From fc670bf7bc164acf87a6800bc72cea43359a491e Mon Sep 17 00:00:00 2001 From: Michael Burman Date: Mon, 4 Sep 2023 15:46:17 +0300 Subject: [PATCH 1/6] Revert 640a4db58314088b1ccee3b8f7db2fb6c90e2f56, remove OSE specific ServiceAccountName from pods --- CHANGELOG.md | 2 + Makefile | 3 +- apis/config/v1beta1/operatorconfig_types.go | 3 - cmd/main.go | 9 ++- .../webhook/controller_manager_config.yaml | 1 - config/manager/controller_manager_config.yaml | 1 - config/rbac/nonroot_role.yaml | 25 -------- config/rbac/service_account_nonroot.yaml | 4 -- ...xample-cassdc-three-nodes-single-rack.yaml | 1 + .../cassandradatacenter_controller.go | 6 +- .../construct_podtemplatespec.go | 6 +- .../construct_podtemplatespec_test.go | 60 ++++--------------- pkg/reconciliation/construct_statefulset.go | 5 +- .../construct_statefulset_test.go | 43 +++---------- pkg/reconciliation/context.go | 14 ++--- pkg/reconciliation/reconcile_racks.go | 6 +- pkg/reconciliation/reconcile_racks_test.go | 32 +++++----- scripts/postprocess-bundle.sh | 2 + scripts/preprocess-bundle.sh | 9 --- 19 files changed, 60 insertions(+), 172 deletions(-) delete mode 100644 config/rbac/nonroot_role.yaml delete mode 100644 config/rbac/service_account_nonroot.yaml delete mode 100755 scripts/preprocess-bundle.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index ec285fea..7460ad84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ Changelog for Cass Operator, new PRs should update the `main / unreleased` secti ## unreleased +* [CHANGE] [#541](https://github.com/k8ssandra/cass-operator/issues/541) Revert when deployed through OLM, add serviceAccount to Cassandra pods that use nonroot priviledge. This is no longer necessary with 1.17.0 and up. + ## v1.17.0 * [CHANGE] [#565](https://github.com/k8ssandra/cass-operator/issues/565) Replace the use of wget with curl when making Kubernetes -> management-api HTTP(S) calls diff --git a/Makefile b/Makefile index 6661267a..ed6aaab0 100644 --- a/Makefile +++ b/Makefile @@ -315,8 +315,7 @@ endif bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. $(OPSDK) generate kustomize manifests -q cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) - scripts/preprocess-bundle.sh - $(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/manifests | $(OPSDK) generate bundle -q --overwrite --extra-service-accounts cass-operator-cassandra-default-sa --version $(VERSION) $(BUNDLE_METADATA_OPTS) + $(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/manifests | $(OPSDK) generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) scripts/postprocess-bundle.sh $(REGISTRY) $(OPSDK) bundle validate ./bundle --select-optional suite=operatorframework diff --git a/apis/config/v1beta1/operatorconfig_types.go b/apis/config/v1beta1/operatorconfig_types.go index b06b6192..7dc087d2 100644 --- a/apis/config/v1beta1/operatorconfig_types.go +++ b/apis/config/v1beta1/operatorconfig_types.go @@ -38,9 +38,6 @@ type OperatorConfig struct { // ImageConfigFile indicates the path where to load the imageConfig from ImageConfigFile string `json:"imageConfigFile,omitempty"` - - // OLMDeployed is set to true when operator is deployed through OLM. This will activate additional Openshift features - OLMDeployed bool `json:"olmDeployment,omitempty"` } func init() { diff --git a/cmd/main.go b/cmd/main.go index c2fb27ab..7bf7f2be 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -115,11 +115,10 @@ func main() { } if err = (&controllers.CassandraDatacenterReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("CassandraDatacenter"), - Scheme: mgr.GetScheme(), - Recorder: mgr.GetEventRecorderFor("cass-operator"), - OperatorConfig: &operConfig, + Client: mgr.GetClient(), + Log: ctrl.Log.WithName("controllers").WithName("CassandraDatacenter"), + Scheme: mgr.GetScheme(), + Recorder: mgr.GetEventRecorderFor("cass-operator"), }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "CassandraDatacenter") os.Exit(1) diff --git a/config/components/webhook/controller_manager_config.yaml b/config/components/webhook/controller_manager_config.yaml index 4a4490f6..89e40ac8 100644 --- a/config/components/webhook/controller_manager_config.yaml +++ b/config/components/webhook/controller_manager_config.yaml @@ -13,4 +13,3 @@ leaderElection: resourceName: b569adb7.cassandra.datastax.com disableWebhooks: false imageConfigFile: /configs/image_config.yaml -olmDeployment: false diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml index 9a3a5f47..095232db 100644 --- a/config/manager/controller_manager_config.yaml +++ b/config/manager/controller_manager_config.yaml @@ -13,4 +13,3 @@ leaderElection: resourceName: b569adb7.cassandra.datastax.com disableWebhooks: true imageConfigFile: /configs/image_config.yaml -olmDeployment: false \ No newline at end of file diff --git a/config/rbac/nonroot_role.yaml b/config/rbac/nonroot_role.yaml deleted file mode 100644 index ff2fd7c0..00000000 --- a/config/rbac/nonroot_role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cassandra-nonroot -rules: -- apiGroups: - - security.openshift.io - resourceNames: - - nonroot - resources: - - securitycontextconstraints - verbs: - - use ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: cassandra-nonroot-rolebinding -subjects: - - kind: ServiceAccount - name: cassandra-default-sa -roleRef: - kind: Role - name: cassandra-nonroot - apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/service_account_nonroot.yaml b/config/rbac/service_account_nonroot.yaml deleted file mode 100644 index d53219b1..00000000 --- a/config/rbac/service_account_nonroot.