diff --git a/.github/ISSUE_TEMPLATE/1-feature-request.yml b/.github/ISSUE_TEMPLATE/1-feature-request.yml new file mode 100644 index 0000000000..19b51db8ec --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1-feature-request.yml @@ -0,0 +1,33 @@ +name: Feature request 🧭 +description: Suggest an idea for this project +labels: "feature-request" +body: +- type: textarea + attributes: + label: Proposal + description: "What would you like to have as a feature" + placeholder: "A clear and concise description of what you want to happen." + validations: + required: true +- type: textarea + attributes: + label: Use-Case + description: "How would this help you?" + placeholder: "Tell us more what you'd like to achieve." + validations: + required: false +- type: dropdown + id: interested-in-implementing-the-feature + attributes: + label: Is this a feature you are interested in implementing yourself? + options: + - 'No' + - 'Maybe' + - 'Yes' + validations: + required: true +- type: textarea + id: anything-else + attributes: + label: Anything else? + description: "Let us know if you have anything else to share" diff --git a/.github/ISSUE_TEMPLATE/2-bug-report.yml b/.github/ISSUE_TEMPLATE/2-bug-report.yml new file mode 100644 index 0000000000..0009312142 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2-bug-report.yml @@ -0,0 +1,53 @@ +name: Report a bug 🐛 +description: Create a report to help us improve +labels: "bug" +body: +- type: markdown + attributes: + value: | + ## Self-help + Thank you for considering to open a bug report! + + Before you do, however, make sure to check our existing resources to see if it has already been discussed/reported: + - [Reported bugs](https://github.com/percona/percona-xtradb-cluster-operator/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+label%3Abug) + - [JIRA bugs](https://perconadev.atlassian.net/issues/?jql=project%20%3D%20%22Percona%20Operator%20for%20MySQL%20based%20on%20Percona%20XtraDB%20Cluster%22%20and%20issuetype%20%3D%20Bug%20and%20resolution%20%3D%20unresolved%20order%20BY%20created%20DESC) + - [Percona Operator for MySQL forum](https://forums.percona.com/c/mysql-mariadb/percona-kubernetes-operator-for-mysql/28) +- type: textarea + attributes: + label: Report + description: "What bug have you encountered?" + placeholder: "A clear and concise description of what the bug is." + validations: + required: true +- type: textarea + attributes: + label: More about the problem + description: What do you see happening + placeholder: Logs, expected behavior, other + validations: + required: true +- type: textarea + attributes: + label: Steps to reproduce + description: "Tell us how to reproduce the problem" + value: | + 1. + 2. + 3. + validations: + required: true +- type: textarea + attributes: + label: Versions + description: "Tell us which versions do you use" + value: | + 1. Kubernetes + 2. Operator + 3. Database + validations: + required: true +- type: textarea + id: anything-else + attributes: + label: Anything else? + description: "Let us know if you have anything else to share" diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000000..f584976093 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: true +contact_links: + - name: Ask a question about Percona Operator for MySQL or get support + url: https://forums.percona.com/c/mysql-mariadb/percona-kubernetes-operator-for-mysql/28 + about: Ask a question or request support for using Percona Operator for MySQL + - name: Report vulnerability or security concern + url: https://www.percona.com/security + about: For any security issues or concerns diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 5c7ff262fe..be293e7d3d 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -23,7 +23,6 @@ **Config/Logging/Testability** - [ ] Are all needed new/changed options added to default YAML files? -- [ ] Are the manifests (crd/bundle) regenerated if needed? - [ ] Did we add proper logging messages for operator actions? - [ ] Did we ensure compatibility with the previous version or cluster upgrade process? - [ ] Does the change support oldest and newest supported PXC version? diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 4d249138d2..145df2184f 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -77,3 +77,12 @@ jobs: github_token: ${{ secrets.github_token }} reporter: github-pr-review level: info + + manifests: + name: runner / manifests + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: | + make generate manifests VERSION=main + git diff --exit-code diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index ac989bbffb..cf1caa51ad 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -31,7 +31,7 @@ jobs: ./e2e-tests/build - name: Run Trivy vulnerability scanner image (linux/arm64) - uses: aquasecurity/trivy-action@0.16.0 + uses: aquasecurity/trivy-action@0.16.1 with: image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64' format: 'table' @@ -49,7 +49,7 @@ jobs: ./e2e-tests/build - name: Run Trivy vulnerability scanner image (linux/amd64) - uses: aquasecurity/trivy-action@0.16.0 + uses: aquasecurity/trivy-action@0.16.1 with: image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64' format: 'table' diff --git a/Makefile b/Makefile index 258086195d..5af85ea24c 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,7 @@ vet: ## Run go vet against code. go vet ./... test: manifests generate fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) --arch=amd64 use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out + DISABLE_TELEMETRY=true KUBEBUILDER_ASSETS="$(shell $(ENVTEST) --arch=amd64 use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out ##@ Build diff --git a/README.md b/README.md index f4802f7d40..db3635b5f9 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,9 @@ ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/percona/percona-xtradb-cluster-operator) [![Go Report Card](https://goreportcard.com/badge/github.com/percona/percona-xtradb-cluster-operator)](https://goreportcard.com/report/github.com/percona/percona-xtradb-cluster-operator) -[Percona XtraDB Cluster](https://www.percona.com/software/mysql-database/percona-xtradb-cluster) (PXC) is an open-source enterprise MySQL solution that helps you to ensure data availability for your applications while improving security and simplifying the development of new applications in the most demanding public, private, and hybrid cloud environments. +[Percona Operator for MySQL based on Percona XtraDB Cluster](https://docs.percona.com/percona-operator-for-mysql/pxc/index.html) (PXC) automates the creation and management of highly available, enterprise-ready MySQL database clusters on Kubernetes. -Based on our best practices for deployment and configuration, [Percona Operator for MySQL based on Percona XtraDB Cluster](https://www.percona.com/doc/kubernetes-operator-for-pxc/index.html) contains everything you need to quickly and consistently deploy and scale Percona XtraDB Cluster instances in a Kubernetes-based environment on-premises or in the cloud. It provides the following capabilities: +Within the [Percona Operator for MySQL based on Percona XtraDB Cluster](https://www.percona.com/doc/kubernetes-operator-for-pxc/index.html) we have implemented our best practices for deployment and configuration Percona XtraDB Cluster instances in a Kubernetes-based environment on-premises or in the cloud. The OPerator provides the following capabilities to keep the cluster healthy: * Easy deployment with no single point of failure * Load balancing and proxy service with either HAProxy or ProxySQL @@ -21,44 +21,34 @@ Based on our best practices for deployment and configuration, [Percona Operator * Automated Password Rotation – use the standard Kubernetes API to enforce password rotation policies for system user * Private container image registries -# Architecture +You interact with Percona Operator mostly via the command line tool. If you feel more comfortable with operating the Operator and database clusters via the web interface, there is [Percona Everest](https://docs.percona.com/everest/index.html) - an open-source web-based database provisioning tool available for you. It automates day-to-day database management operations for you, reducing the overall administrative overhead. [Get started with Percona Everest](https://docs.percona.com/everest/quickstart-guide/quick-install.html). -Percona Operators are based on the [Operator SDK](https://github.com/operator-framework/operator-sdk) and leverage Kubernetes primitives to follow best CNCF practices. -Please read more about architecture and design decisions [here](https://www.percona.com/doc/kubernetes-operator-for-pxc/architecture.html). +# Architecture -# Quickstart installation +Percona Operators are based on the [Operator SDK](https://github.com/operator-framework/operator-sdk) and leverage Kubernetes primitives to follow best CNCF practices. -## Helm +Please read more about [architecture and design decisions](https://www.percona.com/doc/kubernetes-operator-for-pxc/architecture.html). -Install the Operator: +## Documentation -```sh -helm install my-op percona/pxc-operator -``` +To learn more about the Operator, check the [Percona Operator for MySQL based on Percona XtraDB Cluster documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/index.html). -Install Percona XtraDB Cluster: -```sh -helm install my-db percona/pxc-db -``` +# Quickstart installation -See more details in: -- [Helm installation documentation](https://www.percona.com/doc/kubernetes-operator-for-pxc/helm.html) -- [Operator helm chart parameter reference](https://github.com/percona/percona-helm-charts/tree/main/charts/pxc-operator) -- [Percona XtraDB Cluster helm chart parameters reference](https://github.com/percona/percona-helm-charts/tree/main/charts/pxc-db) +Ready to try out the Operator? Check the [Quickstart tutorial](https://docs.percona.com/percona-operator-for-mysql/pxc/quickstart.html) for easy-to follow steps. +Below is one of the ways to deploy the Operator using `kubectl`. ## kubectl -It usually takes two steps to deploy Percona XtraDB Cluster on Kubernetes. - -Deploy the Operator from `deploy/bundle.yaml`: +1. Deploy the Operator from `deploy/bundle.yaml`: ```sh kubectl apply -f https://raw.githubusercontent.com/percona/percona-xtradb-cluster-operator/main/deploy/bundle.yaml ``` -Deploy the database cluster itself from `deploy/cr.yaml`: +2. Deploy the database cluster itself from `deploy/cr.yaml`: ```sh kubectl apply -f https://raw.githubusercontent.com/percona/percona-xtradb-cluster-operator/main/deploy/cr.yaml @@ -71,7 +61,11 @@ See full documentation with examples and various advanced cases on [percona.com] Percona welcomes and encourages community contributions to help improve Percona Operator for MySQL. -See the [Contribution Guide](CONTRIBUTING.md) and [Building and Testing Guide](e2e-tests/README.md) for more information. +See the [Contribution Guide](CONTRIBUTING.md) and [Building and Testing Guide](e2e-tests/README.md) for more information on how you can contribute. + +## Communication + +We would love to hear from you! Reach out to us on [Forum](https://forums.percona.com/c/mysql-mariadb/percona-kubernetes-operator-for-mysql/28) with your questions, feedback and ideas # Join Percona Kubernetes Squad! ``` @@ -99,5 +93,7 @@ We have an experimental public roadmap which can be found [here](https://github. # Submitting Bug Reports -If you find a bug in Percona Docker Images or in one of the related projects, please submit a report to that project's [JIRA](https://jira.percona.com/browse/K8SPXC) issue tracker. Learn more about submitting bugs, new features ideas and improvements in the [Contribution Guide](CONTRIBUTING.md). +If you find a bug in Percona Docker Images or in one of the related projects, please submit a report to that project's [JIRA](https://jira.percona.com/browse/K8SPXC) issue tracker or [create a GitHub issue](https://docs.github.com/en/issues/tracking-your-work-with-issues/creating-an-issue#creating-an-issue-from-a-repository) in this repository. + +Learn more about submitting bugs, new features ideas and improvements in the [Contribution Guide](CONTRIBUTING.md). diff --git a/build/pxc-entrypoint.sh b/build/pxc-entrypoint.sh index 1dd5d01c00..74cc2e30f7 100755 --- a/build/pxc-entrypoint.sh +++ b/build/pxc-entrypoint.sh @@ -578,7 +578,7 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then fi if [ -n "$PXC_SERVICE" ]; then function get_primary() { - peer-list -on-start=/var/lib/mysql/get-pxc-state -service="$PXC_SERVICE" 2>&1 \ + /var/lib/mysql/peer-list -on-start=/var/lib/mysql/get-pxc-state -service="$PXC_SERVICE" 2>&1 \ | grep wsrep_ready:ON:wsrep_connected:ON:wsrep_local_state_comment:Synced:wsrep_cluster_status:Primary \ | sort \ | tail -1 \ diff --git a/cmd/pitr/collector/collector.go b/cmd/pitr/collector/collector.go index 6d77b2df3a..89bee47d15 100644 --- a/cmd/pitr/collector/collector.go +++ b/cmd/pitr/collector/collector.go @@ -65,7 +65,7 @@ const ( timelinePath string = "/tmp/pitr-timeline" // path to file with timeline ) -func New(c Config) (*Collector, error) { +func New(ctx context.Context, c Config) (*Collector, error) { var s storage.Storage var err error switch c.StorageType { @@ -76,7 +76,7 @@ func New(c Config) (*Collector, error) { if len(bucketArr) > 1 { prefix = strings.TrimPrefix(c.BackupStorageS3.BucketURL, bucketArr[0]+"/") + "/" } - s, err = storage.NewS3(c.BackupStorageS3.Endpoint, c.BackupStorageS3.AccessKeyID, c.BackupStorageS3.AccessKey, bucketArr[0], prefix, c.BackupStorageS3.Region, c.VerifyTLS) + s, err = storage.NewS3(ctx, c.BackupStorageS3.Endpoint, c.BackupStorageS3.AccessKeyID, c.BackupStorageS3.AccessKey, bucketArr[0], prefix, c.BackupStorageS3.Region, c.VerifyTLS) if err != nil { return nil, errors.Wrap(err, "new storage manager") } @@ -245,7 +245,7 @@ func createTimelineFile(firstTs string) error { } func updateTimelineFile(lastTs string) error { - f, err := os.OpenFile(timelinePath, os.O_RDWR, 0644) + f, err := os.OpenFile(timelinePath, os.O_RDWR, 0o644) if err != nil { return errors.Wrapf(err, "open %s", timelinePath) } diff --git a/cmd/pitr/main.go b/cmd/pitr/main.go index cae5d5b68e..51e07e9fe7 100644 --- a/cmd/pitr/main.go +++ b/cmd/pitr/main.go @@ -39,7 +39,7 @@ func runCollector(ctx context.Context) { if err != nil { log.Fatalln("ERROR: get config:", err) } - c, err := collector.New(config) + c, err := collector.New(ctx, config) if err != nil { log.Fatalln("ERROR: new controller:", err) } @@ -96,7 +96,6 @@ func getCollectorConfig() (collector.Config, error) { } return cfg, err - } func getRecovererConfig() (recoverer.Config, error) { diff --git a/cmd/pitr/recoverer/recoverer.go b/cmd/pitr/recoverer/recoverer.go index 15f9c2df9d..9c7621c28b 100644 --- a/cmd/pitr/recoverer/recoverer.go +++ b/cmd/pitr/recoverer/recoverer.go @@ -51,7 +51,7 @@ type Config struct { BinlogStorageAzure BinlogAzure } -func (c Config) storages() (storage.Storage, storage.Storage, error) { +func (c Config) storages(ctx context.Context) (storage.Storage, storage.Storage, error) { var binlogStorage, defaultStorage storage.Storage switch c.StorageType { case "s3": @@ -59,7 +59,7 @@ func (c Config) storages() (storage.Storage, storage.Storage, error) { if err != nil { return nil, nil, errors.Wrap(err, "get bucket and prefix") } - binlogStorage, err = storage.NewS3(c.BinlogStorageS3.Endpoint, c.BinlogStorageS3.AccessKeyID, c.BinlogStorageS3.AccessKey, bucket, prefix, c.BinlogStorageS3.Region, c.VerifyTLS) + binlogStorage, err = storage.NewS3(ctx, c.BinlogStorageS3.Endpoint, c.BinlogStorageS3.AccessKeyID, c.BinlogStorageS3.AccessKey, bucket, prefix, c.BinlogStorageS3.Region, c.VerifyTLS) if err != nil { return nil, nil, errors.Wrap(err, "new s3 storage") } @@ -69,7 +69,7 @@ func (c Config) storages() (storage.Storage, storage.Storage, error) { return nil, nil, errors.Wrap(err, "get bucket and prefix") } prefix = prefix[:len(prefix)-1] - defaultStorage, err = storage.NewS3(c.BackupStorageS3.Endpoint, c.BackupStorageS3.AccessKeyID, c.BackupStorageS3.AccessKey, bucket, prefix+".sst_info/", c.BackupStorageS3.Region, c.VerifyTLS) + defaultStorage, err = storage.NewS3(ctx, c.BackupStorageS3.Endpoint, c.BackupStorageS3.AccessKeyID, c.BackupStorageS3.AccessKey, bucket, prefix+".sst_info/", c.BackupStorageS3.Region, c.VerifyTLS) if err != nil { return nil, nil, errors.Wrap(err, "new storage manager") } @@ -137,7 +137,7 @@ type RecoverType string func New(ctx context.Context, c Config) (*Recoverer, error) { c.Verify() - binlogStorage, storage, err := c.storages() + binlogStorage, storage, err := c.storages(ctx) if err != nil { return nil, errors.Wrap(err, "new binlog storage manager") } diff --git a/deploy/cr.yaml b/deploy/cr.yaml index 1f7582e8bd..dfc8cd106b 100644 --- a/deploy/cr.yaml +++ b/deploy/cr.yaml @@ -220,6 +220,9 @@ spec: # timeout connect 100500 # timeout server 28800s # +# resolvers kubernetes +# parse-resolv-conf +# # frontend galera-in # bind *:3309 accept-proxy # bind *:3306 diff --git a/e2e-tests/affinity/compare/statefulset_custom-proxysql-k127-oc.yml b/e2e-tests/affinity/compare/statefulset_custom-proxysql-k127-oc.yml new file mode 100644 index 0000000000..2bcc0ead6e --- /dev/null +++ b/e2e-tests/affinity/compare/statefulset_custom-proxysql-k127-oc.yml @@ -0,0 +1,238 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: custom-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: custom +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: custom + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: custom-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: custom + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: another-node-label-key + operator: In + values: + - another-node-label-value + weight: 1 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: security + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: security + operator: In + values: + - S2 + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - env: + - name: PXC_SERVICE + value: custom-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-custom + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-custom + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-custom + envFrom: + - secretRef: + name: custom-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: custom-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-custom + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-custom + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-custom + envFrom: + - secretRef: + name: custom-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: custom-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-custom + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-custom + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-custom + envFrom: + - secretRef: + name: custom-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: custom-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/affinity/compare/statefulset_custom-pxc-k127-oc.yml b/e2e-tests/affinity/compare/statefulset_custom-pxc-k127-oc.yml new file mode 100644 index 0000000000..1aa62f3899 --- /dev/null +++ b/e2e-tests/affinity/compare/statefulset_custom-pxc-k127-oc.yml @@ -0,0 +1,254 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: custom-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: custom +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: custom + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: custom-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: custom + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: another-node-label-key + operator: In + values: + - another-node-label-value + weight: 1 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: security + operator: In + values: + - S1 + topologyKey: failure-domain.beta.kubernetes.io/zone + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: security + operator: In + values: + - S2 + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: custom-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-custom + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-custom + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-custom + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-custom + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: custom-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: custom-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: custom-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-custom-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: custom-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-custom + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: custom-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/affinity/compare/statefulset_hostname-proxysql-k127-oc.yml b/e2e-tests/affinity/compare/statefulset_hostname-proxysql-k127-oc.yml new file mode 100644 index 0000000000..2f0f678cd3 --- /dev/null +++ b/e2e-tests/affinity/compare/statefulset_hostname-proxysql-k127-oc.yml @@ -0,0 +1,211 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: hostname-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: hostname +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: hostname + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: hostname-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: hostname + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: hostname + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: hostname-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-hostname + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-hostname + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-hostname + envFrom: + - secretRef: + name: hostname-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: hostname-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-hostname + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-hostname + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-hostname + envFrom: + - secretRef: + name: hostname-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: hostname-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-hostname + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-hostname + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-hostname + envFrom: + - secretRef: + name: hostname-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: hostname-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/affinity/compare/statefulset_hostname-pxc-k127-oc.yml b/e2e-tests/affinity/compare/statefulset_hostname-pxc-k127-oc.yml new file mode 100644 index 0000000000..05209c19de --- /dev/null +++ b/e2e-tests/affinity/compare/statefulset_hostname-pxc-k127-oc.yml @@ -0,0 +1,227 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: hostname-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: hostname +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: hostname + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: hostname-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: hostname + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: hostname + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: