diff --git a/cmd/mongodb-healthcheck/main.go b/cmd/mongodb-healthcheck/main.go index b21c67ba0b..0e701ef9f1 100644 --- a/cmd/mongodb-healthcheck/main.go +++ b/cmd/mongodb-healthcheck/main.go @@ -17,12 +17,17 @@ package main import ( "context" "os" + "strconv" + "strings" + + uzap "go.uber.org/zap" + "go.uber.org/zap/zapcore" + "sigs.k8s.io/controller-runtime/pkg/log/zap" "github.com/percona/percona-server-mongodb-operator/healthcheck" "github.com/percona/percona-server-mongodb-operator/healthcheck/pkg" "github.com/percona/percona-server-mongodb-operator/healthcheck/tools/db" "github.com/percona/percona-server-mongodb-operator/healthcheck/tools/tool" - log "github.com/sirupsen/logrus" ) var ( @@ -31,7 +36,7 @@ var ( ) func main() { - app, _ := tool.New("Performs health and readiness checks for MongoDB", GitCommit, GitBranch) + app := tool.New("Performs health and readiness checks for MongoDB", GitCommit, GitBranch) k8sCmd := app.Command("k8s", "Performs liveness check for MongoDB on Kubernetes") livenessCmd := k8sCmd.Command("liveness", "Run a liveness check of MongoDB").Default() @@ -39,9 +44,16 @@ func main() { startupDelaySeconds := livenessCmd.Flag("startupDelaySeconds", "").Default("7200").Uint64() component := k8sCmd.Flag("component", "").Default("mongod").String() + opts := zap.Options{ + Encoder: getLogEncoder(), + Level: getLogLevel(), + } + log := zap.New(zap.UseFlagOptions(&opts)) + restoreInProgress, err := fileExists("/opt/percona/restore-in-progress") if err != nil { - log.Fatalf("check if restore in progress: %v", err) + log.Error(err, "check if restore in progress") + os.Exit(1) } if restoreInProgress { @@ -53,65 +65,70 @@ func main() { pkg.EnvMongoDBClusterMonitorUser, pkg.EnvMongoDBClusterMonitorPassword, ) + if err != nil { - log.Fatalf("new cfg: %s", err) + log.Error(err, "new cfg") + os.Exit(1) } command, err := app.Parse(os.Args[1:]) if err != nil { - log.Fatalf("Cannot parse command line: %s", err) + log.Error(err, "Cannot parse command line") + os.Exit(1) } client, err := db.Dial(cnf) if err != nil { - log.Fatalf("connection error: %v", err) + log.Error(err, "connection error") + os.Exit(1) } defer func() { if err := client.Disconnect(context.TODO()); err != nil { - log.Fatalf("failed to disconnect: %v", err) + log.Error(err, "failed to disconnect") + os.Exit(1) } }() switch command { case "k8s liveness": - log.Infof("Running Kubernetes liveness check for %s", *component) + log.Info("Running Kubernetes liveness check for", "component", component) switch *component { case "mongod": memberState, err := healthcheck.HealthCheckMongodLiveness(client, int64(*startupDelaySeconds)) if err != nil { client.Disconnect(context.TODO()) // nolint:golint,errcheck - log.Errorf("Member failed Kubernetes liveness check: %s", err.Error()) + log.Error(err, "Member failed Kubernetes liveness check") os.Exit(1) } - log.Infof("Member passed Kubernetes liveness check with replication state: %d", *memberState) + log.Info("Member passed Kubernetes liveness check with replication state", "state", memberState) case "mongos": err := healthcheck.HealthCheckMongosLiveness(client) if err != nil { client.Disconnect(context.TODO()) // nolint:golint,errcheck - log.Errorf("Member failed Kubernetes liveness check: %s", err.Error()) + log.Error(err, "Member failed Kubernetes liveness check") os.Exit(1) } - log.Infof("Member passed Kubernetes liveness check") + log.Info("Member passed Kubernetes liveness check") } case "k8s readiness": - log.Infof("Running Kubernetes readiness check for %s", *component) + log.Info("Running Kubernetes readiness check for component", "component", component) switch *component { case "mongod": client.Disconnect(context.TODO()) // nolint:golint,errcheck - log.Error("readiness check for mongod is not implemented") + log.Error(err, "readiness check for mongod is not implemented") os.Exit(1) case "mongos": err := healthcheck.MongosReadinessCheck(client) if err != nil { client.Disconnect(context.TODO()) // nolint:golint,errcheck - log.Errorf("Member failed Kubernetes readiness check: %s", err.Error()) + log.Error(err, "Member failed Kubernetes readiness check") os.Exit(1) } } @@ -128,3 +145,40 @@ func fileExists(name string) (bool, error) { } return true, nil } + +func getLogEncoder() zapcore.Encoder { + consoleEnc := zapcore.NewConsoleEncoder(uzap.NewDevelopmentEncoderConfig()) + + s, found := os.LookupEnv("LOG_STRUCTURED") + if !found { + return consoleEnc + } + + useJson, err := strconv.ParseBool(s) + if err != nil { + return consoleEnc + } + if !useJson { + return consoleEnc + } + + return zapcore.NewJSONEncoder(uzap.NewProductionEncoderConfig()) +} + +func getLogLevel() zapcore.LevelEnabler { + l, found := os.LookupEnv("LOG_LEVEL") + if !found { + return zapcore.InfoLevel + } + + switch strings.ToUpper(l) { + case "DEBUG": + return zapcore.DebugLevel + case "INFO": + return zapcore.InfoLevel + case "ERROR": + return zapcore.ErrorLevel + default: + return zapcore.InfoLevel + } +} diff --git a/config/crd/bases/psmdb.percona.com_perconaservermongodbs.yaml b/config/crd/bases/psmdb.percona.com_perconaservermongodbs.yaml index f4d944a0bd..4326fb3cdf 100644 --- a/config/crd/bases/psmdb.percona.com_perconaservermongodbs.yaml +++ b/config/crd/bases/psmdb.percona.com_perconaservermongodbs.yaml @@ -389,109 +389,6 @@ spec: type: object initImage: type: string - mongod: - properties: - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object - net: - properties: - hostPort: - format: int32 - type: integer - port: - format: int32 - type: integer - type: object - operationProfiling: - properties: - mode: - type: string - rateLimit: - type: integer - slowOpThresholdMs: - type: integer - type: object - replication: - properties: - oplogSizeMB: - type: integer - type: object - security: - properties: - enableEncryption: - type: boolean - encryptionCipherMode: - type: string - encryptionKeySecret: - type: string - redactClientLogData: - type: boolean - type: object - setParameter: - properties: - cursorTimeoutMillis: - type: integer - ttlMonitorSleepSecs: - type: integer - wiredTigerConcurrentReadTransactions: - type: integer - wiredTigerConcurrentWriteTransactions: - type: integer - type: object - storage: - properties: - directoryPerDB: - type: boolean - engine: - type: string - inMemory: - properties: - engineConfig: - properties: - inMemorySizeRatio: - type: number - type: object - type: object - mmapv1: - properties: - nsSize: - type: integer - smallfiles: - type: boolean - type: object - syncPeriodSecs: - type: integer - wiredTiger: - properties: - collectionConfig: - properties: - blockCompressor: - type: string - type: object - engineConfig: - properties: - cacheSizeRatio: - type: number - directoryForIndexes: - type: boolean - journalCompressor: - type: string - type: object - indexConfig: - properties: - prefixCompression: - type: boolean - type: object - type: object - type: object - type: object multiCluster: properties: DNSSuffix: @@ -2977,6 +2874,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -9740,6 +9648,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -14438,15 +14357,6 @@ spec: additionalProperties: type: string type: object - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object configuration: type: string containerSecurityContext: @@ -14529,6 +14439,17 @@ spec: servicePerPod: type: boolean type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array hostPort: format: int32 type: integer diff --git a/deploy/bundle.yaml b/deploy/bundle.yaml index 59a3cb74ea..b6e06cb1e0 100644 --- a/deploy/bundle.yaml +++ b/deploy/bundle.yaml @@ -992,109 +992,6 @@ spec: type: object initImage: type: string - mongod: - properties: - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object - net: - properties: - hostPort: - format: int32 - type: integer - port: - format: int32 - type: integer - type: object - operationProfiling: - properties: - mode: - type: string - rateLimit: - type: integer - slowOpThresholdMs: - type: integer - type: object - replication: - properties: - oplogSizeMB: - type: integer - type: object - security: - properties: - enableEncryption: - type: boolean - encryptionCipherMode: - type: string - encryptionKeySecret: - type: string - redactClientLogData: - type: boolean - type: object - setParameter: - properties: - cursorTimeoutMillis: - type: integer - ttlMonitorSleepSecs: - type: integer - wiredTigerConcurrentReadTransactions: - type: integer - wiredTigerConcurrentWriteTransactions: - type: integer - type: object - storage: - properties: - directoryPerDB: - type: boolean - engine: - type: string - inMemory: - properties: - engineConfig: - properties: - inMemorySizeRatio: - type: number - type: object - type: object - mmapv1: - properties: - nsSize: - type: integer - smallfiles: - type: boolean - type: object - syncPeriodSecs: - type: integer - wiredTiger: - properties: - collectionConfig: - properties: - blockCompressor: - type: string - type: object - engineConfig: - properties: - cacheSizeRatio: - type: number - directoryForIndexes: - type: boolean - journalCompressor: - type: string - type: object - indexConfig: - properties: - prefixCompression: - type: boolean - type: object - type: object - type: object - type: object multiCluster: properties: DNSSuffix: @@ -3580,6 +3477,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -10343,6 +10251,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -15041,15 +14960,6 @@ spec: additionalProperties: type: string type: object - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object configuration: type: string containerSecurityContext: @@ -15132,6 +15042,17 @@ spec: servicePerPod: type: boolean type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array hostPort: format: int32 type: integer @@ -17247,7 +17168,5 @@ spec: value: percona-server-mongodb-operator - name: RESYNC_PERIOD value: 5s - - name: LOG_VERBOSE - value: "false" - name: DISABLE_TELEMETRY value: "false" diff --git a/deploy/cr.yaml b/deploy/cr.yaml index d307efdce3..989a58505a 100644 --- a/deploy/cr.yaml +++ b/deploy/cr.yaml @@ -279,6 +279,30 @@ spec: # rack: rack-22 # nodeSelector: # disktype: ssd +# schedulerName: "default" + resources: + limits: + cpu: "300m" + memory: "0.5G" + requests: + cpu: "300m" + memory: "0.5G" + volumeSpec: +# emptyDir: {} +# hostPath: +# path: /data +# type: Directory + persistentVolumeClaim: +# storageClassName: standard +# accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 3Gi +# hostAliases: +# - ip: "10.10.0.2" +# hostnames: +# - "host1" +# - "host2" sharding: enabled: true @@ -374,6 +398,11 @@ spec: resources: requests: storage: 3Gi +# hostAliases: +# - ip: "10.10.0.2" +# hostnames: +# - "host1" +# - "host2" mongos: size: 3 @@ -442,10 +471,11 @@ spec: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http # serviceLabels: # rack: rack-22 - -# mongod: -# security: -# encryptionKeySecret: "my-cluster-name-mongodb-encryption-key" +# hostAliases: +# - ip: "10.10.0.2" +# hostnames: +# - "host1" +# - "host2" backup: enabled: true diff --git a/deploy/crd.yaml b/deploy/crd.yaml index ee9721c905..5dd7521cc3 100644 --- a/deploy/crd.yaml +++ b/deploy/crd.yaml @@ -992,109 +992,6 @@ spec: type: object initImage: type: string - mongod: - properties: - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object - net: - properties: - hostPort: - format: int32 - type: integer - port: - format: int32 - type: integer - type: object - operationProfiling: - properties: - mode: - type: string - rateLimit: - type: integer - slowOpThresholdMs: - type: integer - type: object - replication: - properties: - oplogSizeMB: - type: integer - type: object - security: - properties: - enableEncryption: - type: boolean - encryptionCipherMode: - type: string - encryptionKeySecret: - type: string - redactClientLogData: - type: boolean - type: object - setParameter: - properties: - cursorTimeoutMillis: - type: integer - ttlMonitorSleepSecs: - type: integer - wiredTigerConcurrentReadTransactions: - type: integer - wiredTigerConcurrentWriteTransactions: - type: integer - type: object - storage: - properties: - directoryPerDB: - type: boolean - engine: - type: string - inMemory: - properties: - engineConfig: - properties: - inMemorySizeRatio: - type: number - type: object - type: object - mmapv1: - properties: - nsSize: - type: integer - smallfiles: - type: boolean - type: object - syncPeriodSecs: - type: integer - wiredTiger: - properties: - collectionConfig: - properties: - blockCompressor: - type: string - type: object - engineConfig: - properties: - cacheSizeRatio: - type: number - directoryForIndexes: - type: boolean - journalCompressor: - type: string - type: object - indexConfig: - properties: - prefixCompression: - type: boolean - type: object - type: object - type: object - type: object multiCluster: properties: DNSSuffix: @@ -3580,6 +3477,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -10343,6 +10251,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -15041,15 +14960,6 @@ spec: additionalProperties: type: string type: object - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object configuration: type: string containerSecurityContext: @@ -15132,6 +15042,17 @@ spec: servicePerPod: type: boolean type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array hostPort: format: int32 type: integer diff --git a/deploy/cw-bundle.yaml b/deploy/cw-bundle.yaml index 07721b177c..5093f0c474 100644 --- a/deploy/cw-bundle.yaml +++ b/deploy/cw-bundle.yaml @@ -992,109 +992,6 @@ spec: type: object initImage: type: string - mongod: - properties: - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object - net: - properties: - hostPort: - format: int32 - type: integer - port: - format: int32 - type: integer - type: object - operationProfiling: - properties: - mode: - type: string - rateLimit: - type: integer - slowOpThresholdMs: - type: integer - type: object - replication: - properties: - oplogSizeMB: - type: integer - type: object - security: - properties: - enableEncryption: - type: boolean - encryptionCipherMode: - type: string - encryptionKeySecret: - type: string - redactClientLogData: - type: boolean - type: object - setParameter: - properties: - cursorTimeoutMillis: - type: integer - ttlMonitorSleepSecs: - type: integer - wiredTigerConcurrentReadTransactions: - type: integer - wiredTigerConcurrentWriteTransactions: - type: integer - type: object - storage: - properties: - directoryPerDB: - type: boolean - engine: - type: string - inMemory: - properties: - engineConfig: - properties: - inMemorySizeRatio: - type: number - type: object - type: object - mmapv1: - properties: - nsSize: - type: integer - smallfiles: - type: boolean - type: object - syncPeriodSecs: - type: integer - wiredTiger: - properties: - collectionConfig: - properties: - blockCompressor: - type: string - type: object - engineConfig: - properties: - cacheSizeRatio: - type: number - directoryForIndexes: - type: boolean - journalCompressor: - type: string - type: object - indexConfig: - properties: - prefixCompression: - type: boolean - type: object - type: object - type: object - type: object multiCluster: properties: DNSSuffix: @@ -3580,6 +3477,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -10343,6 +10251,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -15041,15 +14960,6 @@ spec: additionalProperties: type: string type: object - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object configuration: type: string containerSecurityContext: @@ -15132,6 +15042,17 @@ spec: servicePerPod: type: boolean type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array hostPort: format: int32 type: integer @@ -17258,7 +17179,5 @@ spec: value: percona-server-mongodb-operator - name: RESYNC_PERIOD value: 5s - - name: LOG_VERBOSE - value: "false" - name: DISABLE_TELEMETRY value: "false" diff --git a/deploy/cw-operator.yaml b/deploy/cw-operator.yaml index 83cea892d8..7d06f93ab2 100644 --- a/deploy/cw-operator.yaml +++ b/deploy/cw-operator.yaml @@ -38,7 +38,5 @@ spec: value: percona-server-mongodb-operator - name: RESYNC_PERIOD value: 5s - - name: LOG_VERBOSE - value: "false" - name: DISABLE_TELEMETRY value: "false" diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 3528398d54..45e22e2209 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -40,7 +40,5 @@ spec: value: percona-server-mongodb-operator - name: RESYNC_PERIOD value: 5s - - name: LOG_VERBOSE - value: "false" - name: DISABLE_TELEMETRY value: "false" diff --git a/e2e-tests/cross-site-sharded/conf/cross-site-sharded-main.yml b/e2e-tests/cross-site-sharded/conf/cross-site-sharded-main.yml index 183d826c00..923de932fc 100644 --- a/e2e-tests/cross-site-sharded/conf/cross-site-sharded-main.yml +++ b/e2e-tests/cross-site-sharded/conf/cross-site-sharded-main.yml @@ -142,34 +142,3 @@ spec: memory: "0.5G" expose: exposeType: ClusterIp - mongod: - net: - port: 27017 - hostPort: 0 - security: - redactClientLogData: false - enableEncryption: true - encryptionKeySecret: my-cluster-name-mongodb-encryption-key - encryptionCipherMode: AES256-CBC - setParameter: - ttlMonitorSleepSecs: 60 - wiredTigerConcurrentReadTransactions: 128 - wiredTigerConcurrentWriteTransactions: 128 - storage: - engine: wiredTiger - inMemory: - engineConfig: - inMemorySizeRatio: 0.9 - wiredTiger: - engineConfig: - cacheSizeRatio: 0.5 - directoryForIndexes: false - journalCompressor: snappy - collectionConfig: - blockCompressor: snappy - indexConfig: - prefixCompression: true - operationProfiling: - mode: slowOp - slowOpThresholdMs: 100 - rateLimit: 100 diff --git a/e2e-tests/cross-site-sharded/conf/cross-site-sharded-replica.yml b/e2e-tests/cross-site-sharded/conf/cross-site-sharded-replica.yml index 4655b915ed..f9c3d618b0 100644 --- a/e2e-tests/cross-site-sharded/conf/cross-site-sharded-replica.yml +++ b/e2e-tests/cross-site-sharded/conf/cross-site-sharded-replica.yml @@ -143,34 +143,3 @@ spec: memory: "0.5G" expose: exposeType: ClusterIp - mongod: - net: - port: 27017 - hostPort: 0 - security: - redactClientLogData: false - enableEncryption: true - encryptionKeySecret: my-cluster-name-mongodb-encryption-key - encryptionCipherMode: AES256-CBC - setParameter: - ttlMonitorSleepSecs: 60 - wiredTigerConcurrentReadTransactions: 128 - wiredTigerConcurrentWriteTransactions: 128 - storage: - engine: wiredTiger - inMemory: - engineConfig: - inMemorySizeRatio: 0.9 - wiredTiger: - engineConfig: - cacheSizeRatio: 0.5 - directoryForIndexes: false - journalCompressor: snappy - collectionConfig: - blockCompressor: snappy - indexConfig: - prefixCompression: true - operationProfiling: - mode: slowOp - slowOpThresholdMs: 100 - rateLimit: 100 diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-4-oc.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-4-oc.yml index b7ae3c8d97..c1733f3fe3 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-4-oc.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-4-oc.yml @@ -117,6 +117,8 @@ spec: successThreshold: 1 timeoutSeconds: 1 resources: {} + securityContext: + runAsNonRoot: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-oc.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-oc.yml index bb6c241ae1..1b6cef5469 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-oc.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-oc.yml @@ -117,6 +117,8 @@ spec: successThreshold: 1 timeoutSeconds: 1 resources: {} + securityContext: + runAsNonRoot: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-secret.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-secret.yml index 43d319a926..47d28e8c4c 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-secret.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-secret.yml @@ -117,6 +117,9 @@ spec: successThreshold: 1 timeoutSeconds: 1 resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: @@ -166,7 +169,8 @@ spec: restartPolicy: Always runtimeClassName: container-rc schedulerName: default-scheduler - securityContext: {} + securityContext: + fsGroup: 1001 terminationGracePeriodSeconds: 30 volumes: - name: some-name-mongodb-keyfile diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos.yml index b7ae3c8d97..56e6bac50c 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos.yml @@ -117,6 +117,9 @@ spec: successThreshold: 1 timeoutSeconds: 1 resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: @@ -166,7 +169,8 @@ spec: restartPolicy: Always runtimeClassName: container-rc schedulerName: default-scheduler - securityContext: {} + securityContext: + fsGroup: 1001 terminationGracePeriodSeconds: 30 volumes: - name: some-name-mongodb-keyfile diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-4-oc.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-4-oc.yml index b7ae3c8d97..c1733f3fe3 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-4-oc.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-4-oc.yml @@ -117,6 +117,8 @@ spec: successThreshold: 1 timeoutSeconds: 1 resources: {} + securityContext: + runAsNonRoot: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-oc.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-oc.yml index bb6c241ae1..b82879d382 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-oc.