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cassandra-default-sa diff --git a/config/samples/example-cassdc-three-nodes-single-rack.yaml b/config/samples/example-cassdc-three-nodes-single-rack.yaml index 2a3a3ccf..9f93efb0 100644 --- a/config/samples/example-cassdc-three-nodes-single-rack.yaml +++ b/config/samples/example-cassdc-three-nodes-single-rack.yaml @@ -17,6 +17,7 @@ spec: resources: requests: storage: 10Gi + dockerImageRunsAsCassandra: false resources: requests: memory: 2Gi diff --git a/internal/controllers/cassandra/cassandradatacenter_controller.go b/internal/controllers/cassandra/cassandradatacenter_controller.go index 133cb352..cc8364b8 100644 --- a/internal/controllers/cassandra/cassandradatacenter_controller.go +++ b/internal/controllers/cassandra/cassandradatacenter_controller.go @@ -44,7 +44,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" api "github.com/k8ssandra/cass-operator/apis/cassandra/v1beta1" - configv1beta1 "github.com/k8ssandra/cass-operator/apis/config/v1beta1" ) var ( @@ -76,9 +75,6 @@ type CassandraDatacenterReconciler struct { // during reconciliation where we update the mappings for the watches. // Putting it here allows us to get it to both places. SecretWatches dynamicwatch.DynamicWatches - - // OperatorConfig allows Reconciler to access generic configuration properties - OperatorConfig *configv1beta1.OperatorConfig } // Reconcile reads that state of the cluster for a Datacenter object @@ -109,7 +105,7 @@ func (r *CassandraDatacenterReconciler) Reconcile(ctx context.Context, request c logger.Info("======== handler::Reconcile has been called") - rc, err := reconciliation.CreateReconciliationContext(ctx, &request, r.Client, r.Scheme, r.Recorder, r.SecretWatches, r.OperatorConfig.OLMDeployed) + rc, err := reconciliation.CreateReconciliationContext(ctx, &request, r.Client, r.Scheme, r.Recorder, r.SecretWatches) if err != nil { if errors.IsNotFound(err) { diff --git a/pkg/reconciliation/construct_podtemplatespec.go b/pkg/reconciliation/construct_podtemplatespec.go index 7c7f3288..70872283 100644 --- a/pkg/reconciliation/construct_podtemplatespec.go +++ b/pkg/reconciliation/construct_podtemplatespec.go @@ -32,7 +32,6 @@ const ( CassandraContainerName = "cassandra" PvcName = "server-data" SystemLoggerContainerName = "server-system-logger" - OpenShiftPodServiceAccount = "cass-operator-cassandra-default-sa" ) // calculateNodeAffinity provides a way to decide where to schedule pods within a statefulset based on labels @@ -740,7 +739,7 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla return nil } -func buildPodTemplateSpec(dc *api.CassandraDatacenter, rack api.Rack, addLegacyInternodeMount, openShift bool) (*corev1.PodTemplateSpec, error) { +func buildPodTemplateSpec(dc *api.CassandraDatacenter, rack api.Rack, addLegacyInternodeMount bool) (*corev1.PodTemplateSpec, error) { baseTemplate := dc.Spec.PodTemplateSpec.DeepCopy() @@ -749,9 +748,6 @@ func buildPodTemplateSpec(dc *api.CassandraDatacenter, rack api.Rack, addLegacyI } // Service Account - if openShift { - baseTemplate.Spec.ServiceAccountName = OpenShiftPodServiceAccount - } if dc.Spec.ServiceAccountName != "" { baseTemplate.Spec.ServiceAccountName = dc.Spec.ServiceAccountName diff --git a/pkg/reconciliation/construct_podtemplatespec_test.go b/pkg/reconciliation/construct_podtemplatespec_test.go index 6d3fde95..8bb2f332 100644 --- a/pkg/reconciliation/construct_podtemplatespec_test.go +++ b/pkg/reconciliation/construct_podtemplatespec_test.go @@ -566,7 +566,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_containers_merge(t *testing.T) }, }, } - got, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false, false) + got, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false) assert.NoError(t, err, "should not have gotten error when building podTemplateSpec") assert.Equal(t, 3, len(got.Spec.Containers)) @@ -600,7 +600,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_initcontainers_merge(t *testin ConfigBuilderResources: testContainer.Resources, }, } - got, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false, false) + got, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false) assert.NoError(t, err, "should not have gotten error when building podTemplateSpec") assert.Equal(t, 2, len(got.Spec.InitContainers)) @@ -643,7 +643,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_add_initContainer_after_config }, } - podTemplateSpec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false, false) + podTemplateSpec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false) assert.NoError(t, err, "should not have gotten error when building podTemplateSpec") @@ -704,7 +704,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_add_initContainer_with_volumes }, } - podTemplateSpec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], true, false) + podTemplateSpec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], true) assert.NoError(t, err, "should not have gotten error when building podTemplateSpec") @@ -814,7 +814,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_add_container_with_volumes(t * }, } - podTemplateSpec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], true, false) + podTemplateSpec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], true) assert.NoError(t, err, "should not have gotten error when building podTemplateSpec") @@ -871,7 +871,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_add_container_with_volumes(t * testZoneRack := dc.Spec.Racks[0] testZoneRack.NodeAffinityLabels = map[string]string{zoneLabel: "testzone"} dc.Spec.Racks[0] = testZoneRack - podTemplateSpec, err = buildPodTemplateSpec(dc, testZoneRack, false, false) + podTemplateSpec, err = buildPodTemplateSpec(dc, testZoneRack, false) assert.NoError(t, err, "should not have gotten error when building podTemplateSpec") volumes = podTemplateSpec.Spec.Volumes @@ -971,7 +971,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_labels_merge(t *testing.T) { } dc.Spec.PodTemplateSpec.Labels = map[string]string{"abc": "123"} - spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false, false) + spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false) got := spec.Labels expected := dc.GetRackLabels("testrack") @@ -1005,7 +1005,7 @@ func TestCassandraDatacenter_buildContainers_additional_labels(t *testing.T) { } dc.Spec.PodTemplateSpec.Labels = map[string]string{"abc": "123"} - spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false, false) + spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false) got := spec.Labels expected := dc.GetRackLabels("testrack") @@ -1046,7 +1046,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_overrideSecurityContext(t *tes }, } - spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false, false) + spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false) assert.NoError(t, err, "should not have gotten an error when building podTemplateSpec") assert.NotNil(t, spec) @@ -1098,7 +1098,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_do_not_propagate_volumes(t *te }, } - spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], true, false) + spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], true) assert.NoError(t, err, "should not have gotten error when building podTemplateSpec") initContainers := spec.Spec.InitContainers @@ -1207,40 +1207,6 @@ func TestCassandraDatacenter_buildPodTemplateSpec_clientImage(t *testing.T) { assert.True(volumesContains(volumes, volumeNameMatcher("vector-lib"))) } -func TestCassandraDatacenter_buildPodTemplateSpec_openShift(t *testing.T) { - assert := assert.New(t) - - dc := &api.CassandraDatacenter{ - Spec: api.CassandraDatacenterSpec{ - ClusterName: "bob", - ServerType: "cassandra", - ServerVersion: "4.1.2", - Racks: []api.Rack{ - { - Name: "default", - }, - }, - }, - } - - spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], true, false) - assert.NoError(err, "should not have gotten error when building podTemplateSpec") - - assert.Equal(spec.Spec.ServiceAccountName, "", "no default serviceAccount is set") - - spec, err = buildPodTemplateSpec(dc, dc.Spec.Racks[0], true, true) - assert.NoError(err, "should not have gotten error when building podTemplateSpec") - - assert.Equal(spec.Spec.ServiceAccountName, OpenShiftPodServiceAccount, "missing serviceAccount when running under OLM") - - dc.Spec.ServiceAccountName = "overrideSA" - - spec, err = buildPodTemplateSpec(dc, dc.Spec.Racks[0], true, true) - assert.NoError(err, "should not have gotten error when building podTemplateSpec") - - assert.Equal(spec.Spec.ServiceAccountName, "overrideSA", "under OLM the serviceAccountName must be overwritable") -} - func TestCassandraDatacenter_buildContainers_DisableSystemLoggerSidecar(t *testing.T) { dc := &api.CassandraDatacenter{ Spec: api.CassandraDatacenterSpec{ @@ -1431,7 +1397,7 @@ func TestTolerations(t *testing.T) { }, } - spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false, false) + spec, err := buildPodTemplateSpec(dc, dc.Spec.Racks[0], false) assert.NoError(t, err, "failed to build PodTemplateSpec") // using ElementsMatch instead of Equal because we do not really care about ordering. @@ -1468,7 +1434,7 @@ func TestTolerations(t *testing.T) { }, } - spec, err = buildPodTemplateSpec(dc, dc.Spec.Racks[0], false, false) + spec, err = buildPodTemplateSpec(dc, dc.Spec.Racks[0], false) assert.NoError(t, err, "failed