From 9477c87189372c0bc6de81223036d125530630a8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 17 Apr 2023 16:05:23 +0000 Subject: [PATCH 01/12] Migrate project to the `db-operator` org (#1) * Migrate project to the `db-operator` org * Trigger action * Bump charts versions * Update the domain * Update the app version on db-operator chart * chore: Update the cloudish-sql version * refactor: Update api names * fix: Update db-auth-gateway images * fix: Update db-auth-gateway images in Readme.md --- README.md | 4 ++-- charts/db-instances/Chart.yaml | 2 +- charts/db-instances/README.md | 2 +- charts/db-instances/templates/dbinstance.yaml | 2 +- charts/db-operator/Chart.yaml | 6 +++--- charts/db-operator/README.md | 8 ++++---- charts/db-operator/ci/ci-2-values.yaml | 4 ++-- charts/db-operator/ci/ci-3-values.yaml | 4 ++-- charts/db-operator/ci/ci-4-values.yaml | 2 +- .../db-operator/templates/crds/kci.rocks_databases.yaml | 4 ++-- .../db-operator/templates/crds/kci.rocks_dbinstances.yaml | 4 ++-- charts/db-operator/templates/rbac.yaml | 2 +- .../db-operator/templates/webhook/mutating_webhook.yaml | 8 ++++---- .../db-operator/templates/webhook/validation_webhook.yaml | 8 ++++---- charts/db-operator/values-stanley.yaml | 2 +- charts/db-operator/values.yaml | 4 ++-- tests/db-operator/mock-googleapi/templates/api.yaml | 2 +- tests/db-operator/mysql-generic/templates/db.yaml | 2 +- tests/db-operator/mysql-generic/templates/instance.yaml | 2 +- tests/db-operator/postgres-generic/templates/db.yaml | 2 +- .../db-operator/postgres-generic/templates/instance.yaml | 2 +- tests/db-operator/postgres-gsql/templates/instance.yaml | 2 +- 22 files changed, 39 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 8e0bedf..970a0b5 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,9 @@ For triggering it, change the version of Chart.yaml in the chart directory and m ## Configuring helm client ``` -$ helm repo add kloeckneri https://kloeckner-i.github.io/charts +$ helm repo add db-operator https://db-operator.github.io/charts ``` Test the helm chart repository ``` -$ helm search repo kloeckneri +$ helm search repo db-operator ``` \ No newline at end of file diff --git a/charts/db-instances/Chart.yaml b/charts/db-instances/Chart.yaml index 824db5b..860c1cc 100644 --- a/charts/db-instances/Chart.yaml +++ b/charts/db-instances/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Database Instances for db operator name: db-instances -version: 1.4.0 +version: 1.4.1 diff --git a/charts/db-instances/README.md b/charts/db-instances/README.md index 1071707..0623c4d 100644 --- a/charts/db-instances/README.md +++ b/charts/db-instances/README.md @@ -4,7 +4,7 @@ Create DB Instance resources for is DB Operator ## Installing Chart To install the chart with the release name my-release: ``` -$ helm install --name my-release kloeckneri/db-instances +$ helm install --name my-release db-operator/db-instances ``` The command deploys DB Operator on Kubernetes with default configuration. diff --git a/charts/db-instances/templates/dbinstance.yaml b/charts/db-instances/templates/dbinstance.yaml index 936ab35..47b69a8 100644 --- a/charts/db-instances/templates/dbinstance.yaml +++ b/charts/db-instances/templates/dbinstance.yaml @@ -3,7 +3,7 @@ {{- if .Values.dbinstances }} {{- range $name, $value := .Values.dbinstances }} --- -apiVersion: "kci.rocks/v1beta1" +apiVersion: "kinda.rocks/v1beta1" kind: "DbInstance" metadata: name: {{ $name }} diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 02f7100..8aefac1 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 type: application -## All supported k8s versions are in the test: https://github.com/kloeckner-i/db-operator/blob/master/.github/workflows/build-and-test.yaml +## All supported k8s versions are in the test: https://github.com/db-operator/db-operator/blob/master/.github/workflows/build-and-test.yaml kubeVersion: ">= 1.21-prerelease" -appVersion: "1.10.0" +appVersion: "1.10.1" description: A Database Operator name: db-operator -version: 1.7.0 +version: 1.7.1 diff --git a/charts/db-operator/README.md b/charts/db-operator/README.md index 764085a..1b1c874 100644 --- a/charts/db-operator/README.md +++ b/charts/db-operator/README.md @@ -8,7 +8,7 @@ For example: ```BASH $ helm upgrade my-release . -Error: UPGRADE FAILED: rendered manifests contain a resource that already exists. Unable to continue with update: CustomResourceDefinition "databases.kci.rocks" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "my-release"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "default" +Error: UPGRADE FAILED: rendered manifests contain a resource that already exists. Unable to continue with update: CustomResourceDefinition "databases.kinda.rocks" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "my-release"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "default" ``` So you should add following metadata: @@ -24,7 +24,7 @@ metadata: ## Installing Chart To install the chart with the release name my-release: ``` -$ helm install --name my-release kloeckneri/db-operator +$ helm install --name my-release db-operator/db-operator ``` The command deploys DB Operator on Kubernetes with default configuration. For the configuration options see details [Parameters](#Parameters) @@ -41,7 +41,7 @@ The following table lists the configurable parameters of the db-operator chart a | Parameter | Description | Default | |------------------- |----------------------- |--------------- | | `appVersion` | Application Version (DB Operator) | TODO | -| `image.repository` | Container image name | `kloeckneri/db-operator` | +| `image.repository` | Container image name | `db-operator/db-operator` | | `image.tag` | Container image tag | `latest` | | `image.pullPolicy` | Container pull policy | `Always` | | `imagePullSecrets` | Reference to secret to be used when pulling images | "" | @@ -52,7 +52,7 @@ The following table lists the configurable parameters of the db-operator chart a | `affinity` | Node affinity for pod assignment | `{}` | | `annotations` | Annotations to add to the db-operator pod | `{}` | | `podLabels` | Labels to add to the db-operator pod | `{}` | -| `config.instance.google.proxy.image` | Container image of db-auth-gateway | `kloeckneri/db-auth-gateway:0.1.7` | +| `config.instance.google.proxy.image` | Container image of db-auth-gateway | `ghcr.io/db-operator/db-auth-gateway:v0.1.10` | | `config.instance.google.proxy.nodeSelector` | Node labels for google cloud proxy pod assignment | `{}` | | `config.backup.nodeSelector` | Node labels for backup pod assignment | `{}` | | `config.backup.resources` | Resource configuration for running backup container same as https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | `{}` | diff --git a/charts/db-operator/ci/ci-2-values.yaml b/charts/db-operator/ci/ci-2-values.yaml index 72b2edc..2c11cab 100644 --- a/charts/db-operator/ci/ci-2-values.yaml +++ b/charts/db-operator/ci/ci-2-values.yaml @@ -1,5 +1,5 @@ image: - repository: ghcr.io/kloeckner-i/db-operator + repository: ghcr.io/db-operator/db-operator pullPolicy: Always reconcileInterval: "60" @@ -39,7 +39,7 @@ config: google: proxy: nodeSelector: {} - image: kloeckneri/db-auth-gateway:0.1.7 + image: ghcr.io/db-operator/db-auth-gateway:latest metricsPort: 9090 generic: {} percona: diff --git a/charts/db-operator/ci/ci-3-values.yaml b/charts/db-operator/ci/ci-3-values.yaml index fe4c86d..103e74d 100644 --- a/charts/db-operator/ci/ci-3-values.yaml +++ b/charts/db-operator/ci/ci-3-values.yaml @@ -1,5 +1,5 @@ image: - repository: ghcr.io/kloeckner-i/db-operator + repository: ghcr.io/db-operator/db-operator pullPolicy: Always reconcileInterval: "60" @@ -51,7 +51,7 @@ config: proxy: nodeSelector: nodetype: database - image: kloeckneri/db-auth-gateway:0.1.7 + image: ghcr.io/db-operator/db-auth-gateway:latest metricsPort: 9090 generic: {} percona: diff --git a/charts/db-operator/ci/ci-4-values.yaml b/charts/db-operator/ci/ci-4-values.yaml index 468b389..e352a64 100644 --- a/charts/db-operator/ci/ci-4-values.yaml +++ b/charts/db-operator/ci/ci-4-values.yaml @@ -38,7 +38,7 @@ config: google: proxy: nodeSelector: {} - image: kloeckneri/db-auth-gateway:0.1.7 + image: ghcr.io/db-operator/db-auth-gateway:latest metricsPort: 9090 generic: {} percona: diff --git a/charts/db-operator/templates/crds/kci.rocks_databases.yaml b/charts/db-operator/templates/crds/kci.rocks_databases.yaml index bba86bf..bda08c7 100644 --- a/charts/db-operator/templates/crds/kci.rocks_databases.yaml +++ b/charts/db-operator/templates/crds/kci.rocks_databases.yaml @@ -17,7 +17,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} creationTimestamp: null - name: databases.kci.rocks + name: databases.kinda.rocks spec: conversion: strategy: Webhook @@ -30,7 +30,7 @@ spec: conversionReviewVersions: - v1alpha1 - v1beta1 - group: kci.rocks + group: kinda.rocks names: kind: Database listKind: DatabaseList diff --git a/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml b/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml index ff7b2e8..eb2d3ab 100644 --- a/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml +++ b/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml @@ -15,7 +15,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4 }} {{- end }} - name: dbinstances.kci.rocks + name: dbinstances.kinda.rocks spec: conversion: strategy: Webhook @@ -28,7 +28,7 @@ spec: conversionReviewVersions: - v1alpha1 - v1beta1 - group: kci.rocks + group: kinda.rocks names: kind: DbInstance listKind: DbInstanceList diff --git a/charts/db-operator/templates/rbac.yaml b/charts/db-operator/templates/rbac.yaml index fbcf07d..eecf8b9 100644 --- a/charts/db-operator/templates/rbac.yaml +++ b/charts/db-operator/templates/rbac.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} rules: - apiGroups: - - kci.rocks + - kinda.rocks resources: - "*" verbs: diff --git a/charts/db-operator/templates/webhook/mutating_webhook.yaml b/charts/db-operator/templates/webhook/mutating_webhook.yaml index 073eaf7..0d4c13e 100644 --- a/charts/db-operator/templates/webhook/mutating_webhook.yaml +++ b/charts/db-operator/templates/webhook/mutating_webhook.yaml @@ -18,12 +18,12 @@ webhooks: service: name: {{ .Values.webhook.serviceName }} namespace: {{ .Release.Namespace }} - path: /mutate-kci-rocks-v1beta1-database + path: /mutate-kinda-rocks-v1beta1-database failurePolicy: Fail name: mdatabase.kb.io rules: - apiGroups: - - kci.rocks + - kinda.rocks apiVersions: - v1beta1 operations: @@ -38,12 +38,12 @@ webhooks: service: name: {{ .Values.webhook.serviceName }} namespace: {{ .Release.Namespace }} - path: /mutate-kci-rocks-v1beta1-dbinstance + path: /mutate-kinda-rocks-v1beta1-dbinstance failurePolicy: Fail name: mdbinstance.kb.io rules: - apiGroups: - - kci.rocks + - kinda.rocks apiVersions: - v1beta1 operations: diff --git a/charts/db-operator/templates/webhook/validation_webhook.yaml b/charts/db-operator/templates/webhook/validation_webhook.yaml index 7d21fa3..7ea1185 100644 --- a/charts/db-operator/templates/webhook/validation_webhook.yaml +++ b/charts/db-operator/templates/webhook/validation_webhook.yaml @@ -18,12 +18,12 @@ webhooks: service: name: {{ .Values.webhook.serviceName }} namespace: {{ .Release.Namespace }} - path: /validate-kci-rocks-v1beta1-database + path: /validate-kinda-rocks-v1beta1-database failurePolicy: Fail name: vdatabase.kb.io rules: - apiGroups: - - kci.rocks + - kinda.rocks apiVersions: - v1beta1 operations: @@ -38,12 +38,12 @@ webhooks: service: name: {{ .Values.webhook.serviceName }} namespace: {{ .Release.Namespace }} - path: /validate-kci-rocks-v1beta1-dbinstance + path: /validate-kinda-rocks-v1beta1-dbinstance failurePolicy: Fail name: vdbinstance.kb.io rules: - apiGroups: - - kci.rocks + - kinda.rocks apiVersions: - v1beta1 operations: diff --git a/charts/db-operator/values-stanley.yaml b/charts/db-operator/values-stanley.yaml index c1b9221..b107fcc 100644 --- a/charts/db-operator/values-stanley.yaml +++ b/charts/db-operator/values-stanley.yaml @@ -1,5 +1,5 @@ image: - repository: registry.kci.rocks/devops/db-operator + repository: registry.kinda.rocks/devops/db-operator tag: latest pullPolicy: IfNotPresent diff --git a/charts/db-operator/values.yaml b/charts/db-operator/values.yaml index f5790fc..4a0e144 100644 --- a/charts/db-operator/values.yaml +++ b/charts/db-operator/values.yaml @@ -1,7 +1,7 @@ nameOverride: "" image: - repository: ghcr.io/kloeckner-i/db-operator + repository: ghcr.io/db-operator/db-operator pullPolicy: Always logLevel: info @@ -70,7 +70,7 @@ config: google: proxy: nodeSelector: {} - image: kloeckneri/db-auth-gateway:0.1.7 + image: ghcr.io/db-operator/db-auth-gateway:v0.1.10 metricsPort: 9090 generic: {} percona: diff --git a/tests/db-operator/mock-googleapi/templates/api.yaml b/tests/db-operator/mock-googleapi/templates/api.yaml index 9dd61d1..3012004 100644 --- a/tests/db-operator/mock-googleapi/templates/api.yaml +++ b/tests/db-operator/mock-googleapi/templates/api.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: api - image: ghcr.io/kloeckner-i/cloudish-sql:v1.0.0 + image: ghcr.io/db-operator/cloudish-sql:v1.0.1 ports: - containerPort: 8080 name: http diff --git a/tests/db-operator/mysql-generic/templates/db.yaml b/tests/db-operator/mysql-generic/templates/db.yaml index dea9876..d5e42f1 100644 --- a/tests/db-operator/mysql-generic/templates/db.yaml +++ b/tests/db-operator/mysql-generic/templates/db.yaml @@ -1,4 +1,4 @@ -apiVersion: "kci.rocks/v1beta1" +apiVersion: "kinda.rocks/v1beta1" kind: "Database" metadata: name: {{ .Values.db.name }} diff --git a/tests/db-operator/mysql-generic/templates/instance.yaml b/tests/db-operator/mysql-generic/templates/instance.yaml index d0d6cfc..17d3101 100644 --- a/tests/db-operator/mysql-generic/templates/instance.yaml +++ b/tests/db-operator/mysql-generic/templates/instance.yaml @@ -1,4 +1,4 @@ -apiVersion: kci.rocks/v1beta1 +apiVersion: kinda.rocks/v1beta1 kind: DbInstance metadata: name: {{ .Values.instance.name }} diff --git a/tests/db-operator/postgres-generic/templates/db.yaml b/tests/db-operator/postgres-generic/templates/db.yaml index 283479a..c8d8d56 100644 --- a/tests/db-operator/postgres-generic/templates/db.yaml +++ b/tests/db-operator/postgres-generic/templates/db.yaml @@ -1,4 +1,4 @@ -apiVersion: "kci.rocks/v1beta1" +apiVersion: "kinda.rocks/v1beta1" kind: "Database" metadata: name: pg-generic-db diff --git a/tests/db-operator/postgres-generic/templates/instance.yaml b/tests/db-operator/postgres-generic/templates/instance.yaml index e689a5d..5205015 100644 --- a/tests/db-operator/postgres-generic/templates/instance.yaml +++ b/tests/db-operator/postgres-generic/templates/instance.yaml @@ -1,4 +1,4 @@ -apiVersion: kci.rocks/v1beta1 +apiVersion: kinda.rocks/v1beta1 kind: DbInstance metadata: name: pg-generic-instance diff --git a/tests/db-operator/postgres-gsql/templates/instance.yaml b/tests/db-operator/postgres-gsql/templates/instance.yaml index b449c3c..104b9a8 100644 --- a/tests/db-operator/postgres-gsql/templates/instance.yaml +++ b/tests/db-operator/postgres-gsql/templates/instance.yaml @@ -1,4 +1,4 @@ -apiVersion: kci.rocks/v1beta1 +apiVersion: kinda.rocks/v1beta1 kind: DbInstance metadata: name: pg-gsql-instance From 33af3a1b42e3b0fa4110e4d91d8b83ebeb50fb88 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 18 Apr 2023 04:04:02 +0000 Subject: [PATCH 02/12] Create postgres databases from template (#2) * chore: Update chart and app versions * feat(db-operator): Add `template` to postgres object --- charts/db-operator/Chart.yaml | 4 ++-- charts/db-operator/templates/crds/kci.rocks_databases.