From 4a7884384b65fdc8a3b261316f2a8656b4d0ac7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ege=20G=C3=BCne=C5=9F?= Date: Mon, 12 May 2025 13:12:53 +0300 Subject: [PATCH 01/12] K8SPSMDB-1308: Improve physical restore logs --- build/physical-restore-ps-entry.sh | 35 ++++++++++++++++++----- e2e-tests/functions | 46 ++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 15 deletions(-) diff --git a/build/physical-restore-ps-entry.sh b/build/physical-restore-ps-entry.sh index 8927c16f1d..41b627537e 100755 --- a/build/physical-restore-ps-entry.sh +++ b/build/physical-restore-ps-entry.sh @@ -1,15 +1,36 @@ #!/bin/bash -set -Eeuo pipefail +set -e set -o xtrace -log=/tmp/pbm-agent.log +PBM_AGENT_LOG=/tmp/pbm-agent.log +MONGOD_LOG=/tmp/mongod.log +PHYSICAL_RESTORE_DIR=/data/db/pbm-restore-logs + +function handle_sigterm() { + echo "Received SIGTERM, cleaning up..." + + mkdir ${PHYSICAL_RESTORE_DIR} + mv pbm.restore.log.* ${PBM_AGENT_LOG} ${MONGOD_LOG} ${PHYSICAL_RESTORE_DIR}/ + + echo "Restore finished, you can find logs in ${PHYSICAL_RESTORE_DIR}" + exit 0 +} + +trap 'handle_sigterm' 15 touch /opt/percona/restore-in-progress -/opt/percona/pbm-agent 1>&2 2>${log} & -/opt/percona/ps-entry.sh "$@" 1>&2 2>/tmp/mongod.log +/opt/percona/pbm-agent >${PBM_AGENT_LOG} 2>&1 & +pbm_pid=$! + +/opt/percona/ps-entry.sh "$@" >${MONGOD_LOG} 2>&1 & +mongod_pid=$! -echo "Physical restore in progress" -tail -n +1 -f ${log} -sleep infinity +set +o xtrace +echo "Physical restore in progress... pbm-agent logs: ${PBM_AGENT_LOG} mongod logs: ${MONGOD_LOG}" +echo "Script PID: $$, pbm-agent PID: $pbm_pid, mongod PID: $mongod_pid" +while true; do + echo "Still in progress at $(date)" + sleep 10 +done diff --git a/e2e-tests/functions b/e2e-tests/functions index f2c8dbe627..546bf2cec2 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -337,6 +337,36 @@ simple_data_check() { fi } +get_mongod_pods() { + local cluster=$1 + + kubectl_bin get pod \ + --no-headers \ + -l app.kubernetes.io/instance=${cluster} \ + -l app.kubernetes.io/component=mongod + +} + +collect_physical_restore_logs() { + local cluster=$1 + local restore=$2 + + for pod in $(get_mongod_pods ${cluster}); do + desc "pbm-agent logs from ${pod}" + kubectl_bin exec -it ${pod} -- cat /tmp/pbm-agent.log || true + done +} + +is_physical_backup() { + local backup=$1 + + if [[ $(kubectl_bin get psmdb-backup ${backup} -o jsonpath={.status.type}) == "physical" ]]; then + return 0 + fi + + return 1 +} + wait_restore() { local backup_name=$1 local cluster_name=$2 @@ -359,15 +389,15 @@ wait_restore() { break fi if [[ $retry -ge $wait_time || ${current_state} == 'error' ]]; then - kubectl_bin logs ${OPERATOR_NS:+-n $OPERATOR_NS} $(get_operator_pod) \ - | grep -v 'level=info' \ - | grep -v 'level=debug' \ - | grep -v 'Getting tasks for pod' \ - | grep -v 'Getting pods from source' \ - | tail -100 + desc "operator logs:" + kubectl_bin logs ${OPERATOR_NS:+-n $OPERATOR_NS} $(get_operator_pod) | tail -100 + + if is_physical_backup ${backup_name}; then + collect_physical_restore_logs + fi + kubectl_bin get psmdb-restore restore-${backup_name} -o yaml - echo "Restore object restore-${backup_name} is in ${current_state} state." - echo something went wrong with operator or kubernetes cluster + log "Restore object restore-${backup_name} is in ${current_state} state." exit 1 fi done From 7e5f36c1baef6179620d47c379b418c4009292d8 Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Tue, 29 Apr 2025 18:53:06 -0300 Subject: [PATCH 02/12] K8SPSMDB-1265: Update versions for 1.20.0 release (#1903) * K8SPSMDB-1265: Update versions for 1.20.0 release * Update test dependencies versions * Update cr images --- deploy/bundle.yaml | 2 +- deploy/cr-minimal.yaml | 2 +- deploy/cr.yaml | 8 ++--- deploy/cw-bundle.yaml | 2 +- deploy/cw-operator.yaml | 2 +- deploy/operator.yaml | 2 +- e2e-tests/functions | 8 +++-- e2e-tests/release_versions | 32 +++++++++---------- .../perconaservermongodb/suite_test.go | 2 +- .../reconcile-statefulset/cfg-arbiter.yaml | 6 ++-- .../reconcile-statefulset/cfg-mongod.yaml | 6 ++-- .../reconcile-statefulset/cfg-nv.yaml | 6 ++-- .../reconcile-statefulset/rs0-arbiter.yaml | 4 +-- .../reconcile-statefulset/rs0-mongod.yaml | 6 ++-- .../reconcile-statefulset/rs0-nv.yaml | 6 ++-- 15 files changed, 48 insertions(+), 46 deletions(-) diff --git a/deploy/bundle.yaml b/deploy/bundle.yaml index 9d863e068a..dda12eec14 100644 --- a/deploy/bundle.yaml +++ b/deploy/bundle.yaml @@ -19788,7 +19788,7 @@ spec: serviceAccountName: percona-server-mongodb-operator containers: - name: percona-server-mongodb-operator - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/deploy/cr-minimal.yaml b/deploy/cr-minimal.yaml index 4f013a1a55..d997260cbb 100644 --- a/deploy/cr-minimal.yaml +++ b/deploy/cr-minimal.yaml @@ -4,7 +4,7 @@ metadata: name: minimal-cluster spec: crVersion: 1.20.0 - image: perconalab/percona-server-mongodb-operator:main-mongod8.0 + image: percona/percona-server-mongodb:8.0.4-2 unsafeFlags: replsetSize: true mongosSize: true diff --git a/deploy/cr.yaml b/deploy/cr.yaml index b451dc2ade..8f0ac956d1 100644 --- a/deploy/cr.yaml +++ b/deploy/cr.yaml @@ -14,7 +14,7 @@ spec: # unmanaged: false # enableVolumeExpansion: false crVersion: 1.20.0 - image: perconalab/percona-server-mongodb-operator:main-mongod8.0 + image: percona/percona-server-mongodb:8.0.4-2 imagePullPolicy: Always # tls: # mode: preferTLS @@ -27,7 +27,7 @@ spec: # group: cert-manager.io # imagePullSecrets: # - name: private-registry-credentials -# initImage: perconalab/percona-server-mongodb-operator:main +# initImage: percona/percona-server-mongodb-operator:1.20.0 # initContainerSecurityContext: {} # unsafeFlags: # tls: false @@ -59,7 +59,7 @@ spec: # sse: my-cluster-name-sse pmm: enabled: false - image: perconalab/pmm-client:dev-latest + image: percona/pmm-client:2.44.1 serverHost: monitoring-service # containerSecurityContext: {} # customClusterName: mongo-cluster @@ -622,7 +622,7 @@ spec: backup: enabled: true - image: perconalab/percona-server-mongodb-operator:main-backup + image: percona/percona-backup-mongodb:2.9.1 # annotations: # iam.amazonaws.com/role: role-arn # resources: diff --git a/deploy/cw-bundle.yaml b/deploy/cw-bundle.yaml index 010ee9f9f9..111834cb61 100644 --- a/deploy/cw-bundle.yaml +++ b/deploy/cw-bundle.yaml @@ -19809,7 +19809,7 @@ spec: serviceAccountName: percona-server-mongodb-operator containers: - name: percona-server-mongodb-operator - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/deploy/cw-operator.yaml b/deploy/cw-operator.yaml index b8ec3d38e6..e1effb043b 100644 --- a/deploy/cw-operator.yaml +++ b/deploy/cw-operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: percona-server-mongodb-operator containers: - name: percona-server-mongodb-operator - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 90d4d04a51..db09479e99 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: percona-server-mongodb-operator containers: - name: percona-server-mongodb-operator - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/e2e-tests/functions b/e2e-tests/functions index 574aba9b85..0932444b63 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -15,7 +15,9 @@ SKIP_BACKUPS_TO_AWS_GCP_AZURE=${SKIP_BACKUPS_TO_AWS_GCP_AZURE:-1} PMM_SERVER_VER=${PMM_SERVER_VER:-"9.9.9"} IMAGE_PMM_CLIENT=${IMAGE_PMM_CLIENT:-"perconalab/pmm-client:dev-latest"} IMAGE_PMM_SERVER=${IMAGE_PMM_SERVER:-"perconalab/pmm-server:dev-latest"} -CERT_MANAGER_VER="1.16.3" +CERT_MANAGER_VER="1.17.2" +MINIO_VER="5.4.0" +CHAOS_MESH_VER="2.7.1" UPDATE_COMPARE_FILES=${UPDATE_COMPARE_FILES:-0} DELETE_CRD_ON_START=${DELETE_CRD_ON_START:-1} tmp_dir=$(mktemp -d) @@ -477,7 +479,7 @@ deploy_minio() { helm repo add minio https://charts.min.io/ # kubectl_bin delete pvc minio-service --force retry 10 60 helm install minio-service \ - --version 5.0.14 \ + --version $MINIO_VER \ --set replicas=1 \ --set mode=standalone \ --set resources.requests.memory=256Mi \ @@ -573,7 +575,7 @@ deploy_chaos_mesh() { desc 'install chaos-mesh' helm repo add chaos-mesh https://charts.chaos-mesh.org - helm install chaos-mesh chaos-mesh/chaos-mesh --namespace=${chaos_mesh_ns} --set chaosDaemon.runtime=containerd --set chaosDaemon.socketPath=/run/containerd/containerd.sock --set dashboard.create=false --version 2.5.1 + helm install chaos-mesh chaos-mesh/chaos-mesh --namespace=${chaos_mesh_ns} --set chaosDaemon.runtime=containerd --set chaosDaemon.socketPath=/run/containerd/containerd.sock --set dashboard.create=false --version $CHAOS_MESH_VER sleep 10 } diff --git a/e2e-tests/release_versions b/e2e-tests/release_versions index bbd8cb2a62..d5ecad61f9 100644 --- a/e2e-tests/release_versions +++ b/e2e-tests/release_versions @@ -1,16 +1,16 @@ -IMAGE_OPERATOR=percona/percona-server-mongodb-operator:1.19.1 -IMAGE_MONGOD80=percona/percona-server-mongodb:8.0.4-1-multi -IMAGE_MONGOD70=percona/percona-server-mongodb:7.0.15-9-multi -IMAGE_MONGOD60=percona/percona-server-mongodb:6.0.19-16-multi -IMAGE_BACKUP=percona/percona-backup-mongodb:2.8.0-multi -IMAGE_PMM_CLIENT=percona/pmm-client:2.44.0 -IMAGE_PMM_SERVER=percona/pmm-server:2.44.0 -GKE_MIN=1.28 -GKE_MAX=1.30 -EKS_MIN=1.29 -EKS_MAX=1.31 -AKS_MIN=1.28 -AKS_MAX=1.31 -OPENSHIFT_MIN=4.14.44 -OPENSHIFT_MAX=4.17.11 -MINIKUBE_REL=1.31.0 \ No newline at end of file +IMAGE_OPERATOR=percona/percona-server-mongodb-operator:1.20.0 +IMAGE_MONGOD80=percona/percona-server-mongodb:8.0.4-2 +IMAGE_MONGOD70=percona/percona-server-mongodb:7.0.18-11 +IMAGE_MONGOD60=percona/percona-server-mongodb:6.0.21-18 +IMAGE_BACKUP=percona/percona-backup-mongodb:2.9.1 +IMAGE_PMM_CLIENT=percona/pmm-client:2.44.1 +IMAGE_PMM_SERVER=percona/pmm-server:2.44.1 +GKE_MIN=1.30 +GKE_MAX=1.32 +EKS_MIN=1.30 +EKS_MAX=1.32 +AKS_MIN=1.30 +AKS_MAX=1.32 +OPENSHIFT_MIN=4.14.50 +OPENSHIFT_MAX=4.18.10 +MINIKUBE_REL=1.32.0 \ No newline at end of file diff --git a/pkg/controller/perconaservermongodb/suite_test.go b/pkg/controller/perconaservermongodb/suite_test.go index 9aa5391f9b..2e61ed982e 100644 --- a/pkg/controller/perconaservermongodb/suite_test.go +++ b/pkg/controller/perconaservermongodb/suite_test.go @@ -106,6 +106,6 @@ func readDefaultCR(name, namespace string) (*psmdbv1.PerconaServerMongoDB, error cr.Name = name cr.Namespace = namespace - cr.Spec.InitImage = "perconalab/percona-server-mongodb-operator:main" + cr.Spec.InitImage = "percona/percona-server-mongodb-operator:1.20.0" return cr, nil } diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml index 6567f52ef7..e132b23891 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: perconalab/percona-server-mongodb-operator:main-mongod8.0 + image: percona/percona-server-mongodb:8.0.4-2 imagePullPolicy: Always livenessProbe: exec: @@ -185,7 +185,7 @@ spec: value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" - image: perconalab/percona-server-mongodb-operator:main-backup + image: percona/percona-backup-mongodb:2.9.1 imagePullPolicy: Always name: backup-agent resources: {} @@ -204,7 +204,7 @@ spec: initContainers: - command: - /init-entrypoint.sh - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always name: mongo-init resources: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml index 6567f52ef7..e132b23891 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: perconalab/percona-server-mongodb-operator:main-mongod8.0 + image: percona/percona-server-mongodb:8.0.4-2 imagePullPolicy: Always livenessProbe: exec: @@ -185,7 +185,7 @@ spec: value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" - image: perconalab/percona-server-mongodb-operator:main-backup + image: percona/percona-backup-mongodb:2.9.1 imagePullPolicy: Always name: backup-agent resources: {} @@ -204,7 +204,7 @@ spec: initContainers: - command: - /init-entrypoint.sh - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always name: mongo-init resources: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml index 6567f52ef7..e132b23891 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: perconalab/percona-server-mongodb-operator:main-mongod8.0 + image: percona/percona-server-mongodb:8.0.4-2 imagePullPolicy: Always livenessProbe: exec: @@ -185,7 +185,7 @@ spec: value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" - image: perconalab/percona-server-mongodb-operator:main-backup + image: percona/percona-backup-mongodb:2.9.1 imagePullPolicy: Always name: backup-agent resources: {} @@ -204,7 +204,7 @@ spec: initContainers: - command: - /init-entrypoint.sh - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always name: mongo-init resources: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml index 68597bedd7..5f3658af7f 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: perconalab/percona-server-mongodb-operator:main-mongod8.0 + image: percona/percona-server-mongodb:8.0.4-2 imagePullPolicy: Always livenessProbe: exec: @@ -154,7 +154,7 @@ spec: initContainers: - command: - /init-entrypoint.sh - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always name: mongo-init resources: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml index f0e28a4f50..d06490f0ba 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: perconalab/percona-server-mongodb-operator:main-mongod8.0 + image: percona/percona-server-mongodb:8.0.4-2 imagePullPolicy: Always livenessProbe: exec: @@ -185,7 +185,7 @@ spec: value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" - image: perconalab/percona-server-mongodb-operator:main-backup + image: percona/percona-backup-mongodb:2.9.1 imagePullPolicy: Always name: backup-agent resources: {} @@ -204,7 +204,7 @@ spec: initContainers: - command: - /init-entrypoint.sh - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always name: mongo-init resources: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml index 17dc3e5683..88fd03e343 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: perconalab/percona-server-mongodb-operator:main-mongod8.0 + image: percona/percona-server-mongodb:8.0.4-2 imagePullPolicy: Always livenessProbe: exec: @@ -184,7 +184,7 @@ spec: value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" - image: perconalab/percona-server-mongodb-operator:main-backup + image: percona/percona-backup-mongodb:2.9.1 imagePullPolicy: Always name: backup-agent resources: {} @@ -203,7 +203,7 @@ spec: initContainers: - command: - /init-entrypoint.sh - image: perconalab/percona-server-mongodb-operator:main + image: percona/percona-server-mongodb-operator:1.20.0 imagePullPolicy: Always name: mongo-init resources: From bda44995f85683f8dd6cf8e8a036d10c671a2123 Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Thu, 1 May 2025 09:16:05 -0300 Subject: [PATCH 03/12] Update Mongo 8 image to 8.0.8-3 --- deploy/cr-minimal.yaml | 2 +- deploy/cr.yaml | 2 +- e2e-tests/release_versions | 2 +- .../testdata/reconcile-statefulset/cfg-arbiter.yaml | 2 +- .../testdata/reconcile-statefulset/cfg-mongod.yaml | 2 +- .../testdata/reconcile-statefulset/cfg-nv.yaml | 2 +- .../testdata/reconcile-statefulset/rs0-arbiter.yaml | 2 +- .../testdata/reconcile-statefulset/rs0-mongod.yaml | 2 +- .../testdata/reconcile-statefulset/rs0-nv.yaml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/cr-minimal.yaml b/deploy/cr-minimal.yaml index d997260cbb..dae32a3c59 100644 --- a/deploy/cr-minimal.yaml +++ b/deploy/cr-minimal.yaml @@ -4,7 +4,7 @@ metadata: name: minimal-cluster spec: crVersion: 1.20.0 - image: percona/percona-server-mongodb:8.0.4-2 + image: percona/percona-server-mongodb:8.0.8-3 unsafeFlags: replsetSize: true mongosSize: true diff --git a/deploy/cr.yaml b/deploy/cr.yaml index 8f0ac956d1..db7f9d408d 100644 --- a/deploy/cr.yaml +++ b/deploy/cr.yaml @@ -14,7 +14,7 @@ spec: # unmanaged: false # enableVolumeExpansion: false crVersion: 1.20.0 - image: percona/percona-server-mongodb:8.0.4-2 + image: percona/percona-server-mongodb:8.0.8-3 imagePullPolicy: Always # tls: # mode: preferTLS diff --git a/e2e-tests/release_versions b/e2e-tests/release_versions index d5ecad61f9..70b5b9c149 100644 --- a/e2e-tests/release_versions +++ b/e2e-tests/release_versions @@ -1,5 +1,5 @@ IMAGE_OPERATOR=percona/percona-server-mongodb-operator:1.20.0 -IMAGE_MONGOD80=percona/percona-server-mongodb:8.0.4-2 +IMAGE_MONGOD80=percona/percona-server-mongodb:8.0.8-3 IMAGE_MONGOD70=percona/percona-server-mongodb:7.0.18-11 IMAGE_MONGOD60=percona/percona-server-mongodb:6.0.21-18 IMAGE_BACKUP=percona/percona-backup-mongodb:2.9.1 diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml index e132b23891..be14d7947b 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.4-2 + image: percona/percona-server-mongodb:8.0.8-3 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml index e132b23891..be14d7947b 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.4-2 + image: percona/percona-server-mongodb:8.0.8-3 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml index e132b23891..be14d7947b 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.4-2 + image: percona/percona-server-mongodb:8.0.8-3 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml index 5f3658af7f..d121f2a373 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.4-2 + image: percona/percona-server-mongodb:8.0.8-3 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml index d06490f0ba..5916f1ed99 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.4-2 + image: percona/percona-server-mongodb:8.0.8-3 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml index 88fd03e343..b0cdce2996 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.4-2 + image: percona/percona-server-mongodb:8.0.8-3 imagePullPolicy: Always livenessProbe: exec: From 18ac3ff4b36748f927e9c4a08ecafe8b48865516 Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Thu, 1 May 2025 11:25:18 -0300 Subject: [PATCH 04/12] Fix compare files with correct PBM_MONGODB_URI (#1905) --- .../default-cr/compare/statefulset_my-cluster-name-cfg-oc.yml | 2 +- .../default-cr/compare/statefulset_my-cluster-name-cfg.yml | 2 +- .../default-cr/compare/statefulset_my-cluster-name-rs0-oc.yml | 2 +- .../default-cr/compare/statefulset_my-cluster-name-rs0.yml | 2 +- .../compare/statefulset_some-name-rs0.