to build PodTemplateSpec") // using ElementsMatch instead of Equal because we do not really care about ordering. @@ -1688,7 +1654,7 @@ func TestServiceAccountPrecedence(t *testing.T) { } for _, test := range tests { - pds, err := buildPodTemplateSpec(test.dc, test.dc.Spec.Racks[0], false, false) + pds, err := buildPodTemplateSpec(test.dc, test.dc.Spec.Racks[0], false) assert.NoError(err) assert.Equal(test.accountName, pds.Spec.ServiceAccountName) } diff --git a/pkg/reconciliation/construct_statefulset.go b/pkg/reconciliation/construct_statefulset.go index 0fac86bf..6df42f97 100644 --- a/pkg/reconciliation/construct_statefulset.go +++ b/pkg/reconciliation/construct_statefulset.go @@ -64,8 +64,7 @@ func newStatefulSetForCassandraDatacenter( sts *appsv1.StatefulSet, rackName string, dc *api.CassandraDatacenter, - replicaCount int, - openShift bool) (*appsv1.StatefulSet, error) { + replicaCount int) (*appsv1.StatefulSet, error) { replicaCountInt32 := int32(replicaCount) @@ -113,7 +112,7 @@ func newStatefulSetForCassandraDatacenter( nsName := newNamespacedNameForStatefulSet(dc, rackName) - template, err := buildPodTemplateSpec(dc, rack, legacyInternodeMount(dc, sts), openShift) + template, err := buildPodTemplateSpec(dc, rack, legacyInternodeMount(dc, sts)) if err != nil { return nil, err } diff --git a/pkg/reconciliation/construct_statefulset_test.go b/pkg/reconciliation/construct_statefulset_test.go index d744671d..cd342d7e 100644 --- a/pkg/reconciliation/construct_statefulset_test.go +++ b/pkg/reconciliation/construct_statefulset_test.go @@ -49,7 +49,7 @@ func Test_newStatefulSetForCassandraDatacenter(t *testing.T) { } for _, tt := range tests { t.Log(tt.name) - got, err := newStatefulSetForCassandraDatacenter(nil, tt.args.rackName, tt.args.dc, tt.args.replicaCount, false) + got, err := newStatefulSetForCassandraDatacenter(nil, tt.args.rackName, tt.args.dc, tt.args.replicaCount) assert.NoError(t, err, "newStatefulSetForCassandraDatacenter should not have errored") assert.NotNil(t, got, "newStatefulSetForCassandraDatacenter should not have returned a nil statefulset") assert.Equal(t, map[string]string{"dedicated": "cassandra"}, got.Spec.Template.Spec.NodeSelector) @@ -108,7 +108,7 @@ func Test_newStatefulSetForCassandraDatacenter_additionalLabels(t *testing.T) { } statefulset, newStatefulSetForCassandraDatacenterError := newStatefulSetForCassandraDatacenter(nil, - "rack1", dc, 1, false) + "rack1", dc, 1) assert.NoError(t, newStatefulSetForCassandraDatacenterError, "should not have gotten error when creating the new statefulset") @@ -168,7 +168,7 @@ func Test_newStatefulSetForCassandraDatacenter_ServiceName(t *testing.T) { }, } - sts, err := newStatefulSetForCassandraDatacenter(&appsv1.StatefulSet{}, "default", dc, 1, false) + sts, err := newStatefulSetForCassandraDatacenter(&appsv1.StatefulSet{}, "default", dc, 1) require.NoError(t, err) assert.Equal(t, dc.GetAllPodsServiceName(), sts.Spec.ServiceName) @@ -205,7 +205,7 @@ func TestStatefulSetWithAdditionalVolumesFromSource(t *testing.T) { }, } - sts, err := newStatefulSetForCassandraDatacenter(nil, "r1", dc, 3, false) + sts, err := newStatefulSetForCassandraDatacenter(nil, "r1", dc, 3) assert.NoError(err) assert.Equal(5, len(sts.Spec.Template.Spec.Volumes)) @@ -270,7 +270,7 @@ func TestStatefulSetWithAdditionalVolumesFromSource(t *testing.T) { }, } - sts, err = newStatefulSetForCassandraDatacenter(nil, "r1", dc, 3, false) + sts, err = newStatefulSetForCassandraDatacenter(nil, "r1", dc, 3) assert.NoError(err) assert.Equal(3, len(sts.Spec.VolumeClaimTemplates)) @@ -369,7 +369,7 @@ func Test_newStatefulSetForCassandraDatacenterWithAdditionalVolumes(t *testing.T } for _, tt := range tests { t.Log(tt.name) - got, err := newStatefulSetForCassandraDatacenter(nil, tt.args.rackName, tt.args.dc, tt.args.replicaCount, false) + got, err := newStatefulSetForCassandraDatacenter(nil, tt.args.rackName, tt.args.dc, tt.args.replicaCount) assert.NoError(t, err, "newStatefulSetForCassandraDatacenter should not have errored") assert.NotNil(t, got, "newStatefulSetForCassandraDatacenter should not have returned a nil statefulset") @@ -543,7 +543,7 @@ func Test_newStatefulSetForCassandraPodSecurityContext(t *testing.T) { } for _, tt := range tests { t.Log(tt.name) - statefulSet, err := newStatefulSetForCassandraDatacenter(nil, rack, tt.dc, replicas, false) + statefulSet, err := newStatefulSetForCassandraDatacenter(nil, rack, tt.dc, replicas) assert.NoError(t, err, fmt.Sprintf("%s: failed to create new statefulset", tt.name)) assert.NotNil(t, statefulSet, fmt.Sprintf("%s: statefulset is nil", tt.name)) @@ -643,7 +643,7 @@ func Test_newStatefulSetForCassandraDatacenter_dcNameOverride(t *testing.T) { } statefulset, newStatefulSetForCassandraDatacenterError := newStatefulSetForCassandraDatacenter(nil, - "rack1", dc, 1, false) + "rack1", dc, 1) assert.NoError(t, newStatefulSetForCassandraDatacenterError, "should not have gotten error when