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 8aefac1..774fe05 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 type: application ## All supported k8s versions are in the test: https://github.com/db-operator/db-operator/blob/master/.github/workflows/build-and-test.yaml kubeVersion: ">= 1.21-prerelease" -appVersion: "1.10.1" +appVersion: "1.11.0" description: A Database Operator name: db-operator -version: 1.7.1 +version: 1.8.0 diff --git a/charts/db-operator/templates/crds/kci.rocks_databases.yaml b/charts/db-operator/templates/crds/kci.rocks_databases.yaml index bda08c7..bf67e0c 100644 --- a/charts/db-operator/templates/crds/kci.rocks_databases.yaml +++ b/charts/db-operator/templates/crds/kci.rocks_databases.yaml @@ -418,6 +418,9 @@ spec: items: type: string type: array + template: + description: Let user create database from template + type: string type: object secretName: type: string From 95efee79d0731bd8e53798380c1441d7ca47968d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 15 Jun 2023 16:33:56 +0200 Subject: [PATCH 03/12] Keep up with k8s versions (#4) * Format the test worflow * Test against more k8s versions * Upgrade the chart version * Drop support for 1.21 * Add a `prerelease` label to k8s version --- .github/workflows/test.yaml | 29 +++++++++++++++++++---------- charts/db-operator/Chart.yaml | 6 +++--- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 5a0f529..ad6d9bb 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,3 +1,4 @@ +--- name: Test on: @@ -9,11 +10,11 @@ on: - main jobs: - get-chart: + get-chart: runs-on: ubuntu-latest outputs: changed_charts: ${{ steps.get-chart.outputs.changed_charts }} - steps: + steps: - name: Checkout uses: actions/checkout@v3 with: @@ -21,7 +22,7 @@ jobs: fetch-depth: 2 # to be able to obtain files changed in the latest commit - id: get-chart - name: 'Get modified charts' + name: "Get modified charts" run: | cd charts files_changed="$(git diff --name-only HEAD^ HEAD)" @@ -29,9 +30,9 @@ jobs: charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "charts/[^/]*" | sed "s|charts/||g" | uniq | tr '\n' ' ' || true)" echo "changed:${charts_dirs_changed}" echo "::set-output name=changed_charts::${charts_dirs_changed}" - lint: + lint: runs-on: ubuntu-latest - steps: + steps: - name: Checkout uses: actions/checkout@v3 with: @@ -58,11 +59,19 @@ jobs: if: ${{ contains(needs.get-chart.outputs.changed_charts, 'db-operator') || contains(needs.get-chart.outputs.changed_charts, 'db-instances') }} strategy: matrix: - k8s_version: ['v1.21.6', 'v1.22.3', 'v1.23.1', 'v1.24.3'] + k8s_version: + [ + "v1.22.8", + "v1.23.5", + "v1.24.14", + "v1.25.10", + "v1.26.5", + "v1.27.2", + ] steps: - name: Checkout uses: actions/checkout@v3 - + # The existing apparmor profile for mysql needs to be removed. # https://github.com/actions/virtual-environments/issues/181 # https://github.com/moby/moby/issues/7512#issuecomment-51845976 @@ -73,17 +82,17 @@ jobs: sudo apt-get update -y sudo apt-get install apparmor-profiles sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld - + - name: Create k3d cluster env: K8S_VERSION: ${{ matrix.k8s_version }} run: make k3d - + - name: Install Cert Manager run: make cert-manager - name: Install Helm chart run: make db-operator - + - name: Integration test run: ./tests/db-operator/integration.sh diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 774fe05..3fe9da1 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 type: application ## All supported k8s versions are in the test: https://github.com/db-operator/db-operator/blob/master/.github/workflows/build-and-test.yaml -kubeVersion: ">= 1.21-prerelease" -appVersion: "1.11.0" +kubeVersion: ">= 1.22-prerelease" +appVersion: "1.12.0" description: A Database Operator name: db-operator -version: 1.8.0 +version: 1.9.0 From 53209e4a4eeb554fe42aa36a3124381ae5de2c8e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jun 2023 14:53:52 +0200 Subject: [PATCH 04/12] fix(db-operator): Now db-instance is guarded by if condition as well (#5) * fix(db-operator): Now db-instance is guarded by if condition as well It used to ignore the `crds.install` thing. not it shouldn't anymore * chore(db-operator): Upgrade a version * fix: Typo is gone --- charts/db-operator/Chart.yaml | 2 +- charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 3fe9da1..2271b71 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -5,4 +5,4 @@ kubeVersion: ">= 1.22-prerelease" appVersion: "1.12.0" description: A Database Operator name: db-operator -version: 1.9.0 +version: 1.9.1 diff --git a/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml b/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml index eb2d3ab..1f99cc3 100644 --- a/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml +++ b/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml @@ -1,3 +1,4 @@ +{{- if .Values.crds.install }} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -378,3 +379,4 @@ spec: storage: true subresources: status: {} +{{- end }} From bce0f4d0d36dae696eebb3c0f26cdd65eab6be44 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 17 Jul 2023 11:59:00 +0200 Subject: [PATCH 05/12] Add an ability to set labels per dbinstance (#6) * Add an ability to set labels to DbInstances * Upgrade the db-instances chart to 1.4.2 --- charts/db-instances/Chart.yaml | 2 +- charts/db-instances/templates/dbinstance.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/db-instances/Chart.yaml b/charts/db-instances/Chart.yaml index 860c1cc..23d0631 100644 --- a/charts/db-instances/Chart.yaml +++ b/charts/db-instances/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Database Instances for db operator name: db-instances -version: 1.4.1 +version: 1.4.2 diff --git a/charts/db-instances/templates/dbinstance.yaml b/charts/db-instances/templates/dbinstance.yaml index 47b69a8..d0ee68a 100644 --- a/charts/db-instances/templates/dbinstance.yaml +++ b/charts/db-instances/templates/dbinstance.yaml @@ -13,6 +13,9 @@ metadata: {{- end }} labels: {{- include "db-instances.labels" $ | nindent 4 }} + {{- with $value.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: engine: {{ $value.engine }} {{- if $value.existingAdminSecret }} From 13c4875a59c89e96ec202384f1a33a84ac6939ad Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 8 Aug 2023 14:55:33 +0200 Subject: [PATCH 06/12] Make the webhook optional (#7) * Make the webhook creation optional Not everybody needs a webhook, so it makes sense to make its creation optional. Also, I've added a very basic test for values, that is checking if the wished files are generated by helm using certain values files. I'd say it's rather a temporary solution, but currently, I don't know a better option Issue: https://github.com/db-operator/db-operator/issues/38 * build: Upgrade k8s versions in tests New versions of Kubernetes were released. I've updated them to have ones that are currently actual in the CI pipeline --- .github/workflows/test.yaml | 19 ++- charts/db-operator/CHANGELOG.md | 4 + charts/db-operator/Chart.yaml | 28 +++- charts/db-operator/Makefile | 2 + charts/db-operator/README.md | 157 +++++++++++++----- charts/db-operator/ci/ci-5-values.yaml | 3 + .../ci/unit-test/values-crds-no-cert.yaml | 16 ++ .../ci/unit-test/values-crds-no-issuer.yaml | 18 ++ .../db-operator/ci/unit-test/values-crds.yaml | 16 ++ .../ci/unit-test/values-no-crds.yaml | 14 ++ .../ci/unit-test/values-no-rback.yaml | 14 ++ .../ci/unit-test/values-no-svcaccount.yaml | 15 ++ .../ci/unit-test/values-no-webhook.yaml | 13 ++ .../ci/unit-test/values-webhook.yaml | 16 ++ charts/db-operator/scripts/test_values | 61 +++++++ .../templates/crds/kci.rocks_databases.yaml | 2 + .../templates/crds/kci.rocks_dbinstances.yaml | 2 + .../templates/webhook/mutating_webhook.yaml | 2 + .../templates/webhook/service.yaml | 4 +- .../templates/webhook/validation_webhook.yaml | 2 + charts/db-operator/values.yaml | 1 + 21 files changed, 354 insertions(+), 55 deletions(-) create mode 100644 charts/db-operator/CHANGELOG.md create mode 100644 charts/db-operator/Makefile create mode 100644 charts/db-operator/ci/ci-5-values.yaml create mode 100644 charts/db-operator/ci/unit-test/values-crds-no-cert.yaml create mode 100644 charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml create mode 100644 charts/db-operator/ci/unit-test/values-crds.yaml create mode 100644 charts/db-operator/ci/unit-test/values-no-crds.yaml create mode 100644 charts/db-operator/ci/unit-test/values-no-rback.yaml create mode 100644 charts/db-operator/ci/unit-test/values-no-svcaccount.yaml create mode 100644 charts/db-operator/ci/unit-test/values-no-webhook.yaml create mode 100644 charts/db-operator/ci/unit-test/values-webhook.yaml create mode 100755 charts/db-operator/scripts/test_values diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ad6d9bb..2faa2a0 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -53,6 +53,17 @@ jobs: - name: Run chart-testing (lint) run: ct lint --validate-maintainers=false --target-branch main + test-values: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Run the test + run: | + cd charts/db-operator + ./scripts/test_values -p ./ci/unit-test + db-operator-test: runs-on: ubuntu-latest needs: get-chart @@ -63,10 +74,10 @@ jobs: [ "v1.22.8", "v1.23.5", - "v1.24.14", - "v1.25.10", - "v1.26.5", - "v1.27.2", + "v1.24.16", + "v1.25.12", + "v1.26.7", + "v1.27.4", ] steps: - name: Checkout diff --git a/charts/db-operator/CHANGELOG.md b/charts/db-operator/CHANGELOG.md new file mode 100644 index 0000000..0535389 --- /dev/null +++ b/charts/db-operator/CHANGELOG.md @@ -0,0 +1,4 @@ +# Changelog + +## 1.9.2 +- feat: Make the webhook optional | https://github.com/db-operator/charts/pull/7 diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 2271b71..654e104 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -1,8 +1,28 @@ +--- apiVersion: v2 type: application -## All supported k8s versions are in the test: https://github.com/db-operator/db-operator/blob/master/.github/workflows/build-and-test.yaml +name: db-operator +version: 1.9.2 +# --------------------------------------------------------------------------------- +# -- All supported k8s versions are in the test: +# -- https://github.com/db-operator/charts/blob/main/.github/workflows/test.yaml +# --------------------------------------------------------------------------------- kubeVersion: ">= 1.22-prerelease" appVersion: "1.12.0" -description: A Database Operator -name: db-operator -version: 1.9.1 +description: The DB Operator creates databases and make them available in the cluster via Custom Resource. +home: https://github.com/db-operator/db-operator + +maintainers: + - name: Nikolai Rodionov + email: allanger@zohomail.com + +sources: + - https://github.com/db-operator/db-operator + - https://github.com/db-operator/cloudish-sql + - https://github.com/db-operator/pgdump-gcs + - https://github.com/db-operator/mydump-gcs +keywords: + - database + - Operator + - mysql + - postgres diff --git a/charts/db-operator/Makefile b/charts/db-operator/Makefile new file mode 100644 index 0000000..97d4272 --- /dev/null +++ b/charts/db-operator/Makefile @@ -0,0 +1,2 @@ +gen_docs: + \ No newline at end of file diff --git a/charts/db-operator/README.md b/charts/db-operator/README.md index 1b1c874..f648c0f 100644 --- a/charts/db-operator/README.md +++ b/charts/db-operator/README.md @@ -1,8 +1,116 @@ # db-operator + +![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square) + DB Operator is Kubernetes operator +The source of the operator can be found here: https://github.com/db-operator/db-operator + +## Installing Chart +To install the chart with the release name my-release: +``` +$ helm install --name my-release db-operator/db-operator +``` +The command deploys DB Operator on Kubernetes with default configuration. For the configuration options see details [Parameters](#Parameters) + +## Uninstalling Chart +To uninstall the `my-release` deployment: +``` +$ helm delete my-release +``` + +## Webhooks + +You can disable webhooks if you don't need them, by providing this value +```yaml +webhook: + create: false +``` + +## Requirements + +Kubernetes: `>= 1.22-prerelease` -## Upgrading to `v1.10.0` -CRDs are moved to the `templates` folder, so now they are part of the release. It means that when migration you will get errors about resource ownership. Thow errors will contain messages about missing `labels` and `annotations`, and the easiest way to fix it, will be just to add the `metadata` that helm can't find. So you can follow those messages one by one and when all the `CRDs` are patched, you'll be able to install the release. +If you use webhooks, you also might need to have cert-manager + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | | +| config.backup.activeDeadlineSeconds | int | `600` | | +| config.backup.mysql.image | string | `"kloeckneri/mydump-gcs:latest"` | | +| config.backup.nodeSelector | object | `{}` | | +| config.backup.postgres.image | string | `"kloeckneri/pgdump-gcs:latest"` | | +| config.backup.resources.requests.cpu | float | `0.2` | | +| config.backup.resources.requests.memory | string | `"64Mi"` | | +| config.instance.generic | object | `{}` | | +| config.instance.google.proxy.image | string | `"ghcr.io/db-operator/db-auth-gateway:v0.1.10"` | | +| config.instance.google.proxy.metricsPort | int | `9090` | | +| config.instance.google.proxy.nodeSelector | object | `{}` | | +| config.instance.percona.proxy.image | string | `"severalnines/proxysql:2.0"` | | +| config.instance.percona.proxy.metricsPort | int | `9090` | | +| config.monitoring.nodeSelector | object | `{}` | | +| config.monitoring.postgres.image | string | `"wrouesnel/postgres_exporter:latest"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[0].userid.description | string | `"User ID"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[0].userid.usage | string | `"LABEL"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[1].dbid.description | string | `"database ID"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[1].dbid.usage | string | `"LABEL"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[2].datname.description | string | `"database NAME"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[2].datname.usage | string | `"LABEL"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[3].queryid.description | string | `"Query unique Hash