diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b4445512f3..fcb580427a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,3 @@ * @hors @egegunes @inelpandzic @pooknull -/e2e-tests/ @tplavcic @nmarukovich @ptankov -Jenkinsfile @tplavcic @nmarukovich @ptankov +/e2e-tests/ @tplavcic @nmarukovich @ptankov @jvpasinatto @eleo007 +Jenkinsfile @tplavcic @nmarukovich @ptankov @jvpasinatto @eleo007 diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 55eb0c8904..6c79291416 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -10,7 +10,7 @@ jobs: with: go-version: '1.21' - name: golangci-lint - uses: golangci/golangci-lint-action@v4 + uses: golangci/golangci-lint-action@v6 with: version: latest only-new-issues: true @@ -86,6 +86,13 @@ jobs: - uses: actions/setup-go@v5 with: go-version: '1.21' - - run: | + - name: check on release branch + if: ${{ contains(github.head_ref, 'release-') || contains(github.base_ref, 'release-') }} + run: | + make generate manifests VERSION="$(grep "Version" version/version.go|grep -oE "[0-9]+\.[0-9]+\.[0-9]+")" IMAGE_TAG_BASE="percona/percona-xtradb-cluster-operator" + git diff --exit-code + - name: check on non release branches + if: ${{ ! (contains(github.head_ref, 'release-') || contains(github.base_ref, 'release-')) }} + run: | make generate manifests VERSION=main git diff --exit-code diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 678006ad8a..4d5f792796 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -31,7 +31,7 @@ jobs: ./e2e-tests/build - name: Run Trivy vulnerability scanner image (linux/arm64) - uses: aquasecurity/trivy-action@0.19.0 + uses: aquasecurity/trivy-action@0.23.0 with: image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64' format: 'table' @@ -49,7 +49,7 @@ jobs: ./e2e-tests/build - name: Run Trivy vulnerability scanner image (linux/amd64) - uses: aquasecurity/trivy-action@0.19.0 + uses: aquasecurity/trivy-action@0.23.0 with: image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64' format: 'table' diff --git a/Jenkinsfile b/Jenkinsfile index c6dbfbcc61..ba615eb987 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -290,11 +290,8 @@ pipeline { curl -fsSL https://get.helm.sh/helm-v3.12.3-linux-amd64.tar.gz | sudo tar -C /usr/local/bin --strip-components 1 -xzf - linux-amd64/helm - sudo sh -c "curl -s -L https://github.com/mikefarah/yq/releases/download/v4.35.1/yq_linux_amd64 > /usr/local/bin/yq" - sudo chmod +x /usr/local/bin/yq - - sudo sh -c "curl -s -L https://github.com/jqlang/jq/releases/download/jq-1.6/jq-linux64 > /usr/local/bin/jq" - sudo chmod +x /usr/local/bin/jq + sudo curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.44.1/yq_linux_amd64 -o /usr/local/bin/yq && sudo chmod +x /usr/local/bin/yq + sudo curl -fsSL https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 -o /usr/local/bin/jq && sudo chmod +x /usr/local/bin/jq sudo tee /etc/yum.repos.d/google-cloud-sdk.repo << EOF [google-cloud-cli] @@ -364,7 +361,7 @@ EOF --rm \ -v $WORKSPACE/src/github.com/percona/percona-xtradb-cluster-operator:/go/src/github.com/percona/percona-xtradb-cluster-operator \ -w /go/src/github.com/percona/percona-xtradb-cluster-operator \ - golang:1.21 sh -c ' + golang:1.22 sh -c ' go install -mod=readonly github.com/google/go-licenses@latest; /go/bin/go-licenses csv github.com/percona/percona-xtradb-cluster-operator/cmd/manager \ | cut -d , -f 3 \ @@ -393,7 +390,7 @@ EOF -w /go/src/github.com/percona/percona-xtradb-cluster-operator \ -e GO111MODULE=on \ -e GOFLAGS='-buildvcs=false' \ - golang:1.21 sh -c 'go build -v -o percona-xtradb-cluster-operator github.com/percona/percona-xtradb-cluster-operator/cmd/manager' + golang:1.22 sh -c 'go build -v -o percona-xtradb-cluster-operator github.com/percona/percona-xtradb-cluster-operator/cmd/manager' " ''' diff --git a/Makefile b/Makefile index 1433ee1132..15d420d9b2 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,8 @@ NAME ?