Merge branch 'main' into appProtocol

clientcmd/clientcmd.go

@@ -8,7 +8,6 @@ import (
 	"k8s.io/client-go/kubernetes/scheme"
 	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 	restclient "k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/remotecommand"
 )
 
@@ -17,29 +16,16 @@ type Client struct {
 	restconfig *restclient.Config
 }
 
-func NewClient() (*Client, error) {
-	// Instantiate loader for kubeconfig file.
-	kubeconfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
-		clientcmd.NewDefaultClientConfigLoadingRules(),
-		&clientcmd.ConfigOverrides{},
-	)
-
-	// Get a rest.Config from the kubeconfig file.  This will be passed into all
-	// the client objects we create.
-	restconfig, err := kubeconfig.ClientConfig()
-	if err != nil {
-		return nil, err
-	}
-
+func NewClient(config *restclient.Config) (*Client, error) {
 	// Create a Kubernetes core/v1 client.
-	cl, err := corev1client.NewForConfig(restconfig)
+	cl, err := corev1client.NewForConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Client{
 		client:     cl,
-		restconfig: restconfig,
+		restconfig: config,
 	}, nil
 }
 

deploy/cw-bundle.yaml

@@ -18336,6 +18336,14 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

deploy/cw-rbac.yaml

@@ -35,6 +35,14 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

e2e-tests/cross-site-sharded/run

@@ -13,6 +13,26 @@ unset OPERATOR_NS
 main_cluster="cross-site-sharded-main"
 replica_cluster="cross-site-sharded-replica"
 
+wait_for_members() {
+  local endpoint="$1"
+  local rsName="$2"
+  local nodes_amount=0
+  until [[ ${nodes_amount} == 6 ]]; do
+    nodes_amount=$(run_mongos 'rs.conf().members.length' "clusterAdmin:clusterAdmin123456@$endpoint" "mongodb" ":27017" \
+     | egrep -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:|bye' \
+     | $sed -re 's/ObjectId\("[0-9a-f]+"\)//; s/-[0-9]+.svc/-xxx.svc/')
+
+    echo "waiting for all members to be configured in ${rsName}"
+    let retry+=1
+    if [ $retry -ge 15 ]; then
+      echo "Max retry count $retry reached. something went wrong with mongo cluster. Config for endpoint $endpoint has $nodes_amount but expected 6."
+      exit 1
+    fi
+    echo -n .
+    sleep 10
+  done
+}
+
 desc "create main cluster"
 create_infra "$namespace"
 
@@ -118,7 +138,10 @@ sleep 30
 
 desc "create replica PSMDB cluster $cluster"
 apply_cluster "$test_dir/conf/${replica_cluster}.yml"
-sleep 300
+
+wait_for_running $replica_cluster-rs0 3 "false"
+wait_for_running $replica_cluster-rs1 3 "false"
+wait_for_running $replica_cluster-cfg 3 "false"
 
 replica_cfg_0_endpoint=$(get_service_ip cross-site-sharded-replica-cfg-0 'cfg')
 replica_cfg_1_endpoint=$(get_service_ip cross-site-sharded-replica-cfg-1 'cfg')
@@ -141,7 +164,10 @@ kubectl_bin patch psmdb ${main_cluster} --type=merge --patch '{
 			  }
 		}'
 
-sleep 60
+wait_for_members $replica_cfg_0_endpoint cfg
+wait_for_members $replica_rs0_0_endpoint rs0
+wait_for_members $replica_rs1_0_endpoint rs1
+
 kubectl_bin config set-context $(kubectl_bin config current-context) --namespace="$replica_namespace"
 
 desc 'check if all 3 Pods started'
@@ -165,8 +191,8 @@ compare_mongos_cmd "find" "myApp:myPass@$main_cluster-mongos.$namespace"
 
 desc 'test failover'
 kubectl_bin config set-context $(kubectl_bin config current-context) --namespace="$namespace"
+
 kubectl_bin delete psmdb $main_cluster
-sleep 60
 
