From e417f3cee98d5868ef321d9af4ab44d74634d545 Mon Sep 17 00:00:00 2001 From: Neaj Morshad Date: Fri, 8 Nov 2024 21:02:57 +0600 Subject: [PATCH] Update MSSQLServer API Signed-off-by: Neaj Morshad --- apis/kubedb/v1alpha2/mssqlserver_helpers.go | 62 ++--- apis/kubedb/v1alpha2/mssqlserver_types.go | 23 +- apis/kubedb/v1alpha2/mssqlserver_webhook.go | 18 -- apis/kubedb/v1alpha2/openapi_generated.go | 52 +--- apis/kubedb/v1alpha2/zz_generated.deepcopy.go | 37 +-- crds/kubedb.com_mssqlservers.yaml | 253 ++---------------- 6 files changed, 66 insertions(+), 379 deletions(-) diff --git a/apis/kubedb/v1alpha2/mssqlserver_helpers.go b/apis/kubedb/v1alpha2/mssqlserver_helpers.go index d374796098..8ebada91ab 100644 --- a/apis/kubedb/v1alpha2/mssqlserver_helpers.go +++ b/apis/kubedb/v1alpha2/mssqlserver_helpers.go @@ -333,9 +333,9 @@ func (m *MSSQLServer) SetDefaults() { if m.Spec.Replicas == nil { m.Spec.Replicas = pointer.Int32P(1) } - } else { - if m.Spec.LeaderElection == nil { - m.Spec.LeaderElection = &MSSQLServerLeaderElectionConfig{ + } else if m.IsAvailabilityGroup() { + if m.Spec.Topology.AvailabilityGroup.LeaderElection == nil { + m.Spec.Topology.AvailabilityGroup.LeaderElection = &MSSQLServerLeaderElectionConfig{ // The upper limit of election timeout is 50000ms (50s), which should only be used when deploying a // globally-distributed etcd cluster. A reasonable round-trip time for the continental United States is around 130-150ms, // and the time between US and Japan is around 350-400ms. If the network has uneven performance or regular packet @@ -350,11 +350,11 @@ func (m *MSSQLServer) SetDefaults() { HeartbeatTick: 1, } } - if m.Spec.LeaderElection.TransferLeadershipInterval == nil { - m.Spec.LeaderElection.TransferLeadershipInterval = &meta.Duration{Duration: 1 * time.Second} + if m.Spec.Topology.AvailabilityGroup.LeaderElection.TransferLeadershipInterval == nil { + m.Spec.Topology.AvailabilityGroup.LeaderElection.TransferLeadershipInterval = &meta.Duration{Duration: 1 * time.Second} } - if m.Spec.LeaderElection.TransferLeadershipTimeout == nil { - m.Spec.LeaderElection.TransferLeadershipTimeout = &meta.Duration{Duration: 60 * time.Second} + if m.Spec.Topology.AvailabilityGroup.LeaderElection.TransferLeadershipTimeout == nil { + m.Spec.Topology.AvailabilityGroup.LeaderElection.TransferLeadershipTimeout = &meta.Duration{Duration: 60 * time.Second} } } @@ -498,8 +498,6 @@ func (m *MSSQLServer) setDefaultContainerResourceLimits(podTemplate *ofst.PodTem } func (m *MSSQLServer) SetTLSDefaults() { - m.SetTLSDefaultsForInternalAuth() - if m.Spec.TLS == nil || m.Spec.TLS.IssuerRef == nil { return } @@ -546,34 +544,30 @@ func (m *MSSQLServer) SetTLSDefaults() { OrganizationalUnits: defaultClientOrgUnit, }, }) -} - -func (m *MSSQLServer) SetTLSDefaultsForInternalAuth() { - if m.Spec.InternalAuth == nil || m.Spec.InternalAuth.EndpointCert == nil || m.Spec.InternalAuth.EndpointCert.IssuerRef == nil { - return - } - // Endpoint-cert - defaultServerOrg := []string{kubedb.KubeDBOrganization} - defaultServerOrgUnit := []string{string(MSSQLServerEndpointCert)} - _, cert := kmapi.GetCertificate(m.Spec.InternalAuth.EndpointCert.Certificates, string(MSSQLServerEndpointCert)) - if cert != nil && cert.Subject != nil { - if cert.Subject.Organizations != nil { - defaultServerOrg = cert.Subject.Organizations - } - if cert.Subject.OrganizationalUnits != nil { - defaultServerOrgUnit = cert.Subject.OrganizationalUnits + if m.IsAvailabilityGroup() { + // Endpoint-cert + defaultEndpointOrg := []string{kubedb.KubeDBOrganization} + defaultEndpointOrgUnit := []string{string(MSSQLServerEndpointCert)} + _, cert = kmapi.GetCertificate(m.Spec.TLS.Certificates, string(MSSQLServerEndpointCert)) + if cert != nil && cert.Subject != nil { + if cert.Subject.Organizations != nil { + defaultEndpointOrg = cert.Subject.Organizations + } + if cert.Subject.OrganizationalUnits != nil { + defaultEndpointOrgUnit = cert.Subject.OrganizationalUnits + } } - } - m.Spec.InternalAuth.EndpointCert.Certificates = kmapi.SetMissingSpecForCertificate(m.Spec.InternalAuth.EndpointCert.Certificates, kmapi.CertificateSpec{ - Alias: string(MSSQLServerEndpointCert), - SecretName: m.GetCertSecretName(MSSQLServerEndpointCert), - Subject: &kmapi.X509Subject{ - Organizations: defaultServerOrg, - OrganizationalUnits: defaultServerOrgUnit, - }, - }) + m.Spec.TLS.Certificates = kmapi.SetMissingSpecForCertificate(m.Spec.TLS.Certificates, kmapi.CertificateSpec{ + Alias: string(MSSQLServerEndpointCert), + SecretName: m.GetCertSecretName(MSSQLServerEndpointCert), + Subject: &kmapi.X509Subject{ + Organizations: defaultEndpointOrg, + OrganizationalUnits: defaultEndpointOrgUnit, + }, + }) + } } func (m *MSSQLServer) ReplicasAreReady(lister pslister.PetSetLister) (bool, string, error) { diff --git a/apis/kubedb/v1alpha2/mssqlserver_types.go b/apis/kubedb/v1alpha2/mssqlserver_types.go index 2331a1f36c..d5c284f3a8 100644 --- a/apis/kubedb/v1alpha2/mssqlserver_types.go +++ b/apis/kubedb/v1alpha2/mssqlserver_types.go @@ -95,11 +95,6 @@ type MSSQLServerSpec struct { // +optional ConfigSecret *core.LocalObjectReference `json:"configSecret,omitempty"` - // InternalAuth is used to authenticate endpoint - // +optional - // +nullable - InternalAuth *InternalAuthentication `json:"internalAuth,omitempty"` - // Init is used to initialize database // +optional Init *InitSpec `json:"init,omitempty"` @@ -123,14 +118,6 @@ type MSSQLServerSpec struct { // +optional DeletionPolicy TerminationPolicy `json:"deletionPolicy,omitempty"` - // Coordinator defines attributes of the coordinator container - // +optional - Coordinator CoordinatorSpec `json:"coordinator,omitempty"` - - // Leader election configuration - // +optional - LeaderElection *MSSQLServerLeaderElectionConfig `json:"leaderElection,omitempty"` - // HealthChecker defines attributes of the health checker // +optional // +kubebuilder:default={periodSeconds: 10, timeoutSeconds: 10, failureThreshold: 1} @@ -145,12 +132,6 @@ type MSSQLServerSpec struct { Archiver *Archiver `json:"archiver,omitempty"` } -// InternalAuthentication provides different way of endpoint authentication -type InternalAuthentication struct { - // EndpointCert is used for endpoint authentication of MSSql Server - EndpointCert *kmapi.TLSConfig `json:"endpointCert"` -} - type SQLServerTLSConfig struct { kmapi.TLSConfig `json:",inline"` ClientTLS bool `json:"clientTLS"` @@ -171,6 +152,10 @@ type MSSQLServerAvailabilityGroupSpec struct { // AvailabilityDatabases is an array of databases to be included in the availability group // +optional Databases []string `json:"databases"` + + // Leader election configuration + // +optional + LeaderElection *MSSQLServerLeaderElectionConfig `json:"leaderElection,omitempty"` } // MSSQLServerStatus defines the observed state of MSSQLServer diff --git a/apis/kubedb/v1alpha2/mssqlserver_webhook.go b/apis/kubedb/v1alpha2/mssqlserver_webhook.go index a088f2b982..8d3bb942eb 100644 --- a/apis/kubedb/v1alpha2/mssqlserver_webhook.go +++ b/apis/kubedb/v1alpha2/mssqlserver_webhook.go @@ -132,23 +132,6 @@ func (m *MSSQLServer) ValidateCreateOrUpdate() field.ErrorList { m.Name, "number of replicas can not be nil and can not be less than or equal to 0")) } - - if m.Spec.InternalAuth == nil { - allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("internalAuth"), - m.Name, "spec.internalAuth