percona · hors · Apr 23, 2024 · Nov 27, 2023 · Nov 29, 2023 · Dec 6, 2023
@@ -8,7 +8,6 @@ import (
 	"k8s.io/client-go/kubernetes/scheme"
 	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 	restclient "k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/remotecommand"
 )
 
@@ -17,29 +16,16 @@ type Client struct {
 	restconfig *restclient.Config
 }
 
-func NewClient() (*Client, error) {
-	// Instantiate loader for kubeconfig file.
-	kubeconfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
-		clientcmd.NewDefaultClientConfigLoadingRules(),
-		&clientcmd.ConfigOverrides{},
-	)
-
-	// Get a rest.Config from the kubeconfig file.  This will be passed into all
-	// the client objects we create.
-	restconfig, err := kubeconfig.ClientConfig()
-	if err != nil {
-		return nil, err
-	}
-
+func NewClient(config *restclient.Config) (*Client, error) {
 	// Create a Kubernetes core/v1 client.
-	cl, err := corev1client.NewForConfig(restconfig)
+	cl, err := corev1client.NewForConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Client{
 		client:     cl,
-		restconfig: restconfig,
+		restconfig: config,
 	}, nil
 }
 

@@ -1,6 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
+  annotations: {}
   generation: 1
   name: some-name-ssl-internal
   ownerReferences:

@@ -1,6 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
+  annotations: {}
   generation: 1
   name: some-name-ssl
   ownerReferences:

@@ -1,6 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
+  annotations: {}
   generation: 1
   name: some-name-psmdb-ca-issuer
   ownerReferences:

@@ -1,6 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
+  annotations: {}
   generation: 1
   name: some-name-psmdb-issuer
   ownerReferences:

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 7
+  generation: 5
   labels:
     app.kubernetes.io/component: cfg
     app.kubernetes.io/instance: some-name

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 7
+  generation: 5
   labels:
     app.kubernetes.io/component: cfg
     app.kubernetes.io/instance: some-name

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 10
+  generation: 8
   labels:
     app.kubernetes.io/component: cfg
     app.kubernetes.io/instance: some-name

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 10
+  generation: 8
   labels:
     app.kubernetes.io/component: cfg
     app.kubernetes.io/instance: some-name

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 8
+  generation: 5
   labels:
     app.kubernetes.io/component: mongod
     app.kubernetes.io/instance: some-name

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 8
+  generation: 5
   labels:
     app.kubernetes.io/component: mongod
     app.kubernetes.io/instance: some-name

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 11
+  generation: 8
   labels:
     app.kubernetes.io/component: mongod
     app.kubernetes.io/instance: some-name

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations: {}
-  generation: 11
+  generation: 8
   labels:
     app.kubernetes.io/component: mongod
     app.kubernetes.io/instance: some-name

@@ -33,8 +33,8 @@ main() {
 	compare_generation "1" "statefulset" "${CLUSTER}-rs0"
 	compare_generation "1" "statefulset" "${CLUSTER}-cfg"
 
-	# TODO: uncomment when 1.14.0 will be removed,
-	#       renewal doesn't work on "1.14.0" version
+	# Renewal doesn't work on "1.14.0" version
+	#
 	#renew_certificate "some-name-ssl"
 	#renew_certificate "some-name-ssl-internal"
 	#wait_cluster
@@ -46,29 +46,16 @@ main() {
 	compare_kubectl statefulset/${CLUSTER}-cfg "-1140"
 
 	desc 'test 1.15.0'
-	# workaround to switch to updated certificate structure
-	# more details: https://github.com/percona/percona-server-mongodb-operator/pull/1287
-	# TODO: remove the workaround when 1.14.0 will be removed
-	stop_cluster $CLUSTER
-
-	compare_generation "4" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "3" "statefulset" "${CLUSTER}-cfg"
-
 	kubectl_bin patch psmdb "${CLUSTER}" --type=merge --patch '{
         "spec": {"crVersion":"1.15.0"}
     }'
 	# Wait for at least one reconciliation
 	sleep 20
+	desc 'check if Pod started'
+	wait_cluster
 
-	compare_generation "5" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "4" "statefulset" "${CLUSTER}-cfg"
-
-	kubectl_bin delete certificate "$CLUSTER"-ssl "$CLUSTER"-ssl-internal
-	kubectl_bin delete issuer "$CLUSTER-psmdb-ca"
-	kubectl_bin delete secret "$CLUSTER"-ssl "$CLUSTER"-ssl-internal
-	start_cluster $CLUSTER
-	compare_generation "6" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "5" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "3" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "3" "statefulset" "${CLUSTER}-cfg"
 
 	# Wait for at least one reconciliation
 	sleep 20
@@ -78,14 +65,14 @@ main() {
 	renew_certificate "some-name-ssl"
 	sleep 20
 	wait_cluster
-	compare_generation "7" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "6" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "4" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "4" "statefulset" "${CLUSTER}-cfg"
 
 	renew_certificate "some-name-ssl-internal"
 	sleep 20
 	wait_cluster
-	compare_generation "8" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "7" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "5" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "5" "statefulset" "${CLUSTER}-cfg"
 
 	desc 'check if service and statefulset created with expected config'
 	compare_kubectl service/${CLUSTER}-rs0 "-1150"
@@ -101,20 +88,20 @@ main() {
 	sleep 20
 	desc 'check if Pod started'
 	wait_cluster
-	compare_generation "9" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "8" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "6" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "6" "statefulset" "${CLUSTER}-cfg"
 
 	renew_certificate "some-name-ssl"
 	sleep 20
 	wait_cluster
-	compare_generation "10" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "9" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "7" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "7" "statefulset" "${CLUSTER}-cfg"
 
 	renew_certificate "some-name-ssl-internal"
 	sleep 20
 	wait_cluster
-	compare_generation "11" "statefulset" "${CLUSTER}-rs0"
-	compare_generation "10" "statefulset" "${CLUSTER}-cfg"
+	compare_generation "8" "statefulset" "${CLUSTER}-rs0"
+	compare_generation "8" "statefulset" "${CLUSTER}-cfg"
 
 	desc 'check if service and statefulset created with expected config'
 	compare_kubectl service/${CLUSTER}-rs0 "-1160"

@@ -157,4 +157,8 @@ var (
 	PITRestoreTypeLatest PITRestoreType = "latest"
 )
 
-const AnnotationRestoreInProgress = "percona.com/restore-in-progress"
+const (
+	AnnotationRestoreInProgress = "percona.com/restore-in-progress"
+	// AnnotationUpdateMongosFirst is an annotation used to force next smart update to be applied to mongos before mongod.
+	AnnotationUpdateMongosFirst = "percona.com/update-mongos-first"
+)
@@ -699,6 +699,14 @@ type SecretsSpec struct {
 	LDAPSecret    string `json:"ldapSecret,omitempty"`
 }
 
+func SSLSecretName(cr *PerconaServerMongoDB) string {
+	return cr.Spec.Secrets.SSL
+}
+
+func SSLInternalSecretName(cr *PerconaServerMongoDB) string {
+	return cr.Spec.Secrets.SSLInternal
+}
+
 type MongosSpec struct {
 	MultiAZ `json:",inline"`