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-oc.yml @@ -147,6 +147,8 @@ spec: imagePullPolicy: Always name: mongos-sidecar-1 resources: {} + securityContext: + runAsNonRoot: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos.yml index b7ae3c8d97..56e6bac50c 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-mongos.yml @@ -117,6 +117,9 @@ spec: successThreshold: 1 timeoutSeconds: 1 resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: @@ -166,7 +169,8 @@ spec: restartPolicy: Always runtimeClassName: container-rc schedulerName: default-scheduler - securityContext: {} + securityContext: + fsGroup: 1001 terminationGracePeriodSeconds: 30 volumes: - name: some-name-mongodb-keyfile diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos-oc.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos-oc.yml index b07686a3b3..9e9e4441cf 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos-oc.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos-oc.yml @@ -123,6 +123,8 @@ spec: requests: cpu: 300m memory: 500M + securityContext: + runAsNonRoot: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos.yml index b07686a3b3..42c756e376 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos.yml @@ -123,6 +123,9 @@ spec: requests: cpu: 300m memory: 500M + securityContext: + runAsNonRoot: true + runAsUser: 1001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: @@ -295,7 +298,8 @@ spec: name: bin restartPolicy: Always schedulerName: default-scheduler - securityContext: {} + securityContext: + fsGroup: 1001 terminationGracePeriodSeconds: 30 volumes: - name: monitoring-mongodb-keyfile diff --git a/e2e-tests/non-voting/conf/nonvoting-rs0.yml b/e2e-tests/non-voting/conf/nonvoting-rs0.yml index 50a49db7be..d5a07354a5 100644 --- a/e2e-tests/non-voting/conf/nonvoting-rs0.yml +++ b/e2e-tests/non-voting/conf/nonvoting-rs0.yml @@ -5,9 +5,6 @@ metadata: spec: #platform: openshift image: - mongod: - security: - enableEncryption: true schedulerName: default-scheduler replsets: - name: rs0 diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-mongos.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-mongos.yml index ac03b3eba2..e27e665bb9 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-mongos.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-mongos.yml @@ -116,6 +116,9 @@ spec: successThreshold: 1 timeoutSeconds: 1 resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: @@ -163,7 +166,8 @@ spec: restartPolicy: Always runtimeClassName: container-rc schedulerName: default-scheduler - securityContext: {} + securityContext: + fsGroup: 1001 terminationGracePeriodSeconds: 30 volumes: - name: some-name-mongodb-keyfile diff --git a/e2e-tests/serviceless-external-nodes/run b/e2e-tests/serviceless-external-nodes/run index 24c037856e..885ae65fae 100755 --- a/e2e-tests/serviceless-external-nodes/run +++ b/e2e-tests/serviceless-external-nodes/run @@ -8,11 +8,8 @@ set -o xtrace test_dir=$(realpath "$(dirname "$0")") . "${test_dir}/../functions" -if [[ ${IMAGE_MONGOD} == *"percona-server-mongodb-operator"* ]]; then - MONGO_VER=$(echo -n "${IMAGE_MONGOD}" | $sed -r 's/.*([0-9].[0-9])$/\1/') -else - MONGO_VER=$(echo -n "${IMAGE_MONGOD}" | $sed -r 's/.*:([0-9]+\.[0-9]+).*$/\1/') -fi +FULL_VER=$(get_mongod_ver_from_image ${IMAGE_MONGOD}) +MONGO_VER=${FULL_VER:0:3} unset OPERATOR_NS desc "Create main cluster" @@ -59,8 +56,8 @@ cat "${test_dir}/compare/rs.txt" \ diff $tmp_dir/rs-expected.txt "$tmp_dir/rs.txt" -destroy "$namespace" "true" - +kubectl_bin -n ${replica_namespace} delete psmdb/${cluster} destroy $replica_namespace "true" +destroy $namespace "true" desc "test passed" diff --git a/e2e-tests/upgrade-consistency/compare/service_some-name-rs0-1110.yml b/e2e-tests/upgrade-consistency/compare/service_some-name-rs0-1110.yml deleted file mode 100644 index 99b8362f24..0000000000 --- a/e2e-tests/upgrade-consistency/compare/service_some-name-rs0-1110.yml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: {} - name: some-name-rs0 - ownerReferences: - - controller: true - kind: PerconaServerMongoDB - name: some-name -spec: - ports: - - name: mongodb - port: 27017 - protocol: TCP - targetPort: 27017 - selector: - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - sessionAffinity: None - type: ClusterIP diff --git a/e2e-tests/upgrade-consistency/compare/service_some-name-rs0-1120.yml b/e2e-tests/upgrade-consistency/compare/service_some-name-rs0-1120.yml deleted file mode 100644 index affc5cfd31..0000000000 --- a/e2e-tests/upgrade-consistency/compare/service_some-name-rs0-1120.yml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - name: some-name-rs0 - ownerReferences: - - controller: true - kind: PerconaServerMongoDB - name: some-name -spec: - ports: - - name: mongodb - port: 27017 - protocol: TCP - targetPort: 27017 - selector: - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - sessionAffinity: None - type: ClusterIP diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1110-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1110-oc.yml deleted file mode 100644 index 6dc6c3ae6a..0000000000 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1110-oc.yml +++ /dev/null @@ -1,215 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: {} - generation: 1 - labels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - name: some-name-rs0 - ownerReferences: - - controller: true - kind: PerconaServerMongoDB - name: some-name -spec: - podManagementPolicy: OrderedReady - replicas: 3 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - serviceName: some-name-rs0 - template: - metadata: - annotations: {} - labels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - spec: - containers: - - args: - - --bind_ip_all - - --auth - - --dbpath=/data/db - - --port=27017 - - --replSet=rs0 - - --storageEngine=wiredTiger - - --relaxPermChecks - - --sslAllowInvalidCertificates - - --sslMode=preferSSL - - --clusterAuthMode=x509 - - --slowms=100 - - --profile=1 - - --rateLimit=1 - - --enableEncryption - - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key - - --wiredTigerCacheSizeGB=0.25 - - --wiredTigerCollectionBlockCompressor=snappy - - --wiredTigerJournalCompressor=snappy - - --wiredTigerIndexPrefixCompression=true - - --setParameter - - ttlMonitorSleepSecs=60 - - --setParameter - - wiredTigerConcurrentReadTransactions=128 - - --setParameter - - wiredTigerConcurrentWriteTransactions=128 - - --config=/etc/mongodb-config/mongod.conf - command: - - /data/db/ps-entry.sh - env: - - name: SERVICE_NAME - value: some-name - - name: MONGODB_PORT - value: "27017" - - name: MONGODB_REPLSET - value: rs0 - envFrom: - - secretRef: - name: internal-some-name-users - optional: false - imagePullPolicy: Always - livenessProbe: - exec: - command: - - /data/db/mongodb-healthcheck - - k8s - - liveness - - --ssl - - --sslInsecure - - --sslCAFile - - /etc/mongodb-ssl/ca.crt - - --sslPEMKeyFile - - /tmp/tls.pem - - --startupDelaySeconds - - "7200" - failureThreshold: 4 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - name: mongod - ports: - - containerPort: 27017 - name: mongodb - protocol: TCP - readinessProbe: - failureThreshold: 8 - initialDelaySeconds: 10 - periodSeconds: 3 - successThreshold: 1 - tcpSocket: - port: 27017 - timeoutSeconds: 2 - resources: - limits: - cpu: 500m - memory: 500M - requests: - cpu: 100m - memory: 100M - securityContext: - runAsNonRoot: true - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /data/db - name: mongod-data - - mountPath: /etc/mongodb-secrets - name: some-name-mongodb-keyfile - readOnly: true - - mountPath: /etc/mongodb-ssl - name: ssl - readOnly: true - - mountPath: /etc/mongodb-ssl-internal - name: ssl-internal - readOnly: true - - mountPath: /etc/mongodb-config - name: config - - mountPath: /etc/mongodb-encryption - name: some-name-mongodb-encryption-key - readOnly: true - - mountPath: /etc/users-secret - name: users-secret-file - workingDir: /data/db - dnsPolicy: ClusterFirst - initContainers: - - command: - - /init-entrypoint.sh - imagePullPolicy: Always - name: mongo-init - resources: - limits: - cpu: 500m - memory: 500M - requests: - cpu: 100m - memory: 100M - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /data/db - name: mongod-data - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: default - serviceAccountName: default - terminationGracePeriodSeconds: 30 - volumes: - - name: some-name-mongodb-keyfile - secret: - defaultMode: 288 - optional: false - secretName: some-name-mongodb-keyfile - - configMap: - defaultMode: 420 - name: some-name-rs0-mongod - optional: true - name: config - - name: some-name-mongodb-encryption-key - secret: - defaultMode: 288 - optional: false - secretName: some-name-mongodb-encryption-key - - name: ssl - secret: - defaultMode: 288 - optional: false - secretName: some-name-ssl - - name: ssl-internal - secret: - defaultMode: 288 - optional: true - secretName: some-name-ssl-internal - - name: users-secret-file - secret: - defaultMode: 420 - secretName: internal-some-name-users - updateStrategy: - rollingUpdate: - partition: 0 - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: mongod-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: - phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1110.