= percona-xtradb-cluster-operator IMAGE_TAG_OWNER ?= perconalab IMAGE_TAG_BASE ?= $(IMAGE_TAG_OWNER)/$(NAME) -VERSION ?= $(shell git rev-parse --abbrev-ref HEAD | sed -e 's^/^-^g; s^[.]^-^g;' | tr '[:upper:]' '[:lower:]') +SED := $(shell which gsed || which sed) +VERSION ?= $(shell git rev-parse --abbrev-ref HEAD | $(SED) -e 's^/^-^g; s^[.]^-^g;' | tr '[:upper:]' '[:lower:]') IMAGE ?= $(IMAGE_TAG_BASE):$(VERSION) DEPLOYDIR = ./deploy @@ -22,11 +23,11 @@ $(DEPLOYDIR)/crd.yaml: kustomize generate .PHONY: $(DEPLOYDIR)/operator.yaml $(DEPLOYDIR)/operator.yaml: - sed -i "/^ containers:/,/^ image:/{s#image: .*#image: $(IMAGE_TAG_BASE):$(VERSION)#}" deploy/operator.yaml + $(SED) -i "/^ containers:/,/^ image:/{s#image: .*#image: $(IMAGE_TAG_BASE):$(VERSION)#}" deploy/operator.yaml .PHONY: $(DEPLOYDIR)/cw-operator.yaml $(DEPLOYDIR)/cw-operator.yaml: - sed -i "/^ containers:/,/^ image:/{s#image: .*#image: $(IMAGE_TAG_BASE):$(VERSION)#}" deploy/cw-operator.yaml + $(SED) -i "/^ containers:/,/^ image:/{s#image: .*#image: $(IMAGE_TAG_BASE):$(VERSION)#}" deploy/cw-operator.yaml $(DEPLOYDIR)/bundle.yaml: $(DEPLOYDIR)/crd.yaml $(DEPLOYDIR)/rbac.yaml $(DEPLOYDIR)/operator.yaml ## Generate deploy/bundle.yaml cat $(DEPLOYDIR)/crd.yaml > $(DEPLOYDIR)/bundle.yaml; echo "---" >> $(DEPLOYDIR)/bundle.yaml; cat $(DEPLOYDIR)/rbac.yaml >> $(DEPLOYDIR)/bundle.yaml; echo "---" >> $(DEPLOYDIR)/bundle.yaml; cat $(DEPLOYDIR)/operator.yaml >> $(DEPLOYDIR)/bundle.yaml @@ -87,7 +88,7 @@ endef CONTROLLER_GEN = $(shell pwd)/bin/controller-gen controller-gen: ## Download controller-gen locally if necessary. - $(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0) + $(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.15.0) KUSTOMIZE = $(shell pwd)/bin/kustomize kustomize: ## Download kustomize locally if necessary. @@ -100,14 +101,14 @@ envtest: ## Download envtest-setup locally if necessary. # Prepare release CERT_MANAGER_VER := $(shell grep -Eo "cert-manager v.*" go.mod|grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") release: manifests - sed -i "/CERT_MANAGER_VER/s/CERT_MANAGER_VER=\".*/CERT_MANAGER_VER=\"$(CERT_MANAGER_VER)\"/" e2e-tests/functions - sed -i "/Version = \"/s/Version = \".*/Version = \"$(VERSION)\"/" version/version.go - sed -i \ + $(SED) -i "/CERT_MANAGER_VER/s/CERT_MANAGER_VER=\".*/CERT_MANAGER_VER=\"$(CERT_MANAGER_VER)\"/" e2e-tests/functions + $(SED) -i "/Version = \"/s/Version = \".*/Version = \"$(VERSION)\"/" version/version.go + $(SED) -i \ -e "s/crVersion: .*/crVersion: $(VERSION)/" \ -e "/^ pxc:/,/^ image:/{s#image: .*#image: percona/percona-xtradb-cluster:@@SET_TAG@@#}" \ -e "/^ haproxy:/,/^ image:/{s#image: .*#image: percona/percona-xtradb-cluster-operator:$(VERSION)-haproxy#}" \ -e "/^ logcollector:/,/^ image:/{s#image: .*#image: percona/percona-xtradb-cluster-operator:$(VERSION)-logcollector#}" deploy/cr-minimal.yaml - sed -i \ + $(SED) -i \ -e "s/crVersion: .*/crVersion: $(VERSION)/" \ -e "/^ pxc:/,/^ image:/{s#image: .*#image: percona/percona-xtradb-cluster:@@SET_TAG@@#}" \ -e "/^ haproxy:/,/^ image:/{s#image: .*#image: percona/percona-xtradb-cluster-operator:$(VERSION)-haproxy#}" \ @@ -122,13 +123,13 @@ MAJOR_VER := $(shell grep -oE "crVersion: .*" deploy/cr.yaml|grep -oE "[0-9]+\.[ MINOR_VER := $(shell grep -oE "crVersion: .*" deploy/cr.yaml|grep -oE "[0-9]+\.[0-9]+\.[0-9]+"|cut -d'.' -f2) NEXT_VER ?= $(MAJOR_VER).$$(($(MINOR_VER) + 1)).0 after-release: manifests - sed -i "/Version = \"/s/Version = \".*/Version = \"$(NEXT_VER)\"/" version/version.go - sed -i \ + $(SED) -i "/Version = \"/s/Version = \".*/Version = \"$(NEXT_VER)\"/" version/version.go + $(SED) -i \ -e "s/crVersion: .*/crVersion: $(NEXT_VER)/" \ -e "/^ pxc:/,/^ image:/{s#image: .