Code"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[3].queryid.usage | string | `"LABEL"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[4].query.description | string | `"Query class"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[4].query.usage | string | `"LABEL"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[5].calls.description | string | `"Number of times executed"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[5].calls.usage | string | `"COUNTER"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[6].total_time.description | string | `"Total time spent in the statement, in milliseconds"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[6].total_time.usage | string | `"COUNTER"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[7].mean_time.description | string | `"Mean time spent in the statement, in milliseconds"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[7].mean_time.usage | string | `"GAUGE"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[8].rows.description | string | `"Total number of rows retrieved or affected by the statement"` | | +| config.monitoring.postgres.queries.pg_stat_statements.metrics[8].rows.usage | string | `"COUNTER"` | | +| config.monitoring.postgres.queries.pg_stat_statements.query | string | `"SELECT userid, pgss.dbid, pgdb.datname, queryid, query, calls, total_time, mean_time, rows FROM pg_stat_statements pgss LEFT JOIN (select oid as dbid, datname from pg_database) as pgdb on pgdb.dbid = pgss.dbid WHERE not queryid isnull ORDER BY mean_time desc limit 20"` | | +| config.monitoring.promPushGateway | string | `""` | | +| crds.annotations | object | `{}` | | +| crds.install | bool | `true` | | +| crds.keep | bool | `true` | | +| image.logLevel | string | `"info"` | | +| image.pullPolicy | string | `"Always"` | | +| image.repository | string | `"ghcr.io/db-operator/db-operator"` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podLabels | object | `{}` | | +| rbac.create | bool | `true` | | +| reconcileInterval | string | `"60"` | | +| resources | object | `{}` | | +| secrets.gsql | object | `{}` | | +| security | object | `{}` | | +| service.annotations | object | `{}` | | +| service.port | int | `8080` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.create | bool | `true` | | +| serviceMonitor.enabled | bool | `false` | | +| tolerations | list | `[]` | | +| watchNamespace | string | `""` | | +| webhook.certificate.create | bool | `true` | ------------------------------------------ | +| webhook.certificate.issuer.create | bool | `true` | | +| webhook.certificate.issuer.kind | string | `"Issuer"` | --------------------------------------- | +| webhook.certificate.issuer.name | string | `"db-operator-issuer"` | | +| webhook.certificate.name | string | `"db-operator-webhook"` | | +| webhook.certificate.secretName | string | `"db-operator-webhook-cert"` | | +| webhook.names.mutating | string | `"db-operator-mutating-webhook-configuration"` | | +| webhook.names.validating | string | `"db-operator-validating-webhook-configuration"` | | +| webhook.serviceName | string | `"db-operator-webhook"` | | + +## Upgrading + +If there is an breaking change, or something that might make the upgrade complcated, it should be decsribed here + +
+ To `v1.10.0` + +CRDs are moved to the `templates` folder, so now they are part of the release. It means that after the upgrade, you will get errors about resource ownerships. Thow errors will contain messages about missing `labels` and `annotations`, and the easiest way to fix it, will be just to add the `metadata` that helm can't find. So you can follow those messages one by one and when all the `CRDs` are patched, you'll be able to install the release. For example: @@ -20,47 +128,4 @@ metadata: "meta.helm.sh/release-name": my-release "meta.helm.sh/release-namespace": default ``` - -## Installing Chart -To install the chart with the release name my-release: -``` -$ helm install --name my-release db-operator/db-operator -``` -The command deploys DB Operator on Kubernetes with default configuration. For the configuration options see details [Parameters](#Parameters) - -## Uninstalling Chart -To uninstall the `my-release` deployment: -``` -$ helm delete my-release -``` - -## Parameters - -The following table lists the configurable parameters of the db-operator chart and their default values. - -| Parameter | Description | Default | -|------------------- |----------------------- |--------------- | -| `appVersion` | Application Version (DB Operator) | TODO | -| `image.repository` | Container image name | `db-operator/db-operator` | -| `image.tag` | Container image tag | `latest` | -| `image.pullPolicy` | Container pull policy | `Always` | -| `imagePullSecrets` | Reference to secret to be used when pulling images | "" | -| `rbac.create` | Create RBAC resources | `true` | -| `serviceAccount.create` | If `true`, create a new service account | `true` | -| `resources` | CPU/memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `affinity` | Node affinity for pod assignment | `{}` | -| `annotations` | Annotations to add to the db-operator pod | `{}` | -| `podLabels` | Labels to add to the db-operator pod | `{}` | -| `config.instance.google.proxy.image` | Container image of db-auth-gateway | `ghcr.io/db-operator/db-auth-gateway:v0.1.10` | -| `config.instance.google.proxy.nodeSelector` | Node labels for google cloud proxy pod assignment | `{}` | -| `config.backup.nodeSelector` | Node labels for backup pod assignment | `{}` | -| `config.backup.resources` | Resource configuration for running backup container same as https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | `{}` | -| `config.backup.activeDeadlineSeconds` | activeDeadlineSeconds of backup cronjob | `600` | -| `config.backup.postgres.image` | Container image of backup cronjob (only for postgres databases) | `kloeckneri/pgdump-gcs:latest` | -| `config.monitoring.nodeSelector` | Node labels for monitoring pod assignment | `{}` | -| `config.monitoring.postgres.image` | Container image of prometheus exporter (only for postgres databases) | `wrouesnel/postgres_exporter:latest` | -| `config.monitoring.postgres.queries` | Queries executed by prometheus exporter (only for postgres databases) | see `values.yaml` for defaults | -| `secrets.gsql.admin` | Service account json used by operator to create Cloud SQL instance in GCE(**Cloud SQL Admin**) | `{}` | -| `secrets.gsql.readonly` | Service account json will be used by application to access database Cloud SQL in GCE(**Cloud SQL Client** role) | `{}` | -| `serviceMonitor.enabled` | Enabling ServiceMonitor for prometheus operator monitoring | `false` | +
\ No newline at end of file diff --git a/charts/db-operator/ci/ci-5-values.yaml b/charts/db-operator/ci/ci-5-values.yaml new file mode 100644 index 0000000..f3b78eb --- /dev/null +++ b/charts/db-operator/ci/ci-5-values.yaml @@ -0,0 +1,3 @@ +--- +webhook: + create: false diff --git a/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml b/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml new file mode 100644 index 0000000..972f591 --- /dev/null +++ b/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml @@ -0,0 +1,16 @@ +values: | + webhook: + certificate: + create: false +files: + - ConfigMap-db-operator-config.yml + - Deployment-db-operator.yml + - ServiceAccount-db-operator-sa.yml + - ClusterRoleBinding-db-operator-sa.yml + - CustomResourceDefinition-databases.kinda.rocks + - Service-db-operator-webhook.yml + - ClusterRole-db-operator.yml + - CustomResourceDefinition-dbinstances.kinda.rocks + - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml + - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml + - Issuer-db-operator-issuer.yml diff --git a/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml b/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml new file mode 100644 index 0000000..56014c2 --- /dev/null +++ b/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml @@ -0,0 +1,18 @@ +values: | + webhook: + install: true + certificate: + issuer: + create: false +files: + - Certificate-db-operator-webhook.yml + - ConfigMap-db-operator-config.yml + - Deployment-db-operator.yml + - ServiceAccount-db-operator-sa.yml + - ClusterRoleBinding-db-operator-sa.yml + - CustomResourceDefinition-databases.kinda.rocks + - Service-db-operator-webhook.yml + - ClusterRole-db-operator.yml + - CustomResourceDefinition-dbinstances.kinda.rocks + - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml + - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-crds.yaml b/charts/db-operator/ci/unit-test/values-crds.yaml new file mode 100644 index 0000000..50c2955 --- /dev/null +++ b/charts/db-operator/ci/unit-test/values-crds.yaml @@ -0,0 +1,16 @@ +values: | + crds: + install: true +files: + - Certificate-db-operator-webhook.yml + - ConfigMap-db-operator-config.yml + - Deployment-db-operator.yml + - ServiceAccount-db-operator-sa.yml + - ClusterRoleBinding-db-operator-sa.yml + - CustomResourceDefinition-databases.kinda.rocks + - Issuer-db-operator-issuer.yml + - Service-db-operator-webhook.yml + - ClusterRole-db-operator.yml + - CustomResourceDefinition-dbinstances.kinda.rocks + - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml + - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-no-crds.yaml b/charts/db-operator/ci/unit-test/values-no-crds.yaml new file mode 100644 index 0000000..7440232 --- /dev/null +++ b/charts/db-operator/ci/unit-test/values-no-crds.yaml @@ -0,0 +1,14 @@ +values: | + crds: + install: false +files: + - Certificate-db-operator-webhook.yml + - ConfigMap-db-operator-config.yml + - Deployment-db-operator.yml + - ServiceAccount-db-operator-sa.yml + - ClusterRoleBinding-db-operator-sa.yml + - Issuer-db-operator-issuer.yml + - Service-db-operator-webhook.yml + - ClusterRole-db-operator.yml + - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml + - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-no-rback.yaml b/charts/db-operator/ci/unit-test/values-no-rback.yaml new file mode 100644 index 0000000..abe409e --- /dev/null +++ b/charts/db-operator/ci/unit-test/values-no-rback.yaml @@ -0,0 +1,14 @@ +values: | + rbac: + create: false +files: + - Certificate-db-operator-webhook.yml + - ConfigMap-db-operator-config.yml + - Deployment-db-operator.yml + - CustomResourceDefinition-databases.kinda.rocks + - Issuer-db-operator-issuer.yml + - Service-db-operator-webhook.yml + - ServiceAccount-db-operator-sa.yml + - CustomResourceDefinition-dbinstances.kinda.rocks + - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml + - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml b/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml new file mode 100644 index 0000000..a17a867 --- /dev/null +++ b/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml @@ -0,0 +1,15 @@ +values: | + serviceAccount: + create: false +files: + - Certificate-db-operator-webhook.yml + - ConfigMap-db-operator-config.yml + - Deployment-db-operator.yml + - ClusterRoleBinding-db-operator-sa.yml + - CustomResourceDefinition-databases.kinda.rocks + - Issuer-db-operator-issuer.yml + - Service-db-operator-webhook.yml + - ClusterRole-db-operator.yml + - CustomResourceDefinition-dbinstances.kinda.rocks + - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml + - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-no-webhook.yaml b/charts/db-operator/ci/unit-test/values-no-webhook.yaml new file mode 100644 index 0000000..b78d2ad --- /dev/null +++ b/charts/db-operator/ci/unit-test/values-no-webhook.yaml @@ -0,0 +1,13 @@ +values: | + webhook: + enabled: false +files: + - Certificate-db-operator-webhook.yml + - ConfigMap-db-operator-config.yml + - Deployment-db-operator.yml + - ServiceAccount-db-operator-sa.yml + - ClusterRoleBinding-db-operator-sa.yml + - CustomResourceDefinition-databases.kinda.rocks + - Issuer-db-operator-issuer.yml + - ClusterRole-db-operator.yml + - CustomResourceDefinition-dbinstances.kinda.rocks diff --git a/charts/db-operator/ci/unit-test/values-webhook.yaml b/charts/db-operator/ci/unit-test/values-webhook.yaml new file mode 100644 index 0000000..9edaef6 --- /dev/null +++ b/charts/db-operator/ci/unit-test/values-webhook.yaml @@ -0,0 +1,16 @@ +values: | + webhook: + enabled: true +files: + - Certificate-db-operator-webhook.yml + - ConfigMap-db-operator-config.yml + - Deployment-db-operator.yml + - ServiceAccount-db-operator-sa.yml + - ClusterRoleBinding-db-operator-sa.yml + - CustomResourceDefinition-databases.kinda.rocks + - Issuer-db-operator-issuer.yml + - Service-db-operator-webhook.yml + - ClusterRole-db-operator.yml + - CustomResourceDefinition-dbinstances.kinda.rocks + - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml + - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/scripts/test_values b/charts/db-operator/scripts/test_values new file mode 100755 index 0000000..b0c4878 --- /dev/null +++ b/charts/db-operator/scripts/test_values @@ -0,0 +1,61 @@ +#! /usr/bin/env bash +set -e + +# ----------------------------------------------------------------------- +# -- It's a script that should check if values are working correctly +# -- +# -- It's not checking the content of generated files, but only checks +# -- which files are generated (currently) +# -- +# -- This scripts requires go-yq and helm +# ----------------------------------------------------------------------- + +function usage() { + cat <&2 + done +shift $(($OPTIND - 1)) + +if [ -z "${VALUES_PATH}" ]; then + echo VALUES_PATH is not set + usage +fi + + +CURRENT_DIR=$(pwd) +for FILE in $(find $VALUES_PATH -type f); do + WORKDIR=$(mktemp -d) + echo "Checking $FILE" + cd $WORKDIR + yq '.values' "$CURRENT_DIR/$FILE" > values.yaml + helm template db-operator $CURRENT_DIR -f values.yaml | yq -s '.kind + "-" + .metadata.name' + rm -f values.yaml + ACTUAL_FILES=($(ls $WORKDIR)) + EXPECTED_FILES=($(yq '.files[]' $CURRENT_DIR/$FILE)) + DIFF=($(echo ${ACTUAL_FILES[@]} ${EXPECTED_FILES[@]} | tr ' ' '\n' | sort | uniq -u)) + if [ ${#DIFF[@]} -eq 0 ]; then + echo "PASSED" + rm -rf "${WORKDIR}" + else + echo "FAILED: Please check unexpected files -> ${DIFF[*]}" + fi + +done diff --git a/charts/db-operator/templates/crds/kci.rocks_databases.yaml b/charts/db-operator/templates/crds/kci.rocks_databases.yaml index bf67e0c..a96392c 100644 --- a/charts/db-operator/templates/crds/kci.rocks_databases.yaml +++ b/charts/db-operator/templates/crds/kci.rocks_databases.yaml @@ -19,6 +19,7 @@ metadata: creationTimestamp: null name: databases.kinda.rocks spec: + {{- if .Values.webhook.enabled }} conversion: strategy: Webhook webhook: @@ -30,6 +31,7 @@ spec: conversionReviewVersions: - v1alpha1 - v1beta1 + {{- end }} group: kinda.rocks names: kind: Database diff --git a/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml b/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml index 1f99cc3..8e8b8ec 100644 --- a/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml +++ b/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml @@ -18,6 +18,7 @@ metadata: {{- end }} name: dbinstances.kinda.rocks spec: + {{- if .Values.webhook.enabled }} conversion: strategy: Webhook webhook: @@ -29,6 +30,7 @@ spec: conversionReviewVersions: - v1alpha1 - v1beta1 + {{- end }} group: kinda.rocks names: kind: DbInstance diff --git a/charts/db-operator/templates/webhook/mutating_webhook.yaml b/charts/db-operator/templates/webhook/mutating_webhook.yaml index 0d4c13e..2a4f52d 100644 --- a/charts/db-operator/templates/webhook/mutating_webhook.yaml +++ b/charts/db-operator/templates/webhook/mutating_webhook.yaml @@ -1,3 +1,4 @@ +{{- if .Values.webhook.enabled }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -52,3 +53,4 @@ webhooks: resources: - dbinstances sideEffects: None +{{- end }} diff --git a/charts/db-operator/templates/webhook/service.yaml b/charts/db-operator/templates/webhook/service.yaml index 3d0ca80..c4add29 100644 --- a/charts/db-operator/templates/webhook/service.yaml +++ b/charts/db-operator/templates/webhook/service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.webhook.enabled }} --- apiVersion: v1 kind: Service @@ -10,4 +11,5 @@ spec: protocol: TCP targetPort: 9443 selector: - app.kubernetes.io/name: db-operator \ No newline at end of file + app.kubernetes.io/name: db-operator +{{- end }} diff --git a/charts/db-operator/templates/webhook/validation_webhook.yaml b/charts/db-operator/templates/webhook/validation_webhook.yaml index 7ea1185..5d6f33c 100644 --- a/charts/db-operator/templates/webhook/validation_webhook.yaml +++ b/charts/db-operator/templates/webhook/validation_webhook.yaml @@ -1,3 +1,4 @@ +{{- if .Values.webhook.enabled }} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -52,3 +53,4 @@ webhooks: resources: - dbinstances sideEffects: None +{{- end }} diff --git a/charts/db-operator/values.yaml b/charts/db-operator/values.yaml index 4a0e144..b5c3e29 100644 --- a/charts/db-operator/values.yaml +++ b/charts/db-operator/values.yaml @@ -24,6 +24,7 @@ crds: annotations: {} webhook: + enabled: true serviceName: db-operator-webhook names: mutating: db-operator-mutating-webhook-configuration From a1ec5cfdd1dcb15dce02db187c7d24ea164150b0 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 16 Aug 2023 12:40:37 +0200 Subject: [PATCH 07/12] Upgrade db operator version to 1.13.1 (#10) * Uprade db-operator to 1.13.0 version I've upgraded db-operator to 1.13.0 and added new CRD to templates. Also, I've added support for --check-for-changes arg * Update old CRDs to controller-get 0.12.0 * Replace "kci" with "kinda" in CRDs files names * Upgrade db-operator to 1.13.1 --- charts/db-operator/Chart.yaml | 4 +- .../ci/unit-test/values-crds-no-cert.yaml | 1 + .../ci/unit-test/values-crds-no-issuer.yaml | 1 + .../db-operator/ci/unit-test/values-crds.yaml | 1 + .../ci/unit-test/values-no-rback.yaml | 1 + .../ci/unit-test/values-no-svcaccount.yaml | 1 + .../ci/unit-test/values-no-webhook.yaml | 1 + .../ci/unit-test/values-webhook.yaml | 1 + charts/db-operator/templates/_helpers.tpl | 12 ++ ...abases.yaml => kinda.rocks_databases.yaml} | 9 +- ...nces.yaml => kinda.rocks_dbinstances.yaml} | 2 +- .../templates/crds/kinda.rocks_dbuser.yaml | 103 ++++++++++++++++++ charts/db-operator/templates/operator.yaml | 6 + .../templates/webhook/validation_webhook.yaml | 20 ++++ charts/db-operator/values.yaml | 10 ++ 15 files changed, 162 insertions(+), 11 deletions(-) rename charts/db-operator/templates/crds/{kci.rocks_databases.yaml => kinda.rocks_databases.yaml} (99%) rename charts/db-operator/templates/crds/{kci.rocks_dbinstances.yaml => kinda.rocks_dbinstances.yaml} (99%) create mode 100644 charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 654e104..67bf9bd 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -2,13 +2,13 @@ apiVersion: v2 type: application name: db-operator -version: 1.9.2 +version: 1.10.0 # --------------------------------------------------------------------------------- # -- All supported k8s versions are in the test: # -- https://github.com/db-operator/charts/blob/main/.github/workflows/test.yaml # --------------------------------------------------------------------------------- kubeVersion: ">= 1.22-prerelease" -appVersion: "1.12.0" +appVersion: "1.13.1" description: The DB Operator creates databases and make them available in the cluster via Custom Resource. home: https://github.com/db-operator/db-operator diff --git a/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml b/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml index 972f591..e5a9312 100644 --- a/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml +++ b/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml @@ -11,6 +11,7 @@ files: - Service-db-operator-webhook.yml - ClusterRole-db-operator.yml - CustomResourceDefinition-dbinstances.kinda.rocks + - CustomResourceDefinition-dbusers.kinda.rocks - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml - Issuer-db-operator-issuer.yml diff --git a/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml b/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml index 56014c2..5c2d4bf 100644 --- a/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml +++ b/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml @@ -13,6 +13,7 @@ files: - CustomResourceDefinition-databases.kinda.rocks - Service-db-operator-webhook.yml - ClusterRole-db-operator.yml + - CustomResourceDefinition-dbusers.kinda.rocks - CustomResourceDefinition-dbinstances.kinda.rocks - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-crds.yaml b/charts/db-operator/ci/unit-test/values-crds.yaml index 50c2955..8bec96b 100644 --- a/charts/db-operator/ci/unit-test/values-crds.yaml +++ b/charts/db-operator/ci/unit-test/values-crds.yaml @@ -11,6 +11,7 @@ files: - Issuer-db-operator-issuer.yml - Service-db-operator-webhook.yml - ClusterRole-db-operator.yml + - CustomResourceDefinition-dbusers.kinda.rocks - CustomResourceDefinition-dbinstances.kinda.rocks - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-no-rback.yaml b/charts/db-operator/ci/unit-test/values-no-rback.yaml index abe409e..401bc99 100644 --- a/charts/db-operator/ci/unit-test/values-no-rback.yaml +++ b/charts/db-operator/ci/unit-test/values-no-rback.yaml @@ -9,6 +9,7 @@ files: - Issuer-db-operator-issuer.yml - Service-db-operator-webhook.yml - ServiceAccount-db-operator-sa.yml + - CustomResourceDefinition-dbusers.kinda.rocks - CustomResourceDefinition-dbinstances.kinda.rocks - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml b/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml index a17a867..09c2baa 100644 --- a/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml +++ b/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml @@ -11,5 +11,6 @@ files: - Service-db-operator-webhook.yml - ClusterRole-db-operator.yml - CustomResourceDefinition-dbinstances.kinda.rocks + - CustomResourceDefinition-dbusers.kinda.rocks - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-no-webhook.yaml b/charts/db-operator/ci/unit-test/values-no-webhook.yaml index b78d2ad..7645ee7 100644 --- a/charts/db-operator/ci/unit-test/values-no-webhook.yaml +++ b/charts/db-operator/ci/unit-test/values-no-webhook.yaml @@ -11,3 +11,4 @@ files: - Issuer-db-operator-issuer.yml - ClusterRole-db-operator.yml - CustomResourceDefinition-dbinstances.kinda.rocks + - CustomResourceDefinition-dbusers.kinda.rocks diff --git a/charts/db-operator/ci/unit-test/values-webhook.yaml b/charts/db-operator/ci/unit-test/values-webhook.yaml index 9edaef6..8fc2b27 100644 --- a/charts/db-operator/ci/unit-test/values-webhook.yaml +++ b/charts/db-operator/ci/unit-test/values-webhook.yaml @@ -14,3 +14,4 @@ files: - CustomResourceDefinition-dbinstances.kinda.rocks - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml - ValidatingWebhookConfiguration-db-operator-validating-webhook-configuration.yml + - CustomResourceDefinition-dbusers.kinda.rocks diff --git a/charts/db-operator/templates/_helpers.tpl b/charts/db-operator/templates/_helpers.tpl index 4998603..99fe80e 100644 --- a/charts/db-operator/templates/_helpers.tpl +++ b/charts/db-operator/templates/_helpers.tpl @@ -75,3 +75,15 @@ Selector labels app.kubernetes.io/name: {{ include "db-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} + +{{/* +Arguments builder +*/}} +{{- define "db-operator.args" -}} +{{- $args := list -}} +{{- if .Values.checkForChanges -}} +{{- $args = append $args "--check-for-changes" -}} +{{- end -}} +{{ join "," $args }} +{{- end -}} + diff --git a/charts/db-operator/templates/crds/kci.rocks_databases.yaml b/charts/db-operator/templates/crds/kinda.rocks_databases.yaml similarity index 99% rename from charts/db-operator/templates/crds/kci.rocks_databases.yaml rename to charts/db-operator/templates/crds/kinda.rocks_databases.yaml index a96392c..92fd486 100644 --- a/charts/db-operator/templates/crds/kci.rocks_databases.yaml +++ b/charts/db-operator/templates/crds/kinda.rocks_databases.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.0 {{- if .Values.webhook.certificate.create }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} {{ else }} @@ -16,7 +16,6 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4 }} {{- end }} - creationTimestamp: null name: databases.kinda.rocks spec: {{- if .Values.webhook.enabled }} @@ -639,10 +638,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml b/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml similarity index 99% rename from charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml rename to charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml index 8e8b8ec..6f46337 100644 --- a/charts/db-operator/templates/crds/kci.rocks_dbinstances.yaml +++ b/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.0 {{- if .Values.webhook.certificate.create }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} {{ else }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml b/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml new file mode 100644 index 0000000..44ddbe4 --- /dev/null +++ b/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml @@ -0,0 +1,103 @@ +{{- if .Values.crds.install }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + annotations: + {{- if .Values.webhook.certificate.create }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} + {{ else }} + cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} + {{- end }} + {{- if .Values.crds.keep }} + helm.sh/resource-policy: keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 + name: dbusers.kinda.rocks +spec: + group: kinda.rocks + names: + kind: DbUser + listKind: DbUserList + plural: dbusers + singular: dbuser + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: current dbuser status + jsonPath: .status.status + name: Status + type: boolean + - description: To which database user should have access + jsonPath: .spec.databaseRef + name: DatabaseName + type: string + - description: A type of access the user has + jsonPath: .spec.accessType + name: AccessType + type: string + - description: time since creation of resos¡urce + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DbUser is the Schema for the dbusers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DbUserSpec defines the desired state of DbUser + properties: + accessType: + description: AccessType that should be given to a user Currently only + readOnly and readWrite are supported by the operator + type: string + databaseRef: + description: DatabaseRef should contain a name of a Database to create + a user there Database should be in the same namespace with the user + type: string + secretName: + description: SecretName name that should be used to save user's credentials + type: string + required: + - accessType + - databaseRef + - secretName + type: object + status: + description: DbUserStatus defines the observed state of DbUser + properties: + created: + description: It's required to let the operator update users + type: boolean + database: + type: string + status: + type: boolean + required: + - created + - database + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/db-operator/templates/operator.yaml b/charts/db-operator/templates/operator.yaml index e1ee956..efdcb4e 100644 --- a/charts/db-operator/templates/operator.yaml +++ b/charts/db-operator/templates/operator.yaml @@ -42,6 +42,12 @@ spec: protocol: TCP command: - db-operator + {{- if (include "db-operator.args" . ) }} + args: + {{- range include "db-operator.args" $ | split "," }} + - {{ . }} + {{- end }} + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: LOG_LEVEL diff --git a/charts/db-operator/templates/webhook/validation_webhook.yaml b/charts/db-operator/templates/webhook/validation_webhook.yaml index 5d6f33c..4dd9fd3 100644 --- a/charts/db-operator/templates/webhook/validation_webhook.yaml +++ b/charts/db-operator/templates/webhook/validation_webhook.yaml @@ -53,4 +53,24 @@ webhooks: resources: - dbinstances sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-kinda-rocks-v1beta1-dbuser + failurePolicy: Fail + name: vdbuser.kb.io + rules: + - apiGroups: + - kinda.rocks + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dbusers + sideEffects: None {{- end }} diff --git a/charts/db-operator/values.yaml b/charts/db-operator/values.yaml index b5c3e29..e6f01ed 100644 --- a/charts/db-operator/values.yaml +++ b/charts/db-operator/values.yaml @@ -11,6 +11,16 @@ image: reconcileInterval: "60" # watchNamespace value is comma-separated list of namespace names. It's necessary to set "" to watch cluster wide. watchNamespace: "" +# ------------------------------------------------------------ +# -- If set to true, db-operator will check if a Kubernetes +# -- objects were changes before running database queries. +# -- It might reduce the amount of queries, because otherwise +# -- db-operator will try to update database and users every +# -- ${RECONCILE_INTERVAL} seconds. +# ------------------------------------------------------------ +# -- NOTE: Currently, it's only working with Database Users +# ------------------------------------------------------------ +checkForChanges: false rbac: create: true From 9728f48e50ae9c0e10096f709eb4377eeae4c4c1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 7 Sep 2023 10:47:13 +0200 Subject: [PATCH 08/12] fix: Configure the dbuser webhook with values (#12) Name and namespace were hardcoded and so the the webhook servcice couldn't be reached when one tries to apply dbuser manifests --- charts/db-operator/Chart.yaml | 2 +- charts/db-operator/templates/webhook/validation_webhook.