percona · hors · Jan 3, 2025 · Dec 2, 2024 · Dec 2, 2024 · Dec 2, 2024
@@ -17384,6 +17384,10 @@ spec:
             properties:
               host:
                 type: string
+              installedCustomExtensions:
+                items:
+                  type: string
+                type: array
               pgbouncer:
                 properties:
                   ready:

@@ -11,7 +11,7 @@ ARG GO_LDFLAGS
 ARG GOOS=linux
 ARG TARGETARCH
 ARG OPERATOR_CGO_ENABLED=1
-ARG EXTENSION_INSTALLER_CGO_ENABLED=0
+ARG EXTENSION_INSTALLER_CGO_ENABLED=1
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 

@@ -17790,6 +17790,10 @@ spec:
             properties:
               host:
                 type: string
+              installedCustomExtensions:
+                items:
+                  type: string
+                type: array
               pgbouncer:
                 properties:
                   ready:

@@ -18083,6 +18083,10 @@ spec:
             properties:
               host:
                 type: string
+              installedCustomExtensions:
+                items:
+                  type: string
+                type: array
               pgbouncer:
                 properties:
                   ready:

@@ -18083,6 +18083,10 @@ spec:
             properties:
               host:
                 type: string
+              installedCustomExtensions:
+                items:
+                  type: string
+                type: array
               pgbouncer:
                 properties:
                   ready:

@@ -18083,6 +18083,10 @@ spec:
             properties:
               host:
                 type: string
+              installedCustomExtensions:
+                items:
+                  type: string
+                type: array
               pgbouncer:
                 properties:
                   ready:

@@ -0,0 +1,12 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestAssert
+timeout: 30
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: 10-check-extensions
+data:
+  data: |2-
+     pg_stat_monitor
+     pgaudit
@@ -0,0 +1,13 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+timeout: 30
+commands:
+  - script: |-
+      set -o errexit
+      set -o xtrace
+
+      source ../../functions
+
+      data=$(kubectl -n ${NAMESPACE} exec $(get_client_pod) -- psql -v ON_ERROR_STOP=1 -t -q postgres://postgres:$(get_psql_user_pass custom-extensions-pguser-postgres)@$(get_psql_user_host custom-extensions-pguser-postgres) -c "\c postgres" -c "select name from pg_extensions order by name")
+
+      kubectl create configmap -n "${NAMESPACE}" 10-check-extensions --from-literal=data="${data}"
@@ -4,10 +4,14 @@
 	"context"
 	"crypto/md5"
 	"fmt"
+	"github.com/percona/percona-postgresql-operator/internal/controller/runtime"
+	"io"
 	"reflect"
 	"strings"
 	"time"
 
+	"github.com/percona/percona-postgresql-operator/internal/postgres"
+
 	"github.com/pkg/errors"
 	"go.opentelemetry.io/otel/trace"
 	batchv1 "k8s.io/api/batch/v1"
@@ -49,8 +53,12 @@
 
 // Reconciler holds resources for the PerconaPGCluster reconciler
 type PGClusterReconciler struct {
-	Client               client.Client
-	Owner                client.FieldOwner
+	Client  client.Client
+	Owner   client.FieldOwner
+	PodExec func(
+		ctx context.Context, namespace, pod, container string,
+		stdin io.Reader, stdout, stderr io.Writer, command ...string,
+	) error
 	Recorder             record.EventRecorder
 	Tracer               trace.Tracer
 	Platform             string
@@ -65,6 +73,13 @@
 
 // SetupWithManager adds the PerconaPGCluster controller to the provided runtime manager
 func (r *PGClusterReconciler) SetupWithManager(mgr manager.Manager) error {
+	if r.PodExec == nil {
+		var err error
+		r.PodExec, err = runtime.NewPodExecutor(mgr.GetConfig())
+		if err != nil {
+			return err
+		}
+	}
 	if err := r.CrunchyController.Watch(source.Kind(mgr.GetCache(), &corev1.Secret{}, r.watchSecrets())); err != nil {
 		return errors.Wrap(err, "unable to watch secrets")
 	}
@@ -241,7 +256,9 @@
 		return reconcile.Result{}, errors.Wrap(err, "failed to handle monitor user password change")
 	}
 
-	r.reconcileCustomExtensions(cr)
+	if err := r.reconcileCustomExtensions(ctx, cr, postgresCluster); err != nil {
+		return reconcile.Result{}, errors.Wrap(err, "reconcile custom extensions")
+	}
 
 	if err := r.reconcileScheduledBackups(ctx, cr); err != nil {
 		return reconcile.Result{}, errors.Wrap(err, "reconcile scheduled backups")
@@ -524,15 +541,64 @@
 	return nil
 }
 