creating the new statefulset") @@ -656,33 +656,6 @@ func Test_newStatefulSetForCassandraDatacenter_dcNameOverride(t *testing.T) { } } -func Test_newStatefulSetForCassandraDatacenter_OpenShift(t *testing.T) { - assert := assert.New(t) - dc := &api.CassandraDatacenter{ - ObjectMeta: metav1.ObjectMeta{ - Name: "dc1", - }, - Spec: api.CassandraDatacenterSpec{ - ClusterName: "cluster1", - ServerType: "cassandra", - ServerVersion: "4.1.2", - PodTemplateSpec: &corev1.PodTemplateSpec{}, - StorageConfig: api.StorageConfig{ - CassandraDataVolumeClaimSpec: &corev1.PersistentVolumeClaimSpec{}, - }, - Racks: []api.Rack{ - { - Name: "rack1", - }, - }, - }, - } - - statefulset, err := newStatefulSetForCassandraDatacenter(nil, dc.Spec.Racks[0].Name, dc, 1, true) - assert.NoError(err) - assert.Equal(OpenShiftPodServiceAccount, statefulset.Spec.Template.Spec.ServiceAccountName) -} - func int64Ptr(n int64) *int64 { return &n } diff --git a/pkg/reconciliation/context.go b/pkg/reconciliation/context.go index 1d4e6f1c..c3e7dbb0 100644 --- a/pkg/reconciliation/context.go +++ b/pkg/reconciliation/context.go @@ -14,6 +14,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/tools/record" "sigs.k8s.io/controller-runtime/pkg/client" + runtimeClient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" @@ -26,14 +27,13 @@ import ( // ReconciliationContext contains all of the input necessary to calculate a list of ReconciliationActions type ReconciliationContext struct { Request *reconcile.Request - Client client.Client + Client runtimeClient.Client Scheme *runtime.Scheme Datacenter *api.CassandraDatacenter NodeMgmtClient httphelper.NodeMgmtClient Recorder record.EventRecorder ReqLogger logr.Logger SecretWatches dynamicwatch.DynamicWatches - OpenShift bool // According to golang recommendations the context should not be stored in a struct but given that // this is passed around as a parameter we feel that its a fair compromise. For further discussion @@ -52,11 +52,10 @@ type ReconciliationContext struct { func CreateReconciliationContext( ctx context.Context, req *reconcile.Request, - cli client.Client, + cli runtimeClient.Client, scheme *runtime.Scheme, rec record.EventRecorder, - secretWatches dynamicwatch.DynamicWatches, - runningInOpenshift bool) (*ReconciliationContext, error) { + secretWatches dynamicwatch.DynamicWatches) (*ReconciliationContext, error) { reqLogger := log.FromContext(ctx) rc := &ReconciliationContext{} @@ -67,7 +66,6 @@ func CreateReconciliationContext( rc.SecretWatches = secretWatches rc.ReqLogger = reqLogger rc.Ctx = ctx - rc.OpenShift = runningInOpenshift rc.ReqLogger = rc.ReqLogger. WithValues("namespace", req.Namespace) @@ -121,7 +119,7 @@ func (rc *ReconciliationContext) GetLogger() logr.Logger { return rc.ReqLogger } -func (rc *ReconciliationContext) GetClient() client.Client { +func (rc *ReconciliationContext) GetClient() runtimeClient.Client { return rc.Client } @@ -166,7 +164,7 @@ func (rc *ReconciliationContext) validateDatacenterNameOverride() []error { return errs } else { if *dc.Status.DatacenterName != dc.Spec.DatacenterName { - errs = append(errs, fmt.Errorf("datacenter %s name override '%s' cannot be changed after creation to '%s'", dc.Name, dc.Spec.DatacenterName, *dc.Status.DatacenterName)) + errs = append(errs, fmt.Errorf("datacenter %s name override '%s' cannot be changed after creation to '%s'.", dc.Name, dc.Spec.DatacenterName, *dc.Status.DatacenterName)) } } diff --git a/pkg/reconciliation/reconcile_racks.go b/pkg/reconciliation/reconcile_racks.go index 5200908d..04361737 100644 --- a/pkg/reconciliation/reconcile_racks.go +++ b/pkg/reconciliation/reconcile_racks.go @@ -181,7 +181,7 @@ func (rc *ReconciliationContext) CheckRackPodTemplate() result.ReconcileResult { } statefulSet := rc.statefulSets[idx] - desiredSts, err := newStatefulSetForCassandraDatacenter(statefulSet, rackName, dc, int(*statefulSet.Spec.Replicas), rc.OpenShift) + desiredSts, err := newStatefulSetForCassandraDatacenter(statefulSet, rackName, dc, int(*statefulSet.Spec.Replicas)) if err != nil { logger.Error(err, "error calling newStatefulSetForCassandraDatacenter") @@ -332,7 +332,7 @@ func (rc *ReconciliationContext) CheckRackForceUpgrade() result.ReconcileResult // have to use zero here, because each statefulset is created with no replicas // in GetStatefulSetForRack() - desiredSts, err := newStatefulSetForCassandraDatacenter(statefulSet, rackName, dc, nextRack.NodeCount, false) + desiredSts, err := newStatefulSetForCassandraDatacenter(statefulSet, rackName, dc, nextRack.NodeCount) if err != nil { logger.Error(err, "error calling newStatefulSetForCassandraDatacenter") return result.Error(err) @@ -1387,7 +1387,7 @@ func (rc *ReconciliationContext) GetStatefulSetForRack( currentStatefulSet, nextRack.RackName, rc.Datacenter, - nextRack.NodeCount, false) + nextRack.NodeCount) if err != nil { return nil, false, err } diff --git a/pkg/reconciliation/reconcile_racks_test.go b/pkg/reconciliation/reconcile_racks_test.go