is missing")) - } else if m.Spec.InternalAuth.EndpointCert == nil { - allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("internalAuth").Child("endpointCert"), - m.Name, "spec.internalAuth.endpointCert is missing")) - } else { - if m.Spec.InternalAuth.EndpointCert.IssuerRef == nil { - allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("internalAuth").Child("endpointCert").Child("issuerRef"), - m.Name, "spec.internalAuth.endpointCert.issuerRef' is missing")) - } - if len(m.Spec.InternalAuth.EndpointCert.Certificates) > 1 { - allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("internalAuth").Child("endpointCert").Child("certificates"), - m.Name, "spec.internalAuth.endpointCert.certificates' can have only one certificate")) - } - } } if m.Spec.TLS == nil { @@ -291,7 +274,6 @@ func mssqlValidateVolumesMountPaths(podTemplate *ofst.PodTemplateSpec) error { var forbiddenMSSQLServerEnvVars = []string{ kubedb.EnvMSSQLSAUsername, kubedb.EnvMSSQLSAPassword, - kubedb.EnvAcceptEula, kubedb.EnvMSSQLEnableHADR, kubedb.EnvMSSQLAgentEnabled, kubedb.EnvMSSQLVersion, diff --git a/apis/kubedb/v1alpha2/openapi_generated.go b/apis/kubedb/v1alpha2/openapi_generated.go index f1aa3c5d43..8fcb49df1a 100644 --- a/apis/kubedb/v1alpha2/openapi_generated.go +++ b/apis/kubedb/v1alpha2/openapi_generated.go @@ -549,7 +549,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.FerretDBStatus": schema_apimachinery_apis_kubedb_v1alpha2_FerretDBStatus(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.GitRepo": schema_apimachinery_apis_kubedb_v1alpha2_GitRepo(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.InitSpec": schema_apimachinery_apis_kubedb_v1alpha2_InitSpec(ref), - "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.InternalAuthentication": schema_apimachinery_apis_kubedb_v1alpha2_InternalAuthentication(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.Kafka": schema_apimachinery_apis_kubedb_v1alpha2_Kafka(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.KafkaApp": schema_apimachinery_apis_kubedb_v1alpha2_KafkaApp(ref), "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.KafkaBrokerCapacity": schema_apimachinery_apis_kubedb_v1alpha2_KafkaBrokerCapacity(ref), @@ -28534,28 +28533,6 @@ func schema_apimachinery_apis_kubedb_v1alpha2_InitSpec(ref common.ReferenceCallb } } -func schema_apimachinery_apis_kubedb_v1alpha2_InternalAuthentication(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "InternalAuthentication provides different way of endpoint authentication", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "endpointCert": { - SchemaProps: spec.SchemaProps{ - Description: "EndpointCert is used for endpoint authentication of MSSql Server", - Ref: ref("kmodules.xyz/client-go/api/v1.TLSConfig"), - }, - }, - }, - Required: []string{"endpointCert"}, - }, - }, - Dependencies: []string{ - "kmodules.xyz/client-go/api/v1.TLSConfig"}, - } -} - func schema_apimachinery_apis_kubedb_v1alpha2_Kafka(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -29165,9 +29142,17 @@ func schema_apimachinery_apis_kubedb_v1alpha2_MSSQLServerAvailabilityGroupSpec(r }, }, }, + "leaderElection": { + SchemaProps: spec.SchemaProps{ + Description: "Leader election configuration", + Ref: ref("kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MSSQLServerLeaderElectionConfig"), + }, + }, }, }, }, + Dependencies: []string{ + "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MSSQLServerLeaderElectionConfig"}, } } @@ -29322,12 +29307,6 @@ func schema_apimachinery_apis_kubedb_v1alpha2_MSSQLServerSpec(ref common.Referen Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, - "internalAuth": { - SchemaProps: spec.SchemaProps{ - Description: "InternalAuth is used to authenticate endpoint", - Ref: ref("kubedb.dev/apimachinery/apis/kubedb/v1alpha2.InternalAuthentication"), - }, - }, "init": { SchemaProps: spec.SchemaProps{ Description: "Init is used to initialize database", @@ -29374,19 +29353,6 @@ func schema_apimachinery_apis_kubedb_v1alpha2_MSSQLServerSpec(ref common.Referen Format: "", }, }, - "coordinator": { - SchemaProps: spec.SchemaProps{ - Description: "Coordinator defines attributes of the coordinator container", - Default: map[string]interface{}{}, - Ref: ref("kubedb.dev/apimachinery/apis/kubedb/v1alpha2.CoordinatorSpec"), - }, - }, - "leaderElection": { - SchemaProps: spec.SchemaProps{ - Description: "Leader election configuration", - Ref: ref("kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MSSQLServerLeaderElectionConfig"), - }, - }, "healthChecker": { SchemaProps: spec.SchemaProps{ Description: "HealthChecker defines attributes of the health checker", @@ -29411,7 +29377,7 @@ func schema_apimachinery_apis_kubedb_v1alpha2_MSSQLServerSpec(ref common.Referen }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "kmodules.xyz/client-go/api/v1.HealthCheckSpec", "kmodules.xyz/monitoring-agent-api/api/v1.AgentSpec", "kmodules.xyz/offshoot-api/api/v2.PodTemplateSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.Archiver", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.CoordinatorSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.InitSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.InternalAuthentication", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MSSQLServerLeaderElectionConfig", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MSSQLServerTopology", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.NamedServiceTemplateSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.SQLServerTLSConfig", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.SecretReference"}, + "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "kmodules.xyz/client-go/api/v1.HealthCheckSpec", "kmodules.xyz/monitoring-agent-api/api/v1.AgentSpec", "kmodules.xyz/offshoot-api/api/v2.PodTemplateSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.Archiver", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.InitSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.MSSQLServerTopology", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.NamedServiceTemplateSpec", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.SQLServerTLSConfig", "kubedb.dev/apimachinery/apis/kubedb/v1alpha2.SecretReference"}, } } diff --git a/apis/kubedb/v1alpha2/zz_generated.deepcopy.go b/apis/kubedb/v1alpha2/zz_generated.deepcopy.go index 4f8458a765..458bb13fcf 100644 --- a/apis/kubedb/v1alpha2/zz_generated.deepcopy.go +++ b/apis/kubedb/v1alpha2/zz_generated.deepcopy.go @@ -1938,27 +1938,6 @@ func (in *InitSpec) DeepCopy() *InitSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InternalAuthentication) DeepCopyInto(out *InternalAuthentication) { - *out = *in - if in.EndpointCert != nil { - in, out := &in.EndpointCert, &out.EndpointCert - *out = new(apiv1.TLSConfig) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalAuthentication. -func (in *InternalAuthentication) DeepCopy() *InternalAuthentication { - if in == nil { - return nil - } - out := new(InternalAuthentication) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Kafka) DeepCopyInto(out *Kafka) { *out = *in @@ -2328,6 +2307,11 @@ func (in *MSSQLServerAvailabilityGroupSpec) DeepCopyInto(out *MSSQLServerAvailab *out = make([]string, len(*in)) copy(*out, *in) } + if in.LeaderElection != nil { + in, out := &in.LeaderElection, &out.LeaderElection + *out = new(MSSQLServerLeaderElectionConfig) + (*in).DeepCopyInto(*out) + } return } @@ -2429,11 +2413,6 @@ func (in *MSSQLServerSpec) DeepCopyInto(out *MSSQLServerSpec) { *out = new(corev1.LocalObjectReference) **out = **in } - if in.InternalAuth != nil { - in, out := &in.InternalAuth, &out.InternalAuth - *out = new(InternalAuthentication) - (*in).DeepCopyInto(*out) - } if in.Init != nil { in, out := &in.Init, &out.Init *out = new(InitSpec) @@ -2456,12 +2435,6 @@ func (in *MSSQLServerSpec) DeepCopyInto(out *MSSQLServerSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - in.Coordinator.DeepCopyInto(&out.Coordinator) - if in.LeaderElection != nil { - in, out := &in.LeaderElection, &out.LeaderElection - *out = new(MSSQLServerLeaderElectionConfig) - (*in).DeepCopyInto(*out) - } in.HealthChecker.DeepCopyInto(&out.HealthChecker) if in.Monitor != nil { in, out := &in.Monitor, &out.Monitor diff --git a/crds/kubedb.com_mssqlservers.yaml b/crds/kubedb.com_mssqlservers.yaml index e29a08f8fe..9982ca81c4 100644 --- a/crds/kubedb.com_mssqlservers.yaml +++ b/crds/kubedb.com_mssqlservers.yaml @@ -80,112 +80,6 @@ spec: type: string type: object x-kubernetes-map-type: atomic - coordinator: - properties: - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - appArmorProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - capabilities: - properties: - add: - items: - type: string - type: array - x-kubernetes-list-type: atomic - drop: - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - type: object deletionPolicy: enum: - Halt @@ -1229,133 +1123,6 @@ spec: waitForInitialRestore: type: boolean type: object - internalAuth: - nullable: true - properties: - endpointCert: - properties: - certificates: - items: - properties: - alias: - type: string - dnsNames: - items: - type: string - type: array - duration: - type: string - emailAddresses: - items: - type: string - type: array - ipAddresses: - items: - type: string - type: array - issuerRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - privateKey: - properties: - encoding: - enum: - - PKCS1 - - PKCS8 - type: string - type: object - renewBefore: - type: string - secretName: - type: string - subject: - properties: - countries: - items: - type: string - type: array - localities: - items: - type: string - type: array - organizationalUnits: - items: - type: string - type: array - organizations: - items: - type: string - type: array - postalCodes: - items: - type: string - type: array - provinces: - items: - type: string - type: array - serialNumber: - type: string - streetAddresses: - items: - type: string - type: array - type: object - uris: - items: - type: string - type: array - required: - - alias - type: object - type: array - issuerRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - type: object - required: - - endpointCert - type: object - leaderElection: - properties: - electionTick: - default: 10 - format: int32 - type: integer - heartbeatTick: - default: 1 - format: int32 - type: integer - period: - default: 100ms - type: string - transferLeadershipInterval: - default: 1s - type: string - transferLeadershipTimeout: - default: 60s - type: string - type: object monitor: properties: agent: @@ -4902,6 +4669,26 @@ spec: items: type: string type: array + leaderElection: + properties: + electionTick: + default: 10 + format: int32 + type: integer + heartbeatTick: + default: 1 + format: int32 + type: integer + period: + default: 100ms + type: string + transferLeadershipInterval: + default: 1s + type: string + transferLeadershipTimeout: + default: 60s + type: string + type: object type: object mode: enum: