Pause-resume-frozen functionality (#168)

Author: Jorres

.github/workflows/run-tests.yml

@@ -165,7 +165,7 @@ jobs:
           kind load docker-image cr.yandex/crptqonuodf51kdj7a7d/ydb:22.4.44
       - name: run-tests
         run: |
-          go test -timeout 1800s -p 1 ./...
+          go test -v -timeout 1800s -p 1 ./... -args -ginkgo.v
       - name: teardown-k8s-cluster
         run: |
           kind delete cluster

.golangci.yml

@@ -169,7 +169,7 @@ linters:
     - nestif
 #    - nilnil
 #    - nlreturn
-    - nolintlint
+#    - nolintlint
 #    - prealloc
     - predeclared
     - rowserrcheck

README.md

@@ -1,3 +1,6 @@
+[![check-pr](https://github.com/ydb-platform/ydb-kubernetes-operator/actions/workflows/check-pr.yml/badge.svg)](https://github.com/ydb-platform/ydb-kubernetes-operator/actions/workflows/check-pr.yml)
+[![upload-artifacts](https://github.com/ydb-platform/ydb-kubernetes-operator/actions/workflows/upload-artifacts.yml/badge.svg)](https://github.com/ydb-platform/ydb-kubernetes-operator/actions/workflows/upload-artifacts.yml)
+
 # YDB Kubernetes Operator
 
 The YDB Kubernetes operator deploys and manages YDB resources in a Kubernetes cluster.

api/v1alpha1/database_types.go

@@ -3,6 +3,8 @@ package v1alpha1
 import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/ydb-platform/ydb-kubernetes-operator/internal/controllers/constants"
 )
 
 // DatabaseSpec defines the desired state of Database
@@ -29,7 +31,7 @@ type DatabaseSpec struct {
 	Encryption *EncryptionConfig `json:"encryption,omitempty"`
 
 	// Additional volumes that will be mounted into the well-known directory of
-	// every storage pod. Directiry: `/opt/ydb/volumes/<volume_name>`.
+	// every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
 	// Only `hostPath` volume type is supported for now.
 	// +optional
 	Volumes []*corev1.Volume `json:"volumes,omitempty"`
@@ -38,6 +40,21 @@ type DatabaseSpec struct {
 	// +optional
 	Datastreams *DatastreamsConfig `json:"datastreams,omitempty"`
 
+	// The state of the Database processes.
+	// `true` means all the Database Pods are being killed, but the Database resource is persisted.
+	// `false` means the default state of the system, all Pods running.
+	// +kubebuilder:default:=false
+	// +optional
+	Pause bool `json:"pause"`
+
+	// Enables or disables operator's reconcile loop.
+	// `false` means all the Pods are running, but the reconcile is effectively turned off.
+	// `true` means the default state of the system, all Pods running, operator reacts
+	// to specification change of this Database resource.
+	// +kubebuilder:default:=true
+	// +optional
+	OperatorSync bool `json:"operatorSync"`
+
 	// (Optional) Name of the root storage domain
 	// Default: root
 	// +kubebuilder:validation:Pattern:=[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?
@@ -181,8 +198,8 @@ type StorageUnit struct {
 
 // DatabaseStatus defines the observed state of Database
 type DatabaseStatus struct {
-	State      string             `json:"state"`
-	Conditions []metav1.Condition `json:"conditions,omitempty"`
+	State      constants.ClusterState `json:"state"`
+	Conditions []metav1.Condition     `json:"conditions,omitempty"`
 }
 
 //+kubebuilder:object:root=true

api/v1alpha1/database_webhook.go

@@ -10,6 +10,8 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+
+	. "github.com/ydb-platform/ydb-kubernetes-operator/internal/controllers/constants" //nolint:revive,stylecheck
 )
 
 // log is for logging in this package.
@@ -156,5 +158,8 @@ func (r *Database) ValidateUpdate(old runtime.Object) error {
 }
 
 func (r *Database) ValidateDelete() error {
+	if r.Status.State != DatabasePaused {
+		return fmt.Errorf("database deletion is only possible from `Paused` state, current state %v", r.Status.State)
+	}
 	return nil
 }

api/v1alpha1/storage_types.go

@@ -3,6 +3,8 @@ package v1alpha1
 import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/ydb-platform/ydb-kubernetes-operator/internal/controllers/constants"
 )
 
