSecurityContext(
 		}
 	}
 
-	if !ivflag && ovflag && isSecurityEnabledPodExist {
+	if !ivflag && ovflag {
 		return fmt.Errorf("cannot disable cluster security in running cluster")
 	}
 
@@ -1332,14 +1338,12 @@ func validateSecurityContext(
 func validateAerospikeConfigUpdate(
 	aslog logr.Logger, incomingVersion, outgoingVersion string,
 	incomingSpec, outgoingSpec, currentStatus *AerospikeConfigSpec,
-	podStatus map[string]AerospikePodStatus,
 ) error {
 	aslog.Info("Validate AerospikeConfig update")
 
 	if err := validateSecurityConfigUpdate(
 		incomingVersion, outgoingVersion, incomingSpec, outgoingSpec,
-		podStatus,
-	); err != nil {
+		currentStatus); err != nil {
 		return err
 	}
 
@@ -2145,11 +2149,19 @@ func (c *AerospikeCluster) validateNetworkPolicy(namespace string) error {
 	return nil
 }
 
-func (c *AerospikeCluster) validateBatchSize(batchSize *intstr.IntOrString, fieldPath string) error {
+func (c *AerospikeCluster) validateBatchSize(batchSize *intstr.IntOrString, rollingUpdateBatch bool) error {
+	var fieldPath string
+
 	if batchSize == nil {
 		return nil
 	}
 
+	if rollingUpdateBatch {
+		fieldPath = "spec.rackConfig.rollingUpdateBatchSize"
+	} else {
+		fieldPath = "spec.rackConfig.scaleDownBatchSize"
+	}
+
 	if err := validateIntOrStringField(batchSize, fieldPath); err != nil {
 		return err
 	}
@@ -2179,6 +2191,13 @@ func (c *AerospikeCluster) validateBatchSize(batchSize *intstr.IntOrString, fiel
 					ns,
 				)
 			}
+
+			if !rollingUpdateBatch && nsConf.scEnabled {
+				return fmt.Errorf(
+					"can not use %s when namespace `%s` is configured with Strong Consistency", fieldPath,
+					ns,
+				)
+			}
 		}
 
 		return nil

@@ -62,8 +62,8 @@ const (
 	AerospikeInitContainerName                     = "aerospike-init"
 	AerospikeInitContainerRegistryEnvVar           = "AEROSPIKE_KUBERNETES_INIT_REGISTRY"
 	AerospikeInitContainerDefaultRegistry          = "docker.io"
-	AerospikeInitContainerDefaultRegistryNamespace = "aerospike"
-	AerospikeInitContainerDefaultRepoAndTag        = "aerospike-kubernetes-init:2.2.0-dev3"
+	AerospikeInitContainerDefaultRegistryNamespace = "sud82"
+	AerospikeInitContainerDefaultRepoAndTag        = "aerospike-kubernetes-init-nightly:2.1.0-dev1"
 	AerospikeAppLabel                              = "app"
 	AerospikeAppLabelValue                         = "aerospike-cluster"
 	AerospikeCustomResourceLabel                   = "aerospike.com/cr"

@@ -14291,10 +14291,6 @@ spec:
                       items:
                         type: string
                       type: array
-                    isSecurityEnabled:
-                      description: IsSecurityEnabled is true if security is enabled
-                        in the pod
-                      type: boolean
                     networkPolicyHash:
                       description: NetworkPolicyHash is ripemd160 hash of NetworkPolicy
                         used by this pod
@@ -14318,7 +14314,6 @@ spec:
                   required:
                   - aerospikeConfigHash
                   - image
-                  - isSecurityEnabled
                   - networkPolicyHash
                   - podIP
                   - podPort

@@ -144,6 +144,10 @@ func (r *SingleClusterReconciler) createConfigMapData(rack *asdbv1.Rack) (
 		string(podSpecStr), "\"aerospikeInitContainer\":{},", "",
 	))
 
+	podSpecStr = []byte(strings.ReplaceAll(
+		string(podSpecStr), "\"multiPodPerHost\":false,", "",
+	))
+
 	podSpecHash, err := utils.GetHash(string(podSpecStr))
 	if err != nil {
 		return nil, err

@@ -16,7 +16,7 @@ import (
 
 func (r *SingleClusterReconciler) reconcilePDB() error {
 	// If spec.DisablePDB is set to true, then we don't need to create PDB
-	// If it exist then delete it
+	// If it exists then delete it
 	if asdbv1.GetBool(r.aeroCluster.Spec.DisablePDB) {
 		if !asdbv1.GetBool(r.aeroCluster.Status.DisablePDB) {
 			r.Log.Info("PodDisruptionBudget is disabled. Deleting old PodDisruptionBudget")