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg-oc.yml b/e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg-oc.yml index a28ae0aaf4..c279b1d532 100644 --- a/e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg-oc.yml +++ b/e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg-oc.yml @@ -172,7 +172,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg.yml b/e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg.yml index ac2fbeb261..bc0bdd9ac9 100644 --- a/e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg.yml +++ b/e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0-oc.yml b/e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0-oc.yml index 60442d6d9e..5986b81067 100644 --- a/e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0-oc.yml +++ b/e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0-oc.yml @@ -172,7 +172,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0.yml b/e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0.yml index fd1e706733..a99ec08225 100644 --- a/e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0.yml +++ b/e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-eks-credentials-irsa/compare/statefulset_some-name-rs0.yml b/e2e-tests/demand-backup-eks-credentials-irsa/compare/statefulset_some-name-rs0.yml index 0b78d99814..13169146c7 100644 --- a/e2e-tests/demand-backup-eks-credentials-irsa/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/demand-backup-eks-credentials-irsa/compare/statefulset_some-name-rs0.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always From 82ae079179e64fc2b712eeaf597195bd0b80571b Mon Sep 17 00:00:00 2001 From: Eleonora Zinchenko Date: Tue, 6 May 2025 10:57:16 +0300 Subject: [PATCH 05/12] K8SPSMDB-1265: update oc compare for rs-shard-migration (#1909) --- .../compare/statefulset_some-name-rs0-oc.yml | 58 ++++++++++++++++--- 1 file changed, 50 insertions(+), 8 deletions(-) diff --git a/e2e-tests/rs-shard-migration/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/rs-shard-migration/compare/statefulset_some-name-rs0-oc.yml index 3de431d23e..89cffe2bdd 100644 --- a/e2e-tests/rs-shard-migration/compare/statefulset_some-name-rs0-oc.yml +++ b/e2e-tests/rs-shard-migration/compare/statefulset_some-name-rs0-oc.yml @@ -55,7 +55,6 @@ spec: - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key - --wiredTigerCacheSizeGB=0.25 - --wiredTigerIndexPrefixCompression=true - - --config=/etc/mongodb-config/mongod.conf - --quiet command: - /opt/percona/ps-entry.sh @@ -131,8 +130,6 @@ spec: - mountPath: /etc/mongodb-ssl-internal name: ssl-internal readOnly: true - - mountPath: /etc/mongodb-config - name: config - mountPath: /opt/percona name: bin - mountPath: /etc/mongodb-encryption @@ -141,6 +138,56 @@ spec: - mountPath: /etc/users-secret name: users-secret-file workingDir: /data/db + - args: + - pbm-agent-entrypoint + command: + - /opt/percona/pbm-entry.sh + env: + - name: PBM_AGENT_MONGODB_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_USER_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_AGENT_MONGODB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_BACKUP_PASSWORD_ESCAPED + name: internal-some-name-users + optional: false + - name: PBM_MONGODB_REPLSET + value: rs0 + - name: PBM_MONGODB_PORT + value: "27017" + - name: PBM_AGENT_SIDECAR + value: "true" + - name: PBM_AGENT_SIDECAR_SLEEP + value: "5" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PBM_MONGODB_URI + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true + - name: PBM_AGENT_TLS_ENABLED + value: "true" + imagePullPolicy: Always + name: backup-agent + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /opt/percona + name: bin + readOnly: true + - mountPath: /data/db + name: mongod-data dnsPolicy: ClusterFirst initContainers: - command: @@ -175,11 +222,6 @@ spec: secretName: some-name-mongodb-keyfile - emptyDir: {} name: bin - - configMap: - defaultMode: 420 - name: some-name-rs0-mongod - optional: true - name: config - name: some-name-mongodb-encryption-key secret: defaultMode: 288 From b560d47ccc74b5536d43039d17dca3039cdc857c Mon Sep 17 00:00:00 2001 From: Eleonora Zinchenko Date: Thu, 8 May 2025 19:28:54 +0300 Subject: [PATCH 06/12] K8SPSMDB-1265: clean up basmdb-backup and use kubectl wait for wait_restore (#1911) Use kubectl wait instead of regular loop in `wait_restore()` Add retry for `demand-backup-sharded` test backup presence in minio storage Delete backups during test cleanup before removing finalizers from objects. --- .../demand-backup-incremental-sharded/run | 2 +- e2e-tests/demand-backup-sharded/run | 12 ++++- e2e-tests/functions | 54 ++++++++++++++----- e2e-tests/pitr-physical/run | 2 + 4 files changed, 55 insertions(+), 15 deletions(-) diff --git a/e2e-tests/demand-backup-incremental-sharded/run b/e2e-tests/demand-backup-incremental-sharded/run index d1470bdf21..5cc01c9799 100755 --- a/e2e-tests/demand-backup-incremental-sharded/run +++ b/e2e-tests/demand-backup-incremental-sharded/run @@ -56,7 +56,7 @@ run_recovery_check() { fi echo - wait_cluster_consistency ${cluster} 42 + wait_cluster_consistency ${cluster} 60 wait_for_pbm_operations ${cluster} if [[ $base == true ]]; then diff --git a/e2e-tests/demand-backup-sharded/run b/e2e-tests/demand-backup-sharded/run index 83cd954037..e4a5774571 100755 --- a/e2e-tests/demand-backup-sharded/run +++ b/e2e-tests/demand-backup-sharded/run @@ -148,10 +148,18 @@ fi desc 'check backup and restore -- minio' backup_dest_minio=$(get_backup_dest "$backup_name_minio") -kubectl_bin run -i --rm aws-cli --image=perconalab/awscli --restart=Never -- \ +retry=0 +until kubectl_bin run -i --rm aws-cli --image=perconalab/awscli --restart=Never -- \ /usr/bin/env AWS_ACCESS_KEY_ID=some-access-key AWS_SECRET_ACCESS_KEY=some-secret-key AWS_DEFAULT_REGION=us-east-1 \ /usr/bin/aws --endpoint-url http://minio-service:9000 s3 ls "s3://${backup_dest_minio}/rs0/" \ - | grep "myApp.test.gz" + | grep "myApp.test.gz"; do + sleep 1 + let retry+=1 + if [ $retry -ge 60 ]; then + echo "Max retry count $retry reached. Something went wrong with writing backup" + exit 1 + fi +done insert_data_mongos "100501" "myApp" "" "$custom_port" insert_data_mongos "100501" "myApp1" "" "$custom_port" insert_data_mongos "100501" "myApp2" "" "$custom_port" diff --git a/e2e-tests/functions b/e2e-tests/functions index 0932444b63..06828680a3 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -233,14 +233,15 @@ wait_backup() { echo -n . let retry+=1 current_status=$(kubectl_bin get psmdb-backup $backup_name -o jsonpath='{.status.state}') - if [[ $retry -ge 360 || ${current_status} == 'error' ]]; then + if [[ $retry -ge 600 || ${current_status} == 'error' ]]; then kubectl_bin logs ${OPERATOR_NS:+-n $OPERATOR_NS} $(get_operator_pod) \ | grep -v 'level=info' \ | grep -v 'level=debug' \ | grep -v 'Getting tasks for pod' \ | grep -v 'Getting pods from source' \ - | tail -100 - echo "Backup object psmdb-backup/${backup_name} is in ${current_state} state." + | tail -200 + kubectl_bin get psmdb-backup + echo "Backup object psmdb-backup/${backup_name} is in ${current_status} state." echo something went wrong with operator or kubernetes cluster exit 1 fi @@ -379,11 +380,24 @@ wait_restore() { local ok_if_ready=${6:-0} set +o xtrace + # We need to run wait till object is created, otherwise wait fails at once + echo -n "Waiting for the psmdb-restore/restore-$backup_name object to be created" + retry_object=0 + until kubectl_bin get psmdb-restore restore-$backup_name >/dev/null 2>&1; do + echo -n . + let retry_object+=1 + if [[ ${retry_object} -ge 60 ]]; then + echo "psmdb-restore/restore-$backup_name object was not created." + exit 1 + fi + sleep 1 + done + echo "OK" + + echo -n "Waiting psmdb-restore/restore-${backup_name} to reach state \"${target_state}\" " retry=0 - echo -n "waiting psmdb-restore/restore-${backup_name} to reach ${target_state} state" - local current_state= - until [[ ${current_state} == ${target_state} ]]; do - sleep 0.5 + retry_count=$((wait_time / 60)) + until kubectl wait psmdb-restore restore-${backup_name} --for=jsonpath='{.status.state}'=${target_state} --timeout=60s >/dev/null 2>&1; do echo -n . let retry+=1 current_state=$(kubectl_bin get psmdb-restore restore-$backup_name -o jsonpath='{.status.state}') @@ -391,23 +405,29 @@ wait_restore() { echo "OK" break fi - if [[ $retry -ge $wait_time || ${current_state} == 'error' ]]; then - desc "operator logs:" - kubectl_bin logs ${OPERATOR_NS:+-n $OPERATOR_NS} $(get_operator_pod) | tail -100 + if [[ ${retry} -ge ${retry_count} || ${current_state} == 'error' ]]; then + kubectl_bin logs ${OPERATOR_NS:+-n $OPERATOR_NS} $(get_operator_pod) \ + | grep -v 'level=info' \ + | grep -v 'level=debug' \ + | grep -v 'Getting tasks for pod' \ + | grep -v 'Getting pods from source' \ + | tail -100 if is_physical_backup ${backup_name}; then collect_physical_restore_logs fi kubectl_bin get psmdb-restore restore-${backup_name} -o yaml - log "Restore object restore-${backup_name} is in ${current_state} state." + + echo "Restore object restore-${backup_name} is in ${current_state} state." + echo something went wrong with operator or kubernetes cluster exit 1 fi done echo "OK" set_debug - if [ $wait_cluster_consistency -eq 1 ]; then + if [[ $wait_cluster_consistency -eq 1 ]]; then wait_cluster_consistency "${cluster_name}" fi } @@ -1054,6 +1074,14 @@ delete_crd() { kubectl_bin delete -f "${src_dir}/deploy/$rbac_yaml" --ignore-not-found || true } +delete_backups() { + desc 'Delete psmdb-backup' + if [ $(kubectl_bin get psmdb-backup --no-headers | wc -l) != 0 ]; then + kubectl_bin get psmdb-backup + kubectl_bin delete psmdb-backup --all + fi +} + destroy() { local namespace="$1" local ignore_logs="${2:-true}" @@ -1074,6 +1102,8 @@ destroy() { #TODO: maybe will be enabled later #diff $test_dir/compare/operator.log $tmp_dir/operator.log + delete_backups + delete_crd destroy_cert_manager || true diff --git a/e2e-tests/pitr-physical/run b/e2e-tests/pitr-physical/run index 7a6905a00b..a2385ce970 100755 --- a/e2e-tests/pitr-physical/run +++ b/e2e-tests/pitr-physical/run @@ -78,6 +78,8 @@ main() { sleep 10 done + sleep 10 + check_recovery $backup_name_minio-2 date "${last_chunk}" "-2nd" "$cluster" run_backup $backup_name_minio 3 physical From 12b82d937ea6050d109b6b75ac687c3883613b69 Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Mon, 12 May 2025 08:56:20 -0300 Subject: [PATCH 07/12] Revert to use Mongo 7 as default --- deploy/cr-minimal.yaml | 2 +- deploy/cr.yaml | 2 +- e2e-tests/functions | 2 +- .../testdata/reconcile-statefulset/cfg-arbiter.yaml | 2 +- .../testdata/reconcile-statefulset/cfg-mongod.yaml | 2 +- .../testdata/reconcile-statefulset/cfg-nv.yaml | 2 +- .../testdata/reconcile-statefulset/rs0-arbiter.yaml | 2 +- .../testdata/reconcile-statefulset/rs0-mongod.yaml | 2 +- .../testdata/reconcile-statefulset/rs0-nv.yaml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/cr-minimal.yaml b/deploy/cr-minimal.yaml index dae32a3c59..23aec01aaa 100644 --- a/deploy/cr-minimal.yaml +++ b/deploy/cr-minimal.yaml @@ -4,7 +4,7 @@ metadata: name: minimal-cluster spec: crVersion: 1.20.0 - image: percona/percona-server-mongodb:8.0.8-3 + image: percona/percona-server-mongodb:7.0.18-11 unsafeFlags: replsetSize: true mongosSize: true diff --git a/deploy/cr.yaml b/deploy/cr.yaml index db7f9d408d..f8700ba62a 100644 --- a/deploy/cr.yaml +++ b/deploy/cr.yaml @@ -14,7 +14,7 @@ spec: # unmanaged: false # enableVolumeExpansion: false crVersion: 1.20.0 - image: percona/percona-server-mongodb:8.0.8-3 + image: percona/percona-server-mongodb:7.0.18-11 imagePullPolicy: Always # tls: # mode: preferTLS diff --git a/e2e-tests/functions b/e2e-tests/functions index 06828680a3..0b0f462cda 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -5,7 +5,7 @@ GIT_BRANCH=${VERSION:-$(git rev-parse --abbrev-ref HEAD | sed -e 's^/^-^g; s^[.] API="psmdb.percona.com/v1" OPERATOR_VERSION="$(grep 'crVersion' $(realpath $(dirname ${BASH_SOURCE[0]})/../deploy/cr.yaml) | awk '{print $2}')" IMAGE=${IMAGE:-"perconalab/percona-server-mongodb-operator:${GIT_BRANCH}"} -IMAGE_MONGOD=${IMAGE_MONGOD:-"perconalab/percona-server-mongodb-operator:main-mongod8.0"} +IMAGE_MONGOD=${IMAGE_MONGOD:-"perconalab/percona-server-mongodb-operator:main-mongod7.0"} IMAGE_MONGOD_CHAIN=${IMAGE_MONGOD_CHAIN:-$' perconalab/percona-server-mongodb-operator:main-mongod6.0 perconalab/percona-server-mongodb-operator:main-mongod7.0 diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml index be14d7947b..f11ba7ab92 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.8-3 + image: percona/percona-server-mongodb:7.0.18-11 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml index be14d7947b..f11ba7ab92 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.8-3 + image: percona/percona-server-mongodb:7.0.18-11 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml index be14d7947b..f11ba7ab92 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.8-3 + image: percona/percona-server-mongodb:7.0.18-11 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml index d121f2a373..3bbec4e287 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.8-3 + image: percona/percona-server-mongodb:7.0.18-11 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml index 5916f1ed99..3681afdea7 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.8-3 + image: percona/percona-server-mongodb:7.0.18-11 imagePullPolicy: Always livenessProbe: exec: diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml index b0cdce2996..0cc6e3be4b 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml @@ -83,7 +83,7 @@ spec: - secretRef: name: internal-reconcile-statefulset-cr-users optional: false - image: percona/percona-server-mongodb:8.0.8-3 + image: percona/percona-server-mongodb:7.0.18-11 imagePullPolicy: Always livenessProbe: exec: From fcb2317b542cfb7b7bd2616cc52ed46b3cb76b69 Mon Sep 17 00:00:00 2001 From: Eleonora Zinchenko Date: Wed, 14 May 2025 14:00:56 +0300 Subject: [PATCH 08/12] Print operator version (#1921) * K8SPSMDB-1265: Print operator version details --- e2e-tests/functions | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/e2e-tests/functions b/e2e-tests/functions index 0b0f462cda..ec9f6332de 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -469,6 +469,8 @@ deploy_operator() { fi sleep 2 wait_pod $(get_operator_pod) + echo "Print operator info from log" + kubectl_bin logs $(get_operator_pod) | grep 'Manager starting up' } deploy_operator_gh() { @@ -490,6 +492,8 @@ deploy_operator_gh() { sleep 2 wait_pod "$(get_operator_pod)" + echo "Print operator info from log" + kubectl_bin logs $(get_operator_pod) | grep 'Manager starting up' } deploy_minio() { From f949d5ecd92284fb8e5e4661f377cde59445f6ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ege=20G=C3=BCne=C5=9F?= Date: Wed, 14 May 2025 18:25:45 +0300 Subject: [PATCH 09/12] fix one-pod on azure --- e2e-tests/one-pod/run | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/e2e-tests/one-pod/run b/e2e-tests/one-pod/run index 9d8266fe37..39a8e6f3ea 100755 --- a/e2e-tests/one-pod/run +++ b/e2e-tests/one-pod/run @@ -36,6 +36,7 @@ main() { cluster='one-pod-rs0' spinup_psmdb "$cluster" "$test_dir/conf/$cluster.yml" "1" + wait_cluster_consistency "${cluster/-rs0/}" desc 'check if service and pvc created with expected config' compare_kubectl service/$cluster @@ -53,7 +54,7 @@ main() { desc 'create secret and check custom config' kubectl_bin apply -f "$test_dir/conf/mongod-secret.yml" - sleep 50 + wait_cluster_consistency "${cluster/-rs0/}" desc 'check if statefulset created with expected config' compare_kubectl "statefulset/$cluster" "-secret" @@ -69,7 +70,7 @@ main() { desc 'create secret and check custom config' kubectl_bin apply -f "$test_dir/conf/mongod-secret-2.yml" - sleep 50 + wait_cluster_consistency "${cluster/-rs0/}" run_mongo \ 'db.serverCmdLineOpts()' \ From cda1ed4cc04ce259483e564da38f74c486268c72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ege=20G=C3=BCne=C5=9F?