*#image: perconalab/percona-xtradb-cluster-operator:main-pxc8.0#}" \ -e "/^ haproxy:/,/^ image:/{s#image: .*#image: perconalab/percona-xtradb-cluster-operator:main-haproxy#}" \ -e "/^ logcollector:/,/^ image:/{s#image: .*#image: perconalab/percona-xtradb-cluster-operator:main-logcollector#}" deploy/cr-minimal.yaml - sed -i \ + $(SED) -i \ -e "s/crVersion: .*/crVersion: $(NEXT_VER)/" \ -e "/^ pxc:/,/^ image:/{s#image: .*#image: perconalab/percona-xtradb-cluster-operator:main-pxc8.0#}" \ -e "/^ haproxy:/,/^ image:/{s#image: .*#image: perconalab/percona-xtradb-cluster-operator:main-haproxy#}" \ diff --git a/build/Dockerfile b/build/Dockerfile index 125c22d390..903d50e43a 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${BUILDPLATFORM} golang:1.21 AS go_builder +FROM --platform=${BUILDPLATFORM} golang:1.22 AS go_builder WORKDIR /go/src/github.com/percona/percona-xtradb-cluster-operator COPY go.mod go.sum ./ @@ -21,8 +21,14 @@ RUN mkdir -p build/_output/bin \ cmd/manager/main.go \ && cp -r build/_output/bin/percona-xtradb-cluster-operator /usr/local/bin/percona-xtradb-cluster-operator -RUN go build -o build/_output/bin/peer-list cmd/peer-list/main.go \ - && cp -r build/_output/bin/peer-list /usr/local/bin/ +RUN GOOS=$GOOS GOARCH=${TARGETARCH} CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \ + go build -o build/_output/bin/peer-list cmd/peer-list/main.go \ + && cp -r build/_output/bin/peer-list /usr/local/bin/peer-list + +RUN GOOS=$GOOS GOARCH=${TARGETARCH} CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \ + go build -o build/_output/bin/pitr \ + cmd/pitr/main.go \ + && cp -r build/_output/bin/pitr /usr/local/bin/pitr # Looking for all possible License/Notice files and copying them to the image RUN find $GOPATH/pkg/mod -regextype posix-extended -iregex '.*(license|notice)(\.md|\.txt|$)' \ @@ -42,8 +48,11 @@ LABEL name="Percona XtraDB Cluster Operator" \ COPY LICENSE /licenses/ COPY --from=go_builder /usr/local/bin/percona-xtradb-cluster-operator /usr/local/bin/percona-xtradb-cluster-operator COPY --from=go_builder /usr/local/bin/peer-list /peer-list +COPY --from=go_builder /usr/local/bin/pitr /pitr COPY build/pxc-entrypoint.sh /pxc-entrypoint.sh COPY build/pxc-init-entrypoint.sh /pxc-init-entrypoint.sh +COPY build/pitr-init-entrypoint.sh /pitr-init-entrypoint.sh +COPY build/backup-init-entrypoint.sh /backup-init-entrypoint.sh COPY build/unsafe-bootstrap.sh /unsafe-bootstrap.sh COPY build/pxc-configure-pxc.sh /pxc-configure-pxc.sh COPY build/liveness-check.sh /liveness-check.sh diff --git a/build/backup-init-entrypoint.sh b/build/backup-init-entrypoint.sh new file mode 100755 index 0000000000..2d455e2a4e --- /dev/null +++ b/build/backup-init-entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +set -o errexit +set -o xtrace + +install -o "$(id -u)" -g "$(id -g)" -m 0755 -D /peer-list /opt/percona/peer-list diff --git a/build/pitr-init-entrypoint.sh b/build/pitr-init-entrypoint.sh new file mode 100755 index 0000000000..4df83e5e1f --- /dev/null +++ b/build/pitr-init-entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -o errexit +set -o xtrace + +install -o "$(id -u)" -g "$(id -g)" -m 0755 -D /pitr /opt/percona/pitr +install -o "$(id -u)" -g "$(id -g)" -m 0755 -D /peer-list /opt/percona/peer-list diff --git a/build/pxc-entrypoint.sh b/build/pxc-entrypoint.sh index 69cf0d37c3..553c517759 100755 --- a/build/pxc-entrypoint.sh +++ b/build/pxc-entrypoint.sh @@ -410,7 +410,7 @@ if [ -z "$CLUSTER_JOIN" ] && [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then GRANT ALL ON *.* TO 'operator'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; CREATE USER 'xtrabackup'@'%' IDENTIFIED BY '$(escape_special "${XTRABACKUP_PASSWORD}")' PASSWORD EXPIRE NEVER; - GRANT ALL ON *.* TO 'xtrabackup'@'%'; + GRANT ALL ON *.