index aaa9a032..a1cf5358 100644 --- a/pkg/reconciliation/reconcile_racks_test.go +++ b/pkg/reconciliation/reconcile_racks_test.go @@ -210,7 +210,7 @@ func TestReconcileRacks_ReconcilePods(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") desiredStatefulSet.Spec.Replicas = &one @@ -389,7 +389,7 @@ func TestReconcilePods(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") statefulSet.Status.Replicas = int32(1) @@ -407,7 +407,7 @@ func TestReconcilePods_WithVolumes(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") statefulSet.Status.Replicas = int32(1) @@ -465,7 +465,7 @@ func TestReconcileNextRack(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") err = rc.ReconcileNextRack(statefulSet) @@ -489,7 +489,7 @@ func TestReconcileNextRack_CreateError(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") mockClient := mocks.NewClient(t) @@ -566,7 +566,7 @@ func TestReconcileRacks(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") trackObjects := []runtime.Object{ @@ -639,7 +639,7 @@ func TestReconcileRacks_WaitingForReplicas(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") trackObjects := []runtime.Object{ @@ -681,7 +681,7 @@ func TestReconcileRacks_NeedMoreReplicas(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") trackObjects := []runtime.Object{ @@ -716,7 +716,7 @@ func TestReconcileRacks_DoesntScaleDown(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") trackObjects := []runtime.Object{ @@ -757,7 +757,7 @@ func TestReconcileRacks_NeedToPark(t *testing.T) { nil, "default", rc.Datacenter, - 3, false) + 3) assert.NoErrorf(t, err, "error occurred creating statefulset") trackObjects := []runtime.Object{ @@ -802,7 +802,7 @@ func TestReconcileRacks_AlreadyReconciled(t *testing.T) { nil, "default", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") desiredStatefulSet.Status.ReadyReplicas = 2 @@ -843,7 +843,7 @@ func TestReconcileStatefulSet_ImmutableSpec(t *testing.T) { nil, "rack0", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(err, "error occurred creating statefulset") assert.NotEqual("immutable-service", origStatefulSet.Spec.ServiceName) @@ -853,7 +853,7 @@ func TestReconcileStatefulSet_ImmutableSpec(t *testing.T) { origStatefulSet, "rack0", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(err, "error occurred creating statefulset") assert.Equal("immutable-service", modifiedStatefulSet.Spec.ServiceName) @@ -869,7 +869,7 @@ func TestReconcileRacks_FirstRackAlreadyReconciled(t *testing.T) { nil, "rack0", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") desiredStatefulSet.Status.ReadyReplicas = 2 @@ -878,7 +878,7 @@ func TestReconcileRacks_FirstRackAlreadyReconciled(t *testing.T) { nil, "rack1", rc.Datacenter, - 1, false) + 1) assert.NoErrorf(t, err, "error occurred creating statefulset") secondDesiredStatefulSet.Status.ReadyReplicas = 1 @@ -980,7 +980,7 @@ func TestReconcileRacks_UpdateConfig(t *testing.T) { nil, "rack0", rc.Datacenter, - 2, false) + 2) assert.NoErrorf(t, err, "error occurred creating statefulset") desiredStatefulSet.Status.ReadyReplicas = 2 diff --git a/scripts/postprocess-bundle.sh b/scripts/postprocess-bundle.sh index 7437f58f..d6ec719d 100755 --- a/scripts/postprocess-bundle.sh +++ b/scripts/postprocess-bundle.sh @@ -5,11 +5,13 @@ cat <> bundle.Dockerfile # Certified Openshift required labels LABEL com.redhat.openshift.versions="v4.9" LABEL com.redhat.delivery.operator.bundle=true +LABEL com.redhat.delivery.backport=true EOF # Add them to the bundle metadata also yq eval -i '.annotations."com.redhat.openshift.versions" = "v4.9"' bundle/metadata/annotations.yaml yq eval -i '.annotations."com.redhat.delivery.operator.bundle" = true' bundle/metadata/annotations.yaml +yq eval -i '.annotations."com.redhat.delivery.backport" = true' bundle/metadata/annotations.yaml yq eval -i '.annotations."com.redhat.openshift.versions" headComment = "Certified Openshift required labels"' bundle/metadata/annotations.yaml # This file is extra from creation process on config/manifests, should not be in the bundle itself diff --git a/scripts/preprocess-bundle.sh b/scripts/preprocess-bundle.sh deleted file mode 100755 index d4c1d20b..00000000 --- a/scripts/preprocess-bundle.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -cat << EOF >> config/rbac/kustomization.yaml -# Add Openshift nonroot Role and ServiceAccount -- nonroot_role.yaml -- service_account_nonroot.yaml -EOF - -yq eval -i '.olmDeployment = true' config/components/webhook/controller_manager_config.yaml From 46ca8168a22c62722bc2d5d353e4a804e3e6a008 Mon Sep 17 00:00:00 2001 From: Michael Burman Date: Tue, 5 Sep 2023 16:15:20 +0300 Subject: [PATCH 2/6] Add k8ssandra-client from quay.io to certified-bundle --- scripts/release-certified-bundles.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/release-certified-bundles.sh b/scripts/release-certified-bundles.sh index 59d57fb7..1e433ec4 100755 --- a/scripts/release-certified-bundles.sh +++ b/scripts/release-certified-bundles.sh @@ -1,7 +1,7 @@ #!