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 67bf9bd..cc6ad69 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 type: application name: db-operator -version: 1.10.0 +version: 1.10.1 # --------------------------------------------------------------------------------- # -- All supported k8s versions are in the test: # -- https://github.com/db-operator/charts/blob/main/.github/workflows/test.yaml diff --git a/charts/db-operator/templates/webhook/validation_webhook.yaml b/charts/db-operator/templates/webhook/validation_webhook.yaml index 4dd9fd3..aad5f69 100644 --- a/charts/db-operator/templates/webhook/validation_webhook.yaml +++ b/charts/db-operator/templates/webhook/validation_webhook.yaml @@ -57,8 +57,8 @@ webhooks: - v1 clientConfig: service: - name: webhook-service - namespace: system + name: {{ .Values.webhook.serviceName }} + namespace: {{ .Release.Namespace }} path: /validate-kinda-rocks-v1beta1-dbuser failurePolicy: Fail name: vdbuser.kb.io From 93f2970298eaa12d49668f0f22fe4e90ad41d055 Mon Sep 17 00:00:00 2001 From: Robert Bublik Date: Sat, 23 Sep 2023 15:12:29 +0200 Subject: [PATCH 09/12] Split controller and webhook in two separate deployments (#13) --- charts/db-operator/Chart.yaml | 4 +- .../ci/unit-test/values-crds-no-cert.yaml | 6 +- .../ci/unit-test/values-crds-no-issuer.yaml | 6 +- .../db-operator/ci/unit-test/values-crds.yaml | 6 +- .../ci/unit-test/values-no-crds.yaml | 6 +- .../ci/unit-test/values-no-rback.yaml | 4 +- .../ci/unit-test/values-no-svcaccount.yaml | 6 +- .../ci/unit-test/values-no-webhook.yaml | 6 +- .../ci/unit-test/values-webhook.yaml | 8 +- charts/db-operator/scripts/test_values | 7 +- charts/db-operator/templates/_helpers.tpl | 87 ++++++++++++++----- .../templates/certificate/certificate.yaml | 4 +- .../templates/{ => controller}/config.yaml | 3 +- .../deployment.yaml} | 25 ++---- .../{ => controller}/gsql-secret.yaml | 6 +- .../templates/{ => controller}/rbac.yaml | 11 ++- .../{ => controller}/serviceaccount.yaml | 3 +- .../{ => controller}/servicemonitor.yaml | 12 ++- .../templates/crds/kinda.rocks_databases.yaml | 2 +- .../crds/kinda.rocks_dbinstances.yaml | 2 +- .../templates/crds/kinda.rocks_dbuser.yaml | 1 - .../templates/webhook/deployment.yaml | 80 +++++++++++++++++ .../templates/webhook/mutating_webhook.yaml | 7 +- .../templates/webhook/service.yaml | 9 +- .../templates/webhook/serviceaccount.yaml | 13 +++ .../templates/webhook/validation_webhook.yaml | 9 +- charts/db-operator/values.yaml | 3 +- 27 files changed, 249 insertions(+), 87 deletions(-) rename charts/db-operator/templates/{ => controller}/config.yaml (94%) rename charts/db-operator/templates/{operator.yaml => controller/deployment.yaml} (83%) rename charts/db-operator/templates/{ => controller}/gsql-secret.yaml (83%) rename charts/db-operator/templates/{ => controller}/rbac.yaml (83%) rename charts/db-operator/templates/{ => controller}/serviceaccount.yaml (76%) rename charts/db-operator/templates/{ => controller}/servicemonitor.yaml (81%) create mode 100644 charts/db-operator/templates/webhook/deployment.yaml create mode 100644 charts/db-operator/templates/webhook/serviceaccount.yaml diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index cc6ad69..7d164a0 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -2,13 +2,13 @@ apiVersion: v2 type: application name: db-operator -version: 1.10.1 +version: 1.11.0 # --------------------------------------------------------------------------------- # -- All supported k8s versions are in the test: # -- https://github.com/db-operator/charts/blob/main/.github/workflows/test.yaml # --------------------------------------------------------------------------------- kubeVersion: ">= 1.22-prerelease" -appVersion: "1.13.1" +appVersion: "1.14.0" description: The DB Operator creates databases and make them available in the cluster via Custom Resource. home: https://github.com/db-operator/db-operator diff --git a/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml b/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml index e5a9312..534aebe 100644 --- a/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml +++ b/charts/db-operator/ci/unit-test/values-crds-no-cert.yaml @@ -5,8 +5,10 @@ values: | files: - ConfigMap-db-operator-config.yml - Deployment-db-operator.yml - - ServiceAccount-db-operator-sa.yml - - ClusterRoleBinding-db-operator-sa.yml + - Deployment-db-operator-webhook.yml + - ServiceAccount-db-operator.yml + - ServiceAccount-db-operator-webhook.yml + - ClusterRoleBinding-db-operator.yml - CustomResourceDefinition-databases.kinda.rocks - Service-db-operator-webhook.yml - ClusterRole-db-operator.yml diff --git a/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml b/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml index 5c2d4bf..97872c2 100644 --- a/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml +++ b/charts/db-operator/ci/unit-test/values-crds-no-issuer.yaml @@ -8,8 +8,10 @@ files: - Certificate-db-operator-webhook.yml - ConfigMap-db-operator-config.yml - Deployment-db-operator.yml - - ServiceAccount-db-operator-sa.yml - - ClusterRoleBinding-db-operator-sa.yml + - Deployment-db-operator-webhook.yml + - ServiceAccount-db-operator.yml + - ServiceAccount-db-operator-webhook.yml + - ClusterRoleBinding-db-operator.yml - CustomResourceDefinition-databases.kinda.rocks - Service-db-operator-webhook.yml - ClusterRole-db-operator.yml diff --git a/charts/db-operator/ci/unit-test/values-crds.yaml b/charts/db-operator/ci/unit-test/values-crds.yaml index 8bec96b..99f6f95 100644 --- a/charts/db-operator/ci/unit-test/values-crds.yaml +++ b/charts/db-operator/ci/unit-test/values-crds.yaml @@ -5,8 +5,10 @@ files: - Certificate-db-operator-webhook.yml - ConfigMap-db-operator-config.yml - Deployment-db-operator.yml - - ServiceAccount-db-operator-sa.yml - - ClusterRoleBinding-db-operator-sa.yml + - Deployment-db-operator-webhook.yml + - ServiceAccount-db-operator.yml + - ServiceAccount-db-operator-webhook.yml + - ClusterRoleBinding-db-operator.yml - CustomResourceDefinition-databases.kinda.rocks - Issuer-db-operator-issuer.yml - Service-db-operator-webhook.yml diff --git a/charts/db-operator/ci/unit-test/values-no-crds.yaml b/charts/db-operator/ci/unit-test/values-no-crds.yaml index 7440232..7a3fffb 100644 --- a/charts/db-operator/ci/unit-test/values-no-crds.yaml +++ b/charts/db-operator/ci/unit-test/values-no-crds.yaml @@ -5,8 +5,10 @@ files: - Certificate-db-operator-webhook.yml - ConfigMap-db-operator-config.yml - Deployment-db-operator.yml - - ServiceAccount-db-operator-sa.yml - - ClusterRoleBinding-db-operator-sa.yml + - Deployment-db-operator-webhook.yml + - ServiceAccount-db-operator.yml + - ServiceAccount-db-operator-webhook.yml + - ClusterRoleBinding-db-operator.yml - Issuer-db-operator-issuer.yml - Service-db-operator-webhook.yml - ClusterRole-db-operator.yml diff --git a/charts/db-operator/ci/unit-test/values-no-rback.yaml b/charts/db-operator/ci/unit-test/values-no-rback.yaml index 401bc99..d18934b 100644 --- a/charts/db-operator/ci/unit-test/values-no-rback.yaml +++ b/charts/db-operator/ci/unit-test/values-no-rback.yaml @@ -5,10 +5,12 @@ files: - Certificate-db-operator-webhook.yml - ConfigMap-db-operator-config.yml - Deployment-db-operator.yml + - Deployment-db-operator-webhook.yml - CustomResourceDefinition-databases.kinda.rocks - Issuer-db-operator-issuer.yml - Service-db-operator-webhook.yml - - ServiceAccount-db-operator-sa.yml + - ServiceAccount-db-operator.yml + - ServiceAccount-db-operator-webhook.yml - CustomResourceDefinition-dbusers.kinda.rocks - CustomResourceDefinition-dbinstances.kinda.rocks - MutatingWebhookConfiguration-db-operator-mutating-webhook-configuration.yml diff --git a/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml b/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml index 09c2baa..cfdaf6d 100644 --- a/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml +++ b/charts/db-operator/ci/unit-test/values-no-svcaccount.yaml @@ -1,11 +1,15 @@ values: | serviceAccount: create: false + webhook: + serviceAccount: + create: false files: - Certificate-db-operator-webhook.yml - ConfigMap-db-operator-config.yml - Deployment-db-operator.yml - - ClusterRoleBinding-db-operator-sa.yml + - Deployment-db-operator-webhook.yml + - ClusterRoleBinding-db-operator.yml - CustomResourceDefinition-databases.kinda.rocks - Issuer-db-operator-issuer.yml - Service-db-operator-webhook.yml diff --git a/charts/db-operator/ci/unit-test/values-no-webhook.yaml b/charts/db-operator/ci/unit-test/values-no-webhook.yaml index 7645ee7..e4a49d7 100644 --- a/charts/db-operator/ci/unit-test/values-no-webhook.yaml +++ b/charts/db-operator/ci/unit-test/values-no-webhook.yaml @@ -1,12 +1,14 @@ values: | webhook: enabled: false + serviceAccount: + create: false files: - Certificate-db-operator-webhook.yml - ConfigMap-db-operator-config.yml - Deployment-db-operator.yml - - ServiceAccount-db-operator-sa.yml - - ClusterRoleBinding-db-operator-sa.yml + - ServiceAccount-db-operator.yml + - ClusterRoleBinding-db-operator.yml - CustomResourceDefinition-databases.kinda.rocks - Issuer-db-operator-issuer.yml - ClusterRole-db-operator.yml diff --git a/charts/db-operator/ci/unit-test/values-webhook.yaml b/charts/db-operator/ci/unit-test/values-webhook.yaml index 8fc2b27..dda08f7 100644 --- a/charts/db-operator/ci/unit-test/values-webhook.yaml +++ b/charts/db-operator/ci/unit-test/values-webhook.yaml @@ -1,12 +1,16 @@ values: | webhook: enabled: true + serviceAccount: + create: true files: - Certificate-db-operator-webhook.yml - ConfigMap-db-operator-config.yml - Deployment-db-operator.yml - - ServiceAccount-db-operator-sa.yml - - ClusterRoleBinding-db-operator-sa.yml + - Deployment-db-operator-webhook.yml + - ServiceAccount-db-operator.yml + - ServiceAccount-db-operator-webhook.yml + - ClusterRoleBinding-db-operator.yml - CustomResourceDefinition-databases.kinda.rocks - Issuer-db-operator-issuer.yml - Service-db-operator-webhook.yml diff --git a/charts/db-operator/scripts/test_values b/charts/db-operator/scripts/test_values index b0c4878..9a91a61 100755 --- a/charts/db-operator/scripts/test_values +++ b/charts/db-operator/scripts/test_values @@ -41,6 +41,7 @@ fi CURRENT_DIR=$(pwd) +ERROR=false for FILE in $(find $VALUES_PATH -type f); do WORKDIR=$(mktemp -d) echo "Checking $FILE" @@ -55,7 +56,11 @@ for FILE in $(find $VALUES_PATH -type f); do echo "PASSED" rm -rf "${WORKDIR}" else + ERROR=true echo "FAILED: Please check unexpected files -> ${DIFF[*]}" fi - done + +if $ERROR; then + exit 1 +fi diff --git a/charts/db-operator/templates/_helpers.tpl b/charts/db-operator/templates/_helpers.tpl index 99fe80e..2248b16 100644 --- a/charts/db-operator/templates/_helpers.tpl +++ b/charts/db-operator/templates/_helpers.tpl @@ -25,43 +25,80 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{/* -Create chart name and version as used by the chart label. +Create the name of the service account to use */}} -{{- define "db-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- define "db-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "db-operator.name" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} {{- end -}} {{/* -Image version definition; +Arguments builder */}} -{{- define "db-operator.image_version" -}} -{{ default .Chart.AppVersion .Values.image.tag }} +{{- define "db-operator.args" -}} +{{- $args := list -}} +{{- if .Values.checkForChanges -}} +{{- $args = append $args "--check-for-changes" -}} +{{- end -}} +{{ join "," $args }} {{- end -}} {{/* -Image version definition using Github Packages format ('v' prefix); +Webhook templates */}} -{{- define "db-operator.github_packages_image_version" -}} -{{- printf "v%s" (default .Chart.AppVersion .Values.image.tag) }} + +{{/* +Expand the name of the chart. +*/}} +{{- define "webhook.name" -}} +{{- printf "db-operator-webhook" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "webhook.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} {{- end -}} {{/* Create the name of the service account to use */}} -{{- define "db-operator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} -{{- printf "%s-sa" (include "db-operator.name" .) -}} +{{- define "webhook.serviceAccountName" -}} +{{- if .Values.webhook.serviceAccount.create -}} + {{ default (include "webhook.name" .) .Values.webhook.serviceAccount.name }} {{- else -}} -{{ default "default" .Values.serviceAccount.name }} + {{ default "default" .Values.webhook.serviceAccount.name }} {{- end -}} {{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Common labels */}} -{{- define "db-operator.labels" -}} -helm.sh/chart: {{ include "db-operator.chart" . }} -{{ include "db-operator.selectorLabels" . }} +{{- define "labels" -}} +helm.sh/chart: {{ include "chart" . }} +{{ include "selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -71,19 +108,21 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "db-operator.selectorLabels" -}} +{{- define "selectorLabels" -}} app.kubernetes.io/name: {{ include "db-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{/* -Arguments builder +Image version definition; */}} -{{- define "db-operator.args" -}} -{{- $args := list -}} -{{- if .Values.checkForChanges -}} -{{- $args = append $args "--check-for-changes" -}} -{{- end -}} -{{ join "," $args }} +{{- define "image_version" -}} +{{ default .Chart.AppVersion .Values.image.tag }} {{- end -}} +{{/* +Image version definition using Github Packages format ('v' prefix); +*/}} +{{- define "github_packages_image_version" -}} +{{- printf "v%s" (default .Chart.AppVersion .Values.image.tag) }} +{{- end -}} diff --git a/charts/db-operator/templates/certificate/certificate.yaml b/charts/db-operator/templates/certificate/certificate.yaml index f3804c1..5949c10 100644 --- a/charts/db-operator/templates/certificate/certificate.yaml +++ b/charts/db-operator/templates/certificate/certificate.yaml @@ -6,8 +6,8 @@ metadata: name: {{ .Values.webhook.certificate.name }} spec: dnsNames: - - {{ .Values.webhook.serviceName }}.{{ .Release.Namespace }}.svc - - {{ .Values.webhook.serviceName }}.{{ .Release.Namespace }}.svc.cluster.local + - {{ include "webhook.name" . }}.{{ .Release.Namespace }}.svc + - {{ include "webhook.name" . }}.