 // StorageSpec defines the desired state of Storage
@@ -37,6 +39,21 @@ type StorageSpec struct {
 	// +optional
 	Service StorageServices `json:"service,omitempty"`
 
+	// The state of the Storage processes.
+	// `true` means all the Storage Pods are being killed, but the Storage resource is persisted.
+	// `false` means the default state of the system, all Pods running.
+	// +kubebuilder:default:=false
+	// +optional
+	Pause bool `json:"pause"`
+
+	// Enables or disables operator's reconcile loop.
+	// `false` means all the Pods are running, but the reconcile is effectively turned off.
+	// `true` means the default state of the system, all Pods running, operator reacts
+	// to specification change of this Storage resource.
+	// +kubebuilder:default:=true
+	// +optional
+	OperatorSync bool `json:"operatorSync"`
+
 	// (Optional) Name of the root storage domain
 	// Default: root
 	// +kubebuilder:validation:Pattern:=[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?
@@ -92,7 +109,7 @@ type StorageSpec struct {
 	Secrets []*corev1.LocalObjectReference `json:"secrets,omitempty"`
 
 	// Additional volumes that will be mounted into the well-known directory of
-	// every storage pod. Directiry: `/opt/ydb/volumes/<volume_name>`.
+	// every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
 	// Only `hostPath` volume type is supported for now.
 	// +optional
 	Volumes []*corev1.Volume `json:"volumes,omitempty"`
@@ -142,8 +159,8 @@ type StorageSpec struct {
 
 // StorageStatus defines the observed state of Storage
 type StorageStatus struct {
-	State      string             `json:"state"`
-	Conditions []metav1.Condition `json:"conditions,omitempty"`
+	State      constants.ClusterState `json:"state"`
+	Conditions []metav1.Condition     `json:"conditions,omitempty"`
 }
 
 //+kubebuilder:object:root=true

api/v1alpha1/storage_webhook.go

@@ -3,13 +3,17 @@ package v1alpha1
 import (
 	"fmt"
 
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
 	"gopkg.in/yaml.v3"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/utils/strings/slices"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+
+	. "github.com/ydb-platform/ydb-kubernetes-operator/internal/controllers/constants" //nolint:revive,stylecheck
 )
 
 // log is for logging in this package.
@@ -143,6 +147,21 @@ func (r *Storage) ValidateCreate() error {
 	return nil
 }
 
+func hasUpdatesBesidesFrozen(oldStorage, newStorage *Storage) (bool, string) {
+	oldStorageCopy := oldStorage.DeepCopy()
+	newStorageCopy := newStorage.DeepCopy()
+
+	// If we set Frozen field to the same value,
+	// the remaining diff must be empty.
+	oldStorageCopy.Spec.OperatorSync = false
+	newStorageCopy.Spec.OperatorSync = false
+
+	ignoreNonSpecFields := cmpopts.IgnoreFields(Storage{}, "Status", "ObjectMeta", "TypeMeta")
+
+	diff := cmp.Diff(oldStorageCopy, newStorageCopy, ignoreNonSpecFields)
+	return diff != "", diff
+}
+
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
 func (r *Storage) ValidateUpdate(old runtime.Object) error {
 	storagelog.Info("validate update", "name", r.Name)
@@ -153,6 +172,24 @@ func (r *Storage) ValidateUpdate(old runtime.Object) error {
 		return fmt.Errorf("failed to parse Storage.spec.configuration, error: %w", err)
 	}
 
+	if !r.Spec.OperatorSync {
+		oldStorage := old.(*Storage)
+
+		hasIllegalUpdates, diff := hasUpdatesBesidesFrozen(old.(*Storage), r)
+
+		if hasIllegalUpdates {
+			if oldStorage.Spec.OperatorSync {
+				return fmt.Errorf(
+					"it is illegal to update spec.OperatorSync and any other "+
+						"spec fields at the same time. Here is what you else tried to update: %s", diff)
+			}
+
+			return fmt.Errorf(
+				"it is illegal to update any spec fields when spec.OperatorSync is false. "+
+					"Here is what you else tried to update: %s", diff)
+		}
+	}
+
 	yamlConfig := PartialYamlConfig{}
 	err = yaml.Unmarshal([]byte(r.Spec.Configuration), &yamlConfig)
 	if err != nil {
@@ -165,18 +202,20 @@ func (r *Storage) ValidateUpdate(old runtime.Object) error {
 	}
 
 	if (authEnabled && r.Spec.OperatorConnection == nil) || (!authEnabled && r.Spec.OperatorConnection != nil) {
-		return fmt.Errorf("field 'spec.operatorConnection' does not satisfy with config option `enforce_user_token_requirement: %t`", authEnabled)
+		return fmt.Errorf("field 'spec.operatorConnection' does not align with config option `enforce_user_token_requirement: %t`", authEnabled)
 	}
 
 	crdCheckError := checkMonitoringCRD(manager, storagelog, r.Spec.Monitoring != nil)
 	if crdCheckError != nil {
 		return crdCheckError
 	}
 
-	// TODO(user): fill in your validation logic upon object update.
 	return nil
 }
 
 func (r *Storage) ValidateDelete() error {
+	if r.Status.State != StoragePaused {
+		return fmt.Errorf("storage deletion is only possible from `Paused` state, current state %v", r.Status.State)
+	}
 	return nil
 }

deploy/ydb-operator/crds/database.yaml

@@ -2279,12 +2279,27 @@ spec:
                 description: Number of nodes (pods) in the cluster
                 format: int32
                 type: integer
+              operatorSync:
+                default: true
+                description: Enables or disables operator's reconcile loop. `false`
+                  means all the Pods are running, but the reconcile is effectively
+                  turned off. `true` means the default state of the system, all Pods
+                  running, operator reacts to specification change of this Database
+                  resource.
+                type: boolean
               path:
                 description: '(Optional) Custom database path in schemeshard Default:
                   /<spec.domain>/<metadata.name>'
                 maxLength: 255
                 pattern: /[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?/[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?(/[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?)*
                 type: string
+              pause:
+                default: false
+                description: The state of the Database processes. `true` means all
+                  the Database Pods are being killed, but the Database resource is
+                  persisted. `false` means the default state of the system, all Pods
+                  running.
+                type: boolean
               priorityClassName:
                 description: (Optional) If specified, the pod's priorityClassName.
                 type: string
@@ -2988,7 +3003,7 @@ spec:
                 type: string
               volumes:
                 description: 'Additional volumes that will be mounted into the well-known
-                  directory of every storage pod. Directiry: `/opt/ydb/volumes/<volume_name>`.
+                  directory of every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
                   Only `hostPath` volume type is supported for now.'
                 items:
                   description: Volume represents a named volume in a pod that may

deploy/ydb-operator/crds/storage.yaml

@@ -2503,6 +2503,20 @@ spec:
                     - username
                     type: object
                 type: object
+              operatorSync:
+                default: true
+                description: Enables or disables operator's reconcile loop. `false`
+                  means all the Pods are running, but the reconcile is effectively
+                  turned off. `true` means the default state of the system, all Pods
+                  running, operator reacts to specification change of this Storage
+                  resource.
+                type: boolean
+              pause:
+                default: false
+                description: The state of the Storage processes. `true` means all
+                  the Storage Pods are being killed, but the Storage resource is persisted.
+                  `false` means the default state of the system, all Pods running.
+                type: boolean
               priorityClassName:
                 description: (Optional) If specified, the pod's priorityClassName.
                 type: string
@@ -2985,7 +2999,7 @@ spec:
                 type: string
               volumes:
                 description: 'Additional volumes that will be mounted into the well-known
-                  directory of every storage pod. Directiry: `/opt/ydb/volumes/<volume_name>`.
+                  directory of every storage pod. Directory: `/opt/ydb/volumes/<volume_name>`.
                   Only `hostPath` volume type is supported for now.'
                 items:
                   description: Volume represents a named volume in a pod that may