-func (r *PGClusterReconciler) reconcileCustomExtensions(cr *v2.PerconaPGCluster) {
+func (r *PGClusterReconciler) reconcileCustomExtensions(ctx context.Context, cr *v2.PerconaPGCluster, postgresCluster *v1beta1.PostgresCluster) error {
+	log := logging.FromContext(ctx).WithValues("cluster", cr.Name, "namespace", cr.Namespace)
+
+	if err := r.Client.Get(ctx, client.ObjectKeyFromObject(postgresCluster), postgresCluster); err != nil {
+		return errors.Wrap(err, "get PostgresCluster")
+	}
+
 	if cr.Spec.Extensions.Storage.Secret == nil {
-		return
+		return nil
 	}
 
 	extensionKeys := make([]string, 0)
+	extensionNames := make([]string, 0)
+
 	for _, extension := range cr.Spec.Extensions.Custom {
 		key := extensions.GetExtensionKey(cr.Spec.PostgresVersion, extension.Name, extension.Version)
 		extensionKeys = append(extensionKeys, key)
+		extensionNames = append(extensionNames, extension.Name)
+	}
+
+	if cr.CompareVersion("2.6.0") >= 0 {
+		// custom extensions to be removed
+		var removedExtension []string
+		// list of installed custom extensions
+		var installedExtensions []string
+		installedExtensions = cr.Status.InstalledCustomExtensions
+		crExtensions := make(map[string]struct{})
+		for _, ext := range extensionNames {
+			crExtensions[ext] = struct{}{}
+		}
+		// Check for missing entries in crExtensions
+		for _, ext := range installedExtensions {
+			// If an object exists in installedExtensions but not in crExtensions, the extension should be deleted.
+			if _, exists := crExtensions[ext]; !exists {
+				removedExtension = append(removedExtension, ext)
+			}
+		}
+		log.Info("Extension to delete", "removedExtension", removedExtension)
+
+		if len(removedExtension) > 0 {
+
+			action := func(ctx context.Context, exec postgres.Executor) error {
+				return errors.WithStack(DisableCustomExtensionsInPostgreSQL(ctx, exec, removedExtension))
+			}
+
+			primary, err := getPrimaryPod(ctx, r.Client, cr)
+
+			if primary == nil {
+				return errors.New("Pod is nil")
+			}
+
+			err = action(ctx, func(ctx context.Context, stdin io.Reader, stdout, stderr io.Writer, command ...string) error {
+				return r.PodExec(ctx, primary.Namespace, primary.Name, naming.ContainerDatabase, stdin, stdout, stderr, command...)
+			})
+			if err != nil {
+				return errors.Wrap(err, "deletion extension from installed")
+			}
+		}
 	}
 
 	for i := 0; i < len(cr.Spec.InstanceSets); i++ {
@@ -549,6 +615,33 @@
 		))
 		set.VolumeMounts = append(set.VolumeMounts, extensions.ExtensionVolumeMounts(cr.Spec.PostgresVersion)...)
 	}
+	return nil
+}
+
+func DisableCustomExtensionsInPostgreSQL(ctx context.Context, exec postgres.Executor, customExtensionsForDeletion []string) error {
+	log := logging.FromContext(ctx)
+
+	for _, extensionName := range customExtensionsForDeletion {
+
+		sqlCommand := fmt.Sprintf(
+			`SET client_min_messages = WARNING; DROP EXTENSION IF EXISTS %s;`,
+			extensionName,
+		)
+
+		stdout, stderr, err := exec.ExecInAllDatabases(ctx,
+			sqlCommand,
+			map[string]string{
+				"ON_ERROR_STOP": "on", // Abort when any one command fails.
+				"QUIET":         "on", // Do not print successful commands to stdout.
+			},
+		)
+
+		log.V(1).Info("disabled", "extensionName", extensionName, "stdout", stdout, "stderr", stderr)
+
+		return errors.Wrap(err, "custom extension deletion")
+
+	}
+	return nil
 }
 
 func isBackupRunning(ctx context.Context, cl client.Reader, cr *v2.PerconaPGCluster) (bool, error) {
@@ -659,3 +752,27 @@
 
 	return nil
 }
+
+func getPrimaryPod(ctx context.Context, cli client.Client, cr *v2.PerconaPGCluster) (*corev1.Pod, error) {
+	podList := &corev1.PodList{}
+	err := cli.List(ctx, podList, &client.ListOptions{
+		Namespace: cr.Namespace,
+		LabelSelector: labels.SelectorFromSet(map[string]string{
+			"app.kubernetes.io/instance":             cr.Name,
+			"postgres-operator.crunchydata.com/role": "master",
+		}),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	if len(podList.Items) == 0 {
+		return nil, errors.New("no primary pod found")
+	}
+
+	if len(podList.Items) > 1 {
+		return nil, errors.New("multiple primary pods found")
+	}
+
+	return &podList.Items[0], nil
+}
@@ -2,7 +2,6 @@ package pgcluster
 
 import (
 	"context"
-
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -78,6 +77,11 @@ func (r *PGClusterReconciler) updateStatus(ctx context.Context, cr *v2.PerconaPG
 		return errors.Wrap(err, "get app host")
 	}
 
+	installedCustomExtensions := make([]string, 0)
+	for _, extension := range cr.Spec.Extensions.Custom {
+		installedCustomExtensions = append(installedCustomExtensions, extension.Name)
+	}
+
 	var size, ready int32
 	ss := make([]v2.PostgresInstanceSetStatus, 0, len(status.InstanceSets))
 	for _, is := range status.InstanceSets {
@@ -111,6 +115,8 @@ func (r *PGClusterReconciler) updateStatus(ctx context.Context, cr *v2.PerconaPG
 				Ready: status.Proxy.PGBouncer.ReadyReplicas,
 			},
 			Host: host,
+
+			InstalledCustomExtensions: installedCustomExtensions,
 		}
 
 		cluster.Status.State = r.getState(cr, &cluster.Status, status)

@@ -393,6 +393,10 @@ type PerconaPGClusterStatus struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=status
 	Host string `json:"host"`
+
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=status
+	InstalledCustomExtensions []string `json:"installedCustomExtensions"`
 }
 
 type Backups struct {