/bin/sh -if [ "$#" -ne 3 ]; then - echo "Usage: scripts/release-certified-bundles.sh version sha256: sha256:" +if [ "$#" -ne 4 ]; then + echo "Usage: scripts/release-certified-bundles.sh version sha256: sha256: sha256:" echo "Script assumes you are in the correct branch / tag and that community-operators repository" echo "has been checked out to ../community-operators/" exit @@ -10,6 +10,7 @@ fi VERSION=$1 SHA=$2 SYSTEM_LOGGER_SHA=$3 +CLIENT_SHA=$4 # TODO Add certified-operators-marketplace ? TARGET_DIRS=(certified-operators) @@ -17,6 +18,7 @@ TARGET_DIRS=(certified-operators) git checkout v$VERSION yq -i '.images.system-logger = "registry.connect.redhat.com/datastax/system-logger@"' config/manager/image_config.yaml +yq -i '.images.k8ssandra-client = "registry.connect.redhat.com/datastax/k8ssandra-client@"' config/manager/image_config.yaml SYSTEM_LOGGER_SHA=$SYSTEM_LOGGER_SHA yq -i '.images.system-logger += env(SYSTEM_LOGGER_SHA)' config/manager/image_config.yaml # Create bundle @@ -26,8 +28,10 @@ make VERSION=$VERSION IMG=registry.connect.redhat.com/datastax/cass-operator@$SH yq -i '.spec.relatedImages = []' bundle/manifests/cass-operator.clusterserviceversion.yaml yq -i '.spec.relatedImages += {"name": "cass-operator", "image": "registry.connect.redhat.com/datastax/cass-operator@"}' bundle/manifests/cass-operator.clusterserviceversion.yaml yq -i '.spec.relatedImages += {"name": "system-logger", "image": "registry.connect.redhat.com/datastax/system-logger@"}' bundle/manifests/cass-operator.clusterserviceversion.yaml +yq -i '.spec.relatedImages += {"name": "k8ssandra-client", "image": "registry.connect.redhat.com/datastax/k8ssandra-client@"}' bundle/manifests/cass-operator.clusterserviceversion.yaml SHA=$SHA yq -i '.spec.relatedImages[0].image += env(SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml SYSTEM_LOGGER_SHA=$SYSTEM_LOGGER_SHA yq -i '.spec.relatedImages[1].image += env(SYSTEM_LOGGER_SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml +CLIENT_SHA=$CLIENT_SHA yq -i '.spec.relatedImages[2].image += env(CLIENT_SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml for dir in "${TARGET_DIRS[@]}" do From 94398112fb139d2f0f41f106dc6582d384745022 Mon Sep 17 00:00:00 2001 From: Michael Burman Date: Wed, 6 Sep 2023 17:54:13 +0300 Subject: [PATCH 3/6] Fix some rebase issues --- internal/controllers/cassandra/suite_test.go | 14 ++++---------- .../construct_podtemplatespec_test.go | 4 ++-- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/internal/controllers/cassandra/suite_test.go b/internal/controllers/cassandra/suite_test.go index 15f0875a..1c54fddf 100644 --- a/internal/controllers/cassandra/suite_test.go +++ b/internal/controllers/cassandra/suite_test.go @@ -36,7 +36,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log/zap" cassandradatastaxcomv1beta1 "github.com/k8ssandra/cass-operator/apis/cassandra/v1beta1" - configv1beta1 "github.com/k8ssandra/cass-operator/apis/config/v1beta1" controlapi "github.com/k8ssandra/cass-operator/apis/control/v1alpha1" "github.com/k8ssandra/cass-operator/pkg/images" "github.com/k8ssandra/cass-operator/pkg/reconciliation" @@ -97,16 +96,11 @@ var _ = BeforeSuite(func() { }) Expect(err).ToNot(HaveOccurred()) - operConfig := &configv1beta1.OperatorConfig{ - OLMDeployed: false, - } - err = (&CassandraDatacenterReconciler{ - Client: k8sClient, - Log: ctrl.Log.WithName("controllers").WithName("CassandraDatacenter"), - Scheme: k8sManager.GetScheme(), - Recorder: k8sManager.GetEventRecorderFor("cass-operator"), - OperatorConfig: operConfig, + Client: k8sClient, + Log: ctrl.Log.WithName("controllers").WithName("CassandraDatacenter"), + Scheme: k8sManager.GetScheme(), + Recorder: k8sManager.GetEventRecorderFor("cass-operator"), }).SetupWithManager(k8sManager) Expect(err).ToNot(HaveOccurred()) diff --git a/pkg/reconciliation/construct_podtemplatespec_test.go b/pkg/reconciliation/construct_podtemplatespec_test.go index 8bb2f332..1fe5561f 100644 --- a/pkg/reconciliation/construct_podtemplatespec_test.go +++ b/pkg/reconciliation/construct_podtemplatespec_test.go @@ -1163,7 +1163,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_clientImage(t *testing.T) { // 4.0 should not have the client image or new config builder, 4.1 should - spec40, err := buildPodTemplateSpec(dc40, dc40.Spec.Racks[0], false, false) + spec40, err := buildPodTemplateSpec(dc40, dc40.Spec.Racks[0], false) assert.NoError(err, "should not have gotten error when building podTemplateSpec") initContainers := spec40.Spec.InitContainers @@ -1178,7 +1178,7 @@ func TestCassandraDatacenter_buildPodTemplateSpec_clientImage(t *testing.T) { assert.True(volumesContains(volumes, volumeNameMatcher("server-logs"))) assert.True(volumesContains(volumes, volumeNameMatcher("vector-lib"))) - spec41, err := buildPodTemplateSpec(dc41, dc41.Spec.Racks[0], false, false) + spec41, err := buildPodTemplateSpec(dc41, dc41.Spec.Racks[0], false) assert.NoError(err, "should not have gotten error when building podTemplateSpec") initContainers = spec41.Spec.InitContainers From 4ce5b599b11abfa97b9ab7f6dff5ca3a2760dce8 Mon Sep 17 00:00:00 2001 From: Michael Burman Date: Fri, 8 Sep 2023 17:31:21 +0300 Subject: [PATCH 4/6] Remove k8ssandra-client from registry.connect.redhat.com for now --- scripts/release-certified-bundles.