{{ .Release.Namespace }}.svc.cluster.local issuerRef: kind: {{ .Values.webhook.certificate.issuer.kind }} name: {{ .Values.webhook.certificate.issuer.name }} diff --git a/charts/db-operator/templates/config.yaml b/charts/db-operator/templates/controller/config.yaml similarity index 94% rename from charts/db-operator/templates/config.yaml rename to charts/db-operator/templates/controller/config.yaml index 3831d97..9423900 100644 --- a/charts/db-operator/templates/config.yaml +++ b/charts/db-operator/templates/controller/config.yaml @@ -3,7 +3,8 @@ kind: ConfigMap metadata: name: {{ template "db-operator.name" . }}-config labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" data: config.yaml: | instance: diff --git a/charts/db-operator/templates/operator.yaml b/charts/db-operator/templates/controller/deployment.yaml similarity index 83% rename from charts/db-operator/templates/operator.yaml rename to charts/db-operator/templates/controller/deployment.yaml index efdcb4e..29989b0 100644 --- a/charts/db-operator/templates/operator.yaml +++ b/charts/db-operator/templates/controller/deployment.yaml @@ -4,27 +4,30 @@ kind: Deployment metadata: name: {{ template "db-operator.name" . }} labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" spec: replicas: 1 selector: matchLabels: - {{- include "db-operator.selectorLabels" . | nindent 6 }} + {{- include "selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: "controller" template: metadata: labels: - {{- include "db-operator.labels" . | nindent 8 }} + {{- include "labels" . | nindent 8 }} + app.kubernetes.io/component: "controller" {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | trim | nindent 8 }} {{- end }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/controller/config.yaml") . | sha256sum }} {{- if .Values.annotations }} {{ toYaml .Values.annotations | nindent 8 }} {{- end }} spec: {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ template "db-operator.name" . }}-sa + serviceAccountName: {{ template "db-operator.serviceAccountName" . }} {{- end }} {{- if .Values.security }} securityContext: @@ -33,13 +36,10 @@ spec: {{- end }} containers: - name: operator - image: "{{ .Values.image.repository }}:{{ template "db-operator.github_packages_image_version" . }}" + image: "{{ .Values.image.repository }}:{{ template "github_packages_image_version" . }}" ports: - containerPort: 60000 name: metrics - - containerPort: 9443 - name: webhook-server - protocol: TCP command: - db-operator {{- if (include "db-operator.args" . ) }} @@ -87,9 +87,6 @@ spec: - mountPath: /run/config/ name: config-volume readOnly: true - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true resources: {{ toYaml .Values.resources | nindent 12 }} nodeSelector: @@ -121,7 +118,3 @@ spec: - name: config-volume configMap: name: {{ template "db-operator.name" . }}-config - - name: cert - secret: - defaultMode: 420 - secretName: {{ .Values.webhook.certificate.secretName }} diff --git a/charts/db-operator/templates/gsql-secret.yaml b/charts/db-operator/templates/controller/gsql-secret.yaml similarity index 83% rename from charts/db-operator/templates/gsql-secret.yaml rename to charts/db-operator/templates/controller/gsql-secret.yaml index 40da7f5..bea9ffc 100644 --- a/charts/db-operator/templates/gsql-secret.yaml +++ b/charts/db-operator/templates/controller/gsql-secret.yaml @@ -10,7 +10,8 @@ kind: Secret metadata: name: cloudsql-admin-serviceaccount labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" type: Opaque data: credentials.json: |- @@ -26,7 +27,8 @@ kind: Secret metadata: name: cloudsql-readonly-serviceaccount labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" type: Opaque data: credentials.json: |- diff --git a/charts/db-operator/templates/rbac.yaml b/charts/db-operator/templates/controller/rbac.yaml similarity index 83% rename from charts/db-operator/templates/rbac.yaml rename to charts/db-operator/templates/controller/rbac.yaml index eecf8b9..c5e19b5 100644 --- a/charts/db-operator/templates/rbac.yaml +++ b/charts/db-operator/templates/controller/rbac.yaml @@ -5,10 +5,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "db-operator.name" . }} labels: - app: {{ template "db-operator.name" . }} - chart: {{ template "db-operator.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" rules: - apiGroups: - kinda.rocks @@ -87,9 +85,10 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ template "db-operator.name" . }}-sa + name: {{ template "db-operator.name" . }} labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" subjects: - kind: ServiceAccount name: {{ template "db-operator.serviceAccountName" . }} diff --git a/charts/db-operator/templates/serviceaccount.yaml b/charts/db-operator/templates/controller/serviceaccount.yaml similarity index 76% rename from charts/db-operator/templates/serviceaccount.yaml rename to charts/db-operator/templates/controller/serviceaccount.yaml index 33b5838..2f7205b 100644 --- a/charts/db-operator/templates/serviceaccount.yaml +++ b/charts/db-operator/templates/controller/serviceaccount.yaml @@ -4,7 +4,8 @@ kind: ServiceAccount metadata: name: {{ template "db-operator.serviceAccountName" . }} labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} diff --git a/charts/db-operator/templates/servicemonitor.yaml b/charts/db-operator/templates/controller/servicemonitor.yaml similarity index 81% rename from charts/db-operator/templates/servicemonitor.yaml rename to charts/db-operator/templates/controller/servicemonitor.yaml index 144907e..7df04bc 100644 --- a/charts/db-operator/templates/servicemonitor.yaml +++ b/charts/db-operator/templates/controller/servicemonitor.yaml @@ -4,7 +4,8 @@ kind: Service metadata: name: {{ template "db-operator.name" . }} labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" {{- with .Values.service.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -20,14 +21,16 @@ spec: nodePort: {{ .Values.service.nodePort }} {{- end }} selector: - {{- include "db-operator.selectorLabels" . | nindent 4 }} + {{- include "selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: "controller" --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "db-operator.name" . }} labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "controller" {{- with .Values.serviceMonitor.selector }} {{- toYaml . | nindent 4 }} {{- end }} @@ -60,5 +63,6 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: - {{- include "db-operator.selectorLabels" . | nindent 6 }} + {{- include "selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: "controller" {{- end }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_databases.yaml b/charts/db-operator/templates/crds/kinda.rocks_databases.yaml index 92fd486..3b340d2 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_databases.yaml +++ b/charts/db-operator/templates/crds/kinda.rocks_databases.yaml @@ -25,7 +25,7 @@ spec: clientConfig: service: namespace: {{ .Release.Namespace }} - name: {{ .Values.webhook.serviceName }} + name: {{ include "webhook.name" . }} path: /convert conversionReviewVersions: - v1alpha1 diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml b/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml index 6f46337..2fc27d9 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml +++ b/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml @@ -25,7 +25,7 @@ spec: clientConfig: service: namespace: {{ .Release.Namespace }} - name: {{ .Values.webhook.serviceName }} + name: {{ include "webhook.name" . }} path: /convert conversionReviewVersions: - v1alpha1 diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml b/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml index 44ddbe4..bd82670 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml +++ b/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml @@ -3,7 +3,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: annotations: {{- if .Values.webhook.certificate.create }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} diff --git a/charts/db-operator/templates/webhook/deployment.yaml b/charts/db-operator/templates/webhook/deployment.yaml new file mode 100644 index 0000000..e8e18a2 --- /dev/null +++ b/charts/db-operator/templates/webhook/deployment.yaml @@ -0,0 +1,80 @@ +{{- if .Values.webhook.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "webhook.name" . }} + labels: + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "webhook" +spec: + replicas: 1 + selector: + matchLabels: + {{- include "selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: "webhook" + template: + metadata: + labels: + {{- include "labels" . | nindent 8 }} + app.kubernetes.io/component: "webhook" + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | trim | nindent 8 }} + {{- end }} + {{- if .Values.annotations }} + annotations: + {{ toYaml .Values.annotations | nindent 8 }} + {{- end }} + spec: + {{- if .Values.webhook.serviceAccount.create }} + serviceAccountName: {{ template "webhook.serviceAccountName" . }} + {{- end }} + {{- if .Values.security }} + securityContext: + runAsUser: {{ .Values.security.runAsUser }} + fsGroup: {{ .Values.security.fsGroup }} + {{- end }} + containers: + - name: webhook + image: "{{ .Values.image.repository }}:{{ template "github_packages_image_version" . }}" + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + command: + - db-operator + args: ["--webhook"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: LOG_LEVEL + value: {{ .Values.image.logLevel }} + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + resources: + {{ toYaml .Values.resources | nindent 12 }} + nodeSelector: + {{ toYaml .Values.nodeSelector | nindent 8 }} + affinity: + {{ toYaml .Values.affinity | nindent 8 }} + tolerations: + {{ toYaml .Values.tolerations | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ .Values.webhook.certificate.secretName }} +{{- end }} diff --git a/charts/db-operator/templates/webhook/mutating_webhook.yaml b/charts/db-operator/templates/webhook/mutating_webhook.yaml index 2a4f52d..abd1776 100644 --- a/charts/db-operator/templates/webhook/mutating_webhook.yaml +++ b/charts/db-operator/templates/webhook/mutating_webhook.yaml @@ -10,14 +10,15 @@ metadata: cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} {{- end }} labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "webhook" name: {{ .Values.webhook.names.mutating }} webhooks: - admissionReviewVersions: - v1 clientConfig: service: - name: {{ .Values.webhook.serviceName }} + name: {{ include "webhook.name" . }} namespace: {{ .Release.Namespace }} path: /mutate-kinda-rocks-v1beta1-database failurePolicy: Fail @@ -37,7 +38,7 @@ webhooks: - v1 clientConfig: service: - name: {{ .Values.webhook.serviceName }} + name: {{ include "webhook.name" . }} namespace: {{ .Release.Namespace }} path: /mutate-kinda-rocks-v1beta1-dbinstance failurePolicy: Fail diff --git a/charts/db-operator/templates/webhook/service.yaml b/charts/db-operator/templates/webhook/service.yaml index c4add29..4ec773a 100644 --- a/charts/db-operator/templates/webhook/service.yaml +++ b/charts/db-operator/templates/webhook/service.yaml @@ -3,13 +3,16 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.webhook.serviceName }} - namespace: {{ .Release.Namespace }} + name: {{ include "webhook.name" . }} + labels: + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "webhook" spec: ports: - port: 443 protocol: TCP targetPort: 9443 selector: - app.kubernetes.io/name: db-operator + {{- include "selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: "webhook" {{- end }} diff --git a/charts/db-operator/templates/webhook/serviceaccount.yaml b/charts/db-operator/templates/webhook/serviceaccount.yaml new file mode 100644 index 0000000..38f9c36 --- /dev/null +++ b/charts/db-operator/templates/webhook/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.webhook.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "webhook.serviceAccountName" . }} + labels: + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "webhook" +{{- if .Values.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/db-operator/templates/webhook/validation_webhook.yaml b/charts/db-operator/templates/webhook/validation_webhook.yaml index aad5f69..004eb9d 100644 --- a/charts/db-operator/templates/webhook/validation_webhook.yaml +++ b/charts/db-operator/templates/webhook/validation_webhook.yaml @@ -10,14 +10,15 @@ metadata: cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} {{- end }} labels: - {{- include "db-operator.labels" . | nindent 4 }} + {{- include "labels" . | nindent 4 }} + app.kubernetes.io/component: "webhook" name: {{ .Values.webhook.names.validating }} webhooks: - admissionReviewVersions: - v1 clientConfig: service: - name: {{ .Values.webhook.serviceName }} + name: {{ include "webhook.name" . }} namespace: {{ .Release.Namespace }} path: /validate-kinda-rocks-v1beta1-database failurePolicy: Fail @@ -37,7 +38,7 @@ webhooks: - v1 clientConfig: service: - name: {{ .Values.webhook.serviceName }} + name: {{ include "webhook.name" . }} namespace: {{ .Release.Namespace }} path: /validate-kinda-rocks-v1beta1-dbinstance failurePolicy: Fail @@ -57,7 +58,7 @@ webhooks: - v1 clientConfig: service: - name: {{ .Values.webhook.serviceName }} + name: {{ include "webhook.name" . }} namespace: {{ .Release.Namespace }} path: /validate-kinda-rocks-v1beta1-dbuser failurePolicy: Fail diff --git a/charts/db-operator/values.yaml b/charts/db-operator/values.yaml index e6f01ed..345c324 100644 --- a/charts/db-operator/values.yaml +++ b/charts/db-operator/values.yaml @@ -35,7 +35,8 @@ crds: webhook: enabled: true - serviceName: db-operator-webhook + serviceAccount: + create: true names: mutating: db-operator-mutating-webhook-configuration validating: db-operator-validating-webhook-configuration From 7a65868ffd4781553f88834b56cae5e9ba8f73b3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 29 Sep 2023 08:56:03 +0200 Subject: [PATCH 10/12] docs: How to upgrade db-operator to 1.11.0 (#14) * docs: How to upgrade db-operator to 1.11.0 * build: Don't run linter if charts were not changed --- .github/workflows/test.yaml | 9 +++++++++ charts/db-operator/README.md | 19 +++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 2faa2a0..c222a3d 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -50,7 +50,16 @@ jobs: - name: Set up chart-testing uses: helm/chart-testing-action@v2.3.0 + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --chart-dirs helm --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' run: ct lint --validate-maintainers=false --target-branch main test-values: diff --git a/charts/db-operator/README.md b/charts/db-operator/README.md index f648c0f..a91b2fb 100644 --- a/charts/db-operator/README.md +++ b/charts/db-operator/README.md @@ -105,7 +105,22 @@ If you use webhooks, you also might need to have cert-manager ## Upgrading -If there is an breaking change, or something that might make the upgrade complcated, it should be decsribed here +If there is an breaking change, or something that might make the upgrade complicated, it should be described here + +
+ To `v1.11.0` +Additional selectors were added to the default templates in an attempt to follow the same labelling scheme everywhere, but since selectors are immutable, the upgrade will require removing of the db-operator deployment. + +```bash +$ kubectl get deploy +NAME READY UP-TO-DATE AVAILABLE AGE +db-operator 1/1 1 1 22s +$ kubectl delete deploy db-operator +deployment.apps "db-operator" deleted +$ helm upgrade db-operator db-operator/db-operator --version 1.11.0 +``` + +
To `v1.10.0` @@ -128,4 +143,4 @@ metadata: "meta.helm.sh/release-name": my-release "meta.helm.sh/release-namespace": default ``` -