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1110.yml deleted file mode 100644 index 8b3a75f4af..0000000000 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1110.yml +++ /dev/null @@ -1,217 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: {} - generation: 1 - labels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - name: some-name-rs0 - ownerReferences: - - controller: true - kind: PerconaServerMongoDB - name: some-name -spec: - podManagementPolicy: OrderedReady - replicas: 3 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - serviceName: some-name-rs0 - template: - metadata: - annotations: {} - labels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - spec: - containers: - - args: - - --bind_ip_all - - --auth - - --dbpath=/data/db - - --port=27017 - - --replSet=rs0 - - --storageEngine=wiredTiger - - --relaxPermChecks - - --sslAllowInvalidCertificates - - --sslMode=preferSSL - - --clusterAuthMode=x509 - - --slowms=100 - - --profile=1 - - --rateLimit=1 - - --enableEncryption - - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key - - --wiredTigerCacheSizeGB=0.25 - - --wiredTigerCollectionBlockCompressor=snappy - - --wiredTigerJournalCompressor=snappy - - --wiredTigerIndexPrefixCompression=true - - --setParameter - - ttlMonitorSleepSecs=60 - - --setParameter - - wiredTigerConcurrentReadTransactions=128 - - --setParameter - - wiredTigerConcurrentWriteTransactions=128 - - --config=/etc/mongodb-config/mongod.conf - command: - - /data/db/ps-entry.sh - env: - - name: SERVICE_NAME - value: some-name - - name: MONGODB_PORT - value: "27017" - - name: MONGODB_REPLSET - value: rs0 - envFrom: - - secretRef: - name: internal-some-name-users - optional: false - imagePullPolicy: Always - livenessProbe: - exec: - command: - - /data/db/mongodb-healthcheck - - k8s - - liveness - - --ssl - - --sslInsecure - - --sslCAFile - - /etc/mongodb-ssl/ca.crt - - --sslPEMKeyFile - - /tmp/tls.pem - - --startupDelaySeconds - - "7200" - failureThreshold: 4 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - name: mongod - ports: - - containerPort: 27017 - name: mongodb - protocol: TCP - readinessProbe: - failureThreshold: 8 - initialDelaySeconds: 10 - periodSeconds: 3 - successThreshold: 1 - tcpSocket: - port: 27017 - timeoutSeconds: 2 - resources: - limits: - cpu: 500m - memory: 500M - requests: - cpu: 100m - memory: 100M - securityContext: - runAsNonRoot: true - runAsUser: 1001 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /data/db - name: mongod-data - - mountPath: /etc/mongodb-secrets - name: some-name-mongodb-keyfile - readOnly: true - - mountPath: /etc/mongodb-ssl - name: ssl - readOnly: true - - mountPath: /etc/mongodb-ssl-internal - name: ssl-internal - readOnly: true - - mountPath: /etc/mongodb-config - name: config - - mountPath: /etc/mongodb-encryption - name: some-name-mongodb-encryption-key - readOnly: true - - mountPath: /etc/users-secret - name: users-secret-file - workingDir: /data/db - dnsPolicy: ClusterFirst - initContainers: - - command: - - /init-entrypoint.sh - imagePullPolicy: Always - name: mongo-init - resources: - limits: - cpu: 500m - memory: 500M - requests: - cpu: 100m - memory: 100M - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /data/db - name: mongod-data - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1001 - serviceAccount: default - serviceAccountName: default - terminationGracePeriodSeconds: 30 - volumes: - - name: some-name-mongodb-keyfile - secret: - defaultMode: 288 - optional: false - secretName: some-name-mongodb-keyfile - - configMap: - defaultMode: 420 - name: some-name-rs0-mongod - optional: true - name: config - - name: some-name-mongodb-encryption-key - secret: - defaultMode: 288 - optional: false - secretName: some-name-mongodb-encryption-key - - name: ssl - secret: - defaultMode: 288 - optional: false - secretName: some-name-ssl - - name: ssl-internal - secret: - defaultMode: 288 - optional: true - secretName: some-name-ssl-internal - - name: users-secret-file - secret: - defaultMode: 420 - secretName: internal-some-name-users - updateStrategy: - rollingUpdate: - partition: 0 - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: mongod-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: - phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1120-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1120-oc.yml deleted file mode 100644 index eb5b8dfcbf..0000000000 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1120-oc.yml +++ /dev/null @@ -1,204 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: {} - generation: 2 - labels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - name: some-name-rs0 - ownerReferences: - - controller: true - kind: PerconaServerMongoDB - name: some-name -spec: - podManagementPolicy: OrderedReady - replicas: 3 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - serviceName: some-name-rs0 - template: - metadata: - annotations: {} - labels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - spec: - containers: - - args: - - --bind_ip_all - - --auth - - --dbpath=/data/db - - --port=27017 - - --replSet=rs0 - - --storageEngine=wiredTiger - - --relaxPermChecks - - --sslAllowInvalidCertificates - - --sslMode=preferSSL - - --clusterAuthMode=x509 - - --enableEncryption - - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key - - --wiredTigerCacheSizeGB=0.25 - - --wiredTigerIndexPrefixCompression=true - - --config=/etc/mongodb-config/mongod.conf - command: - - /data/db/ps-entry.sh - env: - - name: SERVICE_NAME - value: some-name - - name: MONGODB_PORT - value: "27017" - - name: MONGODB_REPLSET - value: rs0 - envFrom: - - secretRef: - name: internal-some-name-users - optional: false - imagePullPolicy: Always - livenessProbe: - exec: - command: - - /data/db/mongodb-healthcheck - - k8s - - liveness - - --ssl - - --sslInsecure - - --sslCAFile - - /etc/mongodb-ssl/ca.crt - - --sslPEMKeyFile - - /tmp/tls.pem - - --startupDelaySeconds - - "7200" - failureThreshold: 4 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - name: mongod - ports: - - containerPort: 27017 - name: mongodb - protocol: TCP - readinessProbe: - failureThreshold: 8 - initialDelaySeconds: 10 - periodSeconds: 3 - successThreshold: 1 - tcpSocket: - port: 27017 - timeoutSeconds: 2 - resources: - limits: - cpu: 500m - memory: 500M - requests: - cpu: 100m - memory: 100M - securityContext: - runAsNonRoot: true - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /data/db - name: mongod-data - - mountPath: /etc/mongodb-secrets - name: some-name-mongodb-keyfile - readOnly: true - - mountPath: /etc/mongodb-ssl - name: ssl - readOnly: true - - mountPath: /etc/mongodb-ssl-internal - name: ssl-internal - readOnly: true - - mountPath: /etc/mongodb-config - name: config - - mountPath: /etc/mongodb-encryption - name: some-name-mongodb-encryption-key - readOnly: true - - mountPath: /etc/users-secret - name: users-secret-file - workingDir: /data/db - dnsPolicy: ClusterFirst - initContainers: - - command: - - /init-entrypoint.sh - imagePullPolicy: Always - name: mongo-init - resources: - limits: - cpu: 500m - memory: 500M - requests: - cpu: 100m - memory: 100M - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /data/db - name: mongod-data - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: default - serviceAccountName: default - terminationGracePeriodSeconds: 30 - volumes: - - name: some-name-mongodb-keyfile - secret: - defaultMode: 288 - optional: false - secretName: some-name-mongodb-keyfile - - configMap: - defaultMode: 420 - name: some-name-rs0-mongod - optional: true - name: config - - name: some-name-mongodb-encryption-key - secret: - defaultMode: 288 - optional: false - secretName: some-name-mongodb-encryption-key - - name: ssl - secret: - defaultMode: 288 - optional: false - secretName: some-name-ssl - - name: ssl-internal - secret: - defaultMode: 288 - optional: true - secretName: some-name-ssl-internal - - name: users-secret-file - secret: - defaultMode: 420 - secretName: internal-some-name-users - updateStrategy: - rollingUpdate: - partition: 0 - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: mongod-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: - phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1120.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1120.yml deleted file mode 100644 index 0446214c45..0000000000 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1120.yml +++ /dev/null @@ -1,206 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: {} - generation: 2 - labels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - name: some-name-rs0 - ownerReferences: - - controller: true - kind: PerconaServerMongoDB - name: some-name -spec: - podManagementPolicy: OrderedReady - replicas: 3 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - serviceName: some-name-rs0 - template: - metadata: - annotations: {} - labels: - app.kubernetes.io/component: mongod - app.kubernetes.io/instance: some-name - app.kubernetes.io/managed-by: percona-server-mongodb-operator - app.kubernetes.io/name: percona-server-mongodb - app.kubernetes.io/part-of: percona-server-mongodb - app.kubernetes.io/replset: rs0 - spec: - containers: - - args: - - --bind_ip_all - - --auth - - --dbpath=/data/db - - --port=27017 - - --replSet=rs0 - - --storageEngine=wiredTiger - - --relaxPermChecks - - --sslAllowInvalidCertificates - - --sslMode=preferSSL - - --clusterAuthMode=x509 - - --enableEncryption - - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key - - --wiredTigerCacheSizeGB=0.25 - - --wiredTigerIndexPrefixCompression=true - - --config=/etc/mongodb-config/mongod.conf - command: - - /data/db/ps-entry.sh - env: - - name: SERVICE_NAME - value: some-name - - name: MONGODB_PORT - value: "27017" - - name: MONGODB_REPLSET - value: rs0 - envFrom: - - secretRef: - name: internal-some-name-users - optional: false - imagePullPolicy: Always - livenessProbe: - exec: - command: - - /data/db/mongodb-healthcheck - - k8s - - liveness - - --ssl - - --sslInsecure - - --sslCAFile - - /etc/mongodb-ssl/ca.crt - - --sslPEMKeyFile - - /tmp/tls.pem - - --startupDelaySeconds - - "7200" - failureThreshold: 4 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - name: mongod - ports: - - containerPort: 27017 - name: mongodb - protocol: TCP - readinessProbe: - failureThreshold: 8 - initialDelaySeconds: 10 - periodSeconds: 3 - successThreshold: 1 - tcpSocket: - port: 27017 - timeoutSeconds: 2 - resources: - limits: - cpu: 500m - memory: 500M - requests: - cpu: 100m - memory: 100M - securityContext: - runAsNonRoot: true - runAsUser: 1001 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /data/db - name: mongod-data - - mountPath: /etc/mongodb-secrets - name: some-name-mongodb-keyfile - readOnly: true - - mountPath: /etc/mongodb-ssl - name: ssl - readOnly: true - - mountPath: /etc/mongodb-ssl-internal - name: ssl-internal - readOnly: true - - mountPath: /etc/mongodb-config - name: config - - mountPath: /etc/mongodb-encryption - name: some-name-mongodb-encryption-key - readOnly: true - - mountPath: /etc/users-secret - name: users-secret-file - workingDir: /data/db - dnsPolicy: ClusterFirst - initContainers: - - command: - - /init-entrypoint.sh - imagePullPolicy: Always - name: mongo-init - resources: - limits: - cpu: 500m - memory: 500M - requests: - cpu: 100m - memory: 100M - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /data/db - name: mongod-data - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1001 - serviceAccount: default - serviceAccountName: default - terminationGracePeriodSeconds: 30 - volumes: - - name: some-name-mongodb-keyfile - secret: - defaultMode: 288 - optional: false - secretName: some-name-mongodb-keyfile - - configMap: - defaultMode: 420 - name: some-name-rs0-mongod - optional: true - name: config - - name: some-name-mongodb-encryption-key - secret: - defaultMode: 288 - optional: false - secretName: some-name-mongodb-encryption-key - - name: ssl - secret: - defaultMode: 288 - optional: false - secretName: some-name-ssl - - name: ssl-internal - secret: - defaultMode: 288 - optional: true - secretName: some-name-ssl-internal - - name: users-secret-file - secret: - defaultMode: 420 - secretName: internal-some-name-users - updateStrategy: - rollingUpdate: - partition: 0 - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: mongod-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: - phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1130-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1130-oc.yml index 3953e20250..564cfdbc41 100644 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1130-oc.yml +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1130-oc.