hostname-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-hostname + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-hostname + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-hostname + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-hostname + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: hostname-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: hostname-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: hostname-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-hostname-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: hostname-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-hostname + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: hostname-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/affinity/compare/statefulset_region-proxysql-k127-oc.yml b/e2e-tests/affinity/compare/statefulset_region-proxysql-k127-oc.yml new file mode 100644 index 0000000000..dae74ff8aa --- /dev/null +++ b/e2e-tests/affinity/compare/statefulset_region-proxysql-k127-oc.yml @@ -0,0 +1,211 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: region-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: region +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: region + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: region-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: region + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: region + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: failure-domain.beta.kubernetes.io/region + containers: + - env: + - name: PXC_SERVICE + value: region-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-region + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-region + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-region + envFrom: + - secretRef: + name: region-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: region-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-region + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-region + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-region + envFrom: + - secretRef: + name: region-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: region-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-region + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-region + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-region + envFrom: + - secretRef: + name: region-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: region-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/affinity/compare/statefulset_region-pxc-k127-oc.yml b/e2e-tests/affinity/compare/statefulset_region-pxc-k127-oc.yml new file mode 100644 index 0000000000..716b032abd --- /dev/null +++ b/e2e-tests/affinity/compare/statefulset_region-pxc-k127-oc.yml @@ -0,0 +1,227 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: region-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: region +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: region + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: region-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: region + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: region + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: failure-domain.beta.kubernetes.io/region + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: region-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-region + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-region + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-region + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-region + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: region-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: region-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: region-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-region-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: region-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-region + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: region-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/affinity/compare/statefulset_zone-proxysql-k127-oc.yml b/e2e-tests/affinity/compare/statefulset_zone-proxysql-k127-oc.yml new file mode 100644 index 0000000000..4ccb0cccdf --- /dev/null +++ b/e2e-tests/affinity/compare/statefulset_zone-proxysql-k127-oc.yml @@ -0,0 +1,211 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: zone-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: zone +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: zone + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: zone-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: zone + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: zone + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: failure-domain.beta.kubernetes.io/zone + containers: + - env: + - name: PXC_SERVICE + value: zone-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-zone + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-zone + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-zone + envFrom: + - secretRef: + name: zone-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: zone-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-zone + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-zone + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-zone + envFrom: + - secretRef: + name: zone-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: zone-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-zone + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-zone + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-zone + envFrom: + - secretRef: + name: zone-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: zone-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/affinity/compare/statefulset_zone-pxc-k127-oc.yml b/e2e-tests/affinity/compare/statefulset_zone-pxc-k127-oc.yml new file mode 100644 index 0000000000..8eb828b3eb --- /dev/null +++ b/e2e-tests/affinity/compare/statefulset_zone-pxc-k127-oc.yml @@ -0,0 +1,227 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: zone-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: zone +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: zone + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: zone-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: zone + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: zone + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: failure-domain.beta.kubernetes.io/zone + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: zone-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-zone + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-zone + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-zone + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-zone + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: zone-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: zone-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: zone-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-zone-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: zone-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-zone + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: zone-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/big-data/conf/restore-backup-57.yml b/e2e-tests/big-data/conf/restore-backup-57.yml index 60edbcf89e..5a47dc604b 100644 --- a/e2e-tests/big-data/conf/restore-backup-57.yml +++ b/e2e-tests/big-data/conf/restore-backup-57.yml @@ -8,5 +8,5 @@ spec: destination: s3://percona-jenkins-artifactory/big-data-test/cluster1-2019-15-11-19:30:13-full s3: credentialsSecret: aws-s3-secret - region: us-west-2 + region: us-east-1 endpointUrl: https://s3.amazonaws.com diff --git a/e2e-tests/big-data/conf/restore-backup.yml b/e2e-tests/big-data/conf/restore-backup.yml index 2aedc8f8d0..722b47db8c 100644 --- a/e2e-tests/big-data/conf/restore-backup.yml +++ b/e2e-tests/big-data/conf/restore-backup.yml @@ -8,5 +8,5 @@ spec: destination: s3://percona-jenkins-artifactory/big-data-test/some-name-2021-02-18-12:55:09-full s3: credentialsSecret: aws-s3-secret - region: us-west-2 + region: us-east-1 endpointUrl: https://s3.amazonaws.com diff --git a/e2e-tests/big-data/conf/secrets_without_tls.yml b/e2e-tests/big-data/conf/secrets_without_tls.yml new file mode 100644 index 0000000000..5f7339f20f --- /dev/null +++ b/e2e-tests/big-data/conf/secrets_without_tls.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: my-cluster-secrets +type: Opaque +data: + root: cm9vdF9wYXNzd29yZA== + xtrabackup: YmFja3VwX3Bhc3N3b3Jk + monitor: bW9uaXRvcg== + proxyadmin: YWRtaW5fcGFzc3dvcmQ= + pmmserver: YWRtaW4= + operator: b3BlcmF0b3JhZG1pbg== + replication: cmVwbF9wYXNzd29yZA== diff --git a/e2e-tests/big-data/conf/some-name.yml b/e2e-tests/big-data/conf/some-name.yml index e3b2e99d81..5dff9e3b01 100644 --- a/e2e-tests/big-data/conf/some-name.yml +++ b/e2e-tests/big-data/conf/some-name.yml @@ -26,7 +26,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/big-data/run b/e2e-tests/big-data/run index 53a24c0b4b..4b73f5f405 100755 --- a/e2e-tests/big-data/run +++ b/e2e-tests/big-data/run @@ -18,7 +18,7 @@ main() { desc 'create first PXC cluster' cluster="some-name" - spinup_pxc "$cluster" "$test_dir/conf/$cluster.yml" "3" "10" "${conf_dir}/secrets_without_tls.yml" + spinup_pxc "$cluster" "$test_dir/conf/$cluster.yml" "3" "10" "$test_dir/conf/secrets_without_tls.yml" if [[ $IMAGE_PXC =~ 8\.0 ]]; then desc 'Switch to 8.0 backup' diff --git a/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-k127-oc.yml b/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-k127-oc.yml new file mode 100644 index 0000000000..7bd48b03f2 --- /dev/null +++ b/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-k127-oc.yml @@ -0,0 +1,275 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: cluster1-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: cluster1 +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: cluster1 + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: cluster1-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: cluster1 + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: cluster1 + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: cluster1-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: + requests: + cpu: 200m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-cluster1 + imagePullPolicy: Always + name: logrotate + resources: + requests: + cpu: 200m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: cluster1-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-cluster1 + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-cluster1 + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-cluster1 + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-cluster1 + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: caching_sha2_password + envFrom: + - secretRef: + name: cluster1-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: cluster1-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: cluster1-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: cluster1-ssl + - configMap: + defaultMode: 420 + name: auto-cluster1-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: cluster1-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-cluster1 + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: cluster1-mysql-init + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6G + status: + phase: Pending diff --git a/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-k127.yml b/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-k127.yml index 78c1e062b6..f826937dcf 100644 --- a/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-k127.yml +++ b/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-k127.yml @@ -197,6 +197,8 @@ spec: name: auto-config - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file dnsPolicy: ClusterFirst initContainers: - command: @@ -254,6 +256,11 @@ spec: defaultMode: 420 optional: false secretName: internal-cluster1 + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: cluster1-mysql-init updateStrategy: type: OnDelete volumeClaimTemplates: diff --git a/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-oc.yml b/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-oc.yml index 1f2564a06a..b31a0fb970 100644 --- a/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-oc.yml +++ b/e2e-tests/default-cr/compare/statefulset_cluster1-pxc-oc.yml @@ -194,6 +194,8 @@ spec: name: auto-config - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file dnsPolicy: ClusterFirst initContainers: - command: @@ -250,6 +252,11 @@ spec: defaultMode: 420 optional: false secretName: internal-cluster1 + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: cluster1-mysql-init updateStrategy: type: OnDelete volumeClaimTemplates: diff --git a/e2e-tests/default-cr/compare/statefulset_cluster1-pxc.yml b/e2e-tests/default-cr/compare/statefulset_cluster1-pxc.yml index e2ce3e6e8a..17da5d4ff8 100644 --- a/e2e-tests/default-cr/compare/statefulset_cluster1-pxc.yml +++ b/e2e-tests/default-cr/compare/statefulset_cluster1-pxc.yml @@ -194,6 +194,8 @@ spec: name: auto-config - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file dnsPolicy: ClusterFirst initContainers: - command: @@ -251,6 +253,11 @@ spec: defaultMode: 420 optional: false secretName: internal-cluster1 + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: cluster1-mysql-init updateStrategy: type: OnDelete volumeClaimTemplates: diff --git a/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-k127-oc.yml b/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-k127-oc.yml new file mode 100644 index 0000000000..dac4daced4 --- /dev/null +++ b/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-k127-oc.yml @@ -0,0 +1,268 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: minimal-cluster-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: minimal-cluster +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: minimal-cluster + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: minimal-cluster-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: minimal-cluster + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: minimal-cluster + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: minimal-cluster-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-minimal-cluster + imagePullPolicy: Always + name: logrotate + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: minimal-cluster-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-minimal-cluster + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-minimal-cluster + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-minimal-cluster + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-minimal-cluster + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: caching_sha2_password + envFrom: + - secretRef: + name: minimal-cluster-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: minimal-cluster-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: minimal-cluster-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: true + secretName: minimal-cluster-ssl + - configMap: + defaultMode: 420 + name: auto-minimal-cluster-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: minimal-cluster-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-minimal-cluster + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: minimal-cluster-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6G + status: + phase: Pending diff --git a/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-k127.yml b/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-k127.yml index b83681ddd2..ca58aeb73f 100644 --- a/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-k127.yml +++ b/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-k127.yml @@ -188,6 +188,8 @@ spec: name: auto-config - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file dnsPolicy: ClusterFirst initContainers: - command: @@ -245,6 +247,11 @@ spec: defaultMode: 420 optional: false secretName: internal-minimal-cluster + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: minimal-cluster-mysql-init updateStrategy: rollingUpdate: partition: 0 diff --git a/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-oc.yml b/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-oc.yml index d39d46ebb8..981f025b8b 100644 --- a/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-oc.yml +++ b/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc-oc.yml @@ -185,6 +185,8 @@ spec: name: auto-config - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file dnsPolicy: ClusterFirst initContainers: - command: @@ -241,6 +243,11 @@ spec: defaultMode: 420 optional: false secretName: internal-minimal-cluster + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: minimal-cluster-mysql-init updateStrategy: rollingUpdate: partition: 0 diff --git a/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc.yml b/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc.yml index a6ae11d45b..c171311bec 100644 --- a/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc.yml +++ b/e2e-tests/default-cr/compare/statefulset_minimal-cluster-pxc.yml @@ -185,6 +185,8 @@ spec: name: auto-config - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file dnsPolicy: ClusterFirst initContainers: - command: @@ -242,6 +244,11 @@ spec: defaultMode: 420 optional: false secretName: internal-minimal-cluster + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: minimal-cluster-mysql-init updateStrategy: rollingUpdate: partition: 0 diff --git a/e2e-tests/demand-backup-cloud/compare/job.batch_restore-job-on-demand-backup-azure-demand-backup-cloud-k127-oc.yml b/e2e-tests/demand-backup-cloud/compare/job.batch_restore-job-on-demand-backup-azure-demand-backup-cloud-k127-oc.yml new file mode 100644 index 0000000000..4d02666adc --- /dev/null +++ b/e2e-tests/demand-backup-cloud/compare/job.batch_restore-job-on-demand-backup-azure-demand-backup-cloud-k127-oc.yml @@ -0,0 +1,83 @@ +apiVersion: batch/v1 +kind: Job +metadata: + generation: 1 + labels: + batch.kubernetes.io/job-name: restore-job-on-demand-backup-azure-demand-backup-cloud + job-name: restore-job-on-demand-backup-azure-demand-backup-cloud + name: restore-job-on-demand-backup-azure-demand-backup-cloud + ownerReferences: + - controller: true + kind: PerconaXtraDBClusterRestore + name: on-demand-backup-azure +spec: + backoffLimit: 4 + completionMode: NonIndexed + completions: 1 + parallelism: 1 + selector: + matchLabels: {} + suspend: false + template: + metadata: + labels: + batch.kubernetes.io/job-name: restore-job-on-demand-backup-azure-demand-backup-cloud + job-name: restore-job-on-demand-backup-azure-demand-backup-cloud + spec: + containers: + - command: + - recovery-cloud.sh + env: + - name: PXC_SERVICE + value: demand-backup-cloud-pxc + - name: PXC_USER + value: xtrabackup + - name: PXC_PASS + valueFrom: + secretKeyRef: + key: xtrabackup + name: my-cluster-secrets + - name: VERIFY_TLS + value: "true" + - name: AZURE_STORAGE_ACCOUNT + valueFrom: + secretKeyRef: + key: AZURE_STORAGE_ACCOUNT_NAME + name: azure-secret + - name: AZURE_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AZURE_STORAGE_ACCOUNT_KEY + name: azure-secret + - name: AZURE_ENDPOINT + - name: AZURE_STORAGE_CLASS + - name: XB_USE_MEMORY + value: 100MB + imagePullPolicy: Always + name: xtrabackup + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /datadir + name: datadir + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + dnsPolicy: ClusterFirst + restartPolicy: Never + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir-demand-backup-cloud-pxc-0 + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault diff --git a/e2e-tests/demand-backup-cloud/compare/job.batch_restore-job-on-demand-backup-s3-demand-backup-cloud-k127-oc.yml b/e2e-tests/demand-backup-cloud/compare/job.batch_restore-job-on-demand-backup-s3-demand-backup-cloud-k127-oc.yml new file mode 100644 index 0000000000..3bfccfee32 --- /dev/null +++ b/e2e-tests/demand-backup-cloud/compare/job.batch_restore-job-on-demand-backup-s3-demand-backup-cloud-k127-oc.yml @@ -0,0 +1,88 @@ +apiVersion: batch/v1 +kind: Job +metadata: + generation: 1 + labels: + batch.kubernetes.io/job-name: restore-job-on-demand-backup-s3-demand-backup-cloud + job-name: restore-job-on-demand-backup-s3-demand-backup-cloud + name: restore-job-on-demand-backup-s3-demand-backup-cloud + ownerReferences: + - controller: true + kind: PerconaXtraDBClusterRestore + name: on-demand-backup-s3 +spec: + backoffLimit: 4 + completionMode: NonIndexed + completions: 1 + parallelism: 1 + selector: + matchLabels: {} + suspend: false + template: + metadata: + labels: + batch.kubernetes.io/job-name: restore-job-on-demand-backup-s3-demand-backup-cloud + job-name: restore-job-on-demand-backup-s3-demand-backup-cloud + spec: + containers: + - command: + - recovery-cloud.sh + env: + - name: PXC_SERVICE + value: demand-backup-cloud-pxc + - name: PXC_USER + value: xtrabackup + - name: PXC_PASS + valueFrom: + secretKeyRef: + key: xtrabackup + name: my-cluster-secrets + - name: VERIFY_TLS + value: "true" + - name: ENDPOINT + - name: DEFAULT_REGION + value: us-east-1 + - name: ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: AWS_ACCESS_KEY_ID + name: aws-s3-secret + - name: SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AWS_SECRET_ACCESS_KEY + name: aws-s3-secret + - name: XBCLOUD_EXTRA_ARGS + value: --parallel=2 + - name: XBSTREAM_EXTRA_ARGS + value: --parallel=2 + - name: XB_USE_MEMORY + value: 100MB + imagePullPolicy: Always + name: xtrabackup + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /datadir + name: datadir + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + dnsPolicy: ClusterFirst + restartPolicy: Never + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir-demand-backup-cloud-pxc-0 + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault diff --git a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127-oc.yml b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127-oc.yml new file mode 100644 index 0000000000..fff4c352c6 --- /dev/null +++ b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127-oc.yml @@ -0,0 +1,96 @@ +apiVersion: batch/v1 +kind: Job +metadata: + generation: 1 + labels: + batch.kubernetes.io/job-name: restore-job-on-demand-backup-minio-demand-backup + job-name: restore-job-on-demand-backup-minio-demand-backup + name: restore-job-on-demand-backup-minio-demand-backup + ownerReferences: + - controller: true + kind: PerconaXtraDBClusterRestore + name: on-demand-backup-minio +spec: + backoffLimit: 4 + completionMode: NonIndexed + completions: 1 + parallelism: 1 + selector: + matchLabels: {} + suspend: false + template: + metadata: + labels: + batch.kubernetes.io/job-name: restore-job-on-demand-backup-minio-demand-backup + job-name: restore-job-on-demand-backup-minio-demand-backup + spec: + containers: + - command: + - recovery-cloud.sh + env: + - name: PXC_SERVICE + value: demand-backup-pxc + - name: PXC_USER + value: xtrabackup + - name: PXC_PASS + valueFrom: + secretKeyRef: + key: xtrabackup + name: my-cluster-secrets + - name: VERIFY_TLS + value: "false" + - name: ENDPOINT + value: https://minio-service.namespace:9000/ + - name: DEFAULT_REGION + value: us-east-1 + - name: ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: AWS_ACCESS_KEY_ID + name: minio-secret + - name: SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AWS_SECRET_ACCESS_KEY + name: minio-secret + - name: XB_EXTRA_ARGS + value: --parallel=3 + - name: XBCLOUD_EXTRA_ARGS + value: --parallel=3 + - name: XBSTREAM_EXTRA_ARGS + value: --parallel=3 + - name: XB_USE_MEMORY + value: "1500000000" + imagePullPolicy: Always + name: xtrabackup + resources: + limits: + cpu: "1" + memory: 2G + requests: + memory: 2G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /datadir + name: datadir + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + dnsPolicy: ClusterFirst + restartPolicy: Never + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir-demand-backup-pxc-0 + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault diff --git a/e2e-tests/demand-backup/conf/demand-backup.yml b/e2e-tests/demand-backup/conf/demand-backup.yml index 8d507c4907..0796ca2588 100644 --- a/e2e-tests/demand-backup/conf/demand-backup.yml +++ b/e2e-tests/demand-backup/conf/demand-backup.yml @@ -85,7 +85,7 @@ spec: s3: credentialsSecret: minio-secret region: us-east-1 - bucket: operator-testing + bucket: operator-testing/prefix/subfolder endpointUrl: https://minio-service.