\ No newline at end of file + From 126af3037cf3f433684622f230fa27ad8c53e514 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 29 Sep 2023 08:56:16 +0200 Subject: [PATCH 11/12] Upgrade db-operator version to v1.14.1 (#15) --- charts/db-operator/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 7d164a0..96ec361 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -2,13 +2,13 @@ apiVersion: v2 type: application name: db-operator -version: 1.11.0 +version: 1.11.1 # --------------------------------------------------------------------------------- # -- All supported k8s versions are in the test: # -- https://github.com/db-operator/charts/blob/main/.github/workflows/test.yaml # --------------------------------------------------------------------------------- kubeVersion: ">= 1.22-prerelease" -appVersion: "1.14.0" +appVersion: "1.14.1" description: The DB Operator creates databases and make them available in the cluster via Custom Resource. home: https://github.com/db-operator/db-operator From b343a6ab45e41cc77a69c4342302e3369b20e0a8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 6 Oct 2023 17:16:25 +0200 Subject: [PATCH 12/12] WIP: Switch to helm tests instead of the integration script test --- .github/workflows/helm-workflow.yaml | 134 ++++++++ .github/workflows/test.yaml | 1 - charts/db-operator/ci/0-crds-test-values.yaml | 7 + .../db-operator/ci/0-nocrds-test-values.yaml | 8 + .../db-operator/ci/1-mysql-test-values.yaml | 13 + .../ci/1-postgresql-test-values.yaml | 13 + charts/db-operator/ci/2-gsql-test-values.yaml | 67 ++++ .../{ci-1-values.yaml => backups/ci-1.yaml} | 3 + .../{ci-2-values.yaml => backups/ci-2.yaml} | 27 +- .../{ci-3-values.yaml => backups/ci-3.yaml} | 29 +- .../{ci-4-values.yaml => backups/ci-4.yaml} | 27 +- .../{ci-5-values.yaml => backups/ci-5.yaml} | 3 + charts/db-operator/ci/helmfile.yaml | 30 ++ charts/db-operator/scripts/mysql/test_read.sh | 26 ++ .../db-operator/scripts/mysql/test_write.sh | 23 ++ .../scripts/postgresql/test_read.sh | 26 ++ .../scripts/postgresql/test_write.sh | 23 ++ charts/db-operator/templates/NOTES.txt | 102 ++++++ .../db-operator/templates/test/crds-test.yaml | 149 +++++++++ .../db-operator/templates/test/gsql_test.yaml | 291 ++++++++++++++++++ .../templates/test/mysql-test.yaml | 183 +++++++++++ .../templates/test/postgres-test.yaml | 183 +++++++++++ charts/db-operator/values.yaml | 32 +- 23 files changed, 1309 insertions(+), 91 deletions(-) create mode 100644 .github/workflows/helm-workflow.yaml create mode 100644 charts/db-operator/ci/0-crds-test-values.yaml create mode 100644 charts/db-operator/ci/0-nocrds-test-values.yaml create mode 100644 charts/db-operator/ci/1-mysql-test-values.yaml create mode 100644 charts/db-operator/ci/1-postgresql-test-values.yaml create mode 100644 charts/db-operator/ci/2-gsql-test-values.yaml rename charts/db-operator/ci/{ci-1-values.yaml => backups/ci-1.yaml} (87%) rename charts/db-operator/ci/{ci-2-values.yaml => backups/ci-2.yaml} (83%) rename charts/db-operator/ci/{ci-3-values.yaml => backups/ci-3.yaml} (86%) rename charts/db-operator/ci/{ci-4-values.yaml => backups/ci-4.yaml} (72%) rename charts/db-operator/ci/{ci-5-values.yaml => backups/ci-5.yaml} (58%) create mode 100644 charts/db-operator/ci/helmfile.yaml create mode 100644 charts/db-operator/scripts/mysql/test_read.sh create mode 100755 charts/db-operator/scripts/mysql/test_write.sh create mode 100644 charts/db-operator/scripts/postgresql/test_read.sh create mode 100644 charts/db-operator/scripts/postgresql/test_write.sh create mode 100644 charts/db-operator/templates/NOTES.txt create mode 100644 charts/db-operator/templates/test/crds-test.yaml create mode 100644 charts/db-operator/templates/test/gsql_test.yaml create mode 100644 charts/db-operator/templates/test/mysql-test.yaml create mode 100644 charts/db-operator/templates/test/postgres-test.yaml diff --git a/.github/workflows/helm-workflow.yaml b/.github/workflows/helm-workflow.yaml new file mode 100644 index 0000000..ab4ba73 --- /dev/null +++ b/.github/workflows/helm-workflow.yaml @@ -0,0 +1,134 @@ +--- +name: Helm +on: push + +env: + HELM_VERSION: v3.12.1 + PYTHON_VERSION: 3.9 + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: ${{ env.HELM_VERSION }} + + - uses: actions/setup-python@v4 + with: + python-version: ${{ env.PYTHON_VERSION }} + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.4.0 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} --validate-maintainers=false + + + helm-jobs: + runs-on: ubuntu-latest + strategy: + matrix: + k8s_version: + [ + "v1.22.15", + "v1.23.17", + "v1.24.15", + "v1.25.11", + "v1.26.6", + "v1.27.3", + "v1.28.0" + ] + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: ${{ env.HELM_VERSION }} + + - uses: actions/setup-python@v4 + with: + python-version: ${{ env.PYTHON_VERSION }} + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.4.0 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Setup helmfile + if: steps.list-changed.outputs.changed == 'true' + uses: mamezou-tech/setup-helmfile@v1.2.0 + + - name: Prepare a config for the kind cluster + run: | + cat > kind-config.yaml < /tmp/checkdata + +retry=3 +interval=5 + +for i in `seq 1 $retry` +do + sleep $interval + if [ ! -f "${MYSQL_PASSWORD_FILE}" ]; then + echo "Password file does not exists" + exit 1; + else + MYSQL_PASSWORD=$(cat ${MYSQL_PASSWORD_FILE}) + fi + + echo "writing data into mysql database..." + mysql -h ${MYSQL_HOST} -u ${MYSQL_USERNAME} -p${MYSQL_PASSWORD} ${MYSQL_DB} \ + -e "CREATE TABLE IF NOT EXISTS test (no INT NOT NULL AUTO_INCREMENT PRIMARY KEY, data VARCHAR(100)); INSERT INTO test (data) VALUES('${TESTDATA}');"\ + && break +done \ No newline at end of file diff --git a/charts/db-operator/scripts/postgresql/test_read.sh b/charts/db-operator/scripts/postgresql/test_read.sh new file mode 100644 index 0000000..3aa5a2a --- /dev/null +++ b/charts/db-operator/scripts/postgresql/test_read.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +retry=3 +interval=5 + +for i in `seq 1 $retry` +do + sleep $interval + if [ ! -f "${POSTGRES_PASSWORD_FILE}" ]; then + echo "Password file does not exists" + exit 1; + else + POSTGRES_PASSWORD=$(cat ${POSTGRES_PASSWORD_FILE}) + fi + + TESTDATA="$(cat /tmp/checkdata)" + + echo "reading data from postgres..." + FOUNDDATA=$(PGPASSWORD=${POSTGRES_PASSWORD} psql \ + -h ${POSTGRES_HOST} \ + -U ${POSTGRES_USERNAME} \ + ${POSTGRES_DB} \ + -c "SELECT data FROM test WHERE data = '${TESTDATA}';") + + echo "$FOUNDDATA" | grep "$TESTDATA" && break; +done \ No newline at end of file diff --git a/charts/db-operator/scripts/postgresql/test_write.sh b/charts/db-operator/scripts/postgresql/test_write.sh new file mode 100644 index 0000000..c28d121 --- /dev/null +++ b/charts/db-operator/scripts/postgresql/test_write.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +TESTDATA="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" +echo ${TESTDATA} > /tmp/checkdata + +retry=5 +interval=10 + +for i in `seq 1 $retry` +do + sleep $interval + if [ ! -f "${POSTGRES_PASSWORD_FILE}" ]; then + echo "Password file does not exists" + exit 1; + else + POSTGRES_PASSWORD=$(cat ${POSTGRES_PASSWORD_FILE}) + fi + + echo "writing data into postgres database..." + PGPASSWORD=${POSTGRES_PASSWORD} psql -h ${POSTGRES_HOST} -U ${POSTGRES_USERNAME} ${POSTGRES_DB} \ + -c "CREATE TABLE IF NOT EXISTS test (no serial PRIMARY KEY, data VARCHAR (50) NOT NULL); INSERT INTO test (data) VALUES('${TESTDATA}');" \ + && break +done \ No newline at end of file diff --git a/charts/db-operator/templates/NOTES.txt b/charts/db-operator/templates/NOTES.txt new file mode 100644 index 0000000..4d98343 --- /dev/null +++ b/charts/db-operator/templates/NOTES.txt @@ -0,0 +1,102 @@ +----------------------------------------------------------------------- + .-"``"-. + /______; \ + {_______}\| + (/ a a \)(_) + (.-.).-.) + _______________________ooo__( ^ )___________________________ + / '-.___.-' \ +| Please read these notes, they might be usefull and we will try to | +| make them as short as possible | + \________________________________________ooo_______________________/ + |_ | _| jgs + \___|___/ + {___|___} + |_ | _| + /-'Y'-\ + (__/ \__) + +----------------------------------------------------------------------- +Release information +The Chart name: {{ .Chart.Name }}. +The Repo URL: https://db-operator.github.io/charts +The Release name {{ .Release.Name }}. +----------------------------------------------------------------------- +Breaking changes and migration paths + +{{ .Chart.Version }} is not breaking, you don't have to worry + +{{- if not .Values.crds.install }} +----------------------------------------------------------------------- +You've chosen not to install CRDs with this release. + +We officially do not distribute CRDs outside of this helm chart, so +you will have to deal with that on your own. + +If it was a mistake, update the values so they contain the following: + +".Values.crds.install: true" + +{{- end }} +{{- if not .Values.webhook.enabled }} +----------------------------------------------------------------------- +You've chosen not to install and configure the webhook. +Your "kinda.rocks" manifests won't be validated and converted when +the API version is upgraded. + +It's not required by db-operator to work, but if you want to have the +webhook in place, you can set ".Values.webhook.enabled" to "true" +{{- end }} + +{{- if .Values.tests.gsql.enabled }} +----------------------------------------------------------------------- +You seem to have the gsql test set to true, usually, +it shouldn't be done. + +Make sure that you want to run tests, and not using this installation +in production in any form. + +Or set '.Values.tests.gsql.enabled' to 'false' +{{- end }} + +{{- if .Values.tests.postgresql.enabled }} +----------------------------------------------------------------------- +You seem to have the postgresql test set to true, usually, +it shouldn't be done. + +Make sure that you want to run tests, and not using this installation +in production in any form. + +Or set '.Values.tests.postgresql.enabled' to 'false' + +Also, if you want to test your postgresql installation, you need to +provide a postgres server yourself. Test itself doesn't deploy a server +{{- end }} + +{{- if .Values.tests.mysql.enabled }} +----------------------------------------------------------------------- +You seem to have the mysql test set to true, usually, +it shouldn't be done. + +Make sure that you want to run tests, and not using this installation +in production in any form. + +Or set '.Values.tests.mysql.enabled' to 'false' + +Also, if you want to test your mysql installation, you need to +provide a mysql server yourself. Test itself doesn't deploy a server +{{- end }} + +{{- if .Values.tests.crds.enabled }} +----------------------------------------------------------------------- +You seem to have the crds test set to true, usually, +it shouldn't be done. + +!! This test uses a ClusterRole that has an access to all the resoucres +in the cluster, so make sure that you want to run tests, +and not using this installation. + +Or set '.Values.tests.crds.enabled' to 'false' +{{- end }} + + diff --git a/charts/db-operator/templates/test/crds-test.yaml b/charts/db-operator/templates/test/crds-test.yaml new file mode 100644 index 0000000..0036774 --- /dev/null +++ b/charts/db-operator/templates/test/crds-test.yaml @@ -0,0 +1,149 @@ +{{- $version := semver .Capabilities.KubeVersion.Version }} +{{- if .Values.tests.crds.enabled }} +# --------------------------------------------------------------------- +# -- Test that CRDs are installed +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "db-operator.name" . }}-test-script + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "6" +data: + test_crds.sh: |- + #!/bin/bash + ATTEMPTS_AMOUNT="{{ .Values.tests.attempts.amount }}" + ATTEMPTS_TIMEOUT="{{ .Values.tests.attempts.timeout }}" + CRDS=("databases.kinda.rocks" "dbinstances.kinda.rocks" "dbusers.kinda.rocks") + EXPECTED_STATUS=1 + TEST_PASSED=false + x=1 + while [ $x -le "${ATTEMPTS_AMOUNT}" ]; do + for CRD in "${CRDS[@]}"; do + SUCCESS=true + INSTALLED="{{ .Values.tests.crds.installed }}" + if ! kubectl get crd $CRD; then + SUCCESS=false + INSTALLED="false" + echo "[ERROR]: CRS ${CRS} is not in the wished state" + break; + fi; + + done + + if [ "${INSTALLED}" == "{{ .Values.tests.crds.installed }}" ]; then + echo "[INFO]: Test is passed, CRDs installed -> {{ .Values.tests.crds.installed }}" + TEST_PASSED=true; + break; + fi + + echo "[INFO]: Sleeping ${ATTEMPTS_TIMEOUT} seconds" + sleep $ATTEMPTS_TIMEOUT + x=$(( $x + 1 )); + done + + if [ "${TEST_PASSED}" != "true" ]; then + echo "[ERROR]: Test is failed, check the kubectl get crds output" + echo $(kubectl get crds) + exit 1; + fi + +--- +# --------------------------------------------------------------------- +# -- Prepare roles and bindings to access k8s resources from the test +# --------------------------------------------------------------------- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "db-operator.name" . }}-gsql-dbin-role + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["get", "list",] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "db-operator.name" . }}-gsql-dbin-sa + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +automountServiceAccountToken: true + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "db-operator.name" . }}-gsql-dbin-rb + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +subjects: +- kind: ServiceAccount + name: {{ template "db-operator.name" . }}-gsql-dbin-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "db-operator.name" . }}-gsql-dbin-role + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "db-operator.name" . }}-test + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "7" +spec: + serviceAccountName: {{ template "db-operator.name" . }}-gsql-dbin-sa + automountServiceAccountToken: true + volumes: + - name: test-script + configMap: + name: {{ template "db-operator.name" . }}-test-script + containers: + - name: tester + image: alpine/k8s:{{ $version.Major }}.{{ $version.Minor }}.{{ $version.Patch }} + volumeMounts: + - name: test-script + readOnly: true + mountPath: /test_crds.sh + subPath: test_crds.sh + command: + - bash + args: + - -e + - /test_crds.sh + restartPolicy: Never +{{- end }} \ No newline at end of file diff --git a/charts/db-operator/templates/test/gsql_test.yaml b/charts/db-operator/templates/test/gsql_test.yaml new file mode 100644 index 0000000..ace2e97 --- /dev/null +++ b/charts/db-operator/templates/test/gsql_test.yaml @@ -0,0 +1,291 @@ +{{- $version := semver .Capabilities.KubeVersion.Version }} +{{- if .Values.tests.gsql.enabled }} +# --------------------------------------------------------------------- +# -- Test Google API requests with cloudish-sql +# -- https://github.com/db-operator/cloudish-sql +# -- +# -- The script that is running checks is added to a configmap, and +# -- later exexuted in pod. If you want to see the logic of this test, +# -- please, go to the bottom of the file and find a configmap with +# -- with a bash script +# --------------------------------------------------------------------- +# -- Prepare clousdish sql and dependencies +# --------------------------------------------------------------------- +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "db-operator.name" . }}-mock-google-api + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +spec: + replicas: 1 + selector: + matchLabels: + app: googleAPI + role: test + template: + metadata: + labels: + app: googleAPI + role: test + spec: + containers: + - name: api + image: "{{ .Values.tests.gsql.cloudishSQL.image.repository }}:{{ .Values.tests.gsql.cloudishSQL.image.tag }}" + ports: + - containerPort: 8080 + name: http + imagePullPolicy: IfNotPresent + env: + - name: LOG_LEVEL + value: "DEBUG" + command: + - /usr/local/bin/cloudish-sql + - --db-address=pg-test-db:5432 + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "db-operator.name" . }}-mock-google-api + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: googleAPI + role: test + type: ClusterIP + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "db-operator.name" . }}-gsql-admin-creds + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +type: Opaque +data: + password: {{ .Values.tests.gsql.dbin.adminPassword | b64enc }} + user: {{ .Values.tests.gsql.dbin.adminUser | b64enc }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "db-operator.name" . }}-gsql-instance-config + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +data: + config: | +{{ .Values.tests.gsql.dbin.instanceConfig.data | indent 4 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "db-operator.name" . }}-test-script + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "6" +data: + test.sh: |- + #!