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: {} - generation: 3 + generation: 1 labels: app.kubernetes.io/component: mongod app.kubernetes.io/instance: some-name diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1130.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1130.yml index 519dfe2780..c1a0c23bf5 100644 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1130.yml +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1130.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: {} - generation: 3 + generation: 1 labels: app.kubernetes.io/component: mongod app.kubernetes.io/instance: some-name diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1140-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1140-oc.yml index ef0a65c77d..ee3265533f 100644 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1140-oc.yml +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1140-oc.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: {} - generation: 4 + generation: 2 labels: app.kubernetes.io/component: mongod app.kubernetes.io/instance: some-name diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1140.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1140.yml index e667272881..1e7140328d 100644 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1140.yml +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1140.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: {} - generation: 4 + generation: 2 labels: app.kubernetes.io/component: mongod app.kubernetes.io/instance: some-name diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1150-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1150-oc.yml index 1bd744c220..a8134afdbe 100644 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1150-oc.yml +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1150-oc.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: {} - generation: 5 + generation: 3 labels: app.kubernetes.io/component: mongod app.kubernetes.io/instance: some-name diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1150.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1150.yml index ec6286e35e..bc713e0f9a 100644 --- a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1150.yml +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1150.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: {} - generation: 5 + generation: 3 labels: app.kubernetes.io/component: mongod app.kubernetes.io/instance: some-name diff --git a/e2e-tests/upgrade-consistency/conf/some-name-rs0.yml b/e2e-tests/upgrade-consistency/conf/some-name-rs0.yml index 116d45aef7..fbf43c4eda 100644 --- a/e2e-tests/upgrade-consistency/conf/some-name-rs0.yml +++ b/e2e-tests/upgrade-consistency/conf/some-name-rs0.yml @@ -3,7 +3,7 @@ kind: PerconaServerMongoDB metadata: name: some-name spec: - crVersion: 1.11.0 + crVersion: 1.13.0 #platform: openshift image: imagePullPolicy: Always @@ -11,37 +11,6 @@ spec: backup: enabled: false image: perconalab/percona-server-mongodb-operator:0.4.0-backup - mongod: - net: - hostPort: 0 - port: 27017 - operationProfiling: - mode: slowOp - rateLimit: 1 - slowOpThresholdMs: 100 - security: - redactClientLogData: false - setParameter: - ttlMonitorSleepSecs: 60 - wiredTigerConcurrentReadTransactions: 128 - wiredTigerConcurrentWriteTransactions: 128 - storage: - engine: wiredTiger - inMemory: - engineConfig: - inMemorySizeRatio: 0.9 - mmapv1: - nsSize: 16 - smallfiles: false - wiredTiger: - collectionConfig: - blockCompressor: snappy - engineConfig: - cacheSizeRatio: 0.5 - directoryForIndexes: false - journalCompressor: snappy - indexConfig: - prefixCompression: true replsets: - name: rs0 # readinessDelaySec: 40 diff --git a/e2e-tests/upgrade-consistency/run b/e2e-tests/upgrade-consistency/run index f397fdc271..8264a49787 100755 --- a/e2e-tests/upgrade-consistency/run +++ b/e2e-tests/upgrade-consistency/run @@ -15,34 +15,12 @@ main() { kubectl_bin apply -f "${conf_dir}/client.yml" \ -f "${conf_dir}/secrets.yml" - desc "create first PSMDB cluster 1.11.0 $CLUSTER" + desc "create first PSMDB cluster 1.13.0 $CLUSTER" apply_cluster "$test_dir/conf/${CLUSTER}-rs0.yml" desc 'check if Pod started' wait_for_running "${CLUSTER}-rs0" "3" "true" - desc 'check if service and statefulset created with expected config' - compare_kubectl service/${CLUSTER}-rs0 "-1110" - compare_kubectl statefulset/${CLUSTER}-rs0 "-1110" - - desc 'test 1.12.0' - kubectl_bin patch psmdb "${CLUSTER}" --type=merge --patch '{ - "spec": {"crVersion":"1.12.0"} - }' - desc 'check if Pod started' - wait_for_running "${CLUSTER}-rs0" "3" "true" - - desc 'check if service and statefulset created with expected config' - compare_kubectl service/${CLUSTER}-rs0 "-1120" - compare_kubectl statefulset/${CLUSTER}-rs0 "-1120" - - desc 'test 1.13.0' - kubectl_bin patch psmdb "${CLUSTER}" --type=merge --patch '{ - "spec": {"crVersion":"1.13.0"} - }' - desc 'check if Pod started' - wait_for_running "${CLUSTER}-rs0" "3" "true" - desc 'check if service and statefulset created with expected config' compare_kubectl service/${CLUSTER}-rs0 "-1130" compare_kubectl statefulset/${CLUSTER}-rs0 "-1130" diff --git a/e2e-tests/version-service/conf/crd.yaml b/e2e-tests/version-service/conf/crd.yaml index ee9721c905..5dd7521cc3 100644 --- a/e2e-tests/version-service/conf/crd.yaml +++ b/e2e-tests/version-service/conf/crd.yaml @@ -992,109 +992,6 @@ spec: type: object initImage: type: string - mongod: - properties: - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object - net: - properties: - hostPort: - format: int32 - type: integer - port: - format: int32 - type: integer - type: object - operationProfiling: - properties: - mode: - type: string - rateLimit: - type: integer - slowOpThresholdMs: - type: integer - type: object - replication: - properties: - oplogSizeMB: - type: integer - type: object - security: - properties: - enableEncryption: - type: boolean - encryptionCipherMode: - type: string - encryptionKeySecret: - type: string - redactClientLogData: - type: boolean - type: object - setParameter: - properties: - cursorTimeoutMillis: - type: integer - ttlMonitorSleepSecs: - type: integer - wiredTigerConcurrentReadTransactions: - type: integer - wiredTigerConcurrentWriteTransactions: - type: integer - type: object - storage: - properties: - directoryPerDB: - type: boolean - engine: - type: string - inMemory: - properties: - engineConfig: - properties: - inMemorySizeRatio: - type: number - type: object - type: object - mmapv1: - properties: - nsSize: - type: integer - smallfiles: - type: boolean - type: object - syncPeriodSecs: - type: integer - wiredTiger: - properties: - collectionConfig: - properties: - blockCompressor: - type: string - type: object - engineConfig: - properties: - cacheSizeRatio: - type: number - directoryForIndexes: - type: boolean - journalCompressor: - type: string - type: object - indexConfig: - properties: - prefixCompression: - type: boolean - type: object - type: object - type: object - type: object multiCluster: properties: DNSSuffix: @@ -3580,6 +3477,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -10343,6 +10251,17 @@ spec: - votes type: object type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array labels: additionalProperties: type: string @@ -15041,15 +14960,6 @@ spec: additionalProperties: type: string type: object - auditLog: - properties: - destination: - type: string - filter: - type: string - format: - type: string - type: object configuration: type: string containerSecurityContext: @@ -15132,6 +15042,17 @@ spec: servicePerPod: type: boolean type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array hostPort: format: int32 type: integer diff --git a/go.mod b/go.mod index 08c116a7c5..af31e51cfe 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/go-openapi/errors v0.20.4 github.com/go-openapi/runtime v0.26.0 github.com/go-openapi/strfmt v0.21.7 - github.com/go-openapi/swag v0.22.3 + github.com/go-openapi/swag v0.22.4 github.com/go-openapi/validate v0.22.1 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.2 github.com/hashicorp/go-version v1.6.0 @@ -17,7 +17,7 @@ require ( github.com/percona/percona-backup-mongodb v1.8.1-0.20230725073611-5d2c6eeb81be github.com/pkg/errors v0.9.1 github.com/robfig/cron/v3 v3.0.1 - github.com/sirupsen/logrus v1.9.0 + github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 go.mongodb.org/mongo-driver v1.12.1 go.uber.org/zap v1.25.0 diff --git a/go.sum b/go.sum index abf9634ba7..421f97b5fb 100644 --- a/go.sum +++ b/go.sum @@ -199,8 +199,9 @@ github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= @@ -484,8 +485,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs= github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= diff --git a/healthcheck/pkg/env.go b/healthcheck/pkg/env.go index ac4762811a..3301c8e522 100644 --- a/healthcheck/pkg/env.go +++ b/healthcheck/pkg/env.go @@ -16,7 +16,6 @@ package pkg const ( // general - EnvLogVerbose = "LOG_VERBOSE" EnvServiceName = "SERVICE_NAME" EnvMongoDBPort = "MONGODB_PORT" EnvMongoDBIp = "MONGODB_IP" diff --git a/healthcheck/tools/logger/logger.go b/healthcheck/tools/logger/logger.go deleted file mode 100644 index e64e2213b6..0000000000 --- a/healthcheck/tools/logger/logger.go +++ /dev/null @@ -1,74 +0,0 @@ -// Copyright 2018 Percona LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package logger - -import ( - "io" - "os" - "path/filepath" - "runtime" - "strconv" - "strings" - - "github.com/alecthomas/kingpin" - "github.com/percona/percona-server-mongodb-operator/healthcheck/pkg" - log "github.com/sirupsen/logrus" -) - -// enableVerboseLogging enables verbose logging -func enableVerboseLogging(ctx *kingpin.ParseContext) error { - log.SetLevel(log.DebugLevel) - return nil -} - -// getCallerInfo returns the file and file line-number of a caller -func getLogCallerInfo(e *log.Entry) (interface{}, error) { - skip := 1 - skipMax := 12 - for skip <= skipMax { - _, file, lineNo, _ := runtime.Caller(skip) - if strings.Contains(file, "github.com/sirupsen/logrus") { - skip++ - continue - } - return filepath.Base(file) + ":" + strconv.Itoa(lineNo), nil - } - return "", nil -} - -// GetLogFormatter returns a configured logrus.Formatter for logging -func GetLogFormatter() log.Formatter { - return &log.JSONFormatter{} -} - -// SetupLogger configures github.com/srupsen/logrus for logging -func SetupLogger(app *kingpin.Application, formatter log.Formatter, out io.Writer) *bool { - log.SetOutput(out) - log.SetFormatter(formatter) - log.SetLevel(log.InfoLevel) - if app != nil { - var verbose bool - app.Flag("verbose", "enable verbose logging").Action(enableVerboseLogging).BoolVar(&verbose) - - // fix for kingpin .Envar() being ignored above - if strings.TrimSpace(os.Getenv(pkg.EnvLogVerbose)) == "true" { - _ = enableVerboseLogging(nil) - verbose = true - } - - return &verbose - } - return nil -} diff --git a/healthcheck/tools/tool/tool.go b/healthcheck/tools/tool/tool.go index e2930f0960..ba500e1901 100644 --- a/healthcheck/tools/tool/tool.go +++ b/healthcheck/tools/tool/tool.go @@ -22,23 +22,18 @@ import ( "github.com/alecthomas/kingpin" tools "github.com/percona/percona-server-mongodb-operator/healthcheck" - "github.com/percona/percona-server-mongodb-operator/healthcheck/tools/logger" ) // Author is the author used by kingpin const Author = "Percona LLC." // New sets up a new kingpin.Application -func New(help, commit, branch string) (*kingpin.Application, *bool) { +func New(help, commit, branch string) *kingpin.Application { app := kingpin.New(filepath.Base(os.Args[0]), help) app.Author(Author) app.Version(fmt.Sprintf( "%s version %s\ngit commit %s, branch %s\ngo version %s", app.Name, tools.Version, commit, branch, runtime.Version(), )) - return app, logger.SetupLogger( - app, - logger.GetLogFormatter(), - os.Stdout, - ) + return app } diff --git a/pkg/apis/psmdb/v1/psmdb_defaults.go b/pkg/apis/psmdb/v1/psmdb_defaults.go index 9b9d003360..25c92293b3 100644 --- a/pkg/apis/psmdb/v1/psmdb_defaults.go +++ b/pkg/apis/psmdb/v1/psmdb_defaults.go @@ -71,41 +71,9 @@ func (cr *PerconaServerMongoDB) CheckNSetDefaults(platform version.Platform, log if cr.Spec.Secrets.Users == "" { cr.Spec.Secrets.Users = defaultUsersSecretName } - if cr.Spec.Mongod == nil { - cr.Spec.Mongod = &MongodSpec{} - } - if cr.CompareVersion("1.12.0") < 0 { - if cr.Spec.Mongod.Net == nil { - cr.Spec.Mongod.Net = &MongodSpecNet{} - } - if cr.Spec.Mongod.Net.Port == 0 { - cr.Spec.Mongod.Net.Port = DefaultMongodPort - } - if cr.Spec.Mongod.Storage == nil { - cr.Spec.Mongod.Storage = &MongodSpecStorage{} - } - if cr.Spec.Mongod.Storage.Engine == "" { - cr.Spec.Mongod.Storage.Engine = defaultStorageEngine - } - if cr.Spec.Mongod.OperationProfiling == nil { - cr.Spec.Mongod.OperationProfiling = &MongodSpecOperationProfiling{ - Mode: defaultOperationProfilingMode, - } - } - if cr.Spec.Mongod.Security == nil { - cr.Spec.Mongod.Security = &MongodSpecSecurity{} - } - if cr.Spec.Mongod.Security.EnableEncryption == nil { - is120 := cr.CompareVersion("1.2.0") >= 0 - cr.Spec.Mongod.Security.EnableEncryption = &is120 - } - } - if cr.Spec.EncryptionKeySecretName() == "" { - is1120 := cr.CompareVersion("1.12.0") >= 0 - if is1120 || (!is1120 && *cr.Spec.Mongod.Security.EnableEncryption) { - cr.Spec.Secrets.EncryptionKey = cr.Name + "-mongodb-encryption-key" - } + if cr.Spec.Secrets.EncryptionKey == "" { + cr.Spec.Secrets.EncryptionKey = cr.Name + "-mongodb-encryption-key" } if cr.Spec.Secrets.SSL == "" { @@ -173,7 +141,27 @@ func (cr *PerconaServerMongoDB) CheckNSetDefaults(platform version.Platform, log cr.Spec.Sharding.Mongos.Size = minSafeMongosSize } } + if cr.CompareVersion("1.15.0") >= 0 { + var fsgroup *int64 + if platform == version.PlatformKubernetes { + var tp int64 = 1001 + fsgroup = &tp + } + if cr.Spec.Sharding.Mongos.ContainerSecurityContext == nil { + tvar := true + cr.Spec.Sharding.Mongos.ContainerSecurityContext = &corev1.SecurityContext{ + RunAsNonRoot: &tvar, + RunAsUser: fsgroup, + } + } + + if cr.Spec.Sharding.Mongos.PodSecurityContext == nil { + cr.Spec.Sharding.Mongos.PodSecurityContext = &corev1.PodSecurityContext{ + FSGroup: fsgroup, + } + } + } cr.Spec.Sharding.ConfigsvrReplSet.Name = ConfigReplSetName if cr.Spec.Sharding.Mongos.Port == 0 { @@ -315,12 +303,8 @@ func (cr *PerconaServerMongoDB) CheckNSetDefaults(platform version.Platform, log } if replset.Storage == nil { - if cr.CompareVersion("1.12.0") >= 0 { - replset.Storage = new(MongodSpecStorage) - replset.Storage.Engine = defaultStorageEngine - } else { - replset.Storage = cr.Spec.Mongod.Storage - } + replset.Storage = new(MongodSpecStorage) + replset.Storage.Engine = defaultStorageEngine } if replset.Storage.Engine == "" { replset.Storage.Engine = defaultStorageEngine @@ -417,7 +401,7 @@ func (cr *PerconaServerMongoDB) CheckNSetDefaults(platform version.Platform, log if replset.ReadinessProbe.TCPSocket == nil { replset.ReadinessProbe.TCPSocket = &corev1.TCPSocketAction{ - Port: intstr.FromInt(int(MongodPort(cr))), + Port: intstr.FromInt(int(DefaultMongodPort)), } } @@ -672,7 +656,7 @@ func (nv *NonVotingSpec) SetDefaults(cr *PerconaServerMongoDB, rs *ReplsetSpec) nv.ReadinessProbe = &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ TCPSocket: &corev1.TCPSocketAction{ - Port: intstr.FromInt(int(MongodPort(cr))), + Port: intstr.FromInt(int(DefaultMongodPort)), }, }, } @@ -804,10 +788,3 @@ func (v *VolumeSpec) reconcileOpts() error { return nil } - -func MongodPort(cr *PerconaServerMongoDB) int32 { - if cr.CompareVersion("1.12.0") >= 0 { - return DefaultMongodPort - } - return cr.Spec.Mongod.Net.Port -} diff --git a/pkg/apis/psmdb/v1/psmdb_types.go b/pkg/apis/psmdb/v1/psmdb_types.go index c238758334..fd17cbae62 100644 --- a/pkg/apis/psmdb/v1/psmdb_types.go +++ b/pkg/apis/psmdb/v1/psmdb_types.go @@ -73,7 +73,6 @@ type PerconaServerMongoDBSpec struct { UnsafeConf bool `json:"allowUnsafeConfigurations,omitempty"` IgnoreLabels []string `json:"ignoreLabels,omitempty"` IgnoreAnnotations []string `json:"ignoreAnnotations,omitempty"` - Mongod *MongodSpec `json:"mongod,omitempty"` Replsets []*ReplsetSpec `json:"replsets,omitempty"` Secrets *SecretsSpec `json:"secrets,omitempty"` Backup BackupSpec `json:"backup,omitempty"` @@ -95,20 +94,6 @@ type TLSSpec struct { CertValidityDuration metav1.Duration `json:"certValidityDuration,omitempty"` } -// EncryptionKeySecretName returns spec.Secrets.EncryptionKey. -// If it's empty, spec.Mongod.Security.EncryptionKeySecret is returned. -// -// TODO: Remove after 1.14 -func (spec *PerconaServerMongoDBSpec) EncryptionKeySecretName() string { - if spec.Secrets != nil && spec.Secrets.EncryptionKey != "" { - return spec.Secrets.EncryptionKey - } - if spec.Mongod != nil && spec.Mongod.Security != nil { - return spec.Mongod.Security.EncryptionKeySecret - } - return "" -} - func (spec *PerconaServerMongoDBSpec) Replset(name string) *ReplsetSpec { switch name { case "": @@ -522,6 +507,7 @@ type ReplsetSpec struct { Configuration MongoConfiguration `json:"configuration,omitempty"` ExternalNodes []*ExternalNode `json:"externalNodes,omitempty"` NonVoting NonVotingSpec `json:"nonvoting,omitempty"` + HostAliases []corev1.HostAlias `json:"hostAliases,omitempty"` } func (r *ReplsetSpec) ServiceName(cr *PerconaServerMongoDB) string { @@ -537,7 +523,7 @@ func (r *ReplsetSpec) PodFQDN(cr *PerconaServerMongoDB, podName string) string { } func (r *ReplsetSpec) PodFQDNWithPort(cr *PerconaServerMongoDB, podName string) string { - return fmt.Sprintf("%s:%d", r.PodFQDN(cr, podName), MongodPort(cr)) + return fmt.Sprintf("%s:%d", r.PodFQDN(cr, podName), DefaultMongodPort) } type LivenessProbeExtended struct { @@ -594,7 +580,6 @@ type MongosSpec struct { Port int32 `json:"port,omitempty"` HostPort int32 `json:"hostPort,omitempty"` SetParameter *MongosSpecSetParameter `json:"setParameter,omitempty"` - AuditLog *MongoSpecAuditLog `json:"auditLog,omitempty"` Expose MongosExpose `json:"expose,omitempty"` Size int32 `json:"size,omitempty"` ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty"` @@ -602,48 +587,7 @@ type MongosSpec struct { PodSecurityContext *corev1.PodSecurityContext `json:"podSecurityContext,omitempty"` ContainerSecurityContext *corev1.SecurityContext `json:"containerSecurityContext,omitempty"` Configuration MongoConfiguration `json:"configuration,omitempty"` -} - -type MongodSpec struct { - Net *MongodSpecNet `json:"net,omitempty"` - AuditLog *MongoSpecAuditLog `json:"auditLog,omitempty"` - OperationProfiling *MongodSpecOperationProfiling `json:"operationProfiling,omitempty"` - Replication *MongodSpecReplication `json:"replication,omitempty"` - Security *MongodSpecSecurity `json:"security,omitempty"` - SetParameter *MongodSpecSetParameter `json:"setParameter,omitempty"` - Storage *MongodSpecStorage `json:"storage,omitempty"` -} - -type MongodSpecNet struct { - Port int32 `json:"port,omitempty"` - HostPort int32 `json:"hostPort,omitempty"` -} - -type MongodSpecReplication struct { - OplogSizeMB int `json:"oplogSizeMB,omitempty"` -} - -// MongodChiperMode is a cipher mode used by Data-at-Rest Encryption -type MongodChiperMode string - -const ( - MongodChiperModeUnset MongodChiperMode = "" - MongodChiperModeCBC MongodChiperMode = "AES256-CBC" - MongodChiperModeGCM MongodChiperMode = "AES256-GCM" -) - -type MongodSpecSecurity struct { - RedactClientLogData bool `json:"redactClientLogData,omitempty"` - EnableEncryption *bool `json:"enableEncryption,omitempty"` - EncryptionKeySecret string `json:"encryptionKeySecret,omitempty"` - EncryptionCipherMode MongodChiperMode `json:"encryptionCipherMode,omitempty"` -} - -type MongodSpecSetParameter struct { - TTLMonitorSleepSecs int `json:"ttlMonitorSleepSecs,omitempty"` - WiredTigerConcurrentReadTransactions int `json:"wiredTigerConcurrentReadTransactions,omitempty"` - WiredTigerConcurrentWriteTransactions int `json:"wiredTigerConcurrentWriteTransactions,omitempty"` - CursorTimeoutMillis int `json:"cursorTimeoutMillis,omitempty"` + HostAliases []corev1.HostAlias `json:"hostAliases,omitempty"` } type MongosSpecSetParameter struct { @@ -719,12 +663,6 @@ var ( AuditLogFormatJSON AuditLogFormat = "JSON" ) -type MongoSpecAuditLog struct { - Destination AuditLogDestination `json:"destination,omitempty"` - Format AuditLogFormat `json:"format,omitempty"` - Filter string `json:"filter,omitempty"` -} - type OperationProfilingMode string const ( @@ -732,12 +670,6 @@ const ( OperationProfilingModeSlowOp