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/release-certified-bundles.sh b/scripts/release-certified-bundles.sh index 1e433ec4..b475ed0b 100755 --- a/scripts/release-certified-bundles.sh +++ b/scripts/release-certified-bundles.sh @@ -18,7 +18,7 @@ TARGET_DIRS=(certified-operators) git checkout v$VERSION yq -i '.images.system-logger = "registry.connect.redhat.com/datastax/system-logger@"' config/manager/image_config.yaml -yq -i '.images.k8ssandra-client = "registry.connect.redhat.com/datastax/k8ssandra-client@"' config/manager/image_config.yaml +#yq -i '.images.k8ssandra-client = "registry.connect.redhat.com/datastax/k8ssandra-client@"' config/manager/image_config.yaml SYSTEM_LOGGER_SHA=$SYSTEM_LOGGER_SHA yq -i '.images.system-logger += env(SYSTEM_LOGGER_SHA)' config/manager/image_config.yaml # Create bundle @@ -28,7 +28,7 @@ make VERSION=$VERSION IMG=registry.connect.redhat.com/datastax/cass-operator@$SH yq -i '.spec.relatedImages = []' bundle/manifests/cass-operator.clusterserviceversion.yaml yq -i '.spec.relatedImages += {"name": "cass-operator", "image": "registry.connect.redhat.com/datastax/cass-operator@"}' bundle/manifests/cass-operator.clusterserviceversion.yaml yq -i '.spec.relatedImages += {"name": "system-logger", "image": "registry.connect.redhat.com/datastax/system-logger@"}' bundle/manifests/cass-operator.clusterserviceversion.yaml -yq -i '.spec.relatedImages += {"name": "k8ssandra-client", "image": "registry.connect.redhat.com/datastax/k8ssandra-client@"}' bundle/manifests/cass-operator.clusterserviceversion.yaml +#yq -i '.spec.relatedImages += {"name": "k8ssandra-client", "image": "registry.connect.redhat.com/datastax/k8ssandra-client@"}' bundle/manifests/cass-operator.clusterserviceversion.yaml SHA=$SHA yq -i '.spec.relatedImages[0].image += env(SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml SYSTEM_LOGGER_SHA=$SYSTEM_LOGGER_SHA yq -i '.spec.relatedImages[1].image += env(SYSTEM_LOGGER_SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml CLIENT_SHA=$CLIENT_SHA yq -i '.spec.relatedImages[2].image += env(CLIENT_SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml From 24848f926ff912a55019ebd159306b4bcab8b228 Mon Sep 17 00:00:00 2001 From: Michael Burman Date: Fri, 8 Sep 2023 17:32:29 +0300 Subject: [PATCH 5/6] No backport --- scripts/postprocess-bundle.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/postprocess-bundle.sh b/scripts/postprocess-bundle.sh index d6ec719d..7437f58f 100755 --- a/scripts/postprocess-bundle.sh +++ b/scripts/postprocess-bundle.sh @@ -5,13 +5,11 @@ cat <> bundle.Dockerfile # Certified Openshift required labels LABEL com.redhat.openshift.versions="v4.9" LABEL com.redhat.delivery.operator.bundle=true -LABEL com.redhat.delivery.backport=true EOF # Add them to the bundle metadata also yq eval -i '.annotations."com.redhat.openshift.versions" = "v4.9"' bundle/metadata/annotations.yaml yq eval -i '.annotations."com.redhat.delivery.operator.bundle" = true' bundle/metadata/annotations.yaml -yq eval -i '.annotations."com.redhat.delivery.backport" = true' bundle/metadata/annotations.yaml yq eval -i '.annotations."com.redhat.openshift.versions" headComment = "Certified Openshift required labels"' bundle/metadata/annotations.yaml # This file is extra from creation process on config/manifests, should not be in the bundle itself From ce616eac72fc1f372548e0114bdb5d6d97b08068 Mon Sep 17 00:00:00 2001 From: Michael Burman Date: Fri, 8 Sep 2023 17:33:02 +0300 Subject: [PATCH 6/6] One more --- scripts/release-certified-bundles.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/release-certified-bundles.sh b/scripts/release-certified-bundles.sh index b475ed0b..61a43026 100755 --- a/scripts/release-certified-bundles.sh +++ b/scripts/release-certified-bundles.sh @@ -31,7 +31,7 @@ yq -i '.spec.relatedImages += {"name": "system-logger", "image": "registry.conne #yq -i '.spec.relatedImages += {"name": "k8ssandra-client", "image": "registry.connect.redhat.com/datastax/k8ssandra-client@"}' bundle/manifests/cass-operator.clusterserviceversion.yaml SHA=$SHA yq -i '.spec.relatedImages[0].image += env(SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml SYSTEM_LOGGER_SHA=$SYSTEM_LOGGER_SHA yq -i '.spec.relatedImages[1].image += env(SYSTEM_LOGGER_SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml -CLIENT_SHA=$CLIENT_SHA yq -i '.spec.relatedImages[2].image += env(CLIENT_SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml +#CLIENT_SHA=$CLIENT_SHA yq -i '.spec.relatedImages[2].image += env(CLIENT_SHA)' bundle/manifests/cass-operator.clusterserviceversion.yaml for dir in "${TARGET_DIRS[@]}" do