/bin/bash + ATTEMPTS_AMOUNT="{{ .Values.tests.attempts.amount }}" + ATTEMPTS_TIMEOUT="{{ .Values.tests.attempts.timeout }}" + EXPECTED_STATUS=true + TEST_PASSED=false + x=1 + while [ $x -le "${ATTEMPTS_AMOUNT}" ]; do + echo "[INFO]: Sleeping ${ATTEMPTS_TIMEOUT} seconds" + sleep $ATTEMPTS_TIMEOUT + ACTUAL_STATUS=$(kubectl get dbinstance {{ template "db-operator.name" . }}-gsql-instance -o yaml | yq '.status.status') + if [ "${ACTUAL_STATUS}" == "${EXPECTED_STATUS}" ]; then + echo "[INFO]: Test is passed, dbinstance is ready" + TEST_PASSED=true; + break + fi + x=$(( $x + 1 )) + done + if [ "${TEST_PASSED}" != "true" ]; then + echo "[ERROR]: Test is failed, check the kubectl get dbinstance output" + echo $(kubectl get dbinstance {{ template "db-operator.name" . }}-gsql-instance -o yaml | yq) + exit 1; + fi + + while [ $x -le "${ATTEMPTS_AMOUNT}" ]; do + echo "[INFO]: Sleeping ${ATTEMPTS_TIMEOUT} seconds" + sleep $ATTEMPTS_TIMEOUT + ACTUAL_STATUS=$(kubectl get deployment dbinstance-{{ template "db-operator.name" . }}-gsql-instance-cloudproxy -o yaml | yq '.status.availableReplicas') + DESIRED_STATUS=$(kubectl get deployment dbinstance-{{ template "db-operator.name" . }}-gsql-instance-cloudproxy -o yaml | yq '.status.replicas') + if [ "${ACTUAL_STATUS}" == "${DESIRED_STATUS}" ]; then + echo "[INFO]: Test is passed, cloud proxy is deployed" + TEST_PASSED=true; + break + fi + x=$(( $x + 1 )) + done + if [ "${TEST_PASSED}" != "true" ]; then + echo "[ERROR]: Test is failed, check the kubectl get dbinstance output" + echo $(kubectl get dbinstance {{ template "db-operator.name" . }}-gsql-instance -o yaml | yq) + exit 1; + fi + + +--- +# --------------------------------------------------------------------- +# -- Prepare roles and bindings to access k8s resources from the test +# --------------------------------------------------------------------- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "db-operator.name" . }}-gsql-dbin-role + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +rules: +- apiGroups: ["kinda.rocks", "apps"] + resources: ["*"] + verbs: ["get", "watch", "list", "delete"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "db-operator.name" . }}-gsql-dbin-sa + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +automountServiceAccountToken: true + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "db-operator.name" . }}-gsql-dbin-rb + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +subjects: +- kind: ServiceAccount + name: {{ template "db-operator.name" . }}-gsql-dbin-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "db-operator.name" . }}-gsql-dbin-role + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: kinda.rocks/v1beta1 +kind: DbInstance +metadata: + name: {{ template "db-operator.name" . }}-gsql-instance + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "2" +spec: + adminSecretRef: + Name: {{ template "db-operator.name" . }}-gsql-admin-creds + Namespace: {{ .Release.Namespace }} + engine: postgres + google: + configmapRef: + Name: {{ template "db-operator.name" . }}-gsql-instance-config + Namespace: {{ .Release.Namespace }} + clientSecretRef: + Name: cloudsql-admin-serviceaccount + Namespace: {{ .Release.Namespace }} + instance: gsql-local-postgres + apiEndpoint: http://{{ template "db-operator.name" . }}-mock-google-api + monitoring: + enabled: true + +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "db-operator.name" . }}-test + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "7" +spec: + serviceAccountName: {{ template "db-operator.name" . }}-gsql-dbin-sa + automountServiceAccountToken: true + volumes: + - name: test-script + configMap: + name: {{ template "db-operator.name" . }}-test-script + containers: + - name: tester + image: alpine/k8s:{{ $version.Major }}.{{ $version.Minor }}.{{ $version.Patch }} + volumeMounts: + - name: test-script + readOnly: true + mountPath: /test.sh + subPath: test.sh + command: + - bash + args: + - -e + - /test.sh + restartPolicy: Never +{{- end }} diff --git a/charts/db-operator/templates/test/mysql-test.yaml b/charts/db-operator/templates/test/mysql-test.yaml new file mode 100644 index 0000000..729a262 --- /dev/null +++ b/charts/db-operator/templates/test/mysql-test.yaml @@ -0,0 +1,183 @@ +{{- if .Values.tests.mysql.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "db-operator.name" . }}-mysql-admin-password + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +type: Opaque +data: + password: {{ .Values.tests.mysql.admin.password | b64enc }} + user: {{ .Values.tests.mysql.admin.user | b64enc }} + +--- +apiVersion: kinda.rocks/v1beta1 +kind: DbInstance +metadata: + name: {{ template "db-operator.name" . }}-mysql + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +spec: + adminSecretRef: + Namespace: {{ .Release.Namespace }} + Name: {{ template "db-operator.name" . }}-mysql-admin-password + engine: mysql + generic: + host: {{ .Values.tests.mysql.service.name }}.{{ .Values.tests.mysql.service.namespace }}.svc.cluster.local + port: 3306 + publicIp: "1.2.3.4" + backupHost: {{ .Values.tests.mysql.service.name }}.{{ .Values.tests.mysql.service.namespace }}.svc.cluster.local + +--- +apiVersion: "kinda.rocks/v1beta1" +kind: "Database" +metadata: + name: {{ template "db-operator.name" . }}-mysql + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "2" +spec: + secretName: {{ template "db-operator.name" . }}-mysql-credentials # where to save db name user, password for application + instance: {{ template "db-operator.name" . }}-mysql + backup: + enable: false + cron: "" + deletionProtected: false + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "db-operator.name" . }}-mysql-test-script + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "3" +data: + write.sh: | +{{ .Files.Get "scripts/mysql/test_write.sh" | indent 4}} + read.sh: | +{{ .Files.Get "scripts/mysql/test_read.sh" | indent 4}} + +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "db-operator.name" . }}-tester-app-{{ randAlphaNum 5 | lower }} + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "4" +spec: + containers: + - name: mysql-writer + image: imega/mysql-client + command: + - sh + - -c + - exec sh /app/write.sh + env: + - name: MYSQL_PASSWORD_FILE + value: /run/secrets/mysql/PASSWORD + - name: MYSQL_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "db-operator.name" . }}-mysql-credentials + key: USER + - name: MYSQL_DB + valueFrom: + secretKeyRef: + name: {{ template "db-operator.name" . }}-mysql-credentials + key: DB + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + name: {{ template "db-operator.name" . }}-mysql-credentials + key: DB_CONN + volumeMounts: + - name: db-secret + mountPath: /run/secrets/mysql/ + readOnly: true + - name: script + mountPath: /app/ + - name: shared-data + mountPath: /tmp + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 100m + memory: 128Mi + - name: mysql-reader + image: imega/mysql-client + command: + - sh + - -c + - exec sh /app/read.sh + env: + - name: MYSQL_PASSWORD_FILE + value: /run/secrets/mysql/PASSWORD + - name: MYSQL_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "db-operator.name" . }}-mysql-credentials + key: USER + - name: MYSQL_DB + valueFrom: + secretKeyRef: + name: {{ template "db-operator.name" . }}-mysql-credentials + key: DB + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + name: {{ template "db-operator.name" . }}-mysql-credentials + key: DB_CONN + volumeMounts: + - name: db-secret + mountPath: /run/secrets/mysql/ + readOnly: true + - name: script + mountPath: /app/ + - name: shared-data + mountPath: /tmp + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 100m + memory: 128Mi + restartPolicy: Never + volumes: + - name: db-secret + secret: + secretName: {{ template "db-operator.name" . }}-mysql-credentials + - name: script + configMap: + name: {{ template "db-operator.name" . }}-mysql-test-script + - name: shared-data + emptyDir: {} +{{- end }} diff --git a/charts/db-operator/templates/test/postgres-test.yaml b/charts/db-operator/templates/test/postgres-test.yaml new file mode 100644 index 0000000..df0fc2d --- /dev/null +++ b/charts/db-operator/templates/test/postgres-test.yaml @@ -0,0 +1,183 @@ +{{- if .Values.tests.postgresql.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "db-operator.name" . }}-postgresql-admin-password + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +type: Opaque +data: + password: {{ .Values.tests.postgresql.admin.password | b64enc }} + user: {{ .Values.tests.postgresql.admin.user | b64enc }} + +--- +apiVersion: kinda.rocks/v1beta1 +kind: DbInstance +metadata: + name: {{ template "db-operator.name" . }}-postgresql + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +spec: + adminSecretRef: + Namespace: {{ .Release.Namespace }} + Name: {{ template "db-operator.name" . }}-postgresql-admin-password + engine: postgres + generic: + host: {{ .Values.tests.postgresql.service.name }}.{{ .Values.tests.postgresql.service.namespace }}.svc.cluster.local + port: 5432 + publicIp: "1.2.3.4" + backupHost: {{ .Values.tests.postgresql.service.name }}.{{ .Values.tests.postgresql.service.namespace }}.svc.cluster.local + +--- +apiVersion: "kinda.rocks/v1beta1" +kind: "Database" +metadata: + name: {{ template "db-operator.name" . }}-postgresql + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "2" +spec: + secretName: {{ template "db-operator.name" . }}-postgresql-credentials + instance: {{ template "db-operator.name" . }}-postgresql + backup: + enable: false + cron: "" + deletionProtected: false + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "db-operator.name" . }}-postgresql-test-script + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "3" +data: + write.sh: | +{{ .Files.Get "scripts/postgresql/test_write.sh" | indent 4}} + read.sh: | +{{ .Files.Get "scripts/postgresql/test_read.sh" | indent 4}} + +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "db-operator.name" . }}-tester-app-{{ randAlphaNum 5 | lower }} + labels: + {{- include "labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "4" +spec: + containers: + - name: postgres-writer + image: postgres:10.4 + command: + - sh + - -c + - exec sh /app/write.sh + env: + - name: POSTGRES_PASSWORD_FILE + value: /run/secrets/postgres/POSTGRES_PASSWORD + - name: POSTGRES_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "db-operator.name" . }}-postgresql-credentials + key: POSTGRES_USER + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: {{ template "db-operator.name" . }}-postgresql-credentials + key: POSTGRES_DB + - name: POSTGRES_HOST + valueFrom: + configMapKeyRef: + name: {{ template "db-operator.name" . }}-postgresql-credentials + key: DB_CONN + volumeMounts: + - name: db-secret + mountPath: /run/secrets/postgres/ + readOnly: true + - name: script + mountPath: /app/ + - name: shared-data + mountPath: /tmp + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 100m + memory: 128Mi + - name: postgres-reader + image: postgres:10.4 + command: + - sh + - -c + - exec sh /app/read.sh + env: + - name: POSTGRES_PASSWORD_FILE + value: /run/secrets/postgres/POSTGRES_PASSWORD + - name: POSTGRES_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "db-operator.name" . }}-postgresql-credentials + key: POSTGRES_USER + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: {{ template "db-operator.name" . }}-postgresql-credentials + key: POSTGRES_DB + - name: POSTGRES_HOST + valueFrom: + configMapKeyRef: + name: {{ template "db-operator.name" . }}-postgresql-credentials + key: DB_CONN + volumeMounts: + - name: db-secret + mountPath: /run/secrets/postgres/ + readOnly: true + - name: script + mountPath: /app/ + - name: shared-data + mountPath: /tmp + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 100m + memory: 128Mi + restartPolicy: Never + volumes: + - name: db-secret + secret: + secretName: {{ template "db-operator.name" . }}-postgresql-credentials + - name: script + configMap: + name: {{ template "db-operator.name" . }}-postgresql-test-script + - name: shared-data + emptyDir: {} +{{- end }} \ No newline at end of file diff --git a/charts/db-operator/values.yaml b/charts/db-operator/values.yaml index 345c324..8165c38 100644 --- a/charts/db-operator/values.yaml +++ b/charts/db-operator/values.yaml @@ -1,13 +1,10 @@ nameOverride: "" - image: repository: ghcr.io/db-operator/db-operator pullPolicy: Always logLevel: info - # imagePullSecrets: # - name: myRegistrySecret - reconcileInterval: "60" # watchNamespace value is comma-separated list of namespace names. It's necessary to set "" to watch cluster wide. watchNamespace: "" @@ -21,18 +18,14 @@ watchNamespace: "" # -- NOTE: Currently, it's only working with Database Users # ------------------------------------------------------------ checkForChanges: false - rbac: create: true - serviceAccount: create: true - crds: install: true keep: true annotations: {} - webhook: enabled: true serviceAccount: @@ -60,23 +53,16 @@ webhook: # -- ClusterIssuer or Issuer # ----------------------------------------- kind: Issuer - security: {} # runAsUser: 1000 # fsGroup: 1000 resources: {} - nodeSelector: {} - annotations: {} - podLabels: {} - affinity: {} - tolerations: [] - config: instance: google: @@ -136,10 +122,8 @@ config: - rows: usage: "COUNTER" description: "Total number of rows retrieved or affected by the statement" - secrets: gsql: {} - serviceMonitor: enabled: false # interval: 10s @@ -169,3 +153,19 @@ service: annotations: {} type: ClusterIP port: 8080 +# --------------------------------------------------------------------- +# -- These values are used in tests, they should not affect users +# --------------------------------------------------------------------- +tests: + gsql: + enabled: false + mysql: + enabled: false + postgresql: + enabled: false + crds: + enabled: false + attempts: + amount: 10 + timeout: 30 + cleanup: true