OperationProfilingMode = "slowOp" ) -type MongodSpecOperationProfiling struct { - Mode OperationProfilingMode `json:"mode,omitempty"` - SlowOpThresholdMs int `json:"slowOpThresholdMs,omitempty"` - RateLimit int `json:"rateLimit,omitempty"` -} - type BackupTaskSpec struct { Name string `json:"name"` Enabled bool `json:"enabled"` diff --git a/pkg/apis/psmdb/v1/zz_generated.deepcopy.go b/pkg/apis/psmdb/v1/zz_generated.deepcopy.go index 0cb6480b68..77e5a78484 100644 --- a/pkg/apis/psmdb/v1/zz_generated.deepcopy.go +++ b/pkg/apis/psmdb/v1/zz_generated.deepcopy.go @@ -252,71 +252,6 @@ func (in *LivenessProbeExtended) DeepCopy() *LivenessProbeExtended { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MongoSpecAuditLog) DeepCopyInto(out *MongoSpecAuditLog) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoSpecAuditLog. -func (in *MongoSpecAuditLog) DeepCopy() *MongoSpecAuditLog { - if in == nil { - return nil - } - out := new(MongoSpecAuditLog) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MongodSpec) DeepCopyInto(out *MongodSpec) { - *out = *in - if in.Net != nil { - in, out := &in.Net, &out.Net - *out = new(MongodSpecNet) - **out = **in - } - if in.AuditLog != nil { - in, out := &in.AuditLog, &out.AuditLog - *out = new(MongoSpecAuditLog) - **out = **in - } - if in.OperationProfiling != nil { - in, out := &in.OperationProfiling, &out.OperationProfiling - *out = new(MongodSpecOperationProfiling) - **out = **in - } - if in.Replication != nil { - in, out := &in.Replication, &out.Replication - *out = new(MongodSpecReplication) - **out = **in - } - if in.Security != nil { - in, out := &in.Security, &out.Security - *out = new(MongodSpecSecurity) - (*in).DeepCopyInto(*out) - } - if in.SetParameter != nil { - in, out := &in.SetParameter, &out.SetParameter - *out = new(MongodSpecSetParameter) - **out = **in - } - if in.Storage != nil { - in, out := &in.Storage, &out.Storage - *out = new(MongodSpecStorage) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongodSpec. -func (in *MongodSpec) DeepCopy() *MongodSpec { - if in == nil { - return nil - } - out := new(MongodSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MongodSpecInMemory) DeepCopyInto(out *MongodSpecInMemory) { *out = *in @@ -367,86 +302,6 @@ func (in *MongodSpecMMAPv1) DeepCopy() *MongodSpecMMAPv1 { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MongodSpecNet) DeepCopyInto(out *MongodSpecNet) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongodSpecNet. -func (in *MongodSpecNet) DeepCopy() *MongodSpecNet { - if in == nil { - return nil - } - out := new(MongodSpecNet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MongodSpecOperationProfiling) DeepCopyInto(out *MongodSpecOperationProfiling) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongodSpecOperationProfiling. -func (in *MongodSpecOperationProfiling) DeepCopy() *MongodSpecOperationProfiling { - if in == nil { - return nil - } - out := new(MongodSpecOperationProfiling) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MongodSpecReplication) DeepCopyInto(out *MongodSpecReplication) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongodSpecReplication. -func (in *MongodSpecReplication) DeepCopy() *MongodSpecReplication { - if in == nil { - return nil - } - out := new(MongodSpecReplication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MongodSpecSecurity) DeepCopyInto(out *MongodSpecSecurity) { - *out = *in - if in.EnableEncryption != nil { - in, out := &in.EnableEncryption, &out.EnableEncryption - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongodSpecSecurity. -func (in *MongodSpecSecurity) DeepCopy() *MongodSpecSecurity { - if in == nil { - return nil - } - out := new(MongodSpecSecurity) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MongodSpecSetParameter) DeepCopyInto(out *MongodSpecSetParameter) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongodSpecSetParameter. -func (in *MongodSpecSetParameter) DeepCopy() *MongodSpecSetParameter { - if in == nil { - return nil - } - out := new(MongodSpecSetParameter) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MongodSpecStorage) DeepCopyInto(out *MongodSpecStorage) { *out = *in @@ -587,11 +442,6 @@ func (in *MongosSpec) DeepCopyInto(out *MongosSpec) { *out = new(MongosSpecSetParameter) **out = **in } - if in.AuditLog != nil { - in, out := &in.AuditLog, &out.AuditLog - *out = new(MongoSpecAuditLog) - **out = **in - } in.Expose.DeepCopyInto(&out.Expose) if in.ReadinessProbe != nil { in, out := &in.ReadinessProbe, &out.ReadinessProbe @@ -613,6 +463,13 @@ func (in *MongosSpec) DeepCopyInto(out *MongosSpec) { *out = new(corev1.SecurityContext) (*in).DeepCopyInto(*out) } + if in.HostAliases != nil { + in, out := &in.HostAliases, &out.HostAliases + *out = make([]corev1.HostAlias, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongosSpec. @@ -1212,11 +1069,6 @@ func (in *PerconaServerMongoDBSpec) DeepCopyInto(out *PerconaServerMongoDBSpec) *out = make([]string, len(*in)) copy(*out, *in) } - if in.Mongod != nil { - in, out := &in.Mongod, &out.Mongod - *out = new(MongodSpec) - (*in).DeepCopyInto(*out) - } if in.Replsets != nil { in, out := &in.Replsets, &out.Replsets *out = make([]*ReplsetSpec, len(*in)) @@ -1407,6 +1259,13 @@ func (in *ReplsetSpec) DeepCopyInto(out *ReplsetSpec) { } } in.NonVoting.DeepCopyInto(&out.NonVoting) + if in.HostAliases != nil { + in, out := &in.HostAliases, &out.HostAliases + *out = make([]corev1.HostAlias, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplsetSpec. diff --git a/pkg/controller/perconaservermongodb/psmdb_controller.go b/pkg/controller/perconaservermongodb/psmdb_controller.go index 00fa1fc66f..d46faa8d8a 100644 --- a/pkg/controller/perconaservermongodb/psmdb_controller.go +++ b/pkg/controller/perconaservermongodb/psmdb_controller.go @@ -362,15 +362,13 @@ func (r *ReconcilePerconaServerMongoDB) Reconcile(ctx context.Context, request r log.Info("Created a new mongo key", "KeyName", internalKey) } - if is1120 := cr.CompareVersion("1.12.0") >= 0; is1120 || (!is1120 && *cr.Spec.Mongod.Security.EnableEncryption) { - created, err := r.ensureSecurityKey(ctx, cr, cr.Spec.EncryptionKeySecretName(), api.EncryptionKeyName, 32, false) - if err != nil { - err = errors.Wrapf(err, "ensure mongo Key %s", cr.Spec.EncryptionKeySecretName()) - return reconcile.Result{}, err - } - if created { - log.Info("Created a new mongo key", "KeyName", cr.Spec.EncryptionKeySecretName()) - } + created, err := r.ensureSecurityKey(ctx, cr, cr.Spec.Secrets.EncryptionKey, api.EncryptionKeyName, 32, false) + if err != nil { + err = errors.Wrapf(err, "ensure mongo Key %s", cr.Spec.Secrets.EncryptionKey) + return reconcile.Result{}, err + } + if created { + log.Info("Created a new mongo key", "KeyName", cr.Spec.Secrets.EncryptionKey) } if cr.Spec.Backup.Enabled { diff --git a/pkg/controller/perconaservermongodbbackup/backup.go b/pkg/controller/perconaservermongodbbackup/backup.go index 3a19d77067..6c19bc1531 100644 --- a/pkg/controller/perconaservermongodbbackup/backup.go +++ b/pkg/controller/perconaservermongodbbackup/backup.go @@ -114,7 +114,7 @@ func (b *Backup) Status(ctx context.Context, cr *api.PerconaServerMongoDBBackup) } if meta == nil || meta.Name == "" || errors.Is(err, pbm.ErrNotFound) { - logf.FromContext(ctx).Info("Waiting for backup metadata", "PBM name", cr.Status.PBMname, "backup", cr.Name) + logf.FromContext(ctx).Info("Waiting for backup metadata", "pbmName", cr.Status.PBMname, "backup", cr.Name) return status, nil } diff --git a/pkg/controller/perconaservermongodbbackup/perconaservermongodbbackup_controller.go b/pkg/controller/perconaservermongodbbackup/perconaservermongodbbackup_controller.go index cf07e5f2c5..d7446bc565 100644 --- a/pkg/controller/perconaservermongodbbackup/perconaservermongodbbackup_controller.go +++ b/pkg/controller/perconaservermongodbbackup/perconaservermongodbbackup_controller.go @@ -51,7 +51,7 @@ func newReconciler(mgr manager.Manager) reconcile.Reconciler { // add adds a new Controller to mgr with r as the reconcile.Reconciler func add(mgr manager.Manager, r reconcile.Reconciler) error { // Create a new controller - c, err := controller.New("perconaservermongodbbackup-controller", mgr, controller.Options{Reconciler: r}) + c, err := controller.New("psmdbbackup-controller", mgr, controller.Options{Reconciler: r}) if err != nil { return err } diff --git a/pkg/controller/perconaservermongodbrestore/logical.go b/pkg/controller/perconaservermongodbrestore/logical.go index 60a7a18dbb..464247276e 100644 --- a/pkg/controller/perconaservermongodbrestore/logical.go +++ b/pkg/controller/perconaservermongodbrestore/logical.go @@ -118,7 +118,7 @@ func (r *ReconcilePerconaServerMongoDBRestore) reconcileLogicalRestore(ctx conte } if meta == nil || meta.Name == "" { - log.Info("Waiting for restore metadata", "PBM name", cr.Status.PBMname, "restore", cr.Name, "backup", cr.Spec.BackupName) + log.Info("Waiting for restore metadata", "pbmName", cr.Status.PBMname, "restore", cr.Name, "backup", cr.Spec.BackupName) return status, nil } diff --git a/pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go b/pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go index e0b43f4482..5b90a05a66 100644 --- a/pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go +++ b/pkg/controller/perconaservermongodbrestore/perconaservermongodbrestore_controller.go @@ -54,7 +54,7 @@ func newReconciler(mgr manager.Manager) (reconcile.Reconciler, error) { // add adds a new Controller to mgr with r as the reconcile.Reconciler func add(mgr manager.Manager, r reconcile.Reconciler) error { // Create a new controller - c, err := controller.New("perconaservermongodbrestore-controller", mgr, controller.Options{Reconciler: r}) + c, err := controller.New("psmdbrestore-controller", mgr, controller.Options{Reconciler: r}) if err != nil { return err } diff --git a/pkg/psmdb/backup/agent.go b/pkg/psmdb/backup/agent.go index e9d838cf65..fb85deea72 100644 --- a/pkg/psmdb/backup/agent.go +++ b/pkg/psmdb/backup/agent.go @@ -49,7 +49,7 @@ func AgentContainer(cr *api.PerconaServerMongoDB, replsetName string) corev1.Con }, { Name: "PBM_MONGODB_PORT", - Value: strconv.Itoa(int(api.MongodPort(cr))), + Value: strconv.Itoa(int(api.DefaultMongodPort)), }, }, SecurityContext: cr.Spec.Backup.ContainerSecurityContext, diff --git a/pkg/psmdb/container.go b/pkg/psmdb/container.go index 7a85cdd04c..1e445d1bc6 100644 --- a/pkg/psmdb/container.go +++ b/pkg/psmdb/container.go @@ -66,7 +66,7 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R } else { volumes = append(volumes, corev1.VolumeMount{ - Name: cr.Spec.EncryptionKeySecretName(), + Name: cr.Spec.Secrets.EncryptionKey, MountPath: api.MongodRESTencryptDir, ReadOnly: true, }, @@ -80,10 +80,6 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R MountPath: "/etc/users-secret", }) } - hostPort := int32(0) - if cr.CompareVersion("1.12.0") < 0 { - hostPort = cr.Spec.Mongod.Net.HostPort - } container := corev1.Container{ Name: name, Image: cr.Spec.Image, @@ -92,8 +88,8 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R Ports: []corev1.ContainerPort{ { Name: mongodPortName, - HostPort: hostPort, - ContainerPort: api.MongodPort(cr), + HostPort: int32(0), + ContainerPort: api.DefaultMongodPort, }, }, Env: []corev1.EnvVar{ @@ -107,7 +103,7 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R }, { Name: "MONGODB_PORT", - Value: strconv.Itoa(int(api.MongodPort(cr))), + Value: strconv.Itoa(int(api.DefaultMongodPort)), }, { Name: "MONGODB_REPLSET", @@ -161,7 +157,7 @@ func containerArgs(ctx context.Context, cr *api.PerconaServerMongoDB, replset *a "--bind_ip_all", "--auth", "--dbpath=" + MongodContainerDataDir, - "--port=" + strconv.Itoa(int(api.MongodPort(cr))), + "--port=" + strconv.Itoa(int(api.DefaultMongodPort)), "--replSet=" + replset.Name, "--storageEngine=" + string(replset.Storage.Engine), "--relaxPermChecks", @@ -188,22 +184,6 @@ func containerArgs(ctx context.Context, cr *api.PerconaServerMongoDB, replset *a args = append(args, "--shardsvr") } - // operationProfiling - if mSpec := cr.Spec.Mongod; cr.CompareVersion("1.12.0") < 0 && mSpec.OperationProfiling != nil { - switch mSpec.OperationProfiling.Mode { - case api.OperationProfilingModeAll: - args = append(args, "--profile=2") - case api.OperationProfilingModeSlowOp: - args = append(args, - "--slowms="+strconv.Itoa(int(mSpec.OperationProfiling.SlowOpThresholdMs)), - "--profile=1", - ) - } - if mSpec.OperationProfiling.RateLimit > 0 { - args = append(args, "--rateLimit="+strconv.Itoa(mSpec.OperationProfiling.RateLimit)) - } - } - encryptionEnabled, err := isEncryptionEnabled(cr, replset) if err != nil { logf.FromContext(ctx).Error(err, "failed to check if mongo encryption enabled") @@ -219,15 +199,6 @@ func containerArgs(ctx context.Context, cr *api.PerconaServerMongoDB, replset *a if replset.Storage != nil { switch replset.Storage.Engine { case api.StorageEngineWiredTiger: - if cr.CompareVersion("1.12.0") < 0 && *cr.Spec.Mongod.Security.EnableEncryption { - args = append(args, "--enableEncryption", - "--encryptionKeyFile="+api.MongodRESTencryptDir+"/"+api.EncryptionKeyName) - if cr.Spec.Mongod.Security.EncryptionCipherMode != api.MongodChiperModeUnset { - args = append(args, - "--encryptionCipherMode="+string(cr.Spec.Mongod.Security.EncryptionCipherMode), - ) - } - } if limit, ok := resources.Limits[corev1.ResourceMemory]; ok && !limit.IsZero() { args = append(args, fmt.Sprintf( "--wiredTigerCacheSizeGB=%.2f", @@ -268,66 +239,6 @@ func containerArgs(ctx context.Context, cr *api.PerconaServerMongoDB, replset *a } } - if cr.CompareVersion("1.12.0") < 0 { - mSpec := cr.Spec.Mongod - - // security - if mSpec.Security != nil && mSpec.Security.RedactClientLogData { - args = append(args, "--redactClientLogData") - } - - // replication - if mSpec.Replication != nil && mSpec.Replication.OplogSizeMB > 0 { - args = append(args, "--oplogSize="+strconv.Itoa(mSpec.Replication.OplogSizeMB)) - } - - // setParameter - if mSpec.SetParameter != nil { - if mSpec.SetParameter.TTLMonitorSleepSecs > 0 { - args = append(args, - "--setParameter", - "ttlMonitorSleepSecs="+strconv.Itoa(mSpec.SetParameter.TTLMonitorSleepSecs), - ) - } - if mSpec.SetParameter.WiredTigerConcurrentReadTransactions > 0 { - args = append(args, - "--setParameter", - "wiredTigerConcurrentReadTransactions="+strconv.Itoa(mSpec.SetParameter.WiredTigerConcurrentReadTransactions), - ) - } - if mSpec.SetParameter.WiredTigerConcurrentWriteTransactions > 0 { - args = append(args, - "--setParameter", - "wiredTigerConcurrentWriteTransactions="+strconv.Itoa(mSpec.SetParameter.WiredTigerConcurrentWriteTransactions), - ) - } - if mSpec.SetParameter.CursorTimeoutMillis > 0 { - args = append(args, - "--setParameter", - "cursorTimeoutMillis="+strconv.Itoa(mSpec.SetParameter.CursorTimeoutMillis), - ) - } - } - - // auditLog - if mSpec.AuditLog != nil && mSpec.AuditLog.Destination == api.AuditLogDestinationFile { - if mSpec.AuditLog.Filter == "" { - mSpec.AuditLog.Filter = "{}" - } - args = append(args, - "--auditDestination=file", - "--auditFilter="+mSpec.AuditLog.Filter, - "--auditFormat="+string(mSpec.AuditLog.Format), - ) - switch mSpec.AuditLog.Format { - case api.AuditLogFormatBSON: - args = append(args, "--auditPath="+MongodContainerDataDir+"/auditLog.bson") - default: - args = append(args, "--auditPath="+MongodContainerDataDir+"/auditLog.json") - } - } - } - if cr.CompareVersion("1.9.0") >= 0 && useConfigFile { args = append(args, fmt.Sprintf("--config=%s/mongod.conf", mongodConfigDir)) } diff --git a/pkg/psmdb/mongos.go b/pkg/psmdb/mongos.go index 24a7f860ab..801573c49c 100644 --- a/pkg/psmdb/mongos.go +++ b/pkg/psmdb/mongos.go @@ -122,6 +122,7 @@ func MongosTemplateSpec(cr *api.PerconaServerMongoDB, initImage string, log logr Annotations: annotations, }, Spec: corev1.PodSpec{ + HostAliases: cr.Spec.Sharding.Mongos.HostAliases, SecurityContext: cr.Spec.Sharding.Mongos.PodSecurityContext, Affinity: PodAffinity(cr, cr.Spec.Sharding.Mongos.MultiAZ.Affinity, ls), NodeSelector: cr.Spec.Sharding.Mongos.MultiAZ.NodeSelector, @@ -241,7 +242,6 @@ func mongosContainer(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgInstan } func mongosContainerArgs(cr *api.PerconaServerMongoDB, resources corev1.ResourceRequirements, useConfigFile bool, cfgInstances []string) []string { - mdSpec := cr.Spec.Mongod msSpec := cr.Spec.Sharding.Mongos cfgRs := cr.Spec.Sharding.ConfigsvrReplSet @@ -274,10 +274,6 @@ func mongosContainerArgs(cr *api.PerconaServerMongoDB, resources corev1.Resource args = append(args, "--clusterAuthMode=x509") } - if cr.CompareVersion("1.12.0") < 0 && mdSpec.Security != nil && mdSpec.Security.RedactClientLogData { - args = append(args, "--redactClientLogData") - } - if msSpec.SetParameter != nil { if msSpec.SetParameter.CursorTimeoutMillis > 0 { args = append(args, @@ -287,23 +283,6 @@ func mongosContainerArgs(cr *api.PerconaServerMongoDB, resources corev1.Resource } } - if cr.CompareVersion("1.13.0") < 0 && msSpec.AuditLog != nil && msSpec.AuditLog.Destination == api.AuditLogDestinationFile { - if msSpec.AuditLog.Filter == "" { - msSpec.AuditLog.Filter = "{}" - } - args = append(args, - "--auditDestination=file", - "--auditFilter="+msSpec.AuditLog.Filter, - "--auditFormat="+string(msSpec.AuditLog.Format), - ) - switch msSpec.AuditLog.Format { - case api.AuditLogFormatBSON: - args = append(args, "--auditPath="+MongodContainerDataDir+"/auditLog.bson") - default: - args = append(args, "--auditPath="+MongodContainerDataDir+"/auditLog.json") - } - } - if useConfigFile { args = append(args, fmt.Sprintf("--config=%s/mongos.conf", mongosConfigDir)) } diff --git a/pkg/psmdb/service.go b/pkg/psmdb/service.go index 11609364ec..0764abc39a 100644 --- a/pkg/psmdb/service.go +++ b/pkg/psmdb/service.go @@ -43,8 +43,8 @@ func Service(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec) *corev1.Ser Ports: []corev1.ServicePort{ { Name: mongodPortName, - Port: api.MongodPort(cr), - TargetPort: intstr.FromInt(int(api.MongodPort(cr))), + Port: api.DefaultMongodPort, + TargetPort: intstr.FromInt(int(api.DefaultMongodPort)), }, }, ClusterIP: "None", @@ -100,8 +100,8 @@ func ExternalService(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec, pod Ports: []corev1.ServicePort{ { Name: mongodPortName, - Port: api.MongodPort(cr), - TargetPort: intstr.FromInt(int(api.MongodPort(cr))), + Port: api.DefaultMongodPort, + TargetPort: intstr.FromInt(int(api.DefaultMongodPort)), }, }, Selector: map[string]string{"statefulset.kubernetes.io/pod-name": podName}, @@ -347,13 +347,13 @@ func getExtAddr(ctx context.Context, cl client.Client, namespace string, pod cor // GetAddr returns replicaSet pod address in cluster func GetAddr(cr *api.PerconaServerMongoDB, pod, replset string) string { return strings.Join([]string{pod, cr.Name + "-" + replset, cr.Namespace, cr.Spec.ClusterServiceDNSSuffix}, ".") + - ":" + strconv.Itoa(int(api.MongodPort(cr))) + ":" + strconv.Itoa(int(api.DefaultMongodPort)) } // GetAddr returns replicaSet pod address in a service mesh func GetServiceMeshAddr(cr *api.PerconaServerMongoDB, pod, replset string) string { return strings.Join([]string{pod, cr.Namespace, cr.Spec.ClusterServiceDNSSuffix}, ".") + - ":" + strconv.Itoa(int(api.MongodPort(cr))) + ":" + strconv.Itoa(int(api.DefaultMongodPort)) } // GetMCSAddr returns ReplicaSet pod address using MultiCluster FQDN diff --git a/pkg/psmdb/statefulset.go b/pkg/psmdb/statefulset.go index da2f755a08..566321c3be 100644 --- a/pkg/psmdb/statefulset.go +++ b/pkg/psmdb/statefulset.go @@ -92,11 +92,11 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap } else { volumes = append(volumes, corev1.Volume{ - Name: cr.Spec.EncryptionKeySecretName(), + Name: cr.Spec.Secrets.EncryptionKey, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ DefaultMode: &secretFileMode, - SecretName: cr.Spec.EncryptionKeySecretName(), + SecretName: cr.Spec.Secrets.EncryptionKey, Optional: &fvar, }, }, @@ -141,6 +141,7 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap Annotations: annotations, }, Spec: corev1.PodSpec{ + HostAliases: replset.HostAliases, SecurityContext: podSecurityContext, Affinity: PodAffinity(cr, multiAZ.Affinity, customLabels), NodeSelector: multiAZ.NodeSelector, @@ -228,18 +229,12 @@ func PodAffinity(cr *api.PerconaServerMongoDB, af *api.PodAffinity, labels map[s } func isEncryptionEnabled(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec) (bool, error) { - if cr.CompareVersion("1.12.0") >= 0 { - enabled, err := replset.Configuration.IsEncryptionEnabled() - if err != nil { - return false, errors.Wrap(err, "failed to parse replset configuration") - } - if enabled == nil { - if cr.Spec.Mongod.Security != nil && cr.Spec.Mongod.Security.EnableEncryption != nil { - return *cr.Spec.Mongod.Security.EnableEncryption, nil - } - return true, nil // true by default - } - return *enabled, nil + enabled, err := replset.Configuration.IsEncryptionEnabled() + if err != nil { + return false, errors.Wrap(err, "failed to parse replset configuration") + } + if enabled == nil { + return true, nil // true by default } - return *cr.Spec.Mongod.Security.EnableEncryption, nil + return *enabled, nil }