#namespace:9000/ verifyTLS: false containerOptions: diff --git a/e2e-tests/demand-backup/run b/e2e-tests/demand-backup/run index d0780920d8..b3208084be 100755 --- a/e2e-tests/demand-backup/run +++ b/e2e-tests/demand-backup/run @@ -26,7 +26,7 @@ main() { run_backup "$cluster" "on-demand-backup-minio" compare_kubectl job/xb-on-demand-backup-minio backup_job_name=$(kubectl get pod -l job-name=xb-on-demand-backup-minio -o jsonpath='{.items[].metadata.name}') - kubectl logs "$backup_job_name" | egrep "xbcloud put --storage=s3 --parallel=4 --md5 --insecure (--curl-retriable-errors=7 )?--parallel=2 --curl-retriable-errors=8" + kubectl logs "$backup_job_name" | egrep "xbcloud put --storage=s3 --parallel=[0-9]+ --md5 --insecure (--curl-retriable-errors=7 )?--parallel=2 --curl-retriable-errors=8" kubectl logs "$backup_job_name" | grep "xbstream -x -C /tmp --parallel=2" new_pass=$(echo -n "newpass" | base64) @@ -40,9 +40,9 @@ main() { restore_job_name=$(kubectl get pod -l job-name=restore-job-on-demand-backup-minio-demand-backup -o jsonpath='{.items[].metadata.name}') kubectl logs "$restore_job_name" | grep "xtrabackup --defaults-group=mysqld --datadir=/datadir --move-back --parallel=3" kubectl logs "$restore_job_name" | grep "xtrabackup --use-memory=1500000000 --prepare --parallel=3" - kubectl logs "$restore_job_name" | egrep "(xbcloud get --parallel=4 --insecure --curl-retriable-errors=7 --parallel=3|xbcloud get --parallel=4 --insecure --parallel=3)" - kubectl logs "$restore_job_name" | grep "xbstream -x -C .* --parallel=4 --parallel=3" - kubectl logs "$restore_job_name" | egrep "(xbstream --decompress -x -C .* --parallel=4 --parallel=3|xbstream -x -C .* --parallel=4 --parallel=3)" + kubectl logs "$restore_job_name" | egrep "xbcloud get --parallel=[0-9]+ --insecure (--curl-retriable-errors=7 )?--parallel=3" + kubectl logs "$restore_job_name" | egrep "xbstream -x -C .* --parallel=[0-9]+ --parallel=3" + kubectl logs "$restore_job_name" | egrep "(xbstream --decompress -x -C .* --parallel=[0-9]+ --parallel=3|xbstream -x -C .* --parallel=4 --parallel=3)" desc "Check backup deletion" kubectl_bin delete pxc-backup --all diff --git a/e2e-tests/functions b/e2e-tests/functions index e7ad37363b..166abd2138 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -1260,7 +1260,7 @@ start_minio() { --set "users[0].secretKey=some-secret-key" --set "users[0].policy=consoleAdmin" --set service.type=ClusterIP - --set configPathmc=/tmp/.minio/ + --set configPathmc=/tmp/ --set securityContext.enabled=false --set persistence.size=2G ) @@ -1304,17 +1304,25 @@ deploy_chaos_mesh() { destroy_chaos_mesh() { local chaos_mesh_ns=$(helm list --all-namespaces --filter chaos-mesh | tail -n1 | awk -F' ' '{print $2}' | sed 's/NAMESPACE//') - desc 'destroy chaos-mesh' - for i in $(kubectl api-resources | grep chaos-mesh | awk '{print $1}'); do timeout 30 kubectl delete ${i} --all --all-namespaces || :; done if [ -n "${chaos_mesh_ns}" ]; then - helm uninstall chaos-mesh --namespace ${chaos_mesh_ns} || : + helm uninstall --wait --timeout 60s chaos-mesh --namespace ${chaos_mesh_ns} || : fi - timeout 30 kubectl delete crd $(kubectl get crd | grep 'chaos-mesh.org' | awk '{print $1}') || : - timeout 30 kubectl delete clusterrolebinding $(kubectl get clusterrolebinding | grep 'chaos-mesh' | awk '{print $1}') || : - timeout 30 kubectl delete clusterrole $(kubectl get clusterrole | grep 'chaos-mesh' | awk '{print $1}') || : timeout 30 kubectl delete MutatingWebhookConfiguration $(kubectl get MutatingWebhookConfiguration | grep 'chaos-mesh' | awk '{print $1}') || : timeout 30 kubectl delete ValidatingWebhookConfiguration $(kubectl get ValidatingWebhookConfiguration | grep 'chaos-mesh' | awk '{print $1}') || : timeout 30 kubectl delete ValidatingWebhookConfiguration $(kubectl get ValidatingWebhookConfiguration | grep 'validate-auth' | awk '{print $1}') || : + for i in $(kubectl api-resources | grep chaos-mesh | awk '{print $1}'); do + kubectl get ${i} --all-namespaces --no-headers -o custom-columns=Kind:.kind,Name:.metadata.name,NAMESPACE:.metadata.namespace \ + | while read -r line; do + local kind=$(echo "$line" | awk '{print $1}') + local name=$(echo "$line" | awk '{print $2}') + local namespace=$(echo "$line" | awk '{print $3}') + kubectl patch $kind $name -n $namespace --type=merge -p '{"metadata":{"finalizers":[]}}' || : + done + timeout 30 kubectl delete ${i} --all --all-namespaces || : + done + timeout 30 kubectl delete crd $(kubectl get crd | grep 'chaos-mesh.org' | awk '{print $1}') || : + timeout 30 kubectl delete clusterrolebinding $(kubectl get clusterrolebinding | grep 'chaos-mesh' | awk '{print $1}') || : + timeout 30 kubectl delete clusterrole $(kubectl get clusterrole | grep 'chaos-mesh' | awk '{print $1}') || : } patch_secret() { diff --git a/e2e-tests/haproxy/compare/statefulset_haproxy-proxysql-k127-oc.yml b/e2e-tests/haproxy/compare/statefulset_haproxy-proxysql-k127-oc.yml new file mode 100644 index 0000000000..8261581db6 --- /dev/null +++ b/e2e-tests/haproxy/compare/statefulset_haproxy-proxysql-k127-oc.yml @@ -0,0 +1,242 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: haproxy-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: haproxy +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: haproxy-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: haproxy-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-haproxy + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-haproxy + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-haproxy + envFrom: + - secretRef: + name: haproxy-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - mountPath: /etc/proxysql/ + name: config + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: haproxy-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-haproxy + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-haproxy + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-haproxy + envFrom: + - secretRef: + name: haproxy-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: haproxy-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-haproxy + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-haproxy + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-haproxy + envFrom: + - secretRef: + name: haproxy-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - -c + - while true; do trap 'exit 0' SIGINT SIGTERM SIGQUIT SIGKILL; done; + command: + - /bin/sh + imagePullPolicy: Always + name: my-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - -c + - while true; do trap 'exit 0' SIGINT SIGTERM SIGQUIT SIGKILL; done; + command: + - /bin/sh + imagePullPolicy: Always + name: my-sidecar-2 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 300m + memory: 200M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + runtimeClassName: docker-rc + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: haproxy-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: haproxy-ssl + - configMap: + defaultMode: 420 + name: haproxy-proxysql + optional: true + name: config + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/haproxy/compare/statefulset_haproxy-proxysql-secret-k127-oc.yml b/e2e-tests/haproxy/compare/statefulset_haproxy-proxysql-secret-k127-oc.yml new file mode 100644 index 0000000000..a648c80a42 --- /dev/null +++ b/e2e-tests/haproxy/compare/statefulset_haproxy-proxysql-secret-k127-oc.yml @@ -0,0 +1,242 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: haproxy-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: haproxy +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: haproxy-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: haproxy-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-haproxy + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-haproxy + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-haproxy + envFrom: + - secretRef: + name: haproxy-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - mountPath: /etc/proxysql/ + name: config + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: haproxy-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-haproxy + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-haproxy + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-haproxy + envFrom: + - secretRef: + name: haproxy-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: haproxy-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-haproxy + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-haproxy + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-haproxy + envFrom: + - secretRef: + name: haproxy-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - -c + - while true; do trap 'exit 0' SIGINT SIGTERM SIGQUIT SIGKILL; done; + command: + - /bin/sh + imagePullPolicy: Always + name: my-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - -c + - while true; do trap 'exit 0' SIGINT SIGTERM SIGQUIT SIGKILL; done; + command: + - /bin/sh + imagePullPolicy: Always + name: my-sidecar-2 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 300m + memory: 200M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + runtimeClassName: docker-rc + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: haproxy-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: haproxy-ssl + - name: config + secret: + defaultMode: 420 + optional: false + secretName: haproxy-proxysql + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/haproxy/conf/haproxy.yml b/e2e-tests/haproxy/conf/haproxy.yml index 5c33a2c76f..9ec7471b94 100644 --- a/e2e-tests/haproxy/conf/haproxy.yml +++ b/e2e-tests/haproxy/conf/haproxy.yml @@ -78,6 +78,9 @@ spec: timeout connect 100500 timeout server 28800s + resolvers kubernetes + parse-resolv-conf + frontend galera-in bind *:3309 accept-proxy bind *:3306 diff --git a/e2e-tests/haproxy/run b/e2e-tests/haproxy/run index 77a4798636..9106dcf460 100755 --- a/e2e-tests/haproxy/run +++ b/e2e-tests/haproxy/run @@ -65,6 +65,7 @@ main() { desc 'checking all haproxy pods point to the same writer' wait_for_running "$cluster-pxc" 3 + wait_cluster_consistency "$cluster" 3 3 check_haproxy_writer desc 'check for passwords leak' diff --git a/e2e-tests/init-deploy/compare/statefulset_no-proxysql-pxc-k127-oc.yml b/e2e-tests/init-deploy/compare/statefulset_no-proxysql-pxc-k127-oc.yml new file mode 100644 index 0000000000..9f33b7ff15 --- /dev/null +++ b/e2e-tests/init-deploy/compare/statefulset_no-proxysql-pxc-k127-oc.yml @@ -0,0 +1,223 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-proxysql-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-proxysql +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-proxysql + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-proxysql-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-proxysql + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: no-proxysql-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-no-proxysql + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-no-proxysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-proxysql + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-proxysql + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: caching_sha2_password + envFrom: + - secretRef: + name: no-proxysql-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + - args: + - -c + - while true; do trap 'exit 0' SIGINT SIGTERM SIGQUIT SIGKILL; done; + command: + - /bin/sh + imagePullPolicy: Always + name: my-sidecar-1 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: no-proxysql-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: no-proxysql-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: no-proxysql-ssl + - configMap: + defaultMode: 420 + name: auto-no-proxysql-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: no-proxysql-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-no-proxysql + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: no-proxysql-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/init-deploy/compare/statefulset_some-name-proxysql-k127-oc.yml b/e2e-tests/init-deploy/compare/statefulset_some-name-proxysql-k127-oc.yml new file mode 100644 index 0000000000..bee5037461 --- /dev/null +++ b/e2e-tests/init-deploy/compare/statefulset_some-name-proxysql-k127-oc.yml @@ -0,0 +1,211 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: some-name-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: some-name-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/init-deploy/compare/statefulset_some-name-pxc-k127-oc.yml b/e2e-tests/init-deploy/compare/statefulset_some-name-pxc-k127-oc.yml new file mode 100644 index 0000000000..e929cf377e --- /dev/null +++ b/e2e-tests/init-deploy/compare/statefulset_some-name-pxc-k127-oc.yml @@ -0,0 +1,274 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: some-name-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: some-name-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + imagePullPolicy: Always + name: logrotate + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: some-name-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-some-name + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: some-name-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: some-name-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-some-name-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-some-name + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: some-name-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-limits-proxysql-increased-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-limits-proxysql-increased-k127-oc.yml new file mode 100644 index 0000000000..6c2ba22afa --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-limits-proxysql-increased-k127-oc.yml @@ -0,0 +1,331 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: no-limits-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-limits +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-limits-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PMM_SERVER + value: monitoring-service + - name: PMM_USER + value: pmm + - name: PMM_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserver + name: internal-no-limits + - name: CLIENT_PORT_LISTEN + value: "7777" + - name: CLIENT_PORT_MIN + value: "30100" + - name: CLIENT_PORT_MAX + value: "30105" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: pmm + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserver + name: internal-no-limits + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm2/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(PMM_PREFIX)$(POD_NAMESPASE)-$(POD_NAME) + - name: DB_TYPE + value: proxysql + - name: MONITOR_USER + value: monitor + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + - name: DB_USER + value: monitor + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + - name: DB_CLUSTER + value: pxc + - name: DB_HOST + value: localhost + - name: DB_PORT + value: "6032" + - name: CLUSTER_NAME + value: no-limits + - name: PMM_ADMIN_CUSTOM_PARAMS + - name: PMM_AGENT_PRERUN_SCRIPT + value: /var/lib/mysql/pmm-prerun.sh + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + envFrom: + - secretRef: + name: no-limits-env-vars-proxysql + optional: true + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + - env: + - name: PXC_SERVICE + value: no-limits-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + envFrom: + - secretRef: + name: no-limits-env-vars-proxysql + optional: true + imagePullPolicy: IfNotPresent + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: no-limits-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + envFrom: + - secretRef: + name: no-limits-env-vars-proxysql + optional: true + imagePullPolicy: IfNotPresent + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: no-limits-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + envFrom: + - secretRef: + name: no-limits-env-vars-proxysql + optional: true + imagePullPolicy: IfNotPresent + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: IfNotPresent + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-limits-proxysql-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-limits-proxysql-k127-oc.yml new file mode 100644 index 0000000000..2843201dee --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-limits-proxysql-k127-oc.yml @@ -0,0 +1,331 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-limits-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-limits +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-limits-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PMM_SERVER + value: monitoring-service + - name: PMM_USER + value: pmm + - name: PMM_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserver + name: internal-no-limits + - name: CLIENT_PORT_LISTEN + value: "7777" + - name: CLIENT_PORT_MIN + value: "30100" + - name: CLIENT_PORT_MAX + value: "30105" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: pmm + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserver + name: internal-no-limits + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm2/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(PMM_PREFIX)$(POD_NAMESPASE)-$(POD_NAME) + - name: DB_TYPE + value: proxysql + - name: MONITOR_USER + value: monitor + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + - name: DB_USER + value: monitor + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + - name: DB_CLUSTER + value: pxc + - name: DB_HOST + value: localhost + - name: DB_PORT + value: "6032" + - name: CLUSTER_NAME + value: no-limits + - name: PMM_ADMIN_CUSTOM_PARAMS + - name: PMM_AGENT_PRERUN_SCRIPT + value: /var/lib/mysql/pmm-prerun.sh + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + envFrom: + - secretRef: + name: no-limits-env-vars-proxysql + optional: true + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + - env: + - name: PXC_SERVICE + value: no-limits-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + envFrom: + - secretRef: + name: no-limits-env-vars-proxysql + optional: true + imagePullPolicy: IfNotPresent + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + requests: + cpu: 300m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: no-limits-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + envFrom: + - secretRef: + name: no-limits-env-vars-proxysql + optional: true + imagePullPolicy: IfNotPresent + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: no-limits-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + envFrom: + - secretRef: + name: no-limits-env-vars-proxysql + optional: true + imagePullPolicy: IfNotPresent + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: IfNotPresent + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-limits-pxc-increased-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-limits-pxc-increased-k127-oc.yml new file mode 100644 index 0000000000..f5f4b3b716 --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-limits-pxc-increased-k127-oc.yml @@ -0,0 +1,342 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: no-limits-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-limits +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-limits-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PMM_SERVER + value: monitoring-service + - name: PMM_USER + value: pmm + - name: PMM_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserver + name: internal-no-limits + - name: CLIENT_PORT_LISTEN + value: "7777" + - name: CLIENT_PORT_MIN + value: "30100" + - name: CLIENT_PORT_MAX + value: "30105" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: pmm + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserver + name: internal-no-limits + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm2/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(PMM_PREFIX)$(POD_NAMESPASE)-$(POD_NAME) + - name: DB_TYPE + value: mysql + - name: DB_USER + value: monitor + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + - name: DB_ARGS + value: --query-source=perfschema + - name: DB_CLUSTER + value: pxc + - name: DB_HOST + value: localhost + - name: DB_PORT + value: "33062" + - name: CLUSTER_NAME + value: no-limits + - name: PMM_ADMIN_CUSTOM_PARAMS + - name: PMM_AGENT_PRERUN_SCRIPT + value: /var/lib/mysql/pmm-prerun.sh + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + envFrom: + - secretRef: + name: no-limits-env-vars-pxc + optional: true + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: no-limits-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-no-limits + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-limits + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: no-limits-env-vars-pxc + optional: true + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: IfNotPresent + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: no-limits-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-no-limits-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: no-limits-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-no-limits + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: no-limits-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-limits-pxc-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-limits-pxc-k127-oc.yml new file mode 100644 index 0000000000..0d99e2f7b8 --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-limits-pxc-k127-oc.yml @@ -0,0 +1,342 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-limits-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-limits +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-limits-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PMM_SERVER + value: monitoring-service + - name: PMM_USER + value: pmm + - name: PMM_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserver + name: internal-no-limits + - name: CLIENT_PORT_LISTEN + value: "7777" + - name: CLIENT_PORT_MIN + value: "30100" + - name: CLIENT_PORT_MAX + value: "30105" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: pmm + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserver + name: internal-no-limits + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm2/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(PMM_PREFIX)$(POD_NAMESPASE)-$(POD_NAME) + - name: DB_TYPE + value: mysql + - name: DB_USER + value: monitor + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + - name: DB_ARGS + value: --query-source=perfschema + - name: DB_CLUSTER + value: pxc + - name: DB_HOST + value: localhost + - name: DB_PORT + value: "33062" + - name: CLUSTER_NAME + value: no-limits + - name: PMM_ADMIN_CUSTOM_PARAMS + - name: PMM_AGENT_PRERUN_SCRIPT + value: /var/lib/mysql/pmm-prerun.sh + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + envFrom: + - secretRef: + name: no-limits-env-vars-pxc + optional: true + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: no-limits-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-no-limits + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-limits + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-limits + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: no-limits-env-vars-pxc + optional: true + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 300m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: IfNotPresent + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: no-limits-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-no-limits-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: no-limits-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-no-limits + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: no-limits-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-requests-no-limits-proxysql-increased-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-no-limits-proxysql-increased-k127-oc.yml new file mode 100644 index 0000000000..05e60f0c74 --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-requests-no-limits-proxysql-increased-k127-oc.yml @@ -0,0 +1,194 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-requests-no-limits-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-requests-no-limits +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-requests-no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-requests-no-limits-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-requests-no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PXC_SERVICE + value: no-requests-no-limits-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests-no-limits + envFrom: + - secretRef: + name: no-requests-no-limits-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: no-requests-no-limits-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests-no-limits + envFrom: + - secretRef: + name: no-requests-no-limits-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: no-requests-no-limits-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests-no-limits + envFrom: + - secretRef: + name: no-requests-no-limits-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-requests-no-limits-proxysql-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-no-limits-proxysql-k127-oc.yml new file mode 100644 index 0000000000..05e60f0c74 --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-requests-no-limits-proxysql-k127-oc.yml @@ -0,0 +1,194 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-requests-no-limits-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-requests-no-limits +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-requests-no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-requests-no-limits-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-requests-no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PXC_SERVICE + value: no-requests-no-limits-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests-no-limits + envFrom: + - secretRef: + name: no-requests-no-limits-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: no-requests-no-limits-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests-no-limits + envFrom: + - secretRef: + name: no-requests-no-limits-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: no-requests-no-limits-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests-no-limits + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests-no-limits + envFrom: + - secretRef: + name: no-requests-no-limits-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-requests-no-limits-pxc-increased-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-no-limits-pxc-increased-k127-oc.yml new file mode 100644 index 0000000000..8d42f59f2b --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-requests-no-limits-pxc-increased-k127-oc.yml @@ -0,0 +1,210 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-requests-no-limits-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-requests-no-limits +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-requests-no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-requests-no-limits-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-requests-no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: no-requests-no-limits-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-no-requests-no-limits + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-no-requests-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests-no-limits + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests-no-limits + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: no-requests-no-limits-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: no-requests-no-limits-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-no-requests-no-limits-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: no-requests-no-limits-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-no-requests-no-limits + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: no-requests-no-limits-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-requests-no-limits-pxc-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-no-limits-pxc-k127-oc.yml new file mode 100644 index 0000000000..8d42f59f2b --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-requests-no-limits-pxc-k127-oc.yml @@ -0,0 +1,210 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-requests-no-limits-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-requests-no-limits +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-requests-no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-requests-no-limits-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-requests-no-limits + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: no-requests-no-limits-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-no-requests-no-limits + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-no-requests-no-limits + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests-no-limits + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests-no-limits + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: no-requests-no-limits-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: no-requests-no-limits-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-no-requests-no-limits-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: no-requests-no-limits-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-no-requests-no-limits + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: no-requests-no-limits-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-requests-proxysql-increased-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-proxysql-increased-k127-oc.yml new file mode 100644 index 0000000000..5019269100 --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-requests-proxysql-increased-k127-oc.yml @@ -0,0 +1,197 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: no-requests-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-requests +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-requests + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-requests-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-requests + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PXC_SERVICE + value: no-requests-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests + envFrom: + - secretRef: + name: no-requests-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: no-requests-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests + envFrom: + - secretRef: + name: no-requests-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: no-requests-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests + envFrom: + - secretRef: + name: no-requests-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-requests-proxysql-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-proxysql-k127-oc.yml new file mode 100644 index 0000000000..bc7e3158de --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-requests-proxysql-k127-oc.yml @@ -0,0 +1,197 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-requests-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-requests +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-requests + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-requests-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: no-requests + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PXC_SERVICE + value: no-requests-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests + envFrom: + - secretRef: + name: no-requests-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 300m + memory: 600M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: no-requests-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests + envFrom: + - secretRef: + name: no-requests-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: no-requests-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-no-requests + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests + envFrom: + - secretRef: + name: no-requests-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-requests-pxc-increased-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-pxc-increased-k127-oc.yml new file mode 100644 index 0000000000..cf96e019c8 --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-requests-pxc-increased-k127-oc.yml @@ -0,0 +1,213 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: no-requests-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-requests +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-requests + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-requests-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-requests + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: no-requests-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-no-requests + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-no-requests + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: no-requests-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: no-requests-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-no-requests-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: no-requests-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-no-requests + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: no-requests-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/limits/compare/statefulset_no-requests-pxc-increased-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-pxc-increased-oc.yml index ef3e90c2b6..609473b531 100644 --- a/e2e-tests/limits/compare/statefulset_no-requests-pxc-increased-oc.yml +++ b/e2e-tests/limits/compare/statefulset_no-requests-pxc-increased-oc.yml @@ -140,8 +140,8 @@ spec: name: pxc-init resources: limits: - cpu: 600m - memory: 1G + cpu: 50m + memory: 50M terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/limits/compare/statefulset_no-requests-pxc-k127-oc.yml b/e2e-tests/limits/compare/statefulset_no-requests-pxc-k127-oc.yml new file mode 100644 index 0000000000..b947f3c164 --- /dev/null +++ b/e2e-tests/limits/compare/statefulset_no-requests-pxc-k127-oc.yml @@ -0,0 +1,213 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: no-requests-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: no-requests +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-requests + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: no-requests-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: no-requests + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: no-requests-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-no-requests + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-no-requests + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-no-requests + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-no-requests + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: no-requests-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: 300m + memory: 600M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: no-requests-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-no-requests-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: no-requests-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-no-requests + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: no-requests-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127-oc.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127-oc.yml new file mode 100644 index 0000000000..dd3fd6a8c4 --- /dev/null +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127-oc.yml @@ -0,0 +1,349 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 3 + name: monitoring-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: monitoring +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: monitoring + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: monitoring-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: monitoring + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PMM_SERVER + value: monitoring-service + - name: PMM_USER + value: api_key + - name: PMM_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserverkey + name: internal-monitoring + - name: CLIENT_PORT_LISTEN + value: "7777" + - name: CLIENT_PORT_MIN + value: "30100" + - name: CLIENT_PORT_MAX + value: "30105" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PMM_AGENT_SERVER_ADDRESS + value: monitoring-service + - name: PMM_AGENT_SERVER_USERNAME + value: api_key + - name: PMM_AGENT_SERVER_PASSWORD + valueFrom: + secretKeyRef: + key: pmmserverkey + name: internal-monitoring + - name: PMM_AGENT_LISTEN_PORT + value: "7777" + - name: PMM_AGENT_PORTS_MIN + value: "30100" + - name: PMM_AGENT_PORTS_MAX + value: "30105" + - name: PMM_AGENT_CONFIG_FILE + value: /usr/local/percona/pmm2/config/pmm-agent.yaml + - name: PMM_AGENT_SERVER_INSECURE_TLS + value: "1" + - name: PMM_AGENT_LISTEN_ADDRESS + value: 0.0.0.0 + - name: PMM_AGENT_SETUP_METRICS_MODE + value: push + - name: PMM_AGENT_SETUP + value: "1" + - name: PMM_AGENT_SETUP_FORCE + value: "1" + - name: PMM_AGENT_SETUP_NODE_TYPE + value: container + - name: PMM_AGENT_SETUP_NODE_NAME + value: $(PMM_PREFIX)$(POD_NAMESPASE)-$(POD_NAME) + - name: DB_TYPE + value: mysql + - name: DB_USER + value: monitor + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-monitoring + - name: DB_ARGS + value: --query-source=perfschema + - name: DB_CLUSTER + value: pxc + - name: DB_HOST + value: localhost + - name: DB_PORT + value: "33062" + - name: CLUSTER_NAME + value: monitoring + - name: PMM_ADMIN_CUSTOM_PARAMS + value: --disable-tablestats-limit=2000 + - name: PMM_AGENT_PRERUN_SCRIPT + value: /var/lib/mysql/pmm-prerun.sh + - name: PMM_AGENT_SIDECAR + value: "true" + - name: PMM_AGENT_SIDECAR_SLEEP + value: "5" + - name: PMM_AGENT_PATHS_TEMPDIR + value: /tmp + envFrom: + - secretRef: + name: my-env-var-secrets + optional: true + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: + - bash + - -c + - pmm-admin unregister --force + livenessProbe: + failureThreshold: 3 + httpGet: + path: /local/Status + port: 7777 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmm-client + ports: + - containerPort: 7777 + protocol: TCP + - containerPort: 30100 + protocol: TCP + - containerPort: 30101 + protocol: TCP + - containerPort: 30102 + protocol: TCP + - containerPort: 30103 + protocol: TCP + - containerPort: 30104 + protocol: TCP + - containerPort: 30105 + protocol: TCP + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 308m + memory: 508M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: monitoring-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-monitoring + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-monitoring + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-monitoring + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-monitoring + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: caching_sha2_password + envFrom: + - secretRef: + name: my-env-var-secrets + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 300m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: monitoring-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: monitoring-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-monitoring-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: monitoring-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-monitoring + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: monitoring-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127-oc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127-oc.yml new file mode 100644 index 0000000000..e05fe9a893 --- /dev/null +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127-oc.yml @@ -0,0 +1,221 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: one-pod-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: one-pod +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: one-pod + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: one-pod-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: one-pod + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: one-pod + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: one-pod-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-one-pod + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-one-pod + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-one-pod + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-one-pod + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: caching_sha2_password + envFrom: + - secretRef: + name: one-pod-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: one-pod-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: one-pod-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: true + secretName: one-pod-ssl + - configMap: + defaultMode: 420 + name: auto-one-pod-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: one-pod-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-one-pod + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: one-pod-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127-oc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127-oc.yml new file mode 100644 index 0000000000..6966c711dd --- /dev/null +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127-oc.yml @@ -0,0 +1,221 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: one-pod-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: one-pod +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: one-pod + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: one-pod-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: one-pod + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: one-pod + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: one-pod-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-one-pod + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-one-pod + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-one-pod + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-one-pod + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: caching_sha2_password + envFrom: + - secretRef: + name: one-pod-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - name: config + secret: + defaultMode: 420 + optional: false + secretName: one-pod-pxc + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: one-pod-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: true + secretName: one-pod-ssl + - configMap: + defaultMode: 420 + name: auto-one-pod-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: one-pod-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-one-pod + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: one-pod-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-pxc-k127-oc.yml b/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-pxc-k127-oc.yml new file mode 100644 index 0000000000..411cd5df1c --- /dev/null +++ b/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-pxc-k127-oc.yml @@ -0,0 +1,214 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: proxy-protocol-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: proxy-protocol +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: proxy-protocol + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: proxy-protocol-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: proxy-protocol + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: proxy-protocol-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-proxy-protocol + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-proxy-protocol + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-proxy-protocol + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-proxy-protocol + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: caching_sha2_password + envFrom: + - secretRef: + name: proxy-protocol-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + nodeSelector: {} + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: proxy-protocol-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: proxy-protocol-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: proxy-protocol-ssl + - configMap: + defaultMode: 420 + name: auto-proxy-protocol-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: proxy-protocol-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-proxy-protocol + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: proxy-protocol-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2G + status: + phase: Pending diff --git a/e2e-tests/proxysql-sidecar-res-limits/compare/statefulset_side-car-proxysql-k127-oc.yml b/e2e-tests/proxysql-sidecar-res-limits/compare/statefulset_side-car-proxysql-k127-oc.yml new file mode 100644 index 0000000000..eed7bc4488 --- /dev/null +++ b/e2e-tests/proxysql-sidecar-res-limits/compare/statefulset_side-car-proxysql-k127-oc.yml @@ -0,0 +1,209 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: side-car-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: side-car +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: side-car + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: side-car-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: side-car + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + containers: + - env: + - name: PXC_SERVICE + value: side-car-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-side-car + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-side-car + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-side-car + envFrom: + - secretRef: + name: side-car-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: side-car-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-side-car + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-side-car + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-side-car + envFrom: + - secretRef: + name: side-car-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: + limits: + cpu: 600m + memory: 2G + requests: + cpu: 500m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: side-car-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-side-car + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-side-car + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-side-car + envFrom: + - secretRef: + name: side-car-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: + limits: + cpu: 600m + memory: 2G + requests: + cpu: 500m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi + status: + phase: Pending diff --git a/e2e-tests/security-context/compare/pod_restore-src-restore-pvc-sec-context-oc.yml b/e2e-tests/security-context/compare/pod_restore-src-restore-pvc-sec-context-oc.yml new file mode 100644 index 0000000000..f794041b4a --- /dev/null +++ b/e2e-tests/security-context/compare/pod_restore-src-restore-pvc-sec-context-oc.yml @@ -0,0 +1,99 @@ +apiVersion: v1 +kind: Pod +metadata: + annotations: + openshift.io/scc: privileged + labels: + name: restore-src-restore-pvc-sec-context + name: restore-src-restore-pvc-sec-context + ownerReferences: + - controller: true + kind: PerconaXtraDBClusterRestore + name: restore-pvc +spec: + containers: + - command: + - recovery-pvc-donor.sh + imagePullPolicy: Always + name: ncat + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /backup + name: backup + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true + dnsPolicy: ClusterFirst + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + supplementalGroups: + - 1001 + - 1002 + - 1003 + serviceAccount: percona-xtradb-cluster-operator-workload + serviceAccountName: percona-xtradb-cluster-operator-workload + terminationGracePeriodSeconds: 30 + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 300 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 300 + volumes: + - name: backup + persistentVolumeClaim: + claimName: xb-on-demand-backup-pvc + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: sec-context-vault + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt diff --git a/e2e-tests/storage/compare/statefulset_emptydir-proxysql-k127-oc.yml b/e2e-tests/storage/compare/statefulset_emptydir-proxysql-k127-oc.yml new file mode 100644 index 0000000000..6f84ec05bd --- /dev/null +++ b/e2e-tests/storage/compare/statefulset_emptydir-proxysql-k127-oc.yml @@ -0,0 +1,198 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: emptydir-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: emptydir +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: emptydir + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: emptydir-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: emptydir + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: emptydir + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: emptydir-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-emptydir + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-emptydir + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-emptydir + envFrom: + - secretRef: + name: emptydir-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + ephemeral-storage: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: emptydir-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-emptydir + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-emptydir + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-emptydir + envFrom: + - secretRef: + name: emptydir-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: emptydir-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-emptydir + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-emptydir + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-emptydir + envFrom: + - secretRef: + name: emptydir-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: proxydata + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: emptydir-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate diff --git a/e2e-tests/storage/compare/statefulset_emptydir-pxc-k127-oc.yml b/e2e-tests/storage/compare/statefulset_emptydir-pxc-k127-oc.yml new file mode 100644 index 0000000000..a914d92005 --- /dev/null +++ b/e2e-tests/storage/compare/statefulset_emptydir-pxc-k127-oc.yml @@ -0,0 +1,214 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: emptydir-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: emptydir +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: emptydir + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: emptydir-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: emptydir + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: emptydir + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: emptydir-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-emptydir + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-emptydir + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-emptydir + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-emptydir + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: emptydir-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + ephemeral-storage: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: datadir + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: emptydir-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: emptydir-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-emptydir-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: emptydir-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-emptydir + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: emptydir-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate diff --git a/e2e-tests/storage/compare/statefulset_hostpath-proxysql-k127-oc.yml b/e2e-tests/storage/compare/statefulset_hostpath-proxysql-k127-oc.yml new file mode 100644 index 0000000000..18bea73ccf --- /dev/null +++ b/e2e-tests/storage/compare/statefulset_hostpath-proxysql-k127-oc.yml @@ -0,0 +1,200 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: hostpath-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: hostpath +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: hostpath + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: hostpath-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: hostpath + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: hostpath + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: hostpath-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-hostpath + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-hostpath + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-hostpath + envFrom: + - secretRef: + name: hostpath-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: hostpath-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-hostpath + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-hostpath + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-hostpath + envFrom: + - secretRef: + name: hostpath-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: hostpath-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-hostpath + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-hostpath + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-hostpath + envFrom: + - secretRef: + name: hostpath-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + securityContext: + privileged: false + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - hostPath: + path: /tmp/proxy-dir + type: Directory + name: proxydata + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: hostpath-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate diff --git a/e2e-tests/storage/compare/statefulset_hostpath-pxc-k127-oc.yml b/e2e-tests/storage/compare/statefulset_hostpath-pxc-k127-oc.yml new file mode 100644 index 0000000000..c12d94159f --- /dev/null +++ b/e2e-tests/storage/compare/statefulset_hostpath-pxc-k127-oc.yml @@ -0,0 +1,214 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: hostpath-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: hostpath +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: hostpath + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: hostpath-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: hostpath + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: hostpath + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: hostpath-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-hostpath + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-hostpath + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-hostpath + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-hostpath + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: hostpath-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - hostPath: + path: /tmp/data-dir + type: Directory + name: datadir + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: hostpath-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: hostpath-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-hostpath-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: hostpath-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-hostpath + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: hostpath-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate diff --git a/e2e-tests/storage/compare/statefulset_hostpath-pxc-oc.yml b/e2e-tests/storage/compare/statefulset_hostpath-pxc-oc.yml index 0e7b7dcc4d..86a5e7bcbb 100644 --- a/e2e-tests/storage/compare/statefulset_hostpath-pxc-oc.yml +++ b/e2e-tests/storage/compare/statefulset_hostpath-pxc-oc.yml @@ -47,6 +47,8 @@ spec: env: - name: PXC_SERVICE value: hostpath-pxc-unready + - name: MONITOR_HOST + value: '%' - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1110-k127-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1110-k127-oc.yml new file mode 100644 index 0000000000..a308337a0b --- /dev/null +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1110-k127-oc.yml @@ -0,0 +1,195 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: some-name-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: some-name-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1120-k127-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1120-k127-oc.yml new file mode 100644 index 0000000000..a308337a0b --- /dev/null +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1120-k127-oc.yml @@ -0,0 +1,195 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: some-name-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: some-name-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1130-k127-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1130-k127-oc.yml new file mode 100644 index 0000000000..dc4761d163 --- /dev/null +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1130-k127-oc.yml @@ -0,0 +1,214 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: some-name-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: some-name-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1140-k127-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1140-k127-oc.yml new file mode 100644 index 0000000000..fe921cfe63 --- /dev/null +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-proxysql-1140-k127-oc.yml @@ -0,0 +1,211 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 3 + name: some-name-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + limits: + cpu: 700m + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: some-name-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: some-name-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + envFrom: + - secretRef: + name: some-name-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1110-k127-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1110-k127-oc.yml new file mode 100644 index 0000000000..dcbff20bec --- /dev/null +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1110-k127-oc.yml @@ -0,0 +1,268 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 1 + name: some-name-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: some-name-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + imagePullPolicy: Always + name: logrotate + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: some-name-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-some-name + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + envFrom: + - secretRef: + name: some-name-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: some-name-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-some-name-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-some-name + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1120-k127-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1120-k127-oc.yml new file mode 100644 index 0000000000..228c3ddc37 --- /dev/null +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1120-k127-oc.yml @@ -0,0 +1,268 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: some-name-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: some-name-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + imagePullPolicy: Always + name: logrotate + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: some-name-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-some-name + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + envFrom: + - secretRef: + name: some-name-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: some-name-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-some-name-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-some-name + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1130-k127-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1130-k127-oc.yml new file mode 100644 index 0000000000..1b01b3f39f --- /dev/null +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1130-k127-oc.yml @@ -0,0 +1,270 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 3 + name: some-name-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: some-name-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + imagePullPolicy: Always + name: logrotate + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: some-name-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-some-name + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: some-name-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: some-name-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-some-name-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-some-name + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1140-k127-oc.yml b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1140-k127-oc.yml new file mode 100644 index 0000000000..0ee22b3758 --- /dev/null +++ b/e2e-tests/upgrade-consistency/compare/statefulset_some-name-pxc-1140-k127-oc.yml @@ -0,0 +1,274 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 4 + name: some-name-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: some-name +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: some-name-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: some-name + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: some-name-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + imagePullPolicy: Always + name: logrotate + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: some-name-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-some-name + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-some-name + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-some-name + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-some-name + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: some-name-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: some-name-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-some-name-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-some-name + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: some-name-mysql-init + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + status: + phase: Pending diff --git a/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-pxc-k127-oc.yml b/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-pxc-k127-oc.yml new file mode 100644 index 0000000000..bbfcb5e091 --- /dev/null +++ b/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-pxc-k127-oc.yml @@ -0,0 +1,275 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: upgrade-haproxy-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: upgrade-haproxy +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: upgrade-haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: upgrade-haproxy-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: upgrade-haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: upgrade-haproxy + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: upgrade-haproxy-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: + requests: + cpu: 200m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-upgrade-haproxy + imagePullPolicy: Always + name: logrotate + resources: + requests: + cpu: 200m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: upgrade-haproxy-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-upgrade-haproxy + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-upgrade-haproxy + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-upgrade-haproxy + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-upgrade-haproxy + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: caching_sha2_password + envFrom: + - secretRef: + name: upgrade-haproxy-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: upgrade-haproxy-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-upgrade-haproxy-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-upgrade-haproxy + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: upgrade-haproxy-mysql-init + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6G + status: + phase: Pending diff --git a/e2e-tests/upgrade-proxysql/compare/statefulset_upgrade-proxysql-proxysql-k127-oc.yml b/e2e-tests/upgrade-proxysql/compare/statefulset_upgrade-proxysql-proxysql-k127-oc.yml new file mode 100644 index 0000000000..ab5837d8ad --- /dev/null +++ b/e2e-tests/upgrade-proxysql/compare/statefulset_upgrade-proxysql-proxysql-k127-oc.yml @@ -0,0 +1,206 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: upgrade-proxysql-proxysql + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: upgrade-proxysql +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: upgrade-proxysql + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: upgrade-proxysql-proxysql-unready + template: + metadata: + labels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: upgrade-proxysql + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: proxysql + app.kubernetes.io/instance: upgrade-proxysql + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: PXC_SERVICE + value: upgrade-proxysql-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-upgrade-proxysql + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-upgrade-proxysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-upgrade-proxysql + envFrom: + - secretRef: + name: upgrade-proxysql-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 6032 + name: proxyadm + protocol: TCP + resources: + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/proxysql + name: proxydata + - mountPath: /etc/proxysql/ssl + name: ssl + - mountPath: /etc/proxysql/ssl-internal + name: ssl-internal + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_pxc_nodes.sh + - -service=$(PXC_SERVICE) + env: + - name: PXC_SERVICE + value: upgrade-proxysql-pxc + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-upgrade-proxysql + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-upgrade-proxysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-upgrade-proxysql + envFrom: + - secretRef: + name: upgrade-proxysql-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: pxc-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - args: + - /usr/bin/peer-list + - -on-change=/usr/bin/add_proxysql_nodes.sh + - -service=$(PROXYSQL_SERVICE) + env: + - name: PROXYSQL_SERVICE + value: upgrade-proxysql-proxysql-unready + - name: OPERATOR_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-upgrade-proxysql + - name: PROXY_ADMIN_USER + value: proxyadmin + - name: PROXY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: proxyadmin + name: internal-upgrade-proxysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-upgrade-proxysql + envFrom: + - secretRef: + name: upgrade-proxysql-env-vars-proxysql + optional: true + imagePullPolicy: Always + name: proxysql-monit + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: bin + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - emptyDir: {} + name: bin + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: proxydata + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2G + status: + phase: Pending diff --git a/e2e-tests/upgrade-proxysql/compare/statefulset_upgrade-proxysql-pxc-k127-oc.yml b/e2e-tests/upgrade-proxysql/compare/statefulset_upgrade-proxysql-pxc-k127-oc.yml new file mode 100644 index 0000000000..4779409810 --- /dev/null +++ b/e2e-tests/upgrade-proxysql/compare/statefulset_upgrade-proxysql-pxc-k127-oc.yml @@ -0,0 +1,275 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + generation: 2 + name: upgrade-proxysql-pxc + ownerReferences: + - controller: true + kind: PerconaXtraDBCluster + name: upgrade-proxysql +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: upgrade-proxysql + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + serviceName: upgrade-proxysql-pxc + template: + metadata: + labels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: upgrade-proxysql + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: pxc + app.kubernetes.io/instance: upgrade-proxysql + app.kubernetes.io/managed-by: percona-xtradb-cluster-operator + app.kubernetes.io/name: percona-xtradb-cluster + app.kubernetes.io/part-of: percona-xtradb-cluster + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: POD_NAMESPASE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - secretRef: + name: upgrade-proxysql-log-collector + optional: true + imagePullPolicy: Always + name: logs + resources: + requests: + cpu: 200m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - logrotate + env: + - name: SERVICE_TYPE + value: mysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-upgrade-proxysql + imagePullPolicy: Always + name: logrotate + resources: + requests: + cpu: 200m + memory: 100M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - args: + - mysqld + command: + - /var/lib/mysql/pxc-entrypoint.sh + env: + - name: PXC_SERVICE + value: upgrade-proxysql-pxc-unready + - name: MONITOR_HOST + value: '%' + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root + name: internal-upgrade-proxysql + - name: XTRABACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: xtrabackup + name: internal-upgrade-proxysql + - name: MONITOR_PASSWORD + valueFrom: + secretKeyRef: + key: monitor + name: internal-upgrade-proxysql + - name: LOG_DATA_DIR + value: /var/lib/mysql + - name: IS_LOGCOLLECTOR + value: "yes" + - name: OPERATOR_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: operator + name: internal-upgrade-proxysql + - name: LIVENESS_CHECK_TIMEOUT + value: "5" + - name: READINESS_CHECK_TIMEOUT + value: "15" + - name: DEFAULT_AUTHENTICATION_PLUGIN + value: mysql_native_password + envFrom: + - secretRef: + name: upgrade-proxysql-env-vars-pxc + optional: true + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /var/lib/mysql/liveness-check.sh + failureThreshold: 3 + initialDelaySeconds: 300 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pxc + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + - containerPort: 4444 + name: sst + protocol: TCP + - containerPort: 4567 + name: write-set + protocol: TCP + - containerPort: 4568 + name: ist + protocol: TCP + - containerPort: 33062 + name: mysql-admin + protocol: TCP + - containerPort: 33060 + name: mysqlx + protocol: TCP + readinessProbe: + exec: + command: + - /var/lib/mysql/readiness-check.sh + failureThreshold: 5 + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 600m + memory: 1G + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + - mountPath: /etc/percona-xtradb-cluster.conf.d + name: config + - mountPath: /tmp + name: tmp + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + - mountPath: /etc/mysql/mysql-users-secret + name: mysql-users-secret-file + - mountPath: /etc/my.cnf.d + name: auto-config + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/init-file + name: mysql-init-file + dnsPolicy: ClusterFirst + initContainers: + - command: + - /pxc-init-entrypoint.sh + imagePullPolicy: Always + name: pxc-init + resources: + limits: + cpu: 50m + memory: 50M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: datadir + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: tmp + - configMap: + defaultMode: 420 + name: upgrade-proxysql-pxc + optional: true + name: config + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: some-name-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: some-name-ssl + - configMap: + defaultMode: 420 + name: auto-upgrade-proxysql-pxc + optional: true + name: auto-config + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: mysql-users-secret-file + secret: + defaultMode: 420 + optional: false + secretName: internal-upgrade-proxysql + - name: mysql-init-file + secret: + defaultMode: 420 + optional: true + secretName: upgrade-proxysql-mysql-init + updateStrategy: + type: OnDelete + volumeClaimTemplates: + - metadata: + name: datadir + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6G + status: + phase: Pending diff --git a/go.mod b/go.mod index 30db4a6328..27bfa129c6 100644 --- a/go.mod +++ b/go.mod @@ -6,31 +6,31 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.1 github.com/Percona-Lab/percona-version-service/api v0.0.0-20201216104127-a39f2dded3cc github.com/caarlos0/env v3.5.0+incompatible - github.com/cert-manager/cert-manager v1.13.3 + github.com/cert-manager/cert-manager v1.14.0 github.com/flosch/pongo2/v6 v6.0.0 github.com/go-ini/ini v1.67.0 github.com/go-logr/logr v1.4.1 github.com/go-logr/zapr v1.3.0 github.com/go-openapi/errors v0.21.0 - github.com/go-openapi/runtime v0.26.2 + github.com/go-openapi/runtime v0.27.1 github.com/go-openapi/strfmt v0.22.0 - github.com/go-openapi/swag v0.22.7 + github.com/go-openapi/swag v0.22.9 github.com/go-openapi/validate v0.22.6 github.com/go-sql-driver/mysql v1.7.1 github.com/google/go-cmp v0.6.0 github.com/hashicorp/go-version v1.6.0 - github.com/minio/minio-go/v7 v7.0.65 - github.com/onsi/ginkgo/v2 v2.13.2 - github.com/onsi/gomega v1.30.0 + github.com/minio/minio-go/v7 v7.0.66 + github.com/onsi/ginkgo/v2 v2.15.0 + github.com/onsi/gomega v1.31.1 github.com/pkg/errors v0.9.1 github.com/robfig/cron/v3 v3.0.1 go.uber.org/zap v1.26.0 golang.org/x/sync v0.6.0 - k8s.io/api v0.29.0 - k8s.io/apimachinery v0.29.0 - k8s.io/client-go v0.29.0 - k8s.io/klog/v2 v2.120.0 - sigs.k8s.io/controller-runtime v0.16.1 + k8s.io/api v0.29.1 + k8s.io/apimachinery v0.29.1 + k8s.io/client-go v0.29.1 + k8s.io/klog/v2 v2.120.1 + sigs.k8s.io/controller-runtime v0.17.0 ) require ( @@ -42,9 +42,9 @@ require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/evanphx/json-patch v5.6.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect + github.com/evanphx/json-patch v5.7.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.22.0 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect @@ -57,16 +57,16 @@ require ( github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect + github.com/google/pprof v0.0.0-20211214055906-6f57359322fd // indirect github.com/google/uuid v1.5.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect - github.com/imdario/mergo v0.3.12 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.16.7 // indirect - github.com/klauspost/cpuid/v2 v2.2.5 // indirect + github.com/klauspost/compress v1.17.4 // indirect + github.com/klauspost/cpuid/v2 v2.2.6 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/minio/md5-simd v1.1.2 // indirect github.com/minio/sha256-simd v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -77,42 +77,42 @@ require ( github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect + github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect github.com/rs/xid v1.5.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/pflag v1.0.5 // indirect go.mongodb.org/mongo-driver v1.13.1 // indirect - go.opentelemetry.io/otel v1.20.0 // indirect - go.opentelemetry.io/otel/metric v1.20.0 // indirect - go.opentelemetry.io/otel/trace v1.20.0 // indirect + go.opentelemetry.io/otel v1.21.0 // indirect + go.opentelemetry.io/otel/metric v1.21.0 // indirect + go.opentelemetry.io/otel/trace v1.21.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.17.0 // indirect - golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect golang.org/x/net v0.19.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sys v0.15.0 // indirect + golang.org/x/oauth2 v0.15.0 // indirect + golang.org/x/sys v0.16.0 // indirect golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.16.1 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.31.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/protobuf v1.32.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.28.1 // indirect - k8s.io/component-base v0.28.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect - k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect - sigs.k8s.io/gateway-api v0.8.0 // indirect + k8s.io/apiextensions-apiserver v0.29.0 // indirect + k8s.io/component-base v0.29.0 // indirect + k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect + k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect + sigs.k8s.io/gateway-api v1.0.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) replace github.com/Azure/go-autorest => github.com/Azure/go-autorest v13.3.2+incompatible // Required by OLM diff --git a/go.sum b/go.sum index 800a5b3b97..1bd46b7192 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,3 @@ -github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI= @@ -21,8 +20,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/caarlos0/env v3.5.0+incompatible h1:Yy0UN8o9Wtr/jGHZDpCBLpNrzcFLLM2yixi/rBrKyJs= github.com/caarlos0/env v3.5.0+incompatible/go.mod h1:tdCsowwCzMLdkqRYDlHpZCp2UooDD3MspDBjZ2AD02Y= -github.com/cert-manager/cert-manager v1.13.3 h1:3R4G0RI7K0OkTZhWlVOC5SGZMYa2NwqmQJoyKydrz/M= -github.com/cert-manager/cert-manager v1.13.3/go.mod h1:BM2+Pt/NmSv1Zr25/MHv6BgIEF9IUxA1xAjp80qkxgc= +github.com/cert-manager/cert-manager v1.14.0 h1:vb4I5hn5LY6XgL5mOyzNA6pxHNRiFL5YzIEFXQhHI/E= +github.com/cert-manager/cert-manager v1.14.0/go.mod h1:pik7K6jXfgh++lfVJ/i1HzEnDluSUtTVLXSHikj8Lho= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -38,14 +37,14 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= -github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= +github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= +github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= +github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/flosch/pongo2/v6 v6.0.0 h1:lsGru8IAzHgIAw6H2m4PCyleO58I40ow6apih0WprMU= github.com/flosch/pongo2/v6 v6.0.0/go.mod h1:CuDpFm47R0uGGE7z13/tTlt1Y6zdxvr2RLT5LJhsHEU= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -65,14 +64,14 @@ github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdX github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= github.com/go-openapi/loads v0.21.5 h1:jDzF4dSoHw6ZFADCGltDb2lE4F6De7aWSpe+IcsRzT0= github.com/go-openapi/loads v0.21.5/go.mod h1:PxTsnFBoBe+z89riT+wYt3prmSBP6GDAQh2l9H1Flz8= -github.com/go-openapi/runtime v0.26.2 h1:elWyB9MacRzvIVgAZCBJmqTi7hBzU0hlKD4IvfX0Zl0= -github.com/go-openapi/runtime v0.26.2/go.mod h1:O034jyRZ557uJKzngbMDJXkcKJVzXJiymdSfgejrcRw= +github.com/go-openapi/runtime v0.27.1 h1:ae53yaOoh+fx/X5Eaq8cRmavHgDma65XPZuvBqvJYto= +github.com/go-openapi/runtime v0.27.1/go.mod h1:fijeJEiEclyS8BRurYE1DE5TLb9/KZl6eAdbzjsrlLU= github.com/go-openapi/spec v0.20.13 h1:XJDIN+dLH6vqXgafnl5SUIMnzaChQ6QTo0/UPMbkIaE= github.com/go-openapi/spec v0.20.13/go.mod h1:8EOhTpBoFiask8rrgwbLC3zmJfz4zsCUueRuPM6GNkw= github.com/go-openapi/strfmt v0.22.0 h1:Ew9PnEYc246TwrEspvBdDHS4BVKXy/AOVsfqGDgAcaI= github.com/go-openapi/strfmt v0.22.0/go.mod h1:HzJ9kokGIju3/K6ap8jL+OlGAbjpSv27135Yr9OivU4= -github.com/go-openapi/swag v0.22.7 h1:JWrc1uc/P9cSomxfnsFSVWoE1FW6bNbrVPmpQYpCcR8= -github.com/go-openapi/swag v0.22.7/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= +github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= +github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= github.com/go-openapi/validate v0.22.6 h1:+NhuwcEYpWdO5Nm4bmvhGLW0rt1Fcc532Mu3wpypXfo= github.com/go-openapi/validate v0.22.6/go.mod h1:eaddXSqKeTg5XpSmj1dYyFTK/95n/XHwcOY+BMxKMyM= github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= @@ -85,9 +84,8 @@ github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJ github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -101,8 +99,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y= +github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -110,10 +108,9 @@ github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWm github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= -github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -121,11 +118,11 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= -github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= +github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= -github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= +github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -134,12 +131,12 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= -github.com/minio/minio-go/v7 v7.0.65 h1:sOlB8T3nQK+TApTpuN3k4WD5KasvZIE3vVFzyyCa0go= -github.com/minio/minio-go/v7 v7.0.65/go.mod h1:R4WVUR6ZTedlCcGwZRauLMIKjgyaWxhs4Mqi/OMPmEc= +github.com/minio/minio-go/v7 v7.0.66 h1:bnTOXOHjOqv/gcMuiVbN9o2ngRItvqE774dG9nq0Dzw= +github.com/minio/minio-go/v7 v7.0.66/go.mod h1:DHAgmyQEGdW3Cif0UooKOyrT3Vxs82zNdV6tkKhRtbs= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -158,32 +155,31 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs= -github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= +github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= +github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= @@ -205,16 +201,16 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk= go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo= -go.opentelemetry.io/otel v1.20.0 h1:vsb/ggIY+hUjD/zCAQHpzTmndPqv/ml2ArbsbfBYTAc= -go.opentelemetry.io/otel v1.20.0/go.mod h1:oUIGj3D77RwJdM6PPZImDpSZGDvkD9fhesHny69JFrs= -go.opentelemetry.io/otel/metric v1.20.0 h1:ZlrO8Hu9+GAhnepmRGhSU7/VkpjrNowxRN9GyKR4wzA= -go.opentelemetry.io/otel/metric v1.20.0/go.mod h1:90DRw3nfK4D7Sm/75yQ00gTJxtkBxX+wu6YaNymbpVM= -go.opentelemetry.io/otel/sdk v1.20.0 h1:5Jf6imeFZlZtKv9Qbo6qt2ZkmWtdWx/wzcCbNUlAWGM= -go.opentelemetry.io/otel/sdk v1.20.0/go.mod h1:rmkSx1cZCm/tn16iWDn1GQbLtsW/LvsdEEFzCSRM6V0= -go.opentelemetry.io/otel/trace v1.20.0 h1:+yxVAPZPbQhbC3OfAkeIVTky6iTFpcr4SiY9om7mXSQ= -go.opentelemetry.io/otel/trace v1.20.0/go.mod h1:HJSK7F/hA5RlzpZ0zKDCHCDHm556LCDtKaAo6JmBFUU= -go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= +go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= +go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= +go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= +go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= +go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= +go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= +go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= @@ -226,15 +222,12 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= +golang.org/x/exp v0.0.0-20231226003508-02704c960a9b h1:kLiC65FbiHWFAOu+lxwNPujcsl8VYyTYYEZnsOO1WK4= +golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -243,9 +236,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -254,24 +246,22 @@ golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -279,27 +269,27 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -308,35 +298,34 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= -k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= -k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw= -k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs= -k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= -k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= -k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= -k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= -k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg= -k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU= -k8s.io/klog/v2 v2.120.0 h1:z+q5mfovBj1fKFxiRzsa2DsJLPIVMk/KFL81LMOfK+8= -k8s.io/klog/v2 v2.120.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.16.1 h1:+15lzrmHsE0s2kNl0Dl8cTchI5Cs8qofo5PGcPrV9z0= -sigs.k8s.io/controller-runtime v0.16.1/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU= -sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg= -sigs.k8s.io/gateway-api v0.8.0/go.mod h1:okOnjPNBFbIS/Rw9kAhuIUaIkLhTKEu+ARIuXk2dgaM= +k8s.io/api v0.29.1 h1:DAjwWX/9YT7NQD4INu49ROJuZAAAP/Ijki48GUPzxqw= +k8s.io/api v0.29.1/go.mod h1:7Kl10vBRUXhnQQI8YR/R327zXC8eJ7887/+Ybta+RoQ= +k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= +k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= +k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc= +k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/client-go v0.29.1 h1:19B/+2NGEwnFLzt0uB5kNJnfTsbV8w6TgQRz9l7ti7A= +k8s.io/client-go v0.29.1/go.mod h1:TDG/psL9hdet0TI9mGyHJSgRkW3H9JZk2dNEUS7bRks= +k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= +k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko= +k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022/go.mod h1:sIV51WBTkZrlGOJMCDZDA1IaPBUDTulPpD4y7oe038k= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= +sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= +sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/apis/pxc/v1/pxc_backup_types.go b/pkg/apis/pxc/v1/pxc_backup_types.go index 8e506e9908..1d686ecf15 100644 --- a/pkg/apis/pxc/v1/pxc_backup_types.go +++ b/pkg/apis/pxc/v1/pxc_backup_types.go @@ -1,6 +1,9 @@ package v1 import ( + "path" + "strings" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" @@ -53,7 +56,7 @@ type PXCBackupStatus struct { State PXCBackupState `json:"state,omitempty"` CompletedAt *metav1.Time `json:"completed,omitempty"` LastScheduled *metav1.Time `json:"lastscheduled,omitempty"` - Destination string `json:"destination,omitempty"` + Destination PXCBackupDestination `json:"destination,omitempty"` StorageName string `json:"storageName,omitempty"` S3 *BackupStorageS3Spec `json:"s3,omitempty"` Azure *BackupStorageAzureSpec `json:"azure,omitempty"` @@ -67,6 +70,67 @@ type PXCBackupStatus struct { LatestRestorableTime *metav1.Time `json:"latestRestorableTime,omitempty"` } +type PXCBackupDestination string + +func (dest *PXCBackupDestination) set(value string) { + if dest == nil { + return + } + *dest = PXCBackupDestination(value) +} + +func (dest *PXCBackupDestination) SetPVCDestination(backupName string) { + dest.set(PVCStoragePrefix + backupName) +} + +func (dest *PXCBackupDestination) SetS3Destination(bucket, backupName string) { + dest.set(AwsBlobStoragePrefix + bucket + "/" + backupName) +} + +func (dest *PXCBackupDestination) SetAzureDestination(container, backupName string) { + dest.set(AzureBlobStoragePrefix + container + "/" + backupName) +} + +func (dest *PXCBackupDestination) String() string { + if dest == nil { + return "" + } + return string(*dest) +} + +func (dest *PXCBackupDestination) StorageTypePrefix() string { + for _, p := range []string{AwsBlobStoragePrefix, AzureBlobStoragePrefix, PVCStoragePrefix} { + if strings.HasPrefix(dest.String(), p) { + return p + } + } + return "" +} + +func (dest *PXCBackupDestination) BucketAndPrefix() (string, string) { + d := strings.TrimPrefix(dest.String(), dest.StorageTypePrefix()) + bucket, left, _ := strings.Cut(d, "/") + + spl := strings.Split(left, "/") + prefix := "" + if len(spl) > 1 { + prefix = path.Join(spl[:len(spl)-1]...) + prefix = strings.TrimSuffix(prefix, "/") + prefix += "/" + } + return bucket, prefix +} + +func (dest *PXCBackupDestination) BackupName() string { + if dest.StorageTypePrefix() == PVCStoragePrefix { + return strings.TrimPrefix(dest.String(), dest.StorageTypePrefix()) + } + bucket, prefix := dest.BucketAndPrefix() + backupName := strings.TrimPrefix(dest.String(), dest.StorageTypePrefix()+path.Join(bucket, prefix)) + backupName = strings.TrimPrefix(backupName, "/") + return backupName +} + func (status *PXCBackupStatus) GetStorageType(cluster *PerconaXtraDBCluster) BackupStorageType { if status.StorageType != "" { return status.StorageType diff --git a/pkg/apis/pxc/v1/pxc_types.go b/pkg/apis/pxc/v1/pxc_types.go index 720676ec23..0dee265f76 100644 --- a/pkg/apis/pxc/v1/pxc_types.go +++ b/pkg/apis/pxc/v1/pxc_types.go @@ -640,8 +640,13 @@ type BackupStorageS3Spec struct { // BucketAndPrefix returns bucket name and backup prefix from Bucket. // BackupStorageS3Spec.Bucket can contain backup path in format `/`. func (b *BackupStorageS3Spec) BucketAndPrefix() (string, string) { - destination := strings.TrimPrefix(b.Bucket, AwsBlobStoragePrefix) - bucket, prefix, _ := strings.Cut(destination, "/") + bucket, prefix, _ := strings.Cut(b.Bucket, "/") + + if prefix != "" { + prefix = strings.TrimSuffix(prefix, "/") + prefix += "/" + } + return bucket, prefix } @@ -655,13 +660,19 @@ type BackupStorageAzureSpec struct { const ( AzureBlobStoragePrefix string = "azure://" AwsBlobStoragePrefix string = "s3://" + PVCStoragePrefix string = "pvc/" ) // ContainerAndPrefix returns container name and backup prefix from ContainerPath. // BackupStorageAzureSpec.ContainerPath can contain backup path in format `/`. func (b *BackupStorageAzureSpec) ContainerAndPrefix() (string, string) { - destination := strings.TrimPrefix(b.ContainerPath, AzureBlobStoragePrefix) - container, prefix, _ := strings.Cut(destination, "/") + container, prefix, _ := strings.Cut(b.ContainerPath, "/") + + if prefix != "" { + prefix = strings.TrimSuffix(prefix, "/") + prefix += "/" + } + return container, prefix } @@ -1054,7 +1065,13 @@ func (cr *PerconaXtraDBCluster) setProbesDefaults() { cr.Spec.PXC.LivenessProbes.TimeoutSeconds = 5 } - cr.Spec.PXC.LivenessProbes.SuccessThreshold = 1 + if cr.Spec.PXC.LivenessProbes.FailureThreshold == 0 { + cr.Spec.PXC.LivenessProbes.FailureThreshold = 3 + } + + if cr.Spec.PXC.LivenessProbes.SuccessThreshold == 0 { + cr.Spec.PXC.LivenessProbes.SuccessThreshold = 1 + } if cr.Spec.PXC.ReadinessInitialDelaySeconds != nil { cr.Spec.PXC.ReadinessProbes.InitialDelaySeconds = *cr.Spec.PXC.ReadinessInitialDelaySeconds @@ -1069,6 +1086,11 @@ func (cr *PerconaXtraDBCluster) setProbesDefaults() { if cr.Spec.PXC.ReadinessProbes.FailureThreshold == 0 { cr.Spec.PXC.ReadinessProbes.FailureThreshold = 5 } + + if cr.Spec.PXC.ReadinessProbes.SuccessThreshold == 0 { + cr.Spec.PXC.ReadinessProbes.SuccessThreshold = 1 + } + if cr.Spec.PXC.ReadinessProbes.TimeoutSeconds == 0 { cr.Spec.PXC.ReadinessProbes.TimeoutSeconds = 15 } @@ -1087,6 +1109,14 @@ func (cr *PerconaXtraDBCluster) setProbesDefaults() { cr.Spec.HAProxy.ReadinessProbes.TimeoutSeconds = 1 } + if cr.Spec.HAProxy.ReadinessProbes.SuccessThreshold == 0 { + cr.Spec.HAProxy.ReadinessProbes.SuccessThreshold = 1 + } + + if cr.Spec.HAProxy.ReadinessProbes.FailureThreshold == 0 { + cr.Spec.HAProxy.ReadinessProbes.FailureThreshold = 3 + } + if cr.Spec.HAProxy.LivenessInitialDelaySeconds != nil { cr.Spec.HAProxy.LivenessProbes.InitialDelaySeconds = *cr.Spec.HAProxy.LivenessInitialDelaySeconds } else if cr.Spec.HAProxy.LivenessProbes.InitialDelaySeconds == 0 { @@ -1103,8 +1133,9 @@ func (cr *PerconaXtraDBCluster) setProbesDefaults() { cr.Spec.HAProxy.LivenessProbes.PeriodSeconds = 30 } - cr.Spec.HAProxy.LivenessProbes.SuccessThreshold = 1 - + if cr.Spec.HAProxy.LivenessProbes.SuccessThreshold == 0 { + cr.Spec.HAProxy.LivenessProbes.SuccessThreshold = 1 + } } } diff --git a/pkg/controller/pxc/controller_test.go b/pkg/controller/pxc/controller_test.go index fecfd75d1d..7ce6772fc3 100644 --- a/pkg/controller/pxc/controller_test.go +++ b/pkg/controller/pxc/controller_test.go @@ -1426,3 +1426,278 @@ var _ = Describe("PostStart/PreStop lifecycle hooks", Ordered, func() { }) }) }) + +var _ = Describe("Liveness/Readiness Probes", Ordered, func() { + ctx := context.Background() + + const ns = "probes" + namespace := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: ns, + Namespace: ns, + }, + } + + BeforeAll(func() { + By("Creating the Namespace to perform the tests") + err := k8sClient.Create(ctx, namespace) + Expect(err).To(Not(HaveOccurred())) + }) + + AfterAll(func() { + By("Deleting the Namespace to perform the tests") + _ = k8sClient.Delete(ctx, namespace) + }) + + defaultReadiness := corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + Exec: &corev1.ExecAction{ + Command: []string{ + "/var/lib/mysql/readiness-check.sh", + }, + }, + }, + InitialDelaySeconds: int32(15), + TimeoutSeconds: int32(15), + PeriodSeconds: int32(30), + SuccessThreshold: int32(1), + FailureThreshold: int32(5), + } + defaultLiveness := corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + Exec: &corev1.ExecAction{ + Command: []string{ + "/var/lib/mysql/liveness-check.sh", + }, + }, + }, + InitialDelaySeconds: int32(300), + TimeoutSeconds: int32(5), + PeriodSeconds: int32(10), + SuccessThreshold: int32(1), + FailureThreshold: int32(3), + } + + DescribeTable("PXC probes", + func(probes func() (corev1.Probe, corev1.Probe)) { + const crName = "probes" + crNamespacedName := types.NamespacedName{Name: crName, Namespace: ns} + + cr, err := readDefaultCR(crName, ns) + Expect(err).NotTo(HaveOccurred()) + + cr.ObjectMeta.Finalizers = []string{} + + readiness, liveness := probes() + cr.Spec.PXC.ReadinessProbes = readiness + cr.Spec.PXC.LivenessProbes = liveness + + Expect(k8sClient.Create(ctx, cr)).Should(Succeed()) + + _, err = reconciler().Reconcile(ctx, ctrl.Request{NamespacedName: crNamespacedName}) + Expect(err).NotTo(HaveOccurred()) + + sts := appsv1.StatefulSet{} + err = k8sClient.Get(ctx, types.NamespacedName{Name: "probes-pxc", Namespace: ns}, &sts) + Expect(err).NotTo(HaveOccurred()) + + for _, ct := range sts.Spec.Template.Spec.Containers { + if ct.Name != "pxc" { + continue + } + + Expect(*ct.ReadinessProbe).To(Equal(readiness)) + Expect(*ct.LivenessProbe).To(Equal(liveness)) + } + + Expect(k8sClient.Delete(ctx, cr)).Should(Succeed()) + }, + Entry("[readiness] custom initial delay seconds", func() (corev1.Probe, corev1.Probe) { + readiness := defaultReadiness.DeepCopy() + readiness.InitialDelaySeconds = defaultReadiness.InitialDelaySeconds + 10 + + return *readiness, defaultLiveness + }), + Entry("[readiness] custom timeout seconds", func() (corev1.Probe, corev1.Probe) { + readiness := defaultReadiness.DeepCopy() + readiness.TimeoutSeconds = defaultReadiness.TimeoutSeconds + 10 + + return *readiness, defaultLiveness + }), + Entry("[readiness] custom period seconds", func() (corev1.Probe, corev1.Probe) { + readiness := defaultReadiness.DeepCopy() + readiness.PeriodSeconds = defaultReadiness.PeriodSeconds + 10 + + return *readiness, defaultLiveness + }), + Entry("[readiness] custom success threshold", func() (corev1.Probe, corev1.Probe) { + readiness := defaultReadiness.DeepCopy() + readiness.SuccessThreshold = defaultReadiness.SuccessThreshold + 1 + + return *readiness, defaultLiveness + }), + Entry("[readiness] custom failure threshold", func() (corev1.Probe, corev1.Probe) { + readiness := defaultReadiness.DeepCopy() + readiness.FailureThreshold = defaultReadiness.FailureThreshold + 1 + + return *readiness, defaultLiveness + }), + Entry("[liveness] custom initial delay seconds", func() (corev1.Probe, corev1.Probe) { + liveness := defaultLiveness.DeepCopy() + liveness.InitialDelaySeconds = defaultLiveness.InitialDelaySeconds + 10 + + return defaultReadiness, *liveness + }), + Entry("[liveness] custom timeout seconds", func() (corev1.Probe, corev1.Probe) { + liveness := defaultLiveness.DeepCopy() + liveness.TimeoutSeconds = defaultLiveness.TimeoutSeconds + 10 + + return defaultReadiness, *liveness + }), + Entry("[liveness] custom period seconds", func() (corev1.Probe, corev1.Probe) { + liveness := defaultLiveness.DeepCopy() + liveness.PeriodSeconds = defaultLiveness.PeriodSeconds + 10 + + return defaultReadiness, *liveness + }), + Entry("[liveness] custom success threshold", func() (corev1.Probe, corev1.Probe) { + liveness := defaultLiveness.DeepCopy() + liveness.SuccessThreshold = defaultLiveness.SuccessThreshold + 1 + + return defaultReadiness, *liveness + }), + Entry("[liveness] custom failure threshold", func() (corev1.Probe, corev1.Probe) { + liveness := defaultLiveness.DeepCopy() + liveness.FailureThreshold = defaultLiveness.FailureThreshold + 1 + + return defaultReadiness, *liveness + }), + ) + + defaultHAProxyReadiness := corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + Exec: &corev1.ExecAction{ + Command: []string{ + "/usr/local/bin/readiness-check.sh", + }, + }, + }, + InitialDelaySeconds: int32(15), + TimeoutSeconds: int32(1), + PeriodSeconds: int32(5), + SuccessThreshold: int32(1), + FailureThreshold: int32(3), + } + defaultHAProxyLiveness := corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + Exec: &corev1.ExecAction{ + Command: []string{ + "/usr/local/bin/liveness-check.sh", + }, + }, + }, + InitialDelaySeconds: int32(60), + TimeoutSeconds: int32(5), + PeriodSeconds: int32(30), + SuccessThreshold: int32(1), + FailureThreshold: int32(4), + } + + DescribeTable("HAProxy probes", + func(probes func() (corev1.Probe, corev1.Probe)) { + const crName = "probes" + crNamespacedName := types.NamespacedName{Name: crName, Namespace: ns} + + cr, err := readDefaultCR(crName, ns) + Expect(err).NotTo(HaveOccurred()) + + cr.ObjectMeta.Finalizers = []string{} + cr.Spec.HAProxy.Enabled = true + cr.Spec.ProxySQL.Enabled = false + + readiness, liveness := probes() + cr.Spec.HAProxy.ReadinessProbes = readiness + cr.Spec.HAProxy.LivenessProbes = liveness + + Expect(k8sClient.Create(ctx, cr)).Should(Succeed()) + + _, err = reconciler().Reconcile(ctx, ctrl.Request{NamespacedName: crNamespacedName}) + Expect(err).NotTo(HaveOccurred()) + + sts := appsv1.StatefulSet{} + err = k8sClient.Get(ctx, types.NamespacedName{Name: "probes-haproxy", Namespace: ns}, &sts) + Expect(err).NotTo(HaveOccurred()) + + for _, ct := range sts.Spec.Template.Spec.Containers { + if ct.Name != "haproxy" { + continue + } + + Expect(*ct.ReadinessProbe).To(Equal(readiness)) + Expect(*ct.LivenessProbe).To(Equal(liveness)) + } + + Expect(k8sClient.Delete(ctx, cr)).Should(Succeed()) + }, + Entry("[readiness] custom initial delay seconds", func() (corev1.Probe, corev1.Probe) { + readiness := defaultHAProxyReadiness.DeepCopy() + readiness.InitialDelaySeconds = defaultHAProxyReadiness.InitialDelaySeconds + 10 + + return *readiness, defaultHAProxyLiveness + }), + Entry("[readiness] custom timeout seconds", func() (corev1.Probe, corev1.Probe) { + readiness := defaultHAProxyReadiness.DeepCopy() + readiness.TimeoutSeconds = defaultHAProxyReadiness.TimeoutSeconds + 10 + + return *readiness, defaultHAProxyLiveness + }), + Entry("[readiness] custom period seconds", func() (corev1.Probe, corev1.Probe) { + readiness := defaultHAProxyReadiness.DeepCopy() + readiness.PeriodSeconds = defaultHAProxyReadiness.PeriodSeconds + 10 + + return *readiness, defaultHAProxyLiveness + }), + Entry("[readiness] custom success threshold", func() (corev1.Probe, corev1.Probe) { + readiness := defaultHAProxyReadiness.DeepCopy() + readiness.SuccessThreshold = defaultHAProxyReadiness.SuccessThreshold + 1 + + return *readiness, defaultHAProxyLiveness + }), + Entry("[readiness] custom failure threshold", func() (corev1.Probe, corev1.Probe) { + readiness := defaultHAProxyReadiness.DeepCopy() + readiness.FailureThreshold = defaultHAProxyReadiness.FailureThreshold + 1 + + return *readiness, defaultHAProxyLiveness + }), + Entry("[liveness] custom initial delay seconds", func() (corev1.Probe, corev1.Probe) { + liveness := defaultHAProxyLiveness.DeepCopy() + liveness.InitialDelaySeconds = defaultHAProxyLiveness.InitialDelaySeconds + 10 + + return defaultHAProxyReadiness, *liveness + }), + Entry("[liveness] custom timeout seconds", func() (corev1.Probe, corev1.Probe) { + liveness := defaultHAProxyLiveness.DeepCopy() + liveness.TimeoutSeconds = defaultHAProxyLiveness.TimeoutSeconds + 10 + + return defaultHAProxyReadiness, *liveness + }), + Entry("[liveness] custom period seconds", func() (corev1.Probe, corev1.Probe) { + liveness := defaultHAProxyLiveness.DeepCopy() + liveness.PeriodSeconds = defaultHAProxyLiveness.PeriodSeconds + 10 + + return defaultHAProxyReadiness, *liveness + }), + Entry("[liveness] custom success threshold", func() (corev1.Probe, corev1.Probe) { + liveness := defaultHAProxyLiveness.DeepCopy() + liveness.SuccessThreshold = defaultHAProxyLiveness.SuccessThreshold + 1 + + return defaultHAProxyReadiness, *liveness + }), + Entry("[liveness] custom failure threshold", func() (corev1.Probe, corev1.Probe) { + liveness := defaultHAProxyLiveness.DeepCopy() + liveness.FailureThreshold = defaultHAProxyLiveness.FailureThreshold + 1 + + return defaultHAProxyReadiness, *liveness + }), + ) +}) diff --git a/pkg/controller/pxcbackup/controller.go b/pkg/controller/pxcbackup/controller.go index a28f69238b..c091c61711 100644 --- a/pkg/controller/pxcbackup/controller.go +++ b/pkg/controller/pxcbackup/controller.go @@ -201,7 +201,7 @@ func (r *ReconcilePerconaXtraDBClusterBackup) Reconcile(ctx context.Context, req pvc := backup.NewPVC(cr) pvc.Spec = *storage.Volume.PersistentVolumeClaim - cr.Status.Destination = "pvc/" + pvc.Name + cr.Status.Destination.SetPVCDestination(pvc.Name) // Set PerconaXtraDBClusterBackup instance as the owner and controller if err := setControllerReference(cr, pvc, r.scheme); err != nil { @@ -228,10 +228,7 @@ func (r *ReconcilePerconaXtraDBClusterBackup) Reconcile(ctx context.Context, req if storage.S3 == nil { return rr, errors.New("s3 storage is not specified") } - cr.Status.Destination = storage.S3.Bucket + "/" + cr.Spec.PXCCluster + "-" + cr.CreationTimestamp.Time.Format("2006-01-02-15:04:05") + "-full" - if !strings.HasPrefix(storage.S3.Bucket, api.AwsBlobStoragePrefix) { - cr.Status.Destination = api.AwsBlobStoragePrefix + cr.Status.Destination - } + cr.Status.Destination.SetS3Destination(storage.S3.Bucket, cr.Spec.PXCCluster+"-"+cr.CreationTimestamp.Time.Format("2006-01-02-15:04:05")+"-full") err := backup.SetStorageS3(&job.Spec, cr) if err != nil { @@ -241,10 +238,7 @@ func (r *ReconcilePerconaXtraDBClusterBackup) Reconcile(ctx context.Context, req if storage.Azure == nil { return rr, errors.New("azure storage is not specified") } - cr.Status.Destination = storage.Azure.ContainerPath + "/" + cr.Spec.PXCCluster + "-" + cr.CreationTimestamp.Time.Format("2006-01-02-15:04:05") + "-full" - if !strings.HasPrefix(storage.Azure.ContainerPath, api.AzureBlobStoragePrefix) { - cr.Status.Destination = api.AzureBlobStoragePrefix + cr.Status.Destination - } + cr.Status.Destination.SetAzureDestination(storage.Azure.ContainerPath, cr.Spec.PXCCluster+"-"+cr.CreationTimestamp.Time.Format("2006-01-02-15:04:05")+"-full") err := backup.SetStorageAzure(&job.Spec, cr) if err != nil { @@ -317,7 +311,7 @@ func (r *ReconcilePerconaXtraDBClusterBackup) runDeleteBackupFinalizer(ctx conte } switch cr.Status.GetStorageType(nil) { case api.BackupStorageS3: - if !strings.HasPrefix(cr.Status.Destination, api.AwsBlobStoragePrefix) { + if cr.Status.Destination.StorageTypePrefix() != api.AwsBlobStoragePrefix { continue } err = r.runS3BackupFinalizer(ctx, cr) @@ -352,33 +346,24 @@ func (r *ReconcilePerconaXtraDBClusterBackup) runS3BackupFinalizer(ctx context.C } sec := corev1.Secret{} - err := r.client.Get(context.Background(), + err := r.client.Get(ctx, types.NamespacedName{Name: cr.Status.S3.CredentialsSecret, Namespace: cr.Namespace}, &sec) if err != nil { return errors.Wrap(err, "failed to get secret") } - accessKeyID := string(sec.Data["AWS_ACCESS_KEY_ID"]) - secretAccessKey := string(sec.Data["AWS_SECRET_ACCESS_KEY"]) - bucket, prefix := cr.Status.S3.BucketAndPrefix() - destination := strings.TrimPrefix(cr.Status.Destination, api.AwsBlobStoragePrefix+bucket+"/") - destination = strings.TrimPrefix(destination, bucket+"/") - if prefix != "" { - destination = strings.TrimPrefix(destination, prefix) - destination = strings.TrimPrefix(destination, "/") - } - destination = strings.TrimSuffix(destination, "/") + "/" - verifyTLS := true - if cr.Status.VerifyTLS != nil && !*cr.Status.VerifyTLS { - verifyTLS = false + opts, err := storage.GetOptionsFromBackup(ctx, r.client, nil, cr) + if err != nil { + return errors.Wrap(err, "get storage options") } - storage, err := storage.NewS3(cr.Status.S3.EndpointURL, accessKeyID, secretAccessKey, bucket, prefix, cr.Status.S3.Region, verifyTLS) + storage, err := storage.NewClient(ctx, opts) if err != nil { return errors.Wrap(err, "new s3 storage") } - log.Info("deleting backup from s3", "name", cr.Name, "bucket", cr.Status.S3.Bucket, "backupName", destination) - err = retry.OnError(retry.DefaultBackoff, func(e error) bool { return true }, removeBackupObjects(ctx, storage, bucket, destination)) + backupName := cr.Status.Destination.BackupName() + log.Info("deleting backup from s3", "name", cr.Name, "bucket", cr.Status.S3.Bucket, "backupName", backupName) + err = retry.OnError(retry.DefaultBackoff, func(e error) bool { return true }, removeBackupObjects(ctx, storage, backupName)) if err != nil { return errors.Wrapf(err, "failed to delete backup %s", cr.Name) } @@ -391,41 +376,30 @@ func (r *ReconcilePerconaXtraDBClusterBackup) runAzureBackupFinalizer(ctx contex if cr.Status.Azure == nil { return errors.New("azure storage is not specified") } - secret := new(corev1.Secret) - err := r.client.Get(ctx, types.NamespacedName{Name: cr.Status.Azure.CredentialsSecret, Namespace: cr.Namespace}, secret) - if err != nil { - return errors.Wrap(err, "failed to get secret") - } - accountName := string(secret.Data["AZURE_STORAGE_ACCOUNT_NAME"]) - accountKey := string(secret.Data["AZURE_STORAGE_ACCOUNT_KEY"]) - container, prefix := cr.Status.Azure.ContainerAndPrefix() - destination := strings.TrimPrefix(cr.Status.Destination, api.AzureBlobStoragePrefix+container+"/") - destination = strings.TrimPrefix(destination, container+"/") - if prefix != "" { - destination = strings.TrimPrefix(destination, prefix) - destination = strings.TrimPrefix(destination, "/") + opts, err := storage.GetOptionsFromBackup(ctx, r.client, nil, cr) + if err != nil { + return errors.Wrap(err, "get storage options") } - destination = strings.TrimSuffix(destination, "/") + "/" - - azureStorage, err := storage.NewAzure(accountName, accountKey, cr.Status.Azure.Endpoint, container, prefix) + azureStorage, err := storage.NewClient(ctx, opts) if err != nil { return errors.Wrap(err, "new azure storage") } - log.Info("deleting backup from azure", "name", cr.Name, "containerName", container, "destination", destination) + backupName := cr.Status.Destination.BackupName() + log.Info("Deleting backup from azure", "name", cr.Name, "backupName", backupName) err = retry.OnError(retry.DefaultBackoff, func(e error) bool { return true }, - removeBackupObjects(ctx, azureStorage, container, destination)) + removeBackupObjects(ctx, azureStorage, backupName)) if err != nil { return errors.Wrapf(err, "failed to delete backup %s", cr.Name) } return nil } -func removeBackupObjects(ctx context.Context, s storage.Storage, container, destination string) func() error { +func removeBackupObjects(ctx context.Context, s storage.Storage, destination string) func() error { return func() error { blobs, err := s.ListObjects(ctx, destination) if err != nil { diff --git a/pkg/controller/pxcrestore/restore_test.go b/pkg/controller/pxcrestore/restore_test.go index aa77636eb8..44e810edda 100644 --- a/pkg/controller/pxcrestore/restore_test.go +++ b/pkg/controller/pxcrestore/restore_test.go @@ -27,19 +27,22 @@ func TestValidate(t *testing.T) { cluster := readDefaultCR(t, clusterName, namespace) s3Bcp := readDefaultBackup(t, backupName, namespace) s3Bcp.Spec.StorageName = "s3-us-west" - s3Bcp.Status.Destination = api.AwsBlobStoragePrefix + "some-dest/dest" + s3Bcp.Status.Destination.SetS3Destination("some-dest", "dest") s3Bcp.Status.S3 = &api.BackupStorageS3Spec{ Bucket: "some-bucket", CredentialsSecret: s3SecretName, } + s3Bcp.Status.State = api.BackupSucceeded azureBcp := readDefaultBackup(t, backupName, namespace) azureBcp.Spec.StorageName = "azure-blob" - azureBcp.Status.Destination = "some-dest/dest" + azureBcp.Status.Destination.SetAzureDestination("some-dest", "dest") azureBcp.Status.Azure = &api.BackupStorageAzureSpec{ ContainerPath: "some-bucket", CredentialsSecret: azureSecretName, } + azureBcp.Status.State = api.BackupSucceeded cr := readDefaultRestore(t, restoreName, namespace) + cr.Spec.BackupName = backupName crSecret := readDefaultCRSecret(t, clusterName+"-secrets", namespace) s3Secret := readDefaultS3Secret(t, s3SecretName, namespace) azureSecret := readDefaultAzureSecret(t, azureSecretName, namespace) @@ -93,10 +96,28 @@ func TestValidate(t *testing.T) { crSecret, s3Secret, }, - fakeStorageClientFunc: func(opts storage.Options) (storage.Storage, error) { + fakeStorageClientFunc: func(_ context.Context, opts storage.Options) (storage.Storage, error) { return &fakeStorageClient{failListObjects: true}, nil }, }, + { + name: "s3 without provided bucket", + cr: updateResource(cr, func(cr *api.PerconaXtraDBClusterRestore) { + cr.Spec.BackupName = "" + cr.Spec.BackupSource = &api.PXCBackupStatus{ + Destination: s3Bcp.Status.Destination, + StorageType: api.BackupStorageS3, + S3: s3Bcp.Status.S3, + } + cr.Spec.BackupSource.S3.Bucket = "" + }, + ), + cluster: cluster.DeepCopy(), + objects: []runtime.Object{ + crSecret, + s3Secret, + }, + }, { name: "s3 with empty bucket", cr: cr.DeepCopy(), @@ -107,7 +128,7 @@ func TestValidate(t *testing.T) { crSecret, s3Secret, }, - fakeStorageClientFunc: func(opts storage.Options) (storage.Storage, error) { + fakeStorageClientFunc: func(_ context.Context, opts storage.Options) (storage.Storage, error) { return &fakeStorageClient{emptyListObjects: true}, nil }, }, @@ -180,10 +201,28 @@ func TestValidate(t *testing.T) { crSecret, azureSecret, }, - fakeStorageClientFunc: func(opts storage.Options) (storage.Storage, error) { + fakeStorageClientFunc: func(_ context.Context, opts storage.Options) (storage.Storage, error) { return &fakeStorageClient{failListObjects: true}, nil }, }, + { + name: "azure without provided bucket", + cr: updateResource(cr, func(cr *api.PerconaXtraDBClusterRestore) { + cr.Spec.BackupName = "" + cr.Spec.BackupSource = &api.PXCBackupStatus{ + Destination: azureBcp.Status.Destination, + StorageType: api.BackupStorageAzure, + Azure: azureBcp.Status.Azure, + } + cr.Spec.BackupSource.Azure.ContainerPath = "" + }, + ), + cluster: cluster.DeepCopy(), + objects: []runtime.Object{ + crSecret, + azureSecret, + }, + }, { name: "azure with empty bucket", cr: cr.DeepCopy(), @@ -194,7 +233,7 @@ func TestValidate(t *testing.T) { crSecret, azureSecret, }, - fakeStorageClientFunc: func(opts storage.Options) (storage.Storage, error) { + fakeStorageClientFunc: func(_ context.Context, opts storage.Options) (storage.Storage, error) { return &fakeStorageClient{emptyListObjects: true}, nil }, }, @@ -203,8 +242,8 @@ func TestValidate(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { if tt.fakeStorageClientFunc == nil { - tt.fakeStorageClientFunc = func(opts storage.Options) (storage.Storage, error) { - defaultFakeClient, err := fakestorage.NewFakeClient(opts) + tt.fakeStorageClientFunc = func(ctx context.Context, opts storage.Options) (storage.Storage, error) { + defaultFakeClient, err := fakestorage.NewFakeClient(ctx, opts) if err != nil { return nil, err } @@ -218,13 +257,20 @@ func TestValidate(t *testing.T) { if err := tt.cluster.CheckNSetDefaults(new(version.ServerVersion), logf.FromContext(ctx)); err != nil { t.Fatal(err) } - tt.objects = append(tt.objects, tt.cr, tt.bcp, tt.cluster) + if tt.bcp != nil { + tt.objects = append(tt.objects, tt.bcp) + } + tt.objects = append(tt.objects, tt.cr, tt.cluster) cl := buildFakeClient(tt.objects...) r := reconciler(cl) r.newStorageClientFunc = tt.fakeStorageClientFunc - err := r.validate(ctx, tt.cr, tt.bcp, tt.cluster) + bcp, err := r.getBackup(ctx, tt.cr) + if err != nil { + t.Fatal(err) + } + err = r.validate(ctx, tt.cr, bcp, tt.cluster) errStr := "" if err != nil { errStr = err.Error() diff --git a/pkg/controller/pxcrestore/restorer.go b/pkg/controller/pxcrestore/restorer.go index 94dd63598a..04fa0fb237 100644 --- a/pkg/controller/pxcrestore/restorer.go +++ b/pkg/controller/pxcrestore/restorer.go @@ -2,7 +2,6 @@ package pxcrestore import ( "context" - "fmt" "sort" "strings" "time" @@ -36,11 +35,11 @@ func (s *s3) Init(context.Context) error { return nil } func (s *s3) Finalize(context.Context) error { return nil } func (s *s3) Job() (*batchv1.Job, error) { - return backup.RestoreJob(s.cr, s.bcp, s.cluster, strings.TrimPrefix(s.bcp.Status.Destination, api.AwsBlobStoragePrefix), false) + return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.bcp.Status.Destination, false) } func (s *s3) PITRJob() (*batchv1.Job, error) { - return backup.RestoreJob(s.cr, s.bcp, s.cluster, strings.TrimPrefix(s.bcp.Status.Destination, api.AwsBlobStoragePrefix), true) + return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.bcp.Status.Destination, true) } func (s *s3) ValidateJob(ctx context.Context, job *batchv1.Job) error { @@ -55,49 +54,17 @@ func (s *s3) ValidateJob(ctx context.Context, job *batchv1.Job) error { } func (s *s3) Validate(ctx context.Context) error { - sec := corev1.Secret{} - err := s.k8sClient.Get(ctx, - types.NamespacedName{Name: s.bcp.Status.S3.CredentialsSecret, Namespace: s.bcp.Namespace}, &sec) - if client.IgnoreNotFound(err) != nil { - return errors.Wrap(err, "failed to get secret") - } - - accessKeyID := string(sec.Data["AWS_ACCESS_KEY_ID"]) - secretAccessKey := string(sec.Data["AWS_SECRET_ACCESS_KEY"]) - ep := s.bcp.Status.S3.EndpointURL - bucket, prefix := s.bcp.Status.S3.BucketAndPrefix() - verifyTLS := true - if s.bcp.Status.VerifyTLS != nil && !