 desc 'run disaster recovery script for replset: cfg'
 run_script_mongos "${test_dir}/disaster_recovery.js" "clusterAdmin:clusterAdmin123456@$replica_cfg_0_endpoint" "mongodb" ":27017"
@@ -180,7 +206,9 @@ run_script_mongos "${test_dir}/disaster_recovery.js" "clusterAdmin:clusterAdmin1
 desc 'make replica cluster managed'
 kubectl_bin config set-context $(kubectl_bin config current-context) --namespace="$replica_namespace"
 kubectl_bin patch psmdb ${replica_cluster} --type=merge --patch '{"spec":{"unmanaged": false}}'
-sleep 120
+
+wait_for_running $replica_cluster-rs0 3
+wait_for_running $replica_cluster-cfg 3
 
 desc "check failover status"
 compare_mongos_cmd "find" "myApp:myPass@$replica_cluster-mongos.$replica_namespace"

e2e-tests/serviceless-external-nodes/run

@@ -46,6 +46,8 @@ cat $tmp_dir/psmdb.yaml \
 
 wait_cluster_consistency ${cluster}
 
+# waiting the config will be ready.
+sleep 30
 run_mongo 'rs.status().members.forEach(function(z){printjson(z.name);printjson(z.stateStr); })' "clusterAdmin:clusterAdmin123456@${cluster}-rs0-0.${cluster}-rs0.${namespace}" "mongodb" | egrep -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:|bye' >"$tmp_dir/rs.txt"
 
 cat "${test_dir}/compare/rs.txt" \

e2e-tests/tls-issue-cert-manager/compare/certificate_some-name-ssl-internal.yml

@@ -1,6 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
+  annotations: {}
   generation: 1
   name: some-name-ssl-internal
   ownerReferences:

e2e-tests/tls-issue-cert-manager/compare/certificate_some-name-ssl.yml

@@ -1,6 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
+  annotations: {}
   generation: 1
   name: some-name-ssl
   ownerReferences:

e2e-tests/tls-issue-cert-manager/compare/issuer_some-name-psmdb-ca-issuer.yml

@@ -1,6 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
+  annotations: {}
   generation: 1
   name: some-name-psmdb-ca-issuer
   ownerReferences:

e2e-tests/tls-issue-cert-manager/compare/issuer_some-name-psmdb-issuer.yml

@@ -1,6 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
+  annotations: {}
   generation: 1
   name: some-name-psmdb-issuer
   ownerReferences:

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-cfg-1150-oc.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 7
+  generation: 5
   labels:
     app.kubernetes.io/component: cfg
     app.kubernetes.io/instance: some-name

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-cfg-1150.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 7
+  generation: 5
   labels:
     app.kubernetes.io/component: cfg
     app.kubernetes.io/instance: some-name

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-cfg-1160-oc.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 10
+  generation: 8
   labels:
     app.kubernetes.io/component: cfg
     app.kubernetes.io/instance: some-name

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-cfg-1160.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 10
+  generation: 8
   labels:
     app.kubernetes.io/component: cfg
     app.kubernetes.io/instance: some-name

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-rs0-1150-oc.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 8
+  generation: 5
   labels:
     app.kubernetes.io/component: mongod
     app.kubernetes.io/instance: some-name

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-rs0-1150.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 8
+  generation: 5
   labels:
     app.kubernetes.io/component: mongod
     app.kubernetes.io/instance: some-name

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-rs0-1160-oc.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 11
+  generation: 8
   labels:
     app.kubernetes.io/component: mongod
     app.kubernetes.io/instance: some-name

e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-rs0-1160.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 11
+  generation: 8
   labels:
     app.kubernetes.io/component: mongod
     app.kubernetes.io/instance: some-name

e2e-tests/upgrade-consistency-sharded-tls/run

@@ -33,8 +33,8 @@ main() {
 	compare_generation "1" "statefulset" "${CLUSTER}-rs0"
 	compare_generation "1" "statefulset" "${CLUSTER}-cfg"
 