= Date: Fri, 16 May 2025 22:53:05 +0300 Subject: [PATCH 10/12] fix balancer on aks --- e2e-tests/balancer/conf/some-name-rs0.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/e2e-tests/balancer/conf/some-name-rs0.yml b/e2e-tests/balancer/conf/some-name-rs0.yml index f5e0b982ee..957e5bd112 100644 --- a/e2e-tests/balancer/conf/some-name-rs0.yml +++ b/e2e-tests/balancer/conf/some-name-rs0.yml @@ -55,7 +55,7 @@ spec: persistentVolumeClaim: resources: requests: - storage: 1Gi + storage: 3Gi size: 3 - name: rs1 affinity: @@ -73,7 +73,7 @@ spec: persistentVolumeClaim: resources: requests: - storage: 1Gi + storage: 3Gi size: 3 - name: rs2 affinity: @@ -91,7 +91,7 @@ spec: persistentVolumeClaim: resources: requests: - storage: 1Gi + storage: 3Gi size: 3 secrets: users: some-users From ac3cc1468e774b9c33e29561bbd9354adedab3c7 Mon Sep 17 00:00:00 2001 From: George Kechagias Date: Tue, 20 May 2025 19:35:00 +0300 Subject: [PATCH 11/12] K8SPSMDB-1268 pmm3 support (#1916) * K8SPSMDB-1268 pmm3 support * fix imports * assert the env var lengths * add server host * cover more inits in test * add custom params * improve test * remove spammy logs * e2e tests * fix mounts for pmm3 container * update secret with new token comment * wrapup e2e test * drop unused env vars * ensure that pmm3 test is fully functional * bonus: improve the custom name e2e verification * add small assertion to ensure that disabled pmm and nil secret return no container * make custom cluster name configurable in cr for the e2e test * fix linter * cr: package rename to config * add some more test cases --- cmd/mongodb-healthcheck/logger/logger.go | 4 +- deploy/secrets.yaml | 1 + e2e-tests/default-cr/run | 27 - e2e-tests/functions | 2 + .../monitoring-2-0/conf/monitoring-2-0.yml | 200 -------- .../service_monitoring-pmm3-mongos.yml | 31 ++ .../compare/service_monitoring-pmm3-rs0.yml | 29 ++ .../statefulset_monitoring-pmm3-cfg-oc.yml | 331 ++++++++++++ .../statefulset_monitoring-pmm3-cfg.yml | 333 ++++++++++++ .../statefulset_monitoring-pmm3-mongos-oc.yml | 324 ++++++++++++ .../statefulset_monitoring-pmm3-mongos.yml | 326 ++++++++++++ ...tefulset_monitoring-pmm3-rs0-no-pmm-oc.yml | 202 ++++++++ ...statefulset_monitoring-pmm3-rs0-no-pmm.yml | 204 ++++++++ .../statefulset_monitoring-pmm3-rs0-oc.yml | 319 ++++++++++++ .../statefulset_monitoring-pmm3-rs0.yml | 321 ++++++++++++ .../conf/monitoring-pmm3-rs0.yml | 74 +++ e2e-tests/monitoring-pmm3/conf/secrets.yml | 16 + e2e-tests/monitoring-pmm3/run | 474 ++++++++++++++++++ e2e-tests/release_versions | 2 + e2e-tests/run-pr.csv | 1 + e2e-tests/run-release.csv | 1 + pkg/apis/psmdb/v1/psmdb_types.go | 5 +- .../perconaservermongodb/psmdb_controller.go | 26 +- .../perconaservermongodb/volumes.go | 6 +- pkg/psmdb/{ => config}/const.go | 24 +- pkg/psmdb/container.go | 45 +- pkg/psmdb/init.go | 9 +- pkg/psmdb/mongos.go | 47 +- pkg/psmdb/{ => pmm}/pmm.go | 232 ++++++++- pkg/psmdb/pmm/pmm_test.go | 191 +++++++ pkg/psmdb/service.go | 11 +- pkg/psmdb/statefulset.go | 32 +- 32 files changed, 3513 insertions(+), 337 deletions(-) delete mode 100644 e2e-tests/monitoring-2-0/conf/monitoring-2-0.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-mongos.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-rs0.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg-oc.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos-oc.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm-oc.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-oc.yml create mode 100644 e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0.yml create mode 100644 e2e-tests/monitoring-pmm3/conf/monitoring-pmm3-rs0.yml create mode 100644 e2e-tests/monitoring-pmm3/conf/secrets.yml create mode 100755 e2e-tests/monitoring-pmm3/run rename pkg/psmdb/{ => config}/const.go (85%) rename pkg/psmdb/{ => pmm}/pmm.go (60%) create mode 100644 pkg/psmdb/pmm/pmm_test.go diff --git a/cmd/mongodb-healthcheck/logger/logger.go b/cmd/mongodb-healthcheck/logger/logger.go index 7058e0e90b..dee26c1bc2 100644 --- a/cmd/mongodb-healthcheck/logger/logger.go +++ b/cmd/mongodb-healthcheck/logger/logger.go @@ -13,7 +13,7 @@ import ( "gopkg.in/natefinch/lumberjack.v2" "sigs.k8s.io/controller-runtime/pkg/log/zap" - "github.com/percona/percona-server-mongodb-operator/pkg/psmdb" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" ) type Logger struct { @@ -22,7 +22,7 @@ type Logger struct { } func New() *Logger { - logPath := filepath.Join(psmdb.MongodDataVolClaimName, "logs", "mongodb-healthcheck.log") + logPath := filepath.Join(config.MongodDataVolClaimName, "logs", "mongodb-healthcheck.log") return newLogger(logPath) } diff --git a/deploy/secrets.yaml b/deploy/secrets.yaml index 35b89fc54a..a0b8384db3 100644 --- a/deploy/secrets.yaml +++ b/deploy/secrets.yaml @@ -17,3 +17,4 @@ stringData: PMM_SERVER_API_KEY: apikey #PMM_SERVER_USER: admin #PMM_SERVER_PASSWORD: admin + #PMM_SERVER_TOKEN: token diff --git a/e2e-tests/default-cr/run b/e2e-tests/default-cr/run index 7f2541d495..356c9a77f5 100755 --- a/e2e-tests/default-cr/run +++ b/e2e-tests/default-cr/run @@ -91,33 +91,6 @@ function main() { compare_generation "1" "statefulset" "${cluster}-mongos" compare_generation "1" "psmdb" "${cluster}" - desc 'install PMM Server' - deploy_pmm_server - sleep 20 - kubectl_bin patch psmdb ${cluster} --type=merge --patch '{ - "spec": {"pmm":{"enabled":true}} - }' - sleep 120 - # since psmdb cluster won't work without pmm server running consistency check would be enough - wait_cluster_consistency $cluster - - kubectl_bin patch psmdb ${cluster} --type=merge --patch '{ - "spec": {"pmm":{"enabled":false}} - }' - sleep 120 - - if [[ -n ${OPENSHIFT} ]]; then - oc adm policy remove-scc-from-user privileged -z pmm-server - if [ -n "$OPERATOR_NS" ]; then - oc delete clusterrolebinding pmm-psmdb-operator-cluster-wide - else - oc delete rolebinding pmm-psmdb-operator-namespace-only - fi - fi - helm uninstall monitoring - - wait_cluster_consistency $cluster - desc 'enabling arbiter' kubectl_bin patch psmdb ${cluster} --type json -p='[{"op":"replace","path":"/spec/replsets/0/arbiter/enabled","value":true},{"op":"replace","path":"/spec/replsets/0/size","value":4}]' wait_cluster_consistency $cluster diff --git a/e2e-tests/functions b/e2e-tests/functions index ec9f6332de..7dab66ee13 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -15,6 +15,8 @@ SKIP_BACKUPS_TO_AWS_GCP_AZURE=${SKIP_BACKUPS_TO_AWS_GCP_AZURE:-1} PMM_SERVER_VER=${PMM_SERVER_VER:-"9.9.9"} IMAGE_PMM_CLIENT=${IMAGE_PMM_CLIENT:-"perconalab/pmm-client:dev-latest"} IMAGE_PMM_SERVER=${IMAGE_PMM_SERVER:-"perconalab/pmm-server:dev-latest"} +IMAGE_PMM3_CLIENT=${IMAGE_PMM3_CLIENT:-"perconalab/pmm-client:3.1.0"} +IMAGE_PMM3_SERVER=${IMAGE_PMM3_SERVER:-"perconalab/pmm-server:3.1.0"} CERT_MANAGER_VER="1.17.2" MINIO_VER="5.4.0" CHAOS_MESH_VER="2.7.1" diff --git a/e2e-tests/monitoring-2-0/conf/monitoring-2-0.yml b/e2e-tests/monitoring-2-0/conf/monitoring-2-0.yml deleted file mode 100644 index 562edf162a..0000000000 --- a/e2e-tests/monitoring-2-0/conf/monitoring-2-0.yml +++ /dev/null @@ -1,200 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: monitoring - generation: 7 - labels: - app: monitoring - app.kubernetes.io/managed-by: Helm - chart: pmm-server-2.12.0 - heritage: Helm - release: monitoring -spec: - replicas: 1 - selector: - matchLabels: - app: monitoring - component: pmm - template: - metadata: - creationTimestamp: null - labels: - app: monitoring - component: pmm - annotations: - openshift.io/scc: privileged - spec: - containers: - - resources: - requests: - cpu: 500m - memory: 1Gi - terminationMessagePath: /dev/termination-log - name: monitoring - command: - - bash - env: - - name: DISABLE_UPDATES - value: 'true' - - name: METRICS_RESOLUTION - value: 1s - - name: METRICS_RETENTION - value: 720h - - name: QUERIES_RETENTION - value: '8' - - name: METRICS_MEMORY - value: '600000' - - name: ADMIN_PASSWORD - value: admin - ports: - - name: https - containerPort: 443 - protocol: TCP - imagePullPolicy: Always - volumeMounts: - - name: pmmdata - mountPath: /pmmdata - terminationMessagePolicy: File - image: 'percona/pmm-server:2.12.0' - args: - - '-c' - - > - set -ex - - - - if [[ $EUID != 1000 ]]; then - - # logrotate requires UID in /etc/passwd - sed -e "s^x:1000:^x:$EUID:^" /etc/passwd > /tmp/passwd - cat /tmp/passwd > /etc/passwd - rm -rf /tmp/passwd - fi - - if [ ! -f /pmmdata/app-init ]; then - - # the PV hasn't been initialized, so copy over default - # pmm-server directories before symlinking - mkdir -p /pmmdata - - rsync -a --owner=$EUID /srv/prometheus/data/ /pmmdata/prometheus-data/ - rsync -a --owner=$EUID /srv/prometheus/rules/ /pmmdata/prometheus-rules/ - rsync -a --owner=$EUID /srv/postgres/ /pmmdata/postgres/ - rsync -a --owner=$EUID /srv/grafana/ /pmmdata/grafana/ - rsync -a --owner=$EUID /srv/clickhouse/ /pmmdata/clickhouse/ - - # initialize the PV and then mark it complete - touch /pmmdata/app-init - fi - - - # remove the default directories so we can symlink the - - # existing PV directories - - rm -Rf /srv/prometheus/data - - rm -Rf /srv/prometheus/rules - - rm -Rf /srv/postgres - - rm -Rf /srv/grafana - - rm -Rf /srv/clickhouse - - - # symlink pmm-server paths to point to our PV - - ln -s /pmmdata/prometheus-data /srv/prometheus/data - - ln -s /pmmdata/prometheus-rules /srv/prometheus/rules - - ln -s /pmmdata/postgres /srv/ - - ln -s /pmmdata/grafana /srv/ - - ln -s /pmmdata/clickhouse /srv/ - - - sed -ri "s/(^log_directory = ).*/\1\'\/srv\/logs\'/g" /pmmdata/postgres/postgresql.conf - - chmod 700 /pmmdata/postgres - - - - # http2 is not supported in openshift now - - sed -e "s^ http2^^" /etc/nginx/conf.d/pmm.conf > /tmp/nginx - - cat /tmp/nginx > /etc/nginx/conf.d/pmm.conf - - rm -rf /tmp/nginx - - - - - ln -s /srv/grafana /usr/share/grafana/data - - grafana-cli --homepath=/usr/share/grafana --config=/etc/grafana/grafana.ini admin reset-admin-password "$ADMIN_PASSWORD" - - - - bash -x /opt/entrypoint.sh - - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst - serviceAccountName: percona-server-mongodb-operator - serviceAccount: percona-server-mongodb-operator - securityContext: - supplementalGroups: - - 1000 - fsGroup: 1000 - schedulerName: default-scheduler - volumeClaimTemplates: - - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: pmmdata - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi - volumeMode: Filesystem - status: - phase: Pending - serviceName: monitoring - podManagementPolicy: OrderedReady - updateStrategy: - type: OnDelete - revisionHistoryLimit: 10 ---- -kind: Service -apiVersion: v1 -metadata: - name: monitoring-service - finalizers: - - service.kubernetes.io/load-balancer-cleanup - labels: - app: monitoring - app.kubernetes.io/managed-by: Helm - chart: pmm-server-2.12.0 - component: pmm - heritage: Helm - release: monitoring -spec: - ports: - - name: https - protocol: TCP - port: 443 - targetPort: 443 - nodePort: 31833 - selector: - app: monitoring - component: pmm - type: LoadBalancer - sessionAffinity: None - externalTrafficPolicy: Cluster diff --git a/e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-mongos.yml b/e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-mongos.yml new file mode 100644 index 0000000000..3d978c5113 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-mongos.yml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + test: monitoring-pmm3 + labels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + test: monitoring-pmm3 + name: monitoring-pmm3-mongos + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + ports: + - name: mongos + port: 27019 + protocol: TCP + targetPort: 27019 + selector: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + sessionAffinity: None + type: ClusterIP diff --git a/e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-rs0.yml b/e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-rs0.yml new file mode 100644 index 0000000000..c880e9994d --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-rs0.yml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + name: monitoring-pmm3-rs0 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + ports: + - name: mongodb + port: 27019 + protocol: TCP + targetPort: 27019 + selector: + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + sessionAffinity: None + type: ClusterIP diff --git a/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg-oc.yml b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg-oc.yml new file mode 100644 index 0000000000..0720b9596e --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg-oc.yml @@ -0,0 +1,331 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 2 + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + name: monitoring-pmm3-cfg + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + serviceName: monitoring-pmm3-cfg + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + topologyKey: kubernetes.io/hostname + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27019 + - --replSet=cfg + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=requireTLS + - --configsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: monitoring-pmm3 + - name: MONGODB_PORT + value: "27019" + - name: MONGODB_REPLSET + value: cfg + envFrom: + - secretRef: + name: internal-monitoring-pmm3-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27019 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: monitoring-pmm3-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: monitoring-pmm3-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - env: + - name: DB_TYPE + value: mongodb + - name: DB_USER + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_USER + name: internal-monitoring-pmm3-users + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_PASSWORD + name: internal-monitoring-pmm3-users + - name: DB_HOST + value: localhost + - name: DB_CLUSTER + value: monitoring-pmm3 + - name: DB_PORT + value: "27019" + - name: CLUSTER_NAME + value: super-custom + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: service_token + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: PMM_SERVER_TOKEN + name: internal-monitoring-pmm3-users + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(POD_NAMESPACE)-$(POD_NAME) + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_ADMIN_CUSTOM_PARAMS + value: --enable-all-collectors --environment=dev-mongod + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + - name: PMM_AGENT_PRERUN_SCRIPT + value: |- + cat /etc/mongodb-ssl/tls.key /etc/mongodb-ssl/tls.crt > /tmp/tls.pem; + pmm-admin status --wait=10s; + pmm-admin add $(DB_TYPE) $(PMM_ADMIN_CUSTOM_PARAMS) --skip-connection-check --metrics-mode=push --username=$(DB_USER) --password=$(DB_PASSWORD) --cluster=$(CLUSTER_NAME) --service-name=$(PMM_AGENT_SETUP_NODE_NAME) --host=$(DB_HOST) --port=$(DB_PORT) --tls --tls-skip-verify --tls-certificate-key-file=/tmp/tls.pem --tls-ca-file=/etc/mongodb-ssl/ca.crt --authentication-mechanism=SCRAM-SHA-1 --authentication-database=admin; + pmm-admin annotate --service-name=$(PMM_AGENT_SETUP_NODE_NAME) 'Service restarted' + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: monitoring-pmm3-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: monitoring-pmm3-cfg-mongod + optional: true + name: config + - name: monitoring-pmm3-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: monitoring-pmm3-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-monitoring-pmm3-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: + phase: Pending diff --git a/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg.yml b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg.yml new file mode 100644 index 0000000000..e73c9939e3 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg.yml @@ -0,0 +1,333 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 2 + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + name: monitoring-pmm3-cfg + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + serviceName: monitoring-pmm3-cfg + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: cfg + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: cfg + topologyKey: kubernetes.io/hostname + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27019 + - --replSet=cfg + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=requireTLS + - --configsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: monitoring-pmm3 + - name: MONGODB_PORT + value: "27019" + - name: MONGODB_REPLSET + value: cfg + envFrom: + - secretRef: + name: internal-monitoring-pmm3-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27019 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: monitoring-pmm3-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: monitoring-pmm3-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - env: + - name: DB_TYPE + value: mongodb + - name: DB_USER + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_USER + name: internal-monitoring-pmm3-users + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_PASSWORD + name: internal-monitoring-pmm3-users + - name: DB_HOST + value: localhost + - name: DB_CLUSTER + value: monitoring-pmm3 + - name: DB_PORT + value: "27019" + - name: CLUSTER_NAME + value: super-custom + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: service_token + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: PMM_SERVER_TOKEN + name: internal-monitoring-pmm3-users + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(POD_NAMESPACE)-$(POD_NAME) + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_ADMIN_CUSTOM_PARAMS + value: --enable-all-collectors --environment=dev-mongod + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + - name: PMM_AGENT_PRERUN_SCRIPT + value: |- + cat /etc/mongodb-ssl/tls.key /etc/mongodb-ssl/tls.crt > /tmp/tls.pem; + pmm-admin status --wait=10s; + pmm-admin add $(DB_TYPE) $(PMM_ADMIN_CUSTOM_PARAMS) --skip-connection-check --metrics-mode=push --username=$(DB_USER) --password=$(DB_PASSWORD) --cluster=$(CLUSTER_NAME) --service-name=$(PMM_AGENT_SETUP_NODE_NAME) --host=$(DB_HOST) --port=$(DB_PORT) --tls --tls-skip-verify --tls-certificate-key-file=/tmp/tls.pem --tls-ca-file=/etc/mongodb-ssl/ca.crt --authentication-mechanism=SCRAM-SHA-1 --authentication-database=admin; + pmm-admin annotate --service-name=$(PMM_AGENT_SETUP_NODE_NAME) 'Service restarted' + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: monitoring-pmm3-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: monitoring-pmm3-cfg-mongod + optional: true + name: config + - name: monitoring-pmm3-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: monitoring-pmm3-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-monitoring-pmm3-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + status: + phase: Pending diff --git a/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos-oc.yml b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos-oc.yml new file mode 100644 index 0000000000..b8d4ea64f9 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos-oc.yml @@ -0,0 +1,324 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 2 + labels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + name: monitoring-pmm3-mongos + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + serviceName: "" + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + topologyKey: kubernetes.io/hostname + containers: + - args: + - mongos + - --bind_ip_all + - --port=27019 + - --sslAllowInvalidCertificates + - --configdb + - cfg/monitoring-pmm3-cfg-0.monitoring-pmm3-cfg.NAME_SPACE.svc.cluster.local:27019,monitoring-pmm3-cfg-1.monitoring-pmm3-cfg.NAME_SPACE.svc.cluster.local:27019,monitoring-pmm3-cfg-2.monitoring-pmm3-cfg.NAME_SPACE.svc.cluster.local:27019 + - --relaxPermChecks + - --clusterAuthMode=x509 + - --tlsMode=requireTLS + - --config=/etc/mongos-config/mongos.conf + command: + - /opt/percona/ps-entry.sh + env: + - name: MONGODB_PORT + value: "27019" + envFrom: + - secretRef: + name: some-users + optional: false + - secretRef: + name: internal-monitoring-pmm3-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --component + - mongos + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "10" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongos + ports: + - containerPort: 27019 + name: mongos + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongos + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 300m + memory: 500M + requests: + cpu: 300m + memory: 500M + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: monitoring-pmm3-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongos-config + name: config + - mountPath: /etc/users-secret + name: users-secret-file + readOnly: true + - mountPath: /opt/percona + name: bin + workingDir: /data/db + - env: + - name: DB_TYPE + value: mongodb + - name: DB_USER + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_USER + name: internal-monitoring-pmm3-users + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_PASSWORD + name: internal-monitoring-pmm3-users + - name: DB_HOST + value: localhost + - name: DB_CLUSTER + value: monitoring-pmm3 + - name: DB_PORT + value: "27019" + - name: CLUSTER_NAME + value: super-custom + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: service_token + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: PMM_SERVER_TOKEN + name: internal-monitoring-pmm3-users + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(POD_NAMESPACE)-$(POD_NAME) + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_ADMIN_CUSTOM_PARAMS + value: --environment=dev-mongos + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + - name: PMM_AGENT_PRERUN_SCRIPT + value: |- + cat /etc/mongodb-ssl/tls.key /etc/mongodb-ssl/tls.crt > /tmp/tls.pem; + pmm-admin status --wait=10s; + pmm-admin add $(DB_TYPE) $(PMM_ADMIN_CUSTOM_PARAMS) --skip-connection-check --metrics-mode=push --username=$(DB_USER) --password=$(DB_PASSWORD) --cluster=$(CLUSTER_NAME) --service-name=$(PMM_AGENT_SETUP_NODE_NAME) --host=$(DB_HOST) --port=$(DB_PORT) --tls --tls-skip-verify --tls-certificate-key-file=/tmp/tls.pem --tls-ca-file=/etc/mongodb-ssl/ca.crt --authentication-mechanism=SCRAM-SHA-1 --authentication-database=admin; + pmm-admin annotate --service-name=$(PMM_AGENT_SETUP_NODE_NAME) 'Service restarted' + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 300m + memory: 500M + requests: + cpu: 300m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: monitoring-pmm3-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-keyfile + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: monitoring-pmm3-ssl-internal + - emptyDir: {} + name: mongod-data + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-monitoring-pmm3-users + - configMap: + defaultMode: 420 + name: monitoring-pmm3-mongos + optional: true + name: config + - emptyDir: {} + name: bin + updateStrategy: + type: OnDelete diff --git a/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos.yml b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos.yml new file mode 100644 index 0000000000..e2871d90f5 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos.yml @@ -0,0 +1,326 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 2 + labels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + name: monitoring-pmm3-mongos + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + serviceName: "" + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: mongos + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + topologyKey: kubernetes.io/hostname + containers: + - args: + - mongos + - --bind_ip_all + - --port=27019 + - --sslAllowInvalidCertificates + - --configdb + - cfg/monitoring-pmm3-cfg-0.monitoring-pmm3-cfg.NAME_SPACE.svc.cluster.local:27019,monitoring-pmm3-cfg-1.monitoring-pmm3-cfg.NAME_SPACE.svc.cluster.local:27019,monitoring-pmm3-cfg-2.monitoring-pmm3-cfg.NAME_SPACE.svc.cluster.local:27019 + - --relaxPermChecks + - --clusterAuthMode=x509 + - --tlsMode=requireTLS + - --config=/etc/mongos-config/mongos.conf + command: + - /opt/percona/ps-entry.sh + env: + - name: MONGODB_PORT + value: "27019" + envFrom: + - secretRef: + name: some-users + optional: false + - secretRef: + name: internal-monitoring-pmm3-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --component + - mongos + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "10" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongos + ports: + - containerPort: 27019 + name: mongos + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongos + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 300m + memory: 500M + requests: + cpu: 300m + memory: 500M + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: monitoring-pmm3-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongos-config + name: config + - mountPath: /etc/users-secret + name: users-secret-file + readOnly: true + - mountPath: /opt/percona + name: bin + workingDir: /data/db + - env: + - name: DB_TYPE + value: mongodb + - name: DB_USER + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_USER + name: internal-monitoring-pmm3-users + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_PASSWORD + name: internal-monitoring-pmm3-users + - name: DB_HOST + value: localhost + - name: DB_CLUSTER + value: monitoring-pmm3 + - name: DB_PORT + value: "27019" + - name: CLUSTER_NAME + value: super-custom + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: service_token + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: PMM_SERVER_TOKEN + name: internal-monitoring-pmm3-users + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(POD_NAMESPACE)-$(POD_NAME) + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_ADMIN_CUSTOM_PARAMS + value: --environment=dev-mongos + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + - name: PMM_AGENT_PRERUN_SCRIPT + value: |- + cat /etc/mongodb-ssl/tls.key /etc/mongodb-ssl/tls.crt > /tmp/tls.pem; + pmm-admin status --wait=10s; + pmm-admin add $(DB_TYPE) $(PMM_ADMIN_CUSTOM_PARAMS) --skip-connection-check --metrics-mode=push --username=$(DB_USER) --password=$(DB_PASSWORD) --cluster=$(CLUSTER_NAME) --service-name=$(PMM_AGENT_SETUP_NODE_NAME) --host=$(DB_HOST) --port=$(DB_PORT) --tls --tls-skip-verify --tls-certificate-key-file=/tmp/tls.pem --tls-ca-file=/etc/mongodb-ssl/ca.crt --authentication-mechanism=SCRAM-SHA-1 --authentication-database=admin; + pmm-admin annotate --service-name=$(PMM_AGENT_SETUP_NODE_NAME) 'Service restarted' + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: + limits: + cpu: 300m + memory: 500M + requests: + cpu: 300m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: monitoring-pmm3-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-keyfile + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: monitoring-pmm3-ssl-internal + - emptyDir: {} + name: mongod-data + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-monitoring-pmm3-users + - configMap: + defaultMode: 420 + name: monitoring-pmm3-mongos + optional: true + name: config + - emptyDir: {} + name: bin + updateStrategy: + type: OnDelete diff --git a/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm-oc.yml b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm-oc.yml new file mode 100644 index 0000000000..73ca5e0e86 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm-oc.yml @@ -0,0 +1,202 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + name: monitoring-pmm3-rs0 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + serviceName: monitoring-pmm3-rs0 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27019 + - --replSet=rs0 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=requireTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: monitoring-pmm3 + - name: MONGODB_PORT + value: "27019" + - name: MONGODB_REPLSET + value: rs0 + envFrom: + - secretRef: + name: internal-monitoring-pmm3-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27019 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: monitoring-pmm3-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: monitoring-pmm3-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: monitoring-pmm3-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: monitoring-pmm3-rs0-mongod + optional: true + name: config + - name: monitoring-pmm3-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: monitoring-pmm3-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-monitoring-pmm3-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm.yml b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm.yml new file mode 100644 index 0000000000..6247c9542a --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm.yml @@ -0,0 +1,204 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 1 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + name: monitoring-pmm3-rs0 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + serviceName: monitoring-pmm3-rs0 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27019 + - --replSet=rs0 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=requireTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: monitoring-pmm3 + - name: MONGODB_PORT + value: "27019" + - name: MONGODB_REPLSET + value: rs0 + envFrom: + - secretRef: + name: internal-monitoring-pmm3-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27019 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: monitoring-pmm3-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: monitoring-pmm3-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: monitoring-pmm3-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: monitoring-pmm3-rs0-mongod + optional: true + name: config + - name: monitoring-pmm3-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: monitoring-pmm3-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-monitoring-pmm3-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-oc.yml b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-oc.yml new file mode 100644 index 0000000000..5fcc35f416 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-oc.yml @@ -0,0 +1,319 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 2 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + name: monitoring-pmm3-rs0 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + serviceName: monitoring-pmm3-rs0 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27019 + - --replSet=rs0 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=requireTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: monitoring-pmm3 + - name: MONGODB_PORT + value: "27019" + - name: MONGODB_REPLSET + value: rs0 + envFrom: + - secretRef: + name: internal-monitoring-pmm3-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27019 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: monitoring-pmm3-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: monitoring-pmm3-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - env: + - name: DB_TYPE + value: mongodb + - name: DB_USER + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_USER + name: internal-monitoring-pmm3-users + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_PASSWORD + name: internal-monitoring-pmm3-users + - name: DB_HOST + value: localhost + - name: DB_CLUSTER + value: monitoring-pmm3 + - name: DB_PORT + value: "27019" + - name: CLUSTER_NAME + value: super-custom + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: service_token + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: PMM_SERVER_TOKEN + name: internal-monitoring-pmm3-users + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(POD_NAMESPACE)-$(POD_NAME) + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_ADMIN_CUSTOM_PARAMS + value: --enable-all-collectors --environment=dev-mongod + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + - name: PMM_AGENT_PRERUN_SCRIPT + value: |- + cat /etc/mongodb-ssl/tls.key /etc/mongodb-ssl/tls.crt > /tmp/tls.pem; + pmm-admin status --wait=10s; + pmm-admin add $(DB_TYPE) $(PMM_ADMIN_CUSTOM_PARAMS) --skip-connection-check --metrics-mode=push --username=$(DB_USER) --password=$(DB_PASSWORD) --cluster=$(CLUSTER_NAME) --service-name=$(PMM_AGENT_SETUP_NODE_NAME) --host=$(DB_HOST) --port=$(DB_PORT) --tls --tls-skip-verify --tls-certificate-key-file=/tmp/tls.pem --tls-ca-file=/etc/mongodb-ssl/ca.crt --authentication-mechanism=SCRAM-SHA-1 --authentication-database=admin; + pmm-admin annotate --service-name=$(PMM_AGENT_SETUP_NODE_NAME) 'Service restarted' + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: monitoring-pmm3-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: monitoring-pmm3-rs0-mongod + optional: true + name: config + - name: monitoring-pmm3-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: monitoring-pmm3-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-monitoring-pmm3-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0.yml b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0.yml new file mode 100644 index 0000000000..daa7b4caf4 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0.yml @@ -0,0 +1,321 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + generation: 2 + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + name: monitoring-pmm3-rs0 + ownerReferences: + - controller: true + kind: PerconaServerMongoDB + name: monitoring-pmm3 +spec: + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + serviceName: monitoring-pmm3-rs0 + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: mongod + app.kubernetes.io/instance: monitoring-pmm3 + app.kubernetes.io/managed-by: percona-server-mongodb-operator + app.kubernetes.io/name: percona-server-mongodb + app.kubernetes.io/part-of: percona-server-mongodb + app.kubernetes.io/replset: rs0 + spec: + containers: + - args: + - --bind_ip_all + - --auth + - --dbpath=/data/db + - --port=27019 + - --replSet=rs0 + - --storageEngine=wiredTiger + - --relaxPermChecks + - --sslAllowInvalidCertificates + - --clusterAuthMode=x509 + - --tlsMode=requireTLS + - --shardsvr + - --enableEncryption + - --encryptionKeyFile=/etc/mongodb-encryption/encryption-key + - --wiredTigerIndexPrefixCompression=true + - --config=/etc/mongodb-config/mongod.conf + - --quiet + command: + - /opt/percona/ps-entry.sh + env: + - name: SERVICE_NAME + value: monitoring-pmm3 + - name: MONGODB_PORT + value: "27019" + - name: MONGODB_REPLSET + value: rs0 + envFrom: + - secretRef: + name: internal-monitoring-pmm3-users + optional: false + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - liveness + - --ssl + - --sslInsecure + - --sslCAFile + - /etc/mongodb-ssl/ca.crt + - --sslPEMKeyFile + - /tmp/tls.pem + - --startupDelaySeconds + - "7200" + failureThreshold: 4 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: mongod + ports: + - containerPort: 27019 + name: mongodb + protocol: TCP + readinessProbe: + exec: + command: + - /opt/percona/mongodb-healthcheck + - k8s + - readiness + - --component + - mongod + failureThreshold: 8 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /etc/mongodb-secrets + name: monitoring-pmm3-mongodb-keyfile + readOnly: true + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + - mountPath: /etc/mongodb-ssl-internal + name: ssl-internal + readOnly: true + - mountPath: /etc/mongodb-config + name: config + - mountPath: /opt/percona + name: bin + - mountPath: /etc/mongodb-encryption + name: monitoring-pmm3-mongodb-encryption-key + readOnly: true + - mountPath: /etc/users-secret + name: users-secret-file + workingDir: /data/db + - env: + - name: DB_TYPE + value: mongodb + - name: DB_USER + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_USER + name: internal-monitoring-pmm3-users + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_CLUSTER_MONITOR_PASSWORD + name: internal-monitoring-pmm3-users + - name: DB_HOST + value: localhost + - name: DB_CLUSTER + value: monitoring-pmm3 + - name: DB_PORT + value: "27019" + - name: CLUSTER_NAME + value: super-custom + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: service_token + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: PMM_SERVER_TOKEN + name: internal-monitoring-pmm3-users + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(POD_NAMESPACE)-$(POD_NAME) + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_ADMIN_CUSTOM_PARAMS + value: --enable-all-collectors --environment=dev-mongod + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + - name: PMM_AGENT_PRERUN_SCRIPT + value: |- + cat /etc/mongodb-ssl/tls.key /etc/mongodb-ssl/tls.crt > /tmp/tls.pem; + pmm-admin status --wait=10s; + pmm-admin add $(DB_TYPE) $(PMM_ADMIN_CUSTOM_PARAMS) --skip-connection-check --metrics-mode=push --username=$(DB_USER) --password=$(DB_PASSWORD) --cluster=$(CLUSTER_NAME) --service-name=$(PMM_AGENT_SETUP_NODE_NAME) --host=$(DB_HOST) --port=$(DB_PORT) --tls --tls-skip-verify --tls-certificate-key-file=/tmp/tls.pem --tls-ca-file=/etc/mongodb-ssl/ca.crt --authentication-mechanism=SCRAM-SHA-1 --authentication-database=admin; + pmm-admin annotate --service-name=$(PMM_AGENT_SETUP_NODE_NAME) 'Service restarted' + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/mongodb-ssl + name: ssl + readOnly: true + dnsPolicy: ClusterFirst + initContainers: + - command: + - /init-entrypoint.sh + imagePullPolicy: Always + name: mongo-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data/db + name: mongod-data + - mountPath: /opt/percona + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - name: monitoring-pmm3-mongodb-keyfile + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-keyfile + - emptyDir: {} + name: bin + - configMap: + defaultMode: 420 + name: monitoring-pmm3-rs0-mongod + optional: true + name: config + - name: monitoring-pmm3-mongodb-encryption-key + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-mongodb-encryption-key + - name: ssl + secret: + defaultMode: 288 + optional: false + secretName: monitoring-pmm3-ssl + - name: ssl-internal + secret: + defaultMode: 288 + optional: true + secretName: monitoring-pmm3-ssl-internal + - name: users-secret-file + secret: + defaultMode: 420 + secretName: internal-monitoring-pmm3-users + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: mongod-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: + phase: Pending diff --git a/e2e-tests/monitoring-pmm3/conf/monitoring-pmm3-rs0.yml b/e2e-tests/monitoring-pmm3/conf/monitoring-pmm3-rs0.yml new file mode 100644 index 0000000000..39774ba522 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/conf/monitoring-pmm3-rs0.yml @@ -0,0 +1,74 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: monitoring-pmm3 +spec: + #platform: openshift + image: + tls: + mode: requireTLS + replsets: + - name: rs0 + affinity: + antiAffinityTopologyKey: none + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 1Gi + size: 3 + configuration: | + net: + port: 27019 + operationProfiling: + mode: all + slowOpThresholdMs: 100 + rateLimit: 100 + security: + enableEncryption: true + + sharding: + enabled: true + configsvrReplSet: + size: 3 + configuration: | + net: + port: 27019 + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 3Gi + + mongos: + size: 3 + configuration: | + net: + port: 27019 + affinity: + antiAffinityTopologyKey: "kubernetes.io/hostname" + podDisruptionBudget: + maxUnavailable: 1 + resources: + limits: + cpu: "300m" + memory: "0.5G" + requests: + cpu: "300m" + memory: "0.5G" + expose: + type: ClusterIP + labels: + test: monitoring-pmm3 + annotations: + test: monitoring-pmm3 + + pmm: + enabled: true + image: + serverHost: monitoring-service + mongosParams: "--environment=dev-mongos" + mongodParams: "--enable-all-collectors --environment=dev-mongod" + customClusterName: + secrets: + users: some-users diff --git a/e2e-tests/monitoring-pmm3/conf/secrets.yml b/e2e-tests/monitoring-pmm3/conf/secrets.yml new file mode 100644 index 0000000000..74f0d6a360 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/conf/secrets.yml @@ -0,0 +1,16 @@ +kind: Secret +apiVersion: v1 +metadata: + name: some-users +data: + MONGODB_BACKUP_PASSWORD: YmFja3VwMTIzNDU2 + MONGODB_BACKUP_USER: YmFja3Vw + MONGODB_CLUSTER_ADMIN_PASSWORD: Y2x1c3RlckFkbWluMTIzNDU2 + MONGODB_CLUSTER_ADMIN_USER: Y2x1c3RlckFkbWlu + MONGODB_CLUSTER_MONITOR_PASSWORD: Y2x1c3Rlck1vbml0b3IxMjM0NTY= + MONGODB_CLUSTER_MONITOR_USER: Y2x1c3Rlck1vbml0b3I= + MONGODB_USER_ADMIN_PASSWORD: dXNlckFkbWluMTIzNDU2 + MONGODB_USER_ADMIN_USER: dXNlckFkbWlu + MONGODB_DATABASE_ADMIN_USER: ZGF0YWJhc2VBZG1pbg== + MONGODB_DATABASE_ADMIN_PASSWORD: ZGF0YWJhc2VBZG1pbjEyMzQ1Ng== +type: Opaque \ No newline at end of file diff --git a/e2e-tests/monitoring-pmm3/run b/e2e-tests/monitoring-pmm3/run new file mode 100755 index 0000000000..8f639de2c2 --- /dev/null +++ b/e2e-tests/monitoring-pmm3/run @@ -0,0 +1,474 @@ +#!/bin/bash + +set -o errexit + +test_dir=$(realpath $(dirname $0)) +. ${test_dir}/../functions +set_debug + +get_node_id_from_pmm() { + local -a nodeList=() + for instance in $(kubectl_bin get pods --no-headers -l app.kubernetes.io/name=percona-server-mongodb --output=custom-columns='NAME:.metadata.name'); do + nodeList+=($(kubectl_bin exec -n "$namespace" $instance -c pmm-client -- pmm-admin status --json | jq -r '.pmm_agent_status.node_id')) + done + + echo "${nodeList[@]}" +} + +does_node_id_exists() { + local -a nodeList=("$@") + local -a nodeList_from_pmm=() + for node_id in "${nodeList[@]}"; do + nodeList_from_pmm+=($(kubectl_bin exec -n "${namespace}" monitoring-server-0 -- pmm-admin --server-url=https://admin:admin@$(get_pmm_service_ip monitoring-service)/ --server-insecure-tls inventory list nodes --node-type=CONTAINER_NODE | grep $node_id | awk '{print $4}')) + done + + echo "${nodeList_from_pmm[@]}" +} + +verify_custom_cluster_name() { + local expected_cluster=$1 + local token=$2 + shift 2 + local service_names=("$@") + + local endpoint + endpoint=$(get_service_endpoint monitoring-service) + + local response + response=$(curl -s -k \ + -H "Authorization: Bearer ${token}" \ + "https://$endpoint/v1/inventory/services?service_type=SERVICE_TYPE_MONGODB_SERVICE") + + local verified=0 + + for service_name in "${service_names[@]}"; do + local actual_cluster + actual_cluster=$(echo "$response" | jq -r --arg name "$service_name" ' + .mongodb[] | select(.service_name == $name) | .cluster + ') + + if [[ -z $actual_cluster || $actual_cluster == "null" ]]; then + echo "Service '$service_name' not found in PMM." + verified=1 + elif [[ $actual_cluster != "$expected_cluster" ]]; then + echo "$service_name: Cluster mismatch" + echo "PMM reports: $actual_cluster" + echo "Expected: $expected_cluster" + verified=1 + fi + done + + return $verified +} + +deploy_pmm3_server() { + helm repo remove stable || : + helm repo add stable https://charts.helm.sh/stable + if [[ $OPENSHIFT ]]; then + oc create sa pmm-server + oc adm policy add-scc-to-user privileged -z pmm-server + if [[ $OPERATOR_NS ]]; then + timeout 30 oc delete clusterrolebinding $(kubectl get clusterrolebinding | grep 'pmm-psmdb-operator-' | awk '{print $1}') || : + oc create clusterrolebinding pmm-psmdb-operator-cluster-wide --clusterrole=percona-server-mongodb-operator --serviceaccount=$namespace:pmm-server + oc patch clusterrole/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]' -n $OPERATOR_NS + else + oc create rolebinding pmm-psmdb-operator-namespace-only --role percona-server-mongodb-operator --serviceaccount=$namespace:pmm-server + oc patch role/percona-server-mongodb-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]' + fi + local additional_params="--set platform=openshift --set sa=pmm-server --set supresshttp2=false" + fi + + helm uninstall monitoring || : + helm repo remove percona || : + kubectl delete clusterrole monitoring --ignore-not-found + kubectl delete clusterrolebinding monitoring --ignore-not-found + helm repo add percona https://percona.github.io/percona-helm-charts/ + helm repo update + + retry 10 60 helm install monitoring percona/pmm \ + --set fullnameOverride=monitoring-server \ + --set image.tag=${IMAGE_PMM3_SERVER#*:} \ + --set image.repository=${IMAGE_PMM3_SERVER%:*} \ + --set service.type=LoadBalancer \ + $additional_params \ + --force +} + +get_qan_values() { + local service_type=$1 + local environment=$2 + local token=$3 + local start + local end + local endpoint + start=$($date -u -d '-12 hour' '+%Y-%m-%dT%H:%M:%S%:z') + end=$($date -u '+%Y-%m-%dT%H:%M:%S%:z') + endpoint=$(get_service_endpoint monitoring-service) + + cat >payload.json <&2 + return 1 + fi + + local create_response create_status_code create_json_response + create_response=$(curl --insecure -s -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \ + -d "{\"name\":\"${key_name}\", \"role\":\"Admin\", \"isDisabled\":false}" \ + --user "admin:${ADMIN_PASSWORD}" \ + "https://$(get_service_endpoint monitoring-service)/graph/api/serviceaccounts" \ + -w "\n%{http_code}") + + create_status_code=$(echo "$create_response" | tail -n1) + create_json_response=$(echo "$create_response" | sed '$ d') + + if [[ $create_status_code -ne 201 ]]; then + echo "Error: Failed to create PMM service account. HTTP Status: $create_status_code" >&2 + echo "Response: $create_json_response" >&2 + return 1 + fi + + local service_account_id + service_account_id=$(echo "$create_json_response" | jq -r '.id') + + if [[ -z $service_account_id || $service_account_id == "null" ]]; then + echo "Error: Failed to extract service account ID!" >&2 + return 1 + fi + + local token_response token_status_code token_json_response + token_response=$(curl --insecure -s -X POST -H 'Content-Type: application/json' \ + -d "{\"name\":\"${key_name}\"}" \ + --user "admin:${ADMIN_PASSWORD}" \ + "https://$(get_service_endpoint monitoring-service)/graph/api/serviceaccounts/${service_account_id}/tokens" \ + -w "\n%{http_code}") + + token_status_code=$(echo "$token_response" | tail -n1) + token_json_response=$(echo "$token_response" | sed '$ d') + + if [[ $token_status_code -ne 200 ]]; then + echo "Error: Failed to create token. HTTP Status: $token_status_code" >&2 + echo "Response: $token_json_response" >&2 + return 1 + fi + + echo "$token_json_response" | jq -r '.key' +} + +delete_pmm_server_token() { + local key_name=$1 + + if [[ -z $key_name ]]; then + key_name="operator" + fi + + local ADMIN_PASSWORD + ADMIN_PASSWORD=$(kubectl get secret pmm-secret -o jsonpath="{.data.PMM_ADMIN_PASSWORD}" | base64 --decode) + + if [[ -z $ADMIN_PASSWORD ]]; then + echo "Error: ADMIN_PASSWORD is empty or not found!" >&2 + return 1 + fi + + local user_credentials="admin:${ADMIN_PASSWORD}" + + local service_accounts_response service_accounts_status + service_accounts_response=$(curl --insecure -s -X GET --user "${user_credentials}" \ + "https://$(get_service_endpoint monitoring-service)/graph/api/serviceaccounts/search" \ + -w "\n%{http_code}") + + service_accounts_status=$(echo "$service_accounts_response" | tail -n1) + service_accounts_json=$(echo "$service_accounts_response" | sed '$ d') + + if [[ $service_accounts_status -ne 200 ]]; then + echo "Error: Failed to fetch service accounts. HTTP Status: $service_accounts_status" >&2 + echo "Response: $service_accounts_json" >&2 + return 1 + fi + + local service_account_id + service_account_id=$(echo "$service_accounts_json" | jq -r ".serviceAccounts[] | select(.name == \"${key_name}\").id") + + if [[ -z $service_account_id || $service_account_id == "null" ]]; then + echo "Service account '${key_name}' not found." + return 1 + fi + + local tokens_response tokens_status tokens_json + tokens_response=$(curl --insecure -s -X GET --user "${user_credentials}" \ + "https://$(get_service_endpoint monitoring-service)/graph/api/serviceaccounts/${service_account_id}/tokens" \ + -w "\n%{http_code}") + + tokens_status=$(echo "$tokens_response" | tail -n1) + tokens_json=$(echo "$tokens_response" | sed '$ d') + + if [[ $tokens_status -ne 200 ]]; then + echo "Error: Failed to fetch tokens. HTTP Status: $tokens_status" >&2 + echo "Response: $tokens_json" >&2 + return 1 + fi + + local token_id + token_id=$(echo "$tokens_json" | jq -r ".[] | select(.name == \"${key_name}\").id") + + if [[ -z $token_id || $token_id == "null" ]]; then + echo "Token for service account '${key_name}' not found." + return 1 + fi + + local delete_response delete_status + delete_response=$(curl --insecure -s -X DELETE --user "${user_credentials}" \ + "https://$(get_service_endpoint monitoring-service)/graph/api/serviceaccounts/${service_account_id}/tokens/${token_id}" \ + -w "\n%{http_code}") + + delete_status=$(echo "$delete_response" | tail -n1) + + if [[ $delete_status -ne 200 ]]; then + echo "Error: Failed to delete token. HTTP Status: $delete_status" >&2 + echo "Response: $delete_response" >&2 + return 1 + fi +} + +create_infra $namespace +deploy_cert_manager + +desc 'install PMM Server' +deploy_pmm3_server +sleep 20 +until kubectl_bin exec monitoring-server-0 -- bash -c "ls -l /proc/*/exe 2>/dev/null| grep postgres >/dev/null"; do + echo "Retry $retry" + sleep 5 + let retry+=1 + if [ $retry -ge 20 ]; then + echo "Max retry count $retry reached. Pmm-server can't start" + exit 1 + fi +done + +cluster="monitoring-pmm3" + +desc 'create secrets and start client' +kubectl_bin apply \ + -f $conf_dir/secrets.yml \ + -f $test_dir/conf/secrets.yml + +yq ".spec.template.spec.volumes[0].secret.secretName=\"$cluster-ssl\"" \ + "$conf_dir/client_with_tls.yml" | kubectl_bin apply -f - +sleep 90 + +desc "create first PSMDB cluster $cluster" +custom_cluster_name="super-custom" +yq eval '(.spec | select(.image == null)).image = "'"$IMAGE_MONGOD"'"' "$test_dir/conf/$cluster-rs0.yml" \ + | yq eval '(.spec | select(has("pmm"))).pmm.image = "'"$IMAGE_PMM3_CLIENT"'"' - \ + | yq eval '(.spec | select(has("pmm"))).pmm.customClusterName = "'"$custom_cluster_name"'"' - \ + | yq eval '(.spec | select(has("initImage"))).initImage = "'"$IMAGE"'"' - \ + | yq eval '(.spec | select(has("backup"))).backup.image = "'"$IMAGE_BACKUP"'"' - \ + | yq eval '.spec.upgradeOptions.apply = "Never"' - \ + | kubectl_bin apply -f - + +wait_for_running $cluster-rs0 3 + +desc 'check if pmm-client container is not enabled' +compare_kubectl statefulset/$cluster-rs0 "-no-pmm" +sleep 10 + +custom_port='27019' +run_mongos \ + 'db.createUser({user:"myApp",pwd:"myPass",roles:[{db:"myApp",role:"readWrite"}]})' \ + "userAdmin:userAdmin123456@$cluster-mongos.