*s.bcp.Status.VerifyTLS { - verifyTLS = false - } - if s.cluster.Spec.Backup != nil && len(s.cluster.Spec.Backup.Storages) > 0 { - storage, ok := s.cluster.Spec.Backup.Storages[s.bcp.Spec.StorageName] - if ok && storage.VerifyTLS != nil { - verifyTLS = *storage.VerifyTLS - } + opts, err := storage.GetOptionsFromBackup(ctx, s.k8sClient, s.cluster, s.bcp) + if err != nil { + return errors.Wrap(err, "failed to get storage options") } - s3cli, err := s.newStorageClient(&storage.S3Options{ - Endpoint: ep, - AccessKeyID: accessKeyID, - SecretAccessKey: secretAccessKey, - BucketName: bucket, - Prefix: prefix, - Region: s.bcp.Status.S3.Region, - VerifyTLS: verifyTLS, - }) + s3cli, err := s.newStorageClient(ctx, opts) if err != nil { return errors.Wrap(err, "failed to create s3 client") } - dest := s.bcp.Status.Destination - dest = strings.TrimPrefix(dest, api.AwsBlobStoragePrefix) - dest = strings.TrimPrefix(dest, bucket+"/") - if prefix != "" { - dest = strings.TrimPrefix(dest, prefix) - dest = strings.TrimPrefix(dest, "/") - } - dest = strings.TrimSuffix(dest, "/") + "/" - objs, err := s3cli.ListObjects(ctx, dest) + backupName := s.bcp.Status.Destination.BackupName() + "/" + objs, err := s3cli.ListObjects(ctx, backupName) if err != nil { return errors.Wrap(err, "failed to list objects") } @@ -113,7 +80,7 @@ type pvc struct{ *restorerOptions } func (s *pvc) Validate(ctx context.Context) error { destination := s.bcp.Status.Destination - pod, err := backup.PVCRestorePod(s.cr, s.bcp.Status.StorageName, strings.TrimPrefix(destination, "pvc/"), s.cluster) + pod, err := backup.PVCRestorePod(s.cr, s.bcp.Status.StorageName, destination.BackupName(), s.cluster) if err != nil { return errors.Wrap(err, "restore pod") } @@ -164,7 +131,7 @@ func (s *pvc) Init(ctx context.Context) error { if err := k8s.SetControllerReference(s.cr, svc, s.scheme); err != nil { return err } - pod, err := backup.PVCRestorePod(s.cr, s.bcp.Status.StorageName, strings.TrimPrefix(destination, "pvc/"), s.cluster) + pod, err := backup.PVCRestorePod(s.cr, s.bcp.Status.StorageName, destination.BackupName(), s.cluster) if err != nil { return errors.Wrap(err, "restore pod") } @@ -205,7 +172,7 @@ func (s *pvc) Finalize(ctx context.Context) error { if err := s.k8sClient.Delete(ctx, svc); err != nil { return errors.Wrap(err, "failed to delete pvc service") } - pod, err := backup.PVCRestorePod(s.cr, s.bcp.Status.StorageName, strings.TrimPrefix(s.bcp.Status.Destination, "pvc/"), s.cluster) + pod, err := backup.PVCRestorePod(s.cr, s.bcp.Status.StorageName, s.bcp.Status.Destination.BackupName(), s.cluster) if err != nil { return err } @@ -229,40 +196,17 @@ func (s *azure) PITRJob() (*batchv1.Job, error) { } func (s *azure) Validate(ctx context.Context) error { - secret := new(corev1.Secret) - err := s.k8sClient.Get(ctx, types.NamespacedName{Name: s.bcp.Status.Azure.CredentialsSecret, Namespace: s.bcp.Namespace}, secret) + opts, err := storage.GetOptionsFromBackup(ctx, s.k8sClient, s.cluster, s.bcp) if err != nil { - return errors.Wrap(err, "failed to get secret") - } - accountName := string(secret.Data["AZURE_STORAGE_ACCOUNT_NAME"]) - accountKey := string(secret.Data["AZURE_STORAGE_ACCOUNT_KEY"]) - - endpoint := fmt.Sprintf("https://%s.blob.core.windows.net/", accountName) - if s.bcp.Status.Azure.Endpoint != "" { - endpoint = s.bcp.Status.Azure.Endpoint + return errors.Wrap(err, "failed to get storage options") } - container, prefix := s.bcp.Status.Azure.ContainerAndPrefix() - azurecli, err := s.newStorageClient(&storage.AzureOptions{ - StorageAccount: accountName, - AccessKey: accountKey, - Endpoint: endpoint, - Container: container, - Prefix: prefix, - }) + azurecli, err := s.newStorageClient(ctx, opts) if err != nil { return errors.Wrap(err, "failed to create s3 client") } - dest := s.bcp.Status.Destination - dest = strings.TrimPrefix(dest, api.AzureBlobStoragePrefix) - dest = strings.TrimPrefix(dest, container+"/") - if prefix != "" { - dest = strings.TrimPrefix(dest, prefix) - dest = strings.TrimPrefix(dest, "/") - } - dest = strings.TrimSuffix(dest, "/") + "/" - - blobs, err := azurecli.ListObjects(ctx, dest) + backupName := s.bcp.Status.Destination.BackupName() + "/" + blobs, err := azurecli.ListObjects(ctx, backupName) if err != nil { return errors.Wrap(err, "list blobs") } @@ -286,14 +230,14 @@ func (r *ReconcilePerconaXtraDBClusterRestore) getRestorer( scheme: r.scheme, newStorageClient: r.newStorageClientFunc, } - switch { - case strings.HasPrefix(s.bcp.Status.Destination, "pvc/"): + switch s.bcp.Status.Destination.StorageTypePrefix() { + case api.PVCStoragePrefix: sr := pvc{&s} return &sr, nil - case strings.HasPrefix(s.bcp.Status.Destination, api.AwsBlobStoragePrefix): + case api.AwsBlobStoragePrefix: sr := s3{&s} return &sr, nil - case s.bcp.Status.Azure != nil: + case api.AzureBlobStoragePrefix: sr := azure{&s} return &sr, nil } diff --git a/pkg/pxc/app/statefulset/node.go b/pkg/pxc/app/statefulset/node.go index a77f289d68..37c4d461e7 100644 --- a/pkg/pxc/app/statefulset/node.go +++ b/pkg/pxc/app/statefulset/node.go @@ -254,6 +254,9 @@ func (c *Node) AppContainer(spec *api.PodSpec, secrets string, cr *api.PerconaXt Name: "mysql-init-file", MountPath: "/etc/mysql/init-file", }) + + appc.ReadinessProbe = app.Probe(&cr.Spec.PXC.ReadinessProbes, "/var/lib/mysql/readiness-check.sh") + appc.LivenessProbe = app.Probe(&cr.Spec.PXC.LivenessProbes, "/var/lib/mysql/liveness-check.sh") } if cr.Spec.PXC != nil && (cr.Spec.PXC.Lifecycle.PostStart != nil || cr.Spec.PXC.Lifecycle.PreStop != nil) { diff --git a/pkg/pxc/backup/job.go b/pkg/pxc/backup/job.go index 35ce4a0cc3..53a6a8ee9f 100644 --- a/pkg/pxc/backup/job.go +++ b/pkg/pxc/backup/job.go @@ -1,9 +1,8 @@ package backup import ( - "net/url" + "path" "strconv" - "strings" "github.com/pkg/errors" batchv1 "k8s.io/api/batch/v1" @@ -216,7 +215,12 @@ func SetStorageAzure(job *batchv1.JobSpec, cr *api.PerconaXtraDBClusterBackup) e SecretKeyRef: app.SecretKeySelector(azure.CredentialsSecret, "AZURE_STORAGE_ACCOUNT_KEY"), }, } - container, _ := azure.ContainerAndPrefix() + container, prefix := azure.ContainerAndPrefix() + if container == "" { + container, prefix = cr.Status.Destination.BucketAndPrefix() + } + bucketPath := path.Join(prefix, cr.Status.Destination.BackupName()) + containerName := corev1.EnvVar{ Name: "AZURE_CONTAINER_NAME", Value: container, @@ -231,7 +235,7 @@ func SetStorageAzure(job *batchv1.JobSpec, cr *api.PerconaXtraDBClusterBackup) e } backupPath := corev1.EnvVar{ Name: "BACKUP_PATH", - Value: strings.TrimPrefix(cr.Status.Destination, container+"/"), + Value: bucketPath, } if len(job.Template.Spec.Containers) == 0 { return errors.New("no containers in job spec") @@ -281,37 +285,30 @@ func SetStorageS3(job *batchv1.JobSpec, cr *api.PerconaXtraDBClusterBackup) erro } job.Template.Spec.Containers[0].Env = append(job.Template.Spec.Containers[0].Env, accessKey, secretKey, region, endpoint) - u, err := parseS3URL(cr.Status.Destination) - if err != nil { - return errors.Wrap(err, "failed to create job") + bucket, prefix := s3.BucketAndPrefix() + if bucket == "" { + bucket, prefix = cr.Status.Destination.BucketAndPrefix() } - bucket := corev1.EnvVar{ + bucketPath := path.Join(prefix, cr.Status.Destination.BackupName()) + + bucketEnv := corev1.EnvVar{ Name: "S3_BUCKET", - Value: u.Host, + Value: bucket, } - bucketPath := corev1.EnvVar{ + bucketPathEnv := corev1.EnvVar{ Name: "S3_BUCKET_PATH", - Value: strings.TrimLeft(u.Path, "/"), + Value: bucketPath, } - job.Template.Spec.Containers[0].Env = append(job.Template.Spec.Containers[0].Env, bucket, bucketPath) + job.Template.Spec.Containers[0].Env = append(job.Template.Spec.Containers[0].Env, bucketEnv, bucketPathEnv) // add SSL volumes job.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{} job.Template.Spec.Volumes = []corev1.Volume{} - err = appendStorageSecret(job, cr) + err := appendStorageSecret(job, cr) if err != nil { return errors.Wrap(err, "failed to append storage secrets") } return nil } - -func parseS3URL(bucketURL string) (*url.URL, error) { - u, err := url.Parse(bucketURL) - if err != nil { - return nil, errors.Wrap(err, "failed to parse s3 URL") - } - - return u, nil -} diff --git a/pkg/pxc/backup/restore.go b/pkg/pxc/backup/restore.go index 588ad2fbf2..b29053f775 100644 --- a/pkg/pxc/backup/restore.go +++ b/pkg/pxc/backup/restore.go @@ -1,6 +1,7 @@ package backup import ( + "path" "strconv" "strings" @@ -135,7 +136,7 @@ func PVCRestorePod(cr *api.PerconaXtraDBClusterRestore, bcpStorageName, pvcName }, nil } -func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, destination string, pitr bool) (*batchv1.Job, error) { +func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, destination api.PXCBackupDestination, pitr bool) (*batchv1.Job, error) { switch bcp.Status.GetStorageType(cluster) { case api.BackupStorageAzure: if bcp.Status.Azure == nil { @@ -253,7 +254,7 @@ func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClust return job, nil } -func restoreJobEnvs(bcp *api.PerconaXtraDBClusterBackup, cr *api.PerconaXtraDBClusterRestore, cluster *api.PerconaXtraDBCluster, destination string, pitr bool) ([]corev1.EnvVar, error) { +func restoreJobEnvs(bcp *api.PerconaXtraDBClusterBackup, cr *api.PerconaXtraDBClusterRestore, cluster *api.PerconaXtraDBCluster, destination api.PXCBackupDestination, pitr bool) ([]corev1.EnvVar, error) { if bcp.Status.GetStorageType(cluster) == api.BackupStorageFilesystem { return util.MergeEnvLists( []corev1.EnvVar{ @@ -355,11 +356,13 @@ func restoreJobEnvs(bcp *api.PerconaXtraDBClusterBackup, cr *api.PerconaXtraDBCl ), nil } -func azureEnvs(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, destination string, pitr bool) ([]corev1.EnvVar, error) { +func azureEnvs(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, destination api.PXCBackupDestination, pitr bool) ([]corev1.EnvVar, error) { azure := bcp.Status.Azure - container, _ := azure.ContainerAndPrefix() - destination = strings.TrimPrefix(destination, api.AzureBlobStoragePrefix+container+"/") - destination = strings.TrimPrefix(destination, container+"/") + container, prefix := azure.ContainerAndPrefix() + if container == "" { + container, prefix = destination.BucketAndPrefix() + } + backupPath := path.Join(prefix, destination.BackupName()) envs := []corev1.EnvVar{ { Name: "AZURE_STORAGE_ACCOUNT", @@ -387,7 +390,7 @@ func azureEnvs(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBCluste }, { Name: "BACKUP_PATH", - Value: destination, + Value: backupPath, }, } if pitr { @@ -440,11 +443,11 @@ func azureEnvs(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBCluste return envs, nil } -func s3Envs(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, destination string, pitr bool) ([]corev1.EnvVar, error) { +func s3Envs(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, destination api.PXCBackupDestination, pitr bool) ([]corev1.EnvVar, error) { envs := []corev1.EnvVar{ { Name: "S3_BUCKET_URL", - Value: destination, + Value: strings.TrimPrefix(destination.String(), destination.StorageTypePrefix()), }, { Name: "ENDPOINT", diff --git a/pkg/pxc/backup/storage/fake/storage.go b/pkg/pxc/backup/storage/fake/storage.go index 667860db10..ec5d3f08f3 100644 --- a/pkg/pxc/backup/storage/fake/storage.go +++ b/pkg/pxc/backup/storage/fake/storage.go @@ -2,12 +2,23 @@ package fake import ( "context" + "errors" "io" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/backup/storage" ) -func NewFakeClient(storage.Options) (storage.Storage, error) { +func NewFakeClient(ctx context.Context, opts storage.Options) (storage.Storage, error) { + switch opts := opts.(type) { + case *storage.S3Options: + if opts.BucketName == "" { + return nil, errors.New("bucket name is empty") + } + case *storage.AzureOptions: + if opts.Container == "" { + return nil, errors.New("container name is empty") + } + } return &FakeStorageClient{}, nil } diff --git a/pkg/pxc/backup/storage/options.go b/pkg/pxc/backup/storage/options.go index 9eabeb0936..b10bc1081b 100644 --- a/pkg/pxc/backup/storage/options.go +++ b/pkg/pxc/backup/storage/options.go @@ -1,13 +1,108 @@ package storage import ( + "context" + api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" + "github.com/pkg/errors" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" ) type Options interface { Type() api.BackupStorageType } +func GetOptionsFromBackup(ctx context.Context, cl client.Client, cluster *api.PerconaXtraDBCluster, backup *api.PerconaXtraDBClusterBackup) (Options, error) { + switch { + case backup.Status.S3 != nil: + return getS3Options(ctx, cl, cluster, backup) + case backup.Status.Azure != nil: + return getAzureOptions(ctx, cl, backup) + default: + return nil, errors.Errorf("unknown storage type %s", backup.Status.StorageType) + } +} + +func getAzureOptions(ctx context.Context, cl client.Client, backup *api.PerconaXtraDBClusterBackup) (*AzureOptions, error) { + secret := new(corev1.Secret) + err := cl.Get(ctx, types.NamespacedName{ + Name: backup.Status.Azure.CredentialsSecret, + Namespace: backup.Namespace, + }, secret) + if err != nil { + return nil, errors.Wrap(err, "failed to get secret") + } + accountName := string(secret.Data["AZURE_STORAGE_ACCOUNT_NAME"]) + accountKey := string(secret.Data["AZURE_STORAGE_ACCOUNT_KEY"]) + + container, prefix := backup.Status.Azure.ContainerAndPrefix() + if container == "" { + container, prefix = backup.Status.Destination.BucketAndPrefix() + } + + if container == "" { + return nil, errors.New("container name is not set") + } + + return &AzureOptions{ + StorageAccount: accountName, + AccessKey: accountKey, + Endpoint: backup.Status.Azure.Endpoint, + Container: container, + Prefix: prefix, + }, nil +} + +func getS3Options(ctx context.Context, cl client.Client, cluster *api.PerconaXtraDBCluster, backup *api.PerconaXtraDBClusterBackup) (*S3Options, error) { + secret := new(corev1.Secret) + err := cl.Get(ctx, types.NamespacedName{ + Name: backup.Status.S3.CredentialsSecret, + Namespace: backup.Namespace, + }, secret) + if client.IgnoreNotFound(err) != nil { + return nil, errors.Wrap(err, "failed to get secret") + } + accessKeyID := string(secret.Data["AWS_ACCESS_KEY_ID"]) + secretAccessKey := string(secret.Data["AWS_SECRET_ACCESS_KEY"]) + + bucket, prefix := backup.Status.S3.BucketAndPrefix() + if bucket == "" { + bucket, prefix = backup.Status.Destination.BucketAndPrefix() + } + + if bucket == "" { + return nil, errors.New("bucket name is not set") + } + + region := backup.Status.S3.Region + if region == "" { + region = "us-east-1" + } + + verifyTLS := true + if backup.Status.VerifyTLS != nil && !*backup.Status.VerifyTLS { + verifyTLS = false + } + if cluster != nil && cluster.Spec.Backup != nil && len(cluster.Spec.Backup.Storages) > 0 { + storage, ok := cluster.Spec.Backup.Storages[backup.Spec.StorageName] + if ok && storage.VerifyTLS != nil { + verifyTLS = *storage.VerifyTLS + } + } + + return &S3Options{ + Endpoint: backup.Status.S3.EndpointURL, + AccessKeyID: accessKeyID, + SecretAccessKey: secretAccessKey, + BucketName: bucket, + Prefix: prefix, + Region: region, + VerifyTLS: verifyTLS, + }, nil +} + var _ = Options(new(S3Options)) type S3Options struct { diff --git a/pkg/pxc/backup/storage/options_test.go b/pkg/pxc/backup/storage/options_test.go new file mode 100644 index 0000000000..ff81d5af6a --- /dev/null +++ b/pkg/pxc/backup/storage/options_test.go @@ -0,0 +1,341 @@ +package storage + +import ( + "context" + "reflect" + "testing" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" +) + +func TestGetS3Options(t *testing.T) { + ctx := context.Background() + + const ns = "my-ns" + + const storageName = "my-storage" + const secretName = "my-secret" + const accessKeyID = "some-access-key" + const secretAccessKey = "some-secret-key" + + boolPtr := func(b bool) *bool { return &b } + + tests := []struct { + name string + destination string + bucket string + accessKeyID string + secretAccessKey string + endpoint string + region string + verifyTLS *bool + storage *api.BackupStorageSpec + + expected *S3Options + expectedErr string + }{ + { + name: "no secret", + bucket: "somebucket", + endpoint: "some-endpoint", + region: "some-region", + expected: &S3Options{ + Endpoint: "some-endpoint", + BucketName: "somebucket", + Region: "some-region", + VerifyTLS: true, + }, + }, + { + name: "with secret", + bucket: "somebucket", + accessKeyID: accessKeyID, + secretAccessKey: secretAccessKey, + expected: &S3Options{ + BucketName: "somebucket", + AccessKeyID: accessKeyID, + SecretAccessKey: secretAccessKey, + VerifyTLS: true, + Region: "us-east-1", + }, + }, + { + name: "bucket without prefix", + bucket: "my-bucket", + expected: &S3Options{ + BucketName: "my-bucket", + VerifyTLS: true, + Region: "us-east-1", + }, + }, + { + name: "bucket with prefix", + bucket: "my-bucket/prefix", + expected: &S3Options{ + BucketName: "my-bucket", + Prefix: "prefix/", + VerifyTLS: true, + Region: "us-east-1", + }, + }, + { + name: "destination with bucket", + destination: "s3://invalid-bucket/prefix/backup-name", + bucket: "my-bucket", + expected: &S3Options{ + BucketName: "my-bucket", + VerifyTLS: true, + Region: "us-east-1", + }, + }, + { + name: "destination without prefix", + destination: "s3://destination-bucket/backup-name", + expected: &S3Options{ + BucketName: "destination-bucket", + VerifyTLS: true, + Region: "us-east-1", + }, + }, + { + name: "destination with prefix", + destination: "s3://destination-bucket/prefix/backup-name", + expected: &S3Options{ + BucketName: "destination-bucket", + Prefix: "prefix/", + VerifyTLS: true, + Region: "us-east-1", + }, + }, + { + name: "no destination", + expectedErr: "bucket name is not set", + }, + { + name: "verifyTLS in backup", + bucket: "somebucket", + verifyTLS: boolPtr(false), + expected: &S3Options{ + BucketName: "somebucket", + VerifyTLS: false, + Region: "us-east-1", + }, + }, + { + name: "verifyTLS in backup and cluster", + bucket: "somebucket", + verifyTLS: boolPtr(true), + storage: &api.BackupStorageSpec{ + VerifyTLS: boolPtr(false), + }, + expected: &S3Options{ + BucketName: "somebucket", + VerifyTLS: false, + Region: "us-east-1", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + backup := testBackup(ns, storageName, tt.destination, tt.verifyTLS, &api.BackupStorageS3Spec{ + Bucket: tt.bucket, + CredentialsSecret: secretName, + Region: tt.region, + EndpointURL: tt.endpoint, + }, nil) + + var cluster *api.PerconaXtraDBCluster + if tt.storage != nil { + cluster = &api.PerconaXtraDBCluster{ + Spec: api.PerconaXtraDBClusterSpec{ + Backup: &api.PXCScheduledBackup{ + Storages: map[string]*api.BackupStorageSpec{ + storageName: tt.storage, + }, + }, + }, + } + } + + objs := []runtime.Object{} + if tt.accessKeyID != "" || tt.secretAccessKey != "" { + objs = append(objs, &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: ns, + }, + Data: map[string][]byte{ + "AWS_ACCESS_KEY_ID": []byte(tt.accessKeyID), + "AWS_SECRET_ACCESS_KEY": []byte(tt.secretAccessKey), + }, + }) + } + cl := fake.NewClientBuilder().WithRuntimeObjects(objs...).Build() + + opts, err := getS3Options(ctx, cl, cluster, backup) + if err != nil && tt.expectedErr != err.Error() { + t.Fatal(err) + } + if !reflect.DeepEqual(opts, tt.expected) { + t.Fatalf("expected: %+v, got: %+v", tt.expected, opts) + } + }) + } +} + +func TestGetAzureOptions(t *testing.T) { + ctx := context.Background() + + const ns = "my-ns" + + const storageName = "my-storage" + const secretName = "my-secret" + const accountName = "some-access-key" + const accountKey = "some-secret-key" + + tests := []struct { + name string + destination string + container string + accountName string + accountKey string + endpoint string + + expected *AzureOptions + expectedErr string + }{ + { + name: "no secret", + container: "some-container", + endpoint: "some-endpoint", + expectedErr: `failed to get secret: secrets "my-secret" not found`, + }, + { + name: "container without prefix", + container: "my-container", + accountName: accountName, + accountKey: accountKey, + endpoint: "some-endpoint", + expected: &AzureOptions{ + StorageAccount: accountName, + AccessKey: accountKey, + Container: "my-container", + Endpoint: "some-endpoint", + }, + }, + { + name: "container with prefix", + container: "my-container/prefix", + accountName: accountName, + accountKey: accountKey, + expected: &AzureOptions{ + StorageAccount: accountName, + AccessKey: accountKey, + Container: "my-container", + Prefix: "prefix/", + }, + }, + { + name: "destination with container", + destination: "azure://invalid-container/prefix/backup-name", + container: "my-container", + accountName: accountName, + accountKey: accountKey, + expected: &AzureOptions{ + StorageAccount: accountName, + AccessKey: accountKey, + Container: "my-container", + }, + }, + { + name: "destination without prefix", + destination: "azure://destination-container/backup-name", + accountName: accountName, + accountKey: accountKey, + expected: &AzureOptions{ + StorageAccount: accountName, + AccessKey: accountKey, + Container: "destination-container", + }, + }, + { + name: "destination with prefix", + destination: "azure://destination-container/prefix/backup-name", + accountName: accountName, + accountKey: accountKey, + expected: &AzureOptions{ + StorageAccount: accountName, + AccessKey: accountKey, + Container: "destination-container", + Prefix: "prefix/", + }, + }, + { + name: "no destination", + accountName: accountName, + accountKey: accountKey, + expectedErr: "container name is not set", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + backup := testBackup(ns, storageName, tt.destination, nil, nil, &api.BackupStorageAzureSpec{ + ContainerPath: tt.container, + CredentialsSecret: secretName, + Endpoint: tt.endpoint, + }) + + objs := []runtime.Object{} + if tt.accountName != "" || tt.accountKey != "" { + objs = append(objs, testSecret(ns, secretName, map[string][]byte{ + "AZURE_STORAGE_ACCOUNT_NAME": []byte(tt.accountName), + "AZURE_STORAGE_ACCOUNT_KEY": []byte(tt.accountKey), + })) + } + cl := fake.NewClientBuilder().WithRuntimeObjects(objs...).Build() + + opts, err := getAzureOptions(ctx, cl, backup) + if err != nil && tt.expectedErr != err.Error() { + t.Fatal(err) + } + if !reflect.DeepEqual(opts, tt.expected) { + t.Fatalf("expected: %+v, got: %+v", tt.expected, opts) + } + }) + } +} + +func testSecret(ns string, name string, data map[string][]byte) *corev1.Secret { + return &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: ns, + }, + Data: data, + } +} + +func testBackup(ns string, storageName string, destination string, verifyTLS *bool, s3 *api.BackupStorageS3Spec, azure *api.BackupStorageAzureSpec) *api.PerconaXtraDBClusterBackup { + return &api.PerconaXtraDBClusterBackup{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-backup", + Namespace: ns, + }, + Spec: api.PXCBackupSpec{ + StorageName: storageName, + }, + Status: api.PXCBackupStatus{ + Destination: api.PXCBackupDestination(destination), + S3: s3, + Azure: azure, + VerifyTLS: verifyTLS, + }, + } +} diff --git a/pkg/pxc/backup/storage/storage.go b/pkg/pxc/backup/storage/storage.go index e44a9f11a3..81c676d107 100644 --- a/pkg/pxc/backup/storage/storage.go +++ b/pkg/pxc/backup/storage/storage.go @@ -30,16 +30,16 @@ type Storage interface { GetPrefix() string } -type NewClientFunc func(Options) (Storage, error) +type NewClientFunc func(context.Context, Options) (Storage, error) -func NewClient(opts Options) (Storage, error) { +func NewClient(ctx context.Context, opts Options) (Storage, error) { switch opts.Type() { case api.BackupStorageS3: opts, ok := opts.(*S3Options) if !ok { return nil, errors.New("invalid options type") } - return NewS3(opts.Endpoint, opts.AccessKeyID, opts.SecretAccessKey, opts.BucketName, opts.Prefix, opts.Region, opts.VerifyTLS) + return NewS3(ctx, opts.Endpoint, opts.AccessKeyID, opts.SecretAccessKey, opts.BucketName, opts.Prefix, opts.Region, opts.VerifyTLS) case api.BackupStorageAzure: opts, ok := opts.(*AzureOptions) if !ok { @@ -58,9 +58,14 @@ type S3 struct { } // NewS3 return new Manager, useSSL using ssl for connection with storage -func NewS3(endpoint, accessKeyID, secretAccessKey, bucketName, prefix, region string, verifyTLS bool) (Storage, error) { +func NewS3(ctx context.Context, endpoint, accessKeyID, secretAccessKey, bucketName, prefix, region string, verifyTLS bool) (Storage, error) { if endpoint == "" { endpoint = "https://s3.amazonaws.com" + // We can't use default endpoint if region is not us-east-1 + // More info: https://docs.aws.amazon.com/general/latest/gr/s3.html + if region != "" && region != "us-east-1" { + endpoint = fmt.Sprintf("https://s3.%s.amazonaws.com", region) + } } useSSL := strings.Contains(endpoint, "https") endpoint = strings.TrimPrefix(strings.TrimPrefix(endpoint, "https://"), "http://") @@ -78,6 +83,17 @@ func NewS3(endpoint, accessKeyID, secretAccessKey, bucketName, prefix, region st return nil, errors.Wrap(err, "new minio client") } + bucketExists, err := minioClient.BucketExists(ctx, bucketName) + if err != nil { + if merr, ok := err.(minio.ErrorResponse); ok && merr.Code == "301 Moved Permanently" { + return nil, errors.Errorf("%s region: %s bucket: %s", merr.Code, merr.Region, merr.BucketName) + } + return nil, errors.Wrap(err, "failed to check if bucket exists") + } + if !bucketExists { + return nil, errors.Errorf("bucket %s does not exist", bucketName) + } + return &S3{ client: minioClient, bucketName: bucketName, diff --git a/pkg/pxc/users/users.go b/pkg/pxc/users/users.go index ce5392a9f5..e2ad6050f5 100644 --- a/pkg/pxc/users/users.go +++ b/pkg/pxc/users/users.go @@ -255,7 +255,7 @@ func (u *Manager) Update170XtrabackupUser(pass string) (err error) { return nil } -// Update1100MonitorUserPrivilege grants system_user privilege for monitor +// Update1100MonitorUserPrivilege grants system_user privilege for monitor func (u *Manager) Update1100MonitorUserPrivilege() (err error) { if _, err := u.db.Exec("GRANT SYSTEM_USER ON *.* TO 'monitor'@'%'"); err != nil { return errors.Wrap(err, "monitor user")