-	# TODO: uncomment when 1.14.0 will be removed,
-	#       renewal doesn't work on "1.14.0" version
+	# Renewal doesn't work on "1.14.0" version
+	#
 	#renew_certificate "some-name-ssl"
 	#renew_certificate "some-name-ssl-internal"
 	#wait_cluster
@@ -46,29 +46,16 @@ main() {
 	compare_kubectl statefulset/${CLUSTER}-cfg "-1140"
 
 	desc 'test 1.15.0'
-	# workaround to switch to updated certificate structure
-	# more details: https://github.com/percona/percona-server-mongodb-operator/pull/1287
-	# TODO: remove the workaround when 1.14.0 will be removed
-	stop_cluster $CLUSTER
-
-	compare_generation "4" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "3" "statefulset" "${CLUSTER}-cfg"
-
 	kubectl_bin patch psmdb "${CLUSTER}" --type=merge --patch '{
         "spec": {"crVersion":"1.15.0"}
     }'
 	# Wait for at least one reconciliation
 	sleep 20
+	desc 'check if Pod started'
+	wait_cluster
 
-	compare_generation "5" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "4" "statefulset" "${CLUSTER}-cfg"
-
-	kubectl_bin delete certificate "$CLUSTER"-ssl "$CLUSTER"-ssl-internal
-	kubectl_bin delete issuer "$CLUSTER-psmdb-ca"
-	kubectl_bin delete secret "$CLUSTER"-ssl "$CLUSTER"-ssl-internal
-	start_cluster $CLUSTER
-	compare_generation "6" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "5" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "3" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "3" "statefulset" "${CLUSTER}-cfg"
 
 	# Wait for at least one reconciliation
 	sleep 20
@@ -78,14 +65,14 @@ main() {
 	renew_certificate "some-name-ssl"
 	sleep 20
 	wait_cluster
-	compare_generation "7" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "6" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "4" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "4" "statefulset" "${CLUSTER}-cfg"
 
 	renew_certificate "some-name-ssl-internal"
 	sleep 20
 	wait_cluster
-	compare_generation "8" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "7" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "5" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "5" "statefulset" "${CLUSTER}-cfg"
 
 	desc 'check if service and statefulset created with expected config'
 	compare_kubectl service/${CLUSTER}-rs0 "-1150"
@@ -101,20 +88,20 @@ main() {
 	sleep 20
 	desc 'check if Pod started'
 	wait_cluster
-	compare_generation "9" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "8" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "6" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "6" "statefulset" "${CLUSTER}-cfg"
 
 	renew_certificate "some-name-ssl"
 	sleep 20
 	wait_cluster
-	compare_generation "10" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "9" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "7" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "7" "statefulset" "${CLUSTER}-cfg"
 
 	renew_certificate "some-name-ssl-internal"
 	sleep 20
 	wait_cluster
-	compare_generation "11" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "10" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "8" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "8" "statefulset" "${CLUSTER}-cfg"
 
 	desc 'check if service and statefulset created with expected config'
 	compare_kubectl service/${CLUSTER}-rs0 "-1160"

pkg/apis/psmdb/v1/perconaservermongodbrestore_types.go

@@ -157,4 +157,8 @@ var (
 	PITRestoreTypeLatest PITRestoreType = "latest"
 )
 
-const AnnotationRestoreInProgress = "percona.com/restore-in-progress"
+const (
+	AnnotationRestoreInProgress = "percona.com/restore-in-progress"
+	// AnnotationUpdateMongosFirst is an annotation used to force next smart update to be applied to mongos before mongod.
+	AnnotationUpdateMongosFirst = "percona.com/update-mongos-first"
+)

pkg/apis/psmdb/v1/psmdb_types.go

@@ -699,6 +699,14 @@ type SecretsSpec struct {
 	LDAPSecret    string `json:"ldapSecret,omitempty"`
 }
 
+func SSLSecretName(cr *PerconaServerMongoDB) string {
+	return cr.Spec.Secrets.SSL
+}
+
+func SSLInternalSecretName(cr *PerconaServerMongoDB) string {
+	return cr.Spec.Secrets.SSLInternal
+}
+
 type MongosSpec struct {
 	MultiAZ `json:",inline"`