$namespace" "" "" \ + "--tlsCertificateKeyFile /tmp/tls.pem --tlsCAFile /etc/mongodb-ssl/ca.crt --tls" "$custom_port" +run_mongos \ + 'sh.enableSharding("myApp")' \ + "clusterAdmin:clusterAdmin123456@$cluster-mongos.$namespace" "" "" \ + "--tlsCertificateKeyFile /tmp/tls.pem --tlsCAFile /etc/mongodb-ssl/ca.crt --tls" "$custom_port" +insert_data_mongos "100500" "myApp" \ + "--tlsCertificateKeyFile /tmp/tls.pem --tlsCAFile /etc/mongodb-ssl/ca.crt --tls" "$custom_port" +insert_data_mongos "100600" "myApp" \ + "--tlsCertificateKeyFile /tmp/tls.pem --tlsCAFile /etc/mongodb-ssl/ca.crt --tls" "$custom_port" +insert_data_mongos "100700" "myApp" \ + "--tlsCertificateKeyFile /tmp/tls.pem --tlsCAFile /etc/mongodb-ssl/ca.crt --tls" "$custom_port" + +desc 'add PMM3 token to secret' +TOKEN=$(get_pmm_server_token "operator") +kubectl_bin patch secret some-users --type merge --patch '{"stringData": {"PMM_SERVER_TOKEN": "'"$TOKEN"'"}}' + +desc 'check if all 3 Pods started' +wait_for_running $cluster-rs0 3 +sleep 90 + +desc 'check if pmm-client container enabled' +compare_kubectl statefulset/$cluster-rs0 +compare_kubectl service/$cluster-rs0 +compare_kubectl service/$cluster-mongos +compare_kubectl statefulset/$cluster-cfg +compare_kubectl statefulset/$cluster-mongos + +desc 'create new PMM token and add it to the secret' +NEW_TOKEN=$(get_pmm_server_token "operator_new") +kubectl_bin patch secret some-users --type merge --patch '{"stringData": {"PMM_SERVER_TOKEN": "'"$NEW_TOKEN"'"}}' + +desc 'delete old PMM token' +delete_pmm_server_token "operator" + +desc 'check mongod metrics' +get_metric_values node_boot_time_seconds $namespace-$cluster-rs0-1 $NEW_TOKEN +get_metric_values mongodb_connections $namespace-$cluster-rs0-1 $NEW_TOKEN + +desc 'check mongo config metrics' +get_metric_values node_boot_time_seconds $namespace-$cluster-cfg-1 $NEW_TOKEN +get_metric_values mongodb_connections $namespace-$cluster-cfg-1 $NEW_TOKEN + +desc 'check mongos metrics' +MONGOS_POD_NAME=$(kubectl get pod -l app.kubernetes.io/component=mongos -o jsonpath="{.items[0].metadata.name}") +get_metric_values node_boot_time_seconds $namespace-$MONGOS_POD_NAME $NEW_TOKEN + +#wait for QAN +sleep 90 + +desc 'check QAN data' +get_qan_values mongodb "dev-mongod" $NEW_TOKEN +get_qan_values mongodb "dev-mongos" $NEW_TOKEN + +desc 'verify that the custom cluster name is configured' +verify_custom_cluster_name $custom_cluster_name $NEW_TOKEN ${namespace}-${cluster}-mongos-0 ${namespace}-${cluster}-cfg-0 ${namespace}-${cluster}-rs0-0 + +nodeList=($(get_node_id_from_pmm)) +nodeList_from_pmm=($(does_node_id_exists "${nodeList[@]}")) +for node_id in "${nodeList_from_pmm[@]}"; do + if [ -z "$node_id" ]; then + echo "Can't get $node_id node_id from PMM server" + exit 1 + fi +done + +kubectl_bin patch psmdb ${cluster} --type json -p='[{"op":"add","path":"/spec/pause","value":true}]' +wait_for_delete "pod/${cluster}-mongos-0" +wait_for_delete "pod/${cluster}-rs0-0" +wait_for_delete "pod/${cluster}-cfg-0" + +desc 'check if services are not deleted' + +kubectl_bin get svc $cluster-rs0 +kubectl_bin get svc $cluster-cfg +kubectl_bin get svc $cluster-mongos + +does_node_id_exists_in_pmm=($(does_node_id_exists "${nodeList[@]}")) +for instance in "${does_node_id_exists_in_pmm[@]}"; do + if [ -n "$instance" ]; then + echo "The $instance pod was not deleted from server inventory" + exit 1 + fi +done + +if [[ -n ${OPENSHIFT} ]]; then + oc adm policy remove-scc-from-user privileged -z pmm-server + if [ -n "$OPERATOR_NS" ]; then + oc delete clusterrolebinding pmm-psmdb-operator-cluster-wide + else + oc delete rolebinding pmm-psmdb-operator-namespace-only + fi +fi + +if [[ $(kubectl_bin logs monitoring-pmm3-rs0-0 pmm-client | grep -c 'cannot auto discover databases and collections') != 0 ]]; then + echo "error: cannot auto discover databases and collections" + exit 1 +fi + +desc 'check for passwords leak' +check_passwords_leak + +helm uninstall monitoring +destroy $namespace + +desc 'test passed' diff --git a/e2e-tests/release_versions b/e2e-tests/release_versions index 70b5b9c149..f79928073c 100644 --- a/e2e-tests/release_versions +++ b/e2e-tests/release_versions @@ -5,6 +5,8 @@ IMAGE_MONGOD60=percona/percona-server-mongodb:6.0.21-18 IMAGE_BACKUP=percona/percona-backup-mongodb:2.9.1 IMAGE_PMM_CLIENT=percona/pmm-client:2.44.1 IMAGE_PMM_SERVER=percona/pmm-server:2.44.1 +IMAGE_PMM3_CLIENT=percona/pmm-client:3.1.0 +IMAGE_PMM3_SERVER=percona/pmm-server:3.1.0 GKE_MIN=1.30 GKE_MAX=1.32 EKS_MIN=1.30 diff --git a/e2e-tests/run-pr.csv b/e2e-tests/run-pr.csv index 93411ab73f..d605749e28 100644 --- a/e2e-tests/run-pr.csv +++ b/e2e-tests/run-pr.csv @@ -26,6 +26,7 @@ liveness mongod-major-upgrade mongod-major-upgrade-sharded monitoring-2-0 +monitoring-pmm3 multi-cluster-service multi-storage non-voting diff --git a/e2e-tests/run-release.csv b/e2e-tests/run-release.csv index 8c49568126..6f4b9e4fff 100644 --- a/e2e-tests/run-release.csv +++ b/e2e-tests/run-release.csv @@ -27,6 +27,7 @@ liveness mongod-major-upgrade mongod-major-upgrade-sharded monitoring-2-0 +monitoring-pmm3 multi-cluster-service non-voting one-pod diff --git a/pkg/apis/psmdb/v1/psmdb_types.go b/pkg/apis/psmdb/v1/psmdb_types.go index 40374a8111..b7019969ac 100644 --- a/pkg/apis/psmdb/v1/psmdb_types.go +++ b/pkg/apis/psmdb/v1/psmdb_types.go @@ -196,7 +196,7 @@ const ( SmartUpdateStatefulSetStrategyType appsv1.StatefulSetUpdateStrategyType = "SmartUpdate" ) -// DNS Mode string describes the mode used to generate fqdn/ip for communication between nodes +// DNSMode string describes the mode used to generate fqdn/ip for communication between nodes // +enum type DNSMode string @@ -369,6 +369,7 @@ type PMMSpec struct { CustomClusterName string `json:"customClusterName,omitempty"` } +// HasSecret is used for PMM2. PMM2 is reaching its EOL. func (pmm *PMMSpec) HasSecret(secret *corev1.Secret) bool { if len(secret.Data) == 0 { return false @@ -380,6 +381,7 @@ func (pmm *PMMSpec) HasSecret(secret *corev1.Secret) bool { return false } +// ShouldUseAPIKeyAuth is used for PMM2. PMM2 is reaching its EOL. func (spec *PMMSpec) ShouldUseAPIKeyAuth(secret *corev1.Secret) bool { if _, ok := secret.Data[PMMAPIKey]; !ok { _, okl := secret.Data[PMMUserKey] @@ -1186,6 +1188,7 @@ const ( PMMUserKey = "PMM_SERVER_USER" PMMPasswordKey = "PMM_SERVER_PASSWORD" PMMAPIKey = "PMM_SERVER_API_KEY" + PMMServerToken = "PMM_SERVER_TOKEN" ) const ( diff --git a/pkg/controller/perconaservermongodb/psmdb_controller.go b/pkg/controller/perconaservermongodb/psmdb_controller.go index 63f5818933..a91d6b834e 100644 --- a/pkg/controller/perconaservermongodb/psmdb_controller.go +++ b/pkg/controller/perconaservermongodb/psmdb_controller.go @@ -38,6 +38,8 @@ import ( "github.com/percona/percona-server-mongodb-operator/pkg/naming" "github.com/percona/percona-server-mongodb-operator/pkg/psmdb" "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/backup" + psmdbconfig "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/pmm" "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/secret" "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/tls" "github.com/percona/percona-server-mongodb-operator/pkg/util" @@ -933,8 +935,8 @@ func (r *ReconcilePerconaServerMongoDB) deleteOrphanPVCs(ctx context.Context, cr mongodPodsMap[pod.Name] = true } for _, pvc := range mongodPVCs.Items { - if strings.HasPrefix(pvc.Name, psmdb.MongodDataVolClaimName+"-") { - podName := strings.TrimPrefix(pvc.Name, psmdb.MongodDataVolClaimName+"-") + if strings.HasPrefix(pvc.Name, psmdbconfig.MongodDataVolClaimName+"-") { + podName := strings.TrimPrefix(pvc.Name, psmdbconfig.MongodDataVolClaimName+"-") if _, ok := mongodPodsMap[podName]; !ok { // remove the orphan pvc logf.FromContext(ctx).Info("remove orphan pvc", "pvc", pvc.Name) @@ -1327,7 +1329,7 @@ func (r *ReconcilePerconaServerMongoDB) reconcileMongosStatefulset(ctx context.C if client.IgnoreNotFound(err) != nil { return errors.Wrapf(err, "check pmm secrets: %s", api.UserSecretName(cr)) } - pmmC := psmdb.AddPMMContainer(cr, secret, cfgRs.GetPort(), cr.Spec.PMM.MongosParams) + pmmC := pmm.Container(ctx, cr, secret, cfgRs.GetPort(), cr.Spec.PMM.MongosParams) if pmmC != nil { templateSpec.Spec.Containers = append( templateSpec.Spec.Containers, @@ -1599,23 +1601,23 @@ func OwnerRef(ro client.Object, scheme *runtime.Scheme) (metav1.OwnerReference, }, nil } -func (r *ReconcilePerconaServerMongoDB) getCustomConfig(ctx context.Context, namespace, name string) (psmdb.CustomConfig, error) { +func (r *ReconcilePerconaServerMongoDB) getCustomConfig(ctx context.Context, namespace, name string) (psmdbconfig.CustomConfig, error) { n := types.NamespacedName{ Namespace: namespace, Name: name, } - sources := []psmdb.VolumeSourceType{ - psmdb.VolumeSourceSecret, - psmdb.VolumeSourceConfigMap, + sources := []psmdbconfig.VolumeSourceType{ + psmdbconfig.VolumeSourceSecret, + psmdbconfig.VolumeSourceConfigMap, } for _, s := range sources { - obj := psmdb.VolumeSourceTypeToObj(s) + obj := psmdbconfig.VolumeSourceTypeToObj(s) ok, err := getObjectByName(ctx, r.client, n, obj.GetRuntimeObject()) if err != nil { - return psmdb.CustomConfig{}, errors.Wrapf(err, "get %s", s) + return psmdbconfig.CustomConfig{}, errors.Wrapf(err, "get %s", s) } if !ok { continue @@ -1623,10 +1625,10 @@ func (r *ReconcilePerconaServerMongoDB) getCustomConfig(ctx context.Context, nam hashHex, err := obj.GetHashHex() if err != nil { - return psmdb.CustomConfig{}, errors.Wrapf(err, "failed to get hash of %s", s) + return psmdbconfig.CustomConfig{}, errors.Wrapf(err, "failed to get hash of %s", s) } - conf := psmdb.CustomConfig{ + conf := psmdbconfig.CustomConfig{ Type: s, HashHex: hashHex, } @@ -1634,7 +1636,7 @@ func (r *ReconcilePerconaServerMongoDB) getCustomConfig(ctx context.Context, nam return conf, nil } - return psmdb.CustomConfig{}, nil + return psmdbconfig.CustomConfig{}, nil } func getObjectByName(ctx context.Context, c client.Client, n types.NamespacedName, obj client.Object) (bool, error) { diff --git a/pkg/controller/perconaservermongodb/volumes.go b/pkg/controller/perconaservermongodb/volumes.go index c2e41fbb75..20926ea89a 100644 --- a/pkg/controller/perconaservermongodb/volumes.go +++ b/pkg/controller/perconaservermongodb/volumes.go @@ -23,7 +23,7 @@ import ( psmdbv1 "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1" "github.com/percona/percona-server-mongodb-operator/pkg/k8s" "github.com/percona/percona-server-mongodb-operator/pkg/naming" - "github.com/percona/percona-server-mongodb-operator/pkg/psmdb" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" "github.com/percona/percona-server-mongodb-operator/pkg/util" ) @@ -44,7 +44,7 @@ func (r *ReconcilePerconaServerMongoDB) reconcilePVCs(ctx context.Context, cr *a } func validatePVCName(pvc corev1.PersistentVolumeClaim, sts *appsv1.StatefulSet) bool { - return strings.HasPrefix(pvc.Name, psmdb.MongodDataVolClaimName+"-"+sts.Name) + return strings.HasPrefix(pvc.Name, config.MongodDataVolClaimName+"-"+sts.Name) } func (r *ReconcilePerconaServerMongoDB) resizeVolumesIfNeeded(ctx context.Context, cr *psmdbv1.PerconaServerMongoDB, sts *appsv1.StatefulSet, ls map[string]string, volumeSpec *api.VolumeSpec) error { @@ -120,7 +120,7 @@ func (r *ReconcilePerconaServerMongoDB) resizeVolumesIfNeeded(ctx context.Contex var volumeTemplate corev1.PersistentVolumeClaim for _, vct := range sts.Spec.VolumeClaimTemplates { - if vct.Name == psmdb.MongodDataVolClaimName { + if vct.Name == config.MongodDataVolClaimName { volumeTemplate = vct } } diff --git a/pkg/psmdb/const.go b/pkg/psmdb/config/const.go similarity index 85% rename from pkg/psmdb/const.go rename to pkg/psmdb/config/const.go index 874d1c75df..3f4dbbe566 100644 --- a/pkg/psmdb/const.go +++ b/pkg/psmdb/config/const.go @@ -1,4 +1,4 @@ -package psmdb +package config import ( "crypto/md5" @@ -11,8 +11,8 @@ import ( ) const ( - gigaByte int64 = 1 << 30 - minWiredTigerCacheSizeGB float64 = 0.25 + GigaByte int64 = 1 << 30 + MinWiredTigerCacheSizeGB float64 = 0.25 // MongodDataVolClaimName is a PVC Claim name MongodDataVolClaimName = "mongod-data" @@ -23,18 +23,18 @@ const ( BinMountPath = "/opt/percona" LDAPConfVolClaimName = "ldap" - ldapConfDir = "/etc/openldap" + LDAPConfDir = "/etc/openldap" LDAPTLSVolClaimName = "ldap-tls" - ldapTLSDir = "/etc/openldap/certs" + LDAPTLSDir = "/etc/openldap/certs" SSLDir = "/etc/mongodb-ssl" - sslInternalDir = "/etc/mongodb-ssl-internal" - vaultDir = "/etc/mongodb-vault" - mongodConfigDir = "/etc/mongodb-config" - mongosConfigDir = "/etc/mongos-config" - mongodSecretsDir = "/etc/mongodb-secrets" - mongodPortName = "mongodb" - mongosPortName = "mongos" + SSLInternalDir = "/etc/mongodb-ssl-internal" + VaultDir = "/etc/mongodb-vault" + MongodConfigDir = "/etc/mongodb-config" + MongosConfigDir = "/etc/mongos-config" + MongodSecretsDir = "/etc/mongodb-secrets" + MongodPortName = "mongodb" + MongosPortName = "mongos" ) type CustomConfig struct { diff --git a/pkg/psmdb/container.go b/pkg/psmdb/container.go index a5e3fbd085..27ebc11e64 100644 --- a/pkg/psmdb/container.go +++ b/pkg/psmdb/container.go @@ -10,6 +10,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" ) func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec, name string, resources corev1.ResourceRequirements, @@ -20,22 +21,22 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R volumes := []corev1.VolumeMount{ { - Name: MongodDataVolClaimName, - MountPath: MongodContainerDataDir, + Name: config.MongodDataVolClaimName, + MountPath: config.MongodContainerDataDir, }, { Name: ikeyName, - MountPath: mongodSecretsDir, + MountPath: config.MongodSecretsDir, ReadOnly: true, }, { Name: "ssl", - MountPath: SSLDir, + MountPath: config.SSLDir, ReadOnly: true, }, { Name: "ssl-internal", - MountPath: sslInternalDir, + MountPath: config.SSLInternalDir, ReadOnly: true, }, } @@ -43,24 +44,24 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R if cr.CompareVersion("1.9.0") >= 0 && useConfigFile { volumes = append(volumes, corev1.VolumeMount{ Name: "config", - MountPath: mongodConfigDir, + MountPath: config.MongodConfigDir, }) } if cr.CompareVersion("1.14.0") >= 0 { - volumes = append(volumes, corev1.VolumeMount{Name: BinVolumeName, MountPath: BinMountPath}) + volumes = append(volumes, corev1.VolumeMount{Name: config.BinVolumeName, MountPath: config.BinMountPath}) } if cr.CompareVersion("1.16.0") >= 0 && cr.Spec.Secrets.LDAPSecret != "" { volumes = append(volumes, []corev1.VolumeMount{ { - Name: LDAPTLSVolClaimName, - MountPath: ldapTLSDir, + Name: config.LDAPTLSVolClaimName, + MountPath: config.LDAPTLSDir, ReadOnly: true, }, { - Name: LDAPConfVolClaimName, - MountPath: ldapConfDir, + Name: config.LDAPConfVolClaimName, + MountPath: config.LDAPConfDir, }, }...) } @@ -74,7 +75,7 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R volumes = append(volumes, corev1.VolumeMount{ Name: cr.Spec.Secrets.Vault, - MountPath: vaultDir, + MountPath: config.VaultDir, ReadOnly: true, }, ) @@ -108,7 +109,7 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R Args: containerArgs(ctx, cr, replset, resources, useConfigFile), Ports: []corev1.ContainerPort{ { - Name: mongodPortName, + Name: config.MongodPortName, HostPort: int32(0), ContainerPort: replset.GetPort(), }, @@ -141,7 +142,7 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R }, }, }, - WorkingDir: MongodContainerDataDir, + WorkingDir: config.MongodContainerDataDir, LivenessProbe: &livenessProbe.Probe, ReadinessProbe: readinessProbe, Resources: resources, @@ -164,7 +165,7 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R } if cr.CompareVersion("1.14.0") >= 0 { - container.Command = []string{BinMountPath + "/ps-entry.sh"} + container.Command = []string{config.BinMountPath + "/ps-entry.sh"} } return container, nil @@ -176,7 +177,7 @@ func containerArgs(ctx context.Context, cr *api.PerconaServerMongoDB, replset *a args := []string{ "--bind_ip_all", "--auth", - "--dbpath=" + MongodContainerDataDir, + "--dbpath=" + config.MongodContainerDataDir, "--port=" + strconv.Itoa(int(replset.GetPort())), "--replSet=" + replset.Name, "--storageEngine=" + string(replset.Storage.Engine), @@ -195,7 +196,7 @@ func containerArgs(ctx context.Context, cr *api.PerconaServerMongoDB, replset *a if cr.Spec.Secrets.InternalKey != "" || (cr.TLSEnabled() && cr.Spec.TLS.Mode == api.TLSModeAllow) || (!cr.TLSEnabled() && cr.UnsafeTLSDisabled()) { args = append(args, "--clusterAuthMode=keyFile", - "--keyFile="+mongodSecretsDir+"/mongodb-key", + "--keyFile="+config.MongodSecretsDir+"/mongodb-key", ) } else if cr.TLSEnabled() { args = append(args, "--clusterAuthMode=x509") @@ -269,7 +270,7 @@ func containerArgs(ctx context.Context, cr *api.PerconaServerMongoDB, replset *a } if cr.CompareVersion("1.9.0") >= 0 && useConfigFile { - args = append(args, fmt.Sprintf("--config=%s/mongod.conf", mongodConfigDir)) + args = append(args, fmt.Sprintf("--config=%s/mongod.conf", config.MongodConfigDir)) } if cr.CompareVersion("1.16.0") >= 0 && replset.Configuration.QuietEnabled() { @@ -292,13 +293,13 @@ func getWiredTigerCacheSizeGB(resourceList corev1.ResourceList, cacheRatio float maxMemory := resourceList[corev1.ResourceMemory] var size float64 if subtract1GB { - size = math.Floor(cacheRatio * float64(maxMemory.Value()-gigaByte)) + size = math.Floor(cacheRatio * float64(maxMemory.Value()-config.GigaByte)) } else { size = math.Floor(cacheRatio * float64(maxMemory.Value())) } - sizeGB := size / float64(gigaByte) - if sizeGB < minWiredTigerCacheSizeGB { - sizeGB = minWiredTigerCacheSizeGB + sizeGB := size / float64(config.GigaByte) + if sizeGB < config.MinWiredTigerCacheSizeGB { + sizeGB = config.MinWiredTigerCacheSizeGB } return sizeGB } diff --git a/pkg/psmdb/init.go b/pkg/psmdb/init.go index 33383f11fe..b953b84cfa 100644 --- a/pkg/psmdb/init.go +++ b/pkg/psmdb/init.go @@ -6,6 +6,7 @@ import ( corev1 "k8s.io/api/core/v1" api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" "github.com/percona/percona-server-mongodb-operator/version" ) @@ -17,8 +18,8 @@ func EntrypointInitContainer(cr *api.PerconaServerMongoDB, name, image string, p container := corev1.Container{ VolumeMounts: []corev1.VolumeMount{ { - Name: MongodDataVolClaimName, - MountPath: MongodContainerDataDir, + Name: config.MongodDataVolClaimName, + MountPath: config.MongodContainerDataDir, }, }, Image: image, @@ -29,8 +30,8 @@ func EntrypointInitContainer(cr *api.PerconaServerMongoDB, name, image string, p if cr.CompareVersion("1.13.0") >= 0 { container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ - Name: BinVolumeName, - MountPath: BinMountPath, + Name: config.BinVolumeName, + MountPath: config.BinMountPath, }) } diff --git a/pkg/psmdb/mongos.go b/pkg/psmdb/mongos.go index a3c4e83b1f..cafa7bf9b8 100644 --- a/pkg/psmdb/mongos.go +++ b/pkg/psmdb/mongos.go @@ -14,6 +14,7 @@ import ( api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1" "github.com/percona/percona-server-mongodb-operator/pkg/naming" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" ) func MongosStatefulset(cr *api.PerconaServerMongoDB) *appsv1.StatefulSet { @@ -54,7 +55,7 @@ func MongosStatefulsetSpec(cr *api.PerconaServerMongoDB, template corev1.PodTemp } } -func MongosTemplateSpec(cr *api.PerconaServerMongoDB, initImage string, log logr.Logger, customConf CustomConfig, cfgInstances []string) (corev1.PodTemplateSpec, error) { +func MongosTemplateSpec(cr *api.PerconaServerMongoDB, initImage string, log logr.Logger, customConf config.CustomConfig, cfgInstances []string) (corev1.PodTemplateSpec, error) { ls := naming.MongosLabels(cr) if cr.Spec.Sharding.Mongos.Labels != nil { @@ -118,22 +119,22 @@ func mongosContainer(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgInstan volumes := []corev1.VolumeMount{ { - Name: MongodDataVolClaimName, - MountPath: MongodContainerDataDir, + Name: config.MongodDataVolClaimName, + MountPath: config.MongodContainerDataDir, }, { Name: cr.Spec.Secrets.GetInternalKey(cr), - MountPath: mongodSecretsDir, + MountPath: config.MongodSecretsDir, ReadOnly: true, }, { Name: "ssl", - MountPath: SSLDir, + MountPath: config.SSLDir, ReadOnly: true, }, { Name: "ssl-internal", - MountPath: sslInternalDir, + MountPath: config.SSLInternalDir, ReadOnly: true, }, } @@ -141,7 +142,7 @@ func mongosContainer(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgInstan if cr.CompareVersion("1.9.0") >= 0 && useConfigFile { volumes = append(volumes, corev1.VolumeMount{ Name: "config", - MountPath: mongosConfigDir, + MountPath: config.MongosConfigDir, }) } @@ -154,19 +155,19 @@ func mongosContainer(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgInstan } if cr.CompareVersion("1.14.0") >= 0 { - volumes = append(volumes, corev1.VolumeMount{Name: BinVolumeName, MountPath: BinMountPath}) + volumes = append(volumes, corev1.VolumeMount{Name: config.BinVolumeName, MountPath: config.BinMountPath}) } if cr.CompareVersion("1.16.0") >= 0 && cr.Spec.Secrets.LDAPSecret != "" { volumes = append(volumes, []corev1.VolumeMount{ { - Name: LDAPTLSVolClaimName, - MountPath: ldapTLSDir, + Name: config.LDAPTLSVolClaimName, + MountPath: config.LDAPTLSDir, ReadOnly: true, }, { - Name: LDAPConfVolClaimName, - MountPath: ldapConfDir, + Name: config.LDAPConfVolClaimName, + MountPath: config.LDAPConfDir, }, }...) } @@ -178,7 +179,7 @@ func mongosContainer(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgInstan Args: mongosContainerArgs(cr, useConfigFile, cfgInstances), Ports: []corev1.ContainerPort{ { - Name: mongosPortName, + Name: config.MongosPortName, HostPort: cr.Spec.Sharding.Mongos.HostPort, ContainerPort: cr.Spec.Sharding.Mongos.GetPort(), }, @@ -207,7 +208,7 @@ func mongosContainer(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgInstan }, }, }, - WorkingDir: MongodContainerDataDir, + WorkingDir: config.MongodContainerDataDir, LivenessProbe: &cr.Spec.Sharding.Mongos.LivenessProbe.Probe, ReadinessProbe: cr.Spec.Sharding.Mongos.ReadinessProbe, SecurityContext: cr.Spec.Sharding.Mongos.ContainerSecurityContext, @@ -217,7 +218,7 @@ func mongosContainer(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgInstan } if cr.CompareVersion("1.14.0") >= 0 { - container.Command = []string{BinMountPath + "/ps-entry.sh"} + container.Command = []string{config.BinMountPath + "/ps-entry.sh"} } if cr.CompareVersion("1.15.0") >= 0 { @@ -258,7 +259,7 @@ func mongosContainerArgs(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgIn if cr.Spec.Secrets.InternalKey != "" || (cr.TLSEnabled() && cr.Spec.TLS.Mode == api.TLSModeAllow) || (!cr.TLSEnabled() && cr.UnsafeTLSDisabled()) { args = append(args, "--clusterAuthMode=keyFile", - "--keyFile="+mongodSecretsDir+"/mongodb-key", + "--keyFile="+config.MongodSecretsDir+"/mongodb-key", ) } else if cr.TLSEnabled() { args = append(args, @@ -280,13 +281,13 @@ func mongosContainerArgs(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgIn } if useConfigFile { - args = append(args, fmt.Sprintf("--config=%s/mongos.conf", mongosConfigDir)) + args = append(args, fmt.Sprintf("--config=%s/mongos.conf", config.MongosConfigDir)) } return args } -func volumes(cr *api.PerconaServerMongoDB, configSource VolumeSourceType) []corev1.Volume { +func volumes(cr *api.PerconaServerMongoDB, configSource config.VolumeSourceType) []corev1.Volume { fvar, tvar := false, true sslVolumeOptional := &cr.Spec.UnsafeConf @@ -326,7 +327,7 @@ func volumes(cr *api.PerconaServerMongoDB, configSource VolumeSourceType) []core }, }, { - Name: MongodDataVolClaimName, + Name: config.MongodDataVolClaimName, VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, @@ -368,7 +369,7 @@ func volumes(cr *api.PerconaServerMongoDB, configSource VolumeSourceType) []core if cr.CompareVersion("1.13.0") >= 0 { volumes = append(volumes, corev1.Volume{ - Name: BinVolumeName, + Name: config.BinVolumeName, VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, @@ -379,7 +380,7 @@ func volumes(cr *api.PerconaServerMongoDB, configSource VolumeSourceType) []core if cr.Spec.Secrets.LDAPSecret != "" { volumes = append(volumes, []corev1.Volume{ { - Name: LDAPTLSVolClaimName, + Name: config.LDAPTLSVolClaimName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: cr.Spec.Secrets.LDAPSecret, @@ -389,7 +390,7 @@ func volumes(cr *api.PerconaServerMongoDB, configSource VolumeSourceType) []core }, }, { - Name: LDAPConfVolClaimName, + Name: config.LDAPConfVolClaimName, VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, @@ -437,7 +438,7 @@ func MongosServiceSpec(cr *api.PerconaServerMongoDB, podName string) corev1.Serv spec := corev1.ServiceSpec{ Ports: []corev1.ServicePort{ { - Name: mongosPortName, + Name: config.MongosPortName, Port: cr.Spec.Sharding.Mongos.GetPort(), TargetPort: intstr.FromInt(int(cr.Spec.Sharding.Mongos.GetPort())), }, diff --git a/pkg/psmdb/pmm.go b/pkg/psmdb/pmm/pmm.go similarity index 60% rename from pkg/psmdb/pmm.go rename to pkg/psmdb/pmm/pmm.go index 8a0cdaa856..88180be93f 100644 --- a/pkg/psmdb/pmm.go +++ b/pkg/psmdb/pmm/pmm.go @@ -1,18 +1,21 @@ -package psmdb +package pmm import ( + "context" "fmt" "strconv" "strings" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" + logf "sigs.k8s.io/controller-runtime/pkg/log" api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" ) -// PMMContainer returns a pmm container from given spec -func PMMContainer(cr *api.PerconaServerMongoDB, secret *corev1.Secret, dbPort int32, customAdminParams string) corev1.Container { +// containerForPMM2 returns a pmm2 container from the given spec. +func containerForPMM2(cr *api.PerconaServerMongoDB, secret *corev1.Secret, dbPort int32, customAdminParams string) corev1.Container { _, oka := secret.Data[api.PMMAPIKey] _, okl := secret.Data[api.PMMUserKey] _, okp := secret.Data[api.PMMPasswordKey] @@ -88,7 +91,7 @@ func PMMContainer(cr *api.PerconaServerMongoDB, secret *corev1.Secret, dbPort in VolumeMounts: []corev1.VolumeMount{ { Name: "ssl", - MountPath: SSLDir, + MountPath: config.SSLDir, ReadOnly: true, }, }, @@ -147,8 +150,8 @@ func PMMContainer(cr *api.PerconaServerMongoDB, secret *corev1.Secret, dbPort in if cr.CompareVersion("1.18.0") >= 0 { pmm.VolumeMounts = append(pmm.VolumeMounts, corev1.VolumeMount{ - Name: MongodDataVolClaimName, - MountPath: MongodContainerDataDir, + Name: config.MongodDataVolClaimName, + MountPath: config.MongodContainerDataDir, ReadOnly: true, }) } @@ -277,7 +280,7 @@ func PMMAgentScript(cr *api.PerconaServerMongoDB) []corev1.EnvVar { "--tls", "--tls-skip-verify", "--tls-certificate-key-file=/tmp/tls.pem", - fmt.Sprintf("--tls-ca-file=%s/ca.crt", SSLDir), + fmt.Sprintf("--tls-ca-file=%s/ca.crt", config.SSLDir), "--authentication-mechanism=SCRAM-SHA-1", "--authentication-database=admin", } @@ -290,7 +293,7 @@ func PMMAgentScript(cr *api.PerconaServerMongoDB) []corev1.EnvVar { prerunScript := pmmWait + "\n" + pmmAddService + "\n" + pmmAnnotate if cr.TLSEnabled() { - prepareTLS := fmt.Sprintf("cat %[1]s/tls.key %[1]s/tls.crt > /tmp/tls.pem;", SSLDir) + prepareTLS := fmt.Sprintf("cat %[1]s/tls.key %[1]s/tls.crt > /tmp/tls.pem;", config.SSLDir) prerunScript = prepareTLS + "\n" + prerunScript } @@ -302,17 +305,224 @@ func PMMAgentScript(cr *api.PerconaServerMongoDB) []corev1.EnvVar { } } -// AddPMMContainer creates the container object for a pmm-client -func AddPMMContainer(cr *api.PerconaServerMongoDB, secret *corev1.Secret, dbPort int32, customAdminParams string) *corev1.Container { +// containerForPMM3 builds a container that is supporting PMM3. +func containerForPMM3(cr *api.PerconaServerMongoDB, secret *corev1.Secret, dbPort int32, customAdminParams string) *corev1.Container { + spec := cr.Spec.PMM + ports := []corev1.ContainerPort{{ContainerPort: 7777}} + + for i := 30100; i <= 30105; i++ { + ports = append(ports, corev1.ContainerPort{ContainerPort: int32(i)}) + } + + clusterName := cr.Name + if len(cr.Spec.PMM.CustomClusterName) > 0 { + clusterName = cr.Spec.PMM.CustomClusterName + + } + + pmm := corev1.Container{ + Name: "pmm-client", + Image: spec.Image, + ImagePullPolicy: cr.Spec.ImagePullPolicy, + Resources: cr.Spec.PMM.Resources, + LivenessProbe: &corev1.Probe{ + InitialDelaySeconds: 60, + TimeoutSeconds: 5, + PeriodSeconds: 10, + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Port: intstr.FromInt32(7777), + Path: "/local/Status", + }, + }, + }, + Env: []corev1.EnvVar{ + { + Name: "DB_TYPE", + Value: "mongodb", + }, + { + Name: "DB_USER", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: "MONGODB_CLUSTER_MONITOR_USER", + LocalObjectReference: corev1.LocalObjectReference{ + Name: secret.Name, + }, + }, + }, + }, + { + Name: "DB_PASSWORD", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: "MONGODB_CLUSTER_MONITOR_PASSWORD", + LocalObjectReference: corev1.LocalObjectReference{ + Name: secret.Name, + }, + }, + }, + }, + { + Name: "DB_HOST", + Value: "localhost", + }, + { + Name: "DB_CLUSTER", + Value: cr.Name, + }, + { + Name: "DB_PORT", + Value: strconv.Itoa(int(dbPort)), + }, + { + Name: "CLUSTER_NAME", + Value: clusterName, + }, + { + Name: "POD_NAME", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.name", + }, + }, + }, + { + Name: "POD_NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, + { + Name: "PMM_AGENT_SERVER_ADDRESS", + Value: spec.ServerHost, + }, + { + Name: "PMM_AGENT_SERVER_USERNAME", + Value: "service_token", + }, { + Name: "PMM_AGENT_SERVER_PASSWORD", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: api.PMMServerToken, + LocalObjectReference: corev1.LocalObjectReference{ + Name: secret.Name, + }, + }, + }, + }, + { + Name: "PMM_AGENT_LISTEN_PORT", + Value: "7777", + }, + { + Name: "PMM_AGENT_PORTS_MIN", + Value: "30100", + }, + { + Name: "PMM_AGENT_PORTS_MAX", + Value: "30105", + }, + { + Name: "PMM_AGENT_CONFIG_FILE", + Value: "/usr/local/percona/pmm/config/pmm-agent.yaml", + }, + { + Name: "PMM_AGENT_SERVER_INSECURE_TLS", + Value: "1", + }, + { + Name: "PMM_AGENT_LISTEN_ADDRESS", + Value: "0.0.0.0", + }, + { + Name: "PMM_AGENT_SETUP_NODE_NAME", + Value: "$(POD_NAMESPACE)-$(POD_NAME)", + }, + { + Name: "PMM_AGENT_SETUP", + Value: "1", + }, + { + Name: "PMM_AGENT_SETUP_FORCE", + Value: "1", + }, + { + Name: "PMM_AGENT_SETUP_NODE_TYPE", + Value: "container", + }, + { + Name: "PMM_AGENT_SETUP_METRICS_MODE", + Value: "push", + }, + { + Name: "PMM_ADMIN_CUSTOM_PARAMS", + Value: customAdminParams, + }, + { + Name: "PMM_AGENT_SIDECAR", + Value: "true", + }, + { + Name: "PMM_AGENT_SIDECAR_SLEEP", + Value: "5", + }, + { + Name: "PMM_AGENT_PATHS_TEMPDIR", + Value: "/tmp", + }, + }, + Ports: ports, + SecurityContext: spec.ContainerSecurityContext, + Lifecycle: &corev1.Lifecycle{ + PreStop: &corev1.LifecycleHandler{ + Exec: &corev1.ExecAction{ + Command: []string{ + "bash", + "-c", + "pmm-admin unregister --force", + }, + }, + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "ssl", + MountPath: config.SSLDir, + ReadOnly: true, + }, + }, + } + + pmmAgentScriptEnv := PMMAgentScript(cr) + pmm.Env = append(pmm.Env, pmmAgentScriptEnv...) + + return &pmm +} + +// Container creates the container object for a pmm-client +func Container(ctx context.Context, cr *api.PerconaServerMongoDB, secret *corev1.Secret, dbPort int32, customAdminParams string) *corev1.Container { + log := logf.FromContext(ctx) + if !cr.Spec.PMM.Enabled { return nil } + if secret == nil { + log.Info("pmm is enabled but the secret is nil, cannot create pmm container") + return nil + } + + if v, exists := secret.Data[api.PMMServerToken]; exists && len(v) != 0 { + return containerForPMM3(cr, secret, dbPort, customAdminParams) + } if !cr.Spec.PMM.HasSecret(secret) { return nil } - pmmC := PMMContainer(cr, secret, dbPort, customAdminParams) + pmmC := containerForPMM2(cr, secret, dbPort, customAdminParams) clusterName := cr.Name if len(cr.Spec.PMM.CustomClusterName) > 0 { diff --git a/pkg/psmdb/pmm/pmm_test.go b/pkg/psmdb/pmm/pmm_test.go new file mode 100644 index 0000000000..3a2792051d --- /dev/null +++ b/pkg/psmdb/pmm/pmm_test.go @@ -0,0 +1,191 @@ +package pmm + +import ( + "context" + "strconv" + "testing" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" + "github.com/percona/percona-server-mongodb-operator/version" +) + +func TestContainer(t *testing.T) { + ctx := context.Background() + boolTrue := true + + tests := map[string]struct { + secret *corev1.Secret + pmmEnabled bool + expectedContainer *corev1.Container + params string + }{ + "pmm disabled": { + pmmEnabled: false, + }, + "secret is nil": { + pmmEnabled: true, + }, + "pmm enabled but secret token is empty": { + pmmEnabled: true, + secret: &corev1.Secret{ + Data: map[string][]byte{ + "PMM_SERVER_TOKEN": []byte(``), + }, + }, + }, + "pmm enabled but secret token is missing": { + pmmEnabled: true, + secret: &corev1.Secret{ + Data: map[string][]byte{ + "RANDOM_SECRET": []byte(`foo`), + }, + }, + }, + "pmm enabled - pmm3 container constructed": { + pmmEnabled: true, + secret: &corev1.Secret{ + Data: map[string][]byte{ + "PMM_SERVER_TOKEN": []byte(`token`), + }, + }, + expectedContainer: buildExpectedPMMContainer(), + }, + } + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + cr := &api.PerconaServerMongoDB{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-cr", + Namespace: "test-ns", + }, + Spec: api.PerconaServerMongoDBSpec{ + CRVersion: version.Version, + ImagePullPolicy: corev1.PullAlways, + PMM: api.PMMSpec{ + Enabled: tt.pmmEnabled, + Image: "pmm-image", + ServerHost: "server-host", + CustomClusterName: "custom-cluster", + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("100m"), + }, + }, + MongodParams: "-param custom-mongodb-param", + ContainerSecurityContext: &corev1.SecurityContext{ + RunAsNonRoot: &boolTrue, + }, + }, + }, + } + container := Container(ctx, cr, tt.secret, 27017, cr.Spec.PMM.MongodParams) + if tt.expectedContainer != nil { + assert.Equal(t, tt.expectedContainer.Name, container.Name) + assert.Equal(t, tt.expectedContainer.Image, container.Image) + assert.Equal(t, len(tt.expectedContainer.Env), len(container.Env)) + for index, ev := range container.Env { + assert.Equal(t, tt.expectedContainer.Env[index].Name, ev.Name) + assert.Equal(t, tt.expectedContainer.Env[index].Value, ev.Value) + } + for i, port := range tt.expectedContainer.Ports { + assert.Equal(t, tt.expectedContainer.Ports[i].Name, port.Name) + } + assert.Equal(t, tt.expectedContainer.Resources, container.Resources) + assert.Equal(t, tt.expectedContainer.ImagePullPolicy, container.ImagePullPolicy) + assert.Equal(t, tt.expectedContainer.SecurityContext, container.SecurityContext) + assert.Equal(t, len(tt.expectedContainer.VolumeMounts), len(container.VolumeMounts)) + for i, volumeMount := range container.VolumeMounts { + assert.Equal(t, tt.expectedContainer.VolumeMounts[i].Name, volumeMount.Name) + assert.Equal(t, tt.expectedContainer.VolumeMounts[i].MountPath, volumeMount.MountPath) + assert.Equal(t, tt.expectedContainer.VolumeMounts[i].ReadOnly, volumeMount.ReadOnly) + } + return + } + assert.Equal(t, tt.expectedContainer, container) + }) + } + +} + +func buildExpectedPMMContainer() *corev1.Container { + const ( + name = "pmm-client" + portStart = 30100 + portEnd = 30105 + listenPort = 7777 + configFile = "/usr/local/percona/pmm/config/pmm-agent.yaml" + tempDir = "/tmp" + prerunScript = `cat /etc/mongodb-ssl/tls.key /etc/mongodb-ssl/tls.crt > /tmp/tls.pem; +pmm-admin status --wait=10s; +pmm-admin add $(DB_TYPE) $(PMM_ADMIN_CUSTOM_PARAMS) --skip-connection-check --metrics-mode=push --username=$(DB_USER) --password=$(DB_PASSWORD) --cluster=$(CLUSTER_NAME) --service-name=$(PMM_AGENT_SETUP_NODE_NAME) --host=$(DB_HOST) --port=$(DB_PORT) --tls --tls-skip-verify --tls-certificate-key-file=/tmp/tls.pem --tls-ca-file=/etc/mongodb-ssl/ca.crt --authentication-mechanism=SCRAM-SHA-1 --authentication-database=admin; +pmm-admin annotate --service-name=$(PMM_AGENT_SETUP_NODE_NAME) 'Service restarted'` + ) + + var ports []corev1.ContainerPort + ports = append(ports, corev1.ContainerPort{ContainerPort: int32(listenPort)}) + for p := portStart; p <= portEnd; p++ { + ports = append(ports, corev1.ContainerPort{ContainerPort: int32(p)}) + } + + envVars := []corev1.EnvVar{ + {Name: "DB_TYPE", Value: "mongodb"}, + {Name: "DB_USER", ValueFrom: &corev1.EnvVarSource{}}, + {Name: "DB_PASSWORD", ValueFrom: &corev1.EnvVarSource{}}, + {Name: "DB_HOST", Value: "localhost"}, + {Name: "DB_CLUSTER", Value: "test-cr"}, + {Name: "DB_PORT", Value: "27017"}, + {Name: "CLUSTER_NAME", Value: "custom-cluster"}, + {Name: "POD_NAME", ValueFrom: &corev1.EnvVarSource{}}, + {Name: "POD_NAMESPACE", ValueFrom: &corev1.EnvVarSource{}}, + {Name: "PMM_AGENT_SERVER_ADDRESS", Value: "server-host"}, + {Name: "PMM_AGENT_SERVER_USERNAME", Value: "service_token"}, + {Name: "PMM_AGENT_SERVER_PASSWORD", ValueFrom: &corev1.EnvVarSource{}}, + {Name: "PMM_AGENT_LISTEN_PORT", Value: strconv.Itoa(listenPort)}, + {Name: "PMM_AGENT_PORTS_MIN", Value: strconv.Itoa(portStart)}, + {Name: "PMM_AGENT_PORTS_MAX", Value: strconv.Itoa(portEnd)}, + {Name: "PMM_AGENT_CONFIG_FILE", Value: configFile}, + {Name: "PMM_AGENT_SERVER_INSECURE_TLS", Value: "1"}, + {Name: "PMM_AGENT_LISTEN_ADDRESS", Value: "0.0.0.0"}, + {Name: "PMM_AGENT_SETUP_NODE_NAME", Value: "$(POD_NAMESPACE)-$(POD_NAME)"}, + {Name: "PMM_AGENT_SETUP", Value: "1"}, + {Name: "PMM_AGENT_SETUP_FORCE", Value: "1"}, + {Name: "PMM_AGENT_SETUP_NODE_TYPE", Value: "container"}, + {Name: "PMM_AGENT_SETUP_METRICS_MODE", Value: "push"}, + {Name: "PMM_ADMIN_CUSTOM_PARAMS", Value: "-param custom-mongodb-param"}, + {Name: "PMM_AGENT_SIDECAR", Value: "true"}, + {Name: "PMM_AGENT_SIDECAR_SLEEP", Value: "5"}, + {Name: "PMM_AGENT_PATHS_TEMPDIR", Value: tempDir}, + {Name: "PMM_AGENT_PRERUN_SCRIPT", Value: prerunScript}, + } + + boolTrue := true + + return &corev1.Container{ + Name: name, + Image: "pmm-image", + Ports: ports, + ImagePullPolicy: corev1.PullAlways, + Env: envVars, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("100m"), + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "ssl", + MountPath: config.SSLDir, + ReadOnly: true, + }, + }, + SecurityContext: &corev1.SecurityContext{ + RunAsNonRoot: &boolTrue, + }, + } +} diff --git a/pkg/psmdb/service.go b/pkg/psmdb/service.go index c64841bbe4..02bf647267 100644 --- a/pkg/psmdb/service.go +++ b/pkg/psmdb/service.go @@ -18,6 +18,7 @@ import ( api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1" "github.com/percona/percona-server-mongodb-operator/pkg/naming" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" ) // Service returns a core/v1 API Service @@ -37,7 +38,7 @@ func Service(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec) *corev1.Ser Spec: corev1.ServiceSpec{ Ports: []corev1.ServicePort{ { - Name: mongodPortName, + Name: config.MongodPortName, Port: replset.GetPort(), TargetPort: intstr.FromInt(int(replset.GetPort())), }, @@ -85,7 +86,7 @@ func ExternalService(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec, pod svc.Spec = corev1.ServiceSpec{ Ports: []corev1.ServicePort{ { - Name: mongodPortName, + Name: config.MongodPortName, Port: replset.GetPort(), TargetPort: intstr.FromInt(int(replset.GetPort())), }, @@ -146,7 +147,7 @@ func GetServiceAddr(ctx context.Context, svc corev1.Service, pod corev1.Pod, cl case corev1.ServiceTypeClusterIP: addr.Host = svc.Spec.ClusterIP for _, p := range svc.Spec.Ports { - if p.Name != mongodPortName { + if p.Name != config.MongodPortName { continue } addr.Port = int(p.Port) @@ -159,7 +160,7 @@ func GetServiceAddr(ctx context.Context, svc corev1.Service, pod corev1.Pod, cl } addr.Host = host for _, p := range svc.Spec.Ports { - if p.Name != mongodPortName { + if p.Name != config.MongodPortName { continue } addr.Port = int(p.Port) @@ -168,7 +169,7 @@ func GetServiceAddr(ctx context.Context, svc corev1.Service, pod corev1.Pod, cl case corev1.ServiceTypeNodePort: addr.Host = pod.Status.HostIP for _, p := range svc.Spec.Ports { - if p.Name != mongodPortName { + if p.Name != config.MongodPortName { continue } addr.Port = int(p.NodePort) diff --git a/pkg/psmdb/statefulset.go b/pkg/psmdb/statefulset.go index 240b8e308b..7dd83d35db 100644 --- a/pkg/psmdb/statefulset.go +++ b/pkg/psmdb/statefulset.go @@ -13,6 +13,8 @@ import ( api "github.com/percona/percona-server-mongodb-operator/pkg/apis/psmdb/v1" "github.com/percona/percona-server-mongodb-operator/pkg/naming" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/config" + "github.com/percona/percona-server-mongodb-operator/pkg/psmdb/pmm" ) // NewStatefulSet returns a StatefulSet object configured for a name @@ -40,7 +42,7 @@ type StatefulSpecSecretParams struct { // StatefulSpec returns spec for stateful set // TODO: Unify Arbiter and Node. Shoudn't be 100500 parameters func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec, - ls map[string]string, initImage string, customConf CustomConfig, secrets StatefulSpecSecretParams, + ls map[string]string, initImage string, customConf config.CustomConfig, secrets StatefulSpecSecretParams, ) (appsv1.StatefulSetSpec, error) { log := logf.FromContext(ctx) size := replset.Size @@ -101,7 +103,7 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap if cr.CompareVersion("1.13.0") >= 0 { volumes = append(volumes, corev1.Volume{ - Name: BinVolumeName, + Name: config.BinVolumeName, VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, @@ -216,7 +218,7 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap if cr.CompareVersion("1.16.0") >= 0 && cr.Spec.Secrets.LDAPSecret != "" { volumes = append(volumes, corev1.Volume{ - Name: LDAPTLSVolClaimName, + Name: config.LDAPTLSVolClaimName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: cr.Spec.Secrets.LDAPSecret, @@ -226,7 +228,7 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap }, }, corev1.Volume{ - Name: LDAPConfVolClaimName, + Name: config.LDAPConfVolClaimName, VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, @@ -237,7 +239,7 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap if ls[naming.LabelKubernetesComponent] == "arbiter" { volumes = append(volumes, corev1.Volume{ - Name: MongodDataVolClaimName, + Name: config.MongodDataVolClaimName, VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, @@ -246,12 +248,12 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap } else { if volumeSpec.PersistentVolumeClaim.PersistentVolumeClaimSpec != nil { volumeClaimTemplates = []corev1.PersistentVolumeClaim{ - PersistentVolumeClaim(MongodDataVolClaimName, cr.Namespace, volumeSpec), + PersistentVolumeClaim(config.MongodDataVolClaimName, cr.Namespace, volumeSpec), } } else { volumes = append(volumes, corev1.Volume{ - Name: MongodDataVolClaimName, + Name: config.MongodDataVolClaimName, VolumeSource: corev1.VolumeSource{ HostPath: volumeSpec.HostPath, EmptyDir: volumeSpec.EmptyDir, @@ -268,7 +270,7 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap containers = append(containers, backupAgentContainer(ctx, cr, rsName, replset.GetPort(), cr.TLSEnabled(), secrets.SSLSecret)) } - pmmC := AddPMMContainer(cr, secrets.UsersSecret, replset.GetPort(), cr.Spec.PMM.MongodParams) + pmmC := pmm.Container(ctx, cr, secrets.UsersSecret, replset.GetPort(), cr.Spec.PMM.MongodParams) if pmmC != nil { containers = append(containers, *pmmC) } @@ -380,7 +382,7 @@ func backupAgentContainer(ctx context.Context, cr *api.PerconaServerMongoDB, rep } if cr.CompareVersion("1.13.0") >= 0 { - c.Command = []string{BinMountPath + "/pbm-entry.sh"} + c.Command = []string{config.BinMountPath + "/pbm-entry.sh"} c.Args = []string{"pbm-agent"} if cr.CompareVersion("1.14.0") >= 0 { c.Args = []string{"pbm-agent-entrypoint"} @@ -398,12 +400,12 @@ func backupAgentContainer(ctx context.Context, cr *api.PerconaServerMongoDB, rep c.VolumeMounts = append(c.VolumeMounts, []corev1.VolumeMount{ { Name: "ssl", - MountPath: SSLDir, + MountPath: config.SSLDir, ReadOnly: true, }, { - Name: BinVolumeName, - MountPath: BinMountPath, + Name: config.BinVolumeName, + MountPath: config.BinMountPath, ReadOnly: true, }, }...) @@ -437,8 +439,8 @@ func backupAgentContainer(ctx context.Context, cr *api.PerconaServerMongoDB, rep c.VolumeMounts = append(c.VolumeMounts, []corev1.VolumeMount{ { - Name: MongodDataVolClaimName, - MountPath: MongodContainerDataDir, + Name: config.MongodDataVolClaimName, + MountPath: config.MongodContainerDataDir, ReadOnly: false, }, }...) @@ -465,7 +467,7 @@ func buildMongoDBURI(ctx context.Context, tlsEnabled bool, sslSecret *corev1.Sec // the certificate tmp/tls.pem is created on the fly during the execution of build/pbm-entry.sh uri += fmt.Sprintf( "/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=%s/ca.crt&tlsInsecure=true", - SSLDir, + config.SSLDir, ) } } From 4f7ca43d491a26cc2e8453673ae837171dbc54a1 Mon Sep 17 00:00:00 2001 From: Natalia Marukovich Date: Tue, 20 May 2025 19:14:52 +0200 Subject: [PATCH 12/12] K8SPSMDB-1216 update to db.hello (#1929) * K8SPSMDB-1216 update to db.hello * update rs-shard-migration test --------- Co-authored-by: Viacheslav Sarzhan --- e2e-tests/functions | 2 +- e2e-tests/rs-shard-migration/run | 5 ++--- e2e-tests/split-horizon/run | 4 ++-- pkg/controller/perconaservermongodbrestore/physical.go | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/e2e-tests/functions b/e2e-tests/functions index 7dab66ee13..a80c5e8ac2 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -971,7 +971,7 @@ compare_mongos_cmd() { get_mongo_primary_endpoint() { local uri="$1" - run_mongo 'db.isMaster().me' "$uri" "mongodb" ":27017" \ + run_mongo 'db.hello().me' "$uri" "mongodb" ":27017" \ | egrep -v "Time|Percona Server for MongoDB|bye|BinData|NumberLong|connecting to|Error saving history file|I NETWORK|W NETWORK|Implicit session:|versions do not match" \ | sed -e 's^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9][0-9][0-9]+[0-9][0-9][0-9][0-9]^^' \ | grep ":27017$" diff --git a/e2e-tests/rs-shard-migration/run b/e2e-tests/rs-shard-migration/run index feb3b7060a..eb58f85cfa 100755 --- a/e2e-tests/rs-shard-migration/run +++ b/e2e-tests/rs-shard-migration/run @@ -10,7 +10,7 @@ function get_shard_parameter() { local cluster_name=$1 local namespace=$2 local parameter=${3:-lastCommittedOpTime} - run_mongo 'db.isMaster().'${parameter}'' "clusterAdmin:clusterAdmin123456@${cluster_name}-rs0-0.${cluster_name}-rs0.${namespace}" "mongodb" "" "--quiet" \ + run_mongo 'db.hello().'${parameter}'' "clusterAdmin:clusterAdmin123456@${cluster_name}-rs0-0.${cluster_name}-rs0.${namespace}" "mongodb" "" "--quiet" \ | egrep -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:' } @@ -59,8 +59,7 @@ function main() { desc 'write data, read from all' simple_data_check "${cluster}" "${CLUSTER_SIZE}" 1 "-mongos" - if [[ -z "$(get_shard_parameter ${cluster} ${namespace} lastCommitedOpTime)" ]] \ - && [[ -z "$(get_shard_parameter ${cluster} ${namespace} '$configServerState.opTime.ts')" ]]; then # for mongo 3.6 + if [[ -z "$(get_shard_parameter ${cluster} ${namespace} 'lastWrite.majorityOpTime.ts')" ]]; then echo "Sharded cluster does not work properly" exit 1 fi diff --git a/e2e-tests/split-horizon/run b/e2e-tests/split-horizon/run index 20a903c1a2..c3331d5508 100755 --- a/e2e-tests/split-horizon/run +++ b/e2e-tests/split-horizon/run @@ -45,7 +45,7 @@ run_mongo_tls "rs.conf().members.map(function(member) { return member.horizons } mongodb "" "--quiet" | egrep -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:|does not match the remote host name' >${tmp_dir}/horizons-3.json diff $test_dir/compare/horizons-3.json $tmp_dir/horizons-3.json -isMaster=$(run_mongo_tls "db.isMaster().ismaster" "clusterAdmin:clusterAdmin123456@some-name-rs0-0.clouddemo.xyz,some-name-rs0-1.clouddemo.xyz,some-name-rs0-2.clouddemo.xyz" mongodb "" "--quiet" | egrep -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:|does not match the remote host name' | grep -v certificateNames) +isMaster=$(run_mongo_tls "db.hello().isWritablePrimary" "clusterAdmin:clusterAdmin123456@some-name-rs0-0.clouddemo.xyz,some-name-rs0-1.clouddemo.xyz,some-name-rs0-2.clouddemo.xyz" mongodb "" "--quiet" | egrep -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:|does not match the remote host name' | grep -v certificateNames) if [ "${isMaster}" != "true" ]; then echo "mongo client should've redirect the connection to primary" exit 1 @@ -58,7 +58,7 @@ run_mongo_tls "rs.stepDown()" \ sleep 10 # give some time for re-election -isMaster=$(run_mongo_tls "db.isMaster().ismaster" "clusterAdmin:clusterAdmin123456@some-name-rs0-0.clouddemo.xyz,some-name-rs0-1.clouddemo.xyz,some-name-rs0-2.clouddemo.xyz" mongodb "" "--quiet" | egrep -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:|does not match the remote host name' | grep -v certificateNames) +isMaster=$(run_mongo_tls "db.hello().isWritablePrimary" "clusterAdmin:clusterAdmin123456@some-name-rs0-0.clouddemo.xyz,some-name-rs0-1.clouddemo.xyz,some-name-rs0-2.clouddemo.xyz" mongodb "" "--quiet" | egrep -v 'I NETWORK|W NETWORK|Error saving history file|Percona Server for MongoDB|connecting to:|Unable to reach primary for set|Implicit session:|versions do not match|Error saving history file:|does not match the remote host name' | grep -v certificateNames) if [ "${isMaster}" != "true" ]; then echo "mongo client should've redirect the connection to primary" exit 1 diff --git a/pkg/controller/perconaservermongodbrestore/physical.go b/pkg/controller/perconaservermongodbrestore/physical.go index 7be56ba42d..51973bc6ca 100644 --- a/pkg/controller/perconaservermongodbrestore/physical.go +++ b/pkg/controller/perconaservermongodbrestore/physical.go @@ -616,7 +616,7 @@ func (r *ReconcilePerconaServerMongoDBRestore) runIsMaster(ctx context.Context, } c := strings.Join([]string{ - mongoClient, "--quiet", "-u", creds.Username, "-p", creds.Password, "--eval", "'db.isMaster().ismaster'", + mongoClient, "--quiet", "-u", creds.Username, "-p", creds.Password, "--eval", "'db.hello().isWritablePrimary'", "|", "tail", "-n", "1", "|", "grep", "-Eo", "'(true|false)'", }, " ")