* TO 'xtrabackup'@'%' WITH GRANT OPTION ; CREATE USER 'monitor'@'${MONITOR_HOST}' IDENTIFIED BY '$(escape_special "${MONITOR_PASSWORD}")' WITH MAX_USER_CONNECTIONS 100 PASSWORD EXPIRE NEVER; GRANT SELECT, PROCESS, SUPER, REPLICATION CLIENT, RELOAD ON *.* TO 'monitor'@'${MONITOR_HOST}'; diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 8e80f5418c..c43a8a60a1 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -1,6 +1,7 @@ package main import ( + "context" "flag" "os" "runtime" @@ -13,11 +14,13 @@ import ( "github.com/go-logr/logr" uzap "go.uber.org/zap" "go.uber.org/zap/zapcore" + eventsv1 "k8s.io/api/events/v1" k8sruntime "k8s.io/apimachinery/pkg/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" metricsServer "sigs.k8s.io/controller-runtime/pkg/metrics/server" @@ -162,6 +165,20 @@ func main() { os.Exit(1) } + err = mgr.GetFieldIndexer().IndexField( + context.Background(), + &eventsv1.Event{}, + "regarding.name", + func(rawObj client.Object) []string { + event := rawObj.(*eventsv1.Event) + return []string{event.Regarding.Name} + }, + ) + if err != nil { + setupLog.Error(err, "unable to index field") + os.Exit(1) + } + setupLog.Info("Starting the Cmd.") ctx := k8s.StartStopSignalHandler(mgr.GetClient(), strings.Split(namespace, ",")) diff --git a/cmd/pitr/pxc/pxc.go b/cmd/pitr/pxc/pxc.go index 2e9d3aaf4f..3fd302711e 100644 --- a/cmd/pitr/pxc/pxc.go +++ b/cmd/pitr/pxc/pxc.go @@ -55,7 +55,7 @@ func (p *PXC) GetHost() string { // GetGTIDSet return GTID set by binary log file name func (p *PXC) GetGTIDSet(ctx context.Context, binlogName string) (string, error) { - //select name from mysql.func where name='get_gtid_set_by_binlog' + // select name from mysql.func where name='get_gtid_set_by_binlog' var existFunc string nameRow := p.db.QueryRowContext(ctx, "select name from mysql.func where name='get_gtid_set_by_binlog'") err := nameRow.Scan(&existFunc) @@ -226,7 +226,7 @@ func (p *PXC) SubtractGTIDSet(ctx context.Context, set, subSet string) (string, } func getNodesByServiceName(ctx context.Context, pxcServiceName string) ([]string, error) { - cmd := exec.CommandContext(ctx, "peer-list", "-on-start=/usr/bin/get-pxc-state", "-service="+pxcServiceName) + cmd := exec.CommandContext(ctx, "/opt/percona/peer-list", "-on-start=/usr/bin/get-pxc-state", "-service="+pxcServiceName) out, err := cmd.CombinedOutput() if err != nil { return nil, errors.Wrap(err, "get peer-list output") diff --git a/config/crd/bases/pxc.percona.com_perconaxtradbclusterbackups.yaml b/config/crd/bases/pxc.percona.com_perconaxtradbclusterbackups.yaml index 1f83b635b1..8efcc1300a 100644 --- a/config/crd/bases/pxc.percona.com_perconaxtradbclusterbackups.yaml +++ b/config/crd/bases/pxc.percona.com_perconaxtradbclusterbackups.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusterbackups.pxc.percona.com spec: group: pxc.percona.com @@ -89,12 +88,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -104,6 +105,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -119,17 +121,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -234,9 +239,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crd/bases/pxc.percona.com_perconaxtradbclusterrestores.yaml b/config/crd/bases/pxc.percona.com_perconaxtradbclusterrestores.yaml index df177af350..3e181b8ed4 100644 --- a/config/crd/bases/pxc.percona.com_perconaxtradbclusterrestores.yaml +++ b/config/crd/bases/pxc.percona.com_perconaxtradbclusterrestores.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusterrestores.pxc.percona.com spec: group: pxc.percona.com @@ -167,12 +166,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -182,6 +183,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -197,17 +199,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -363,9 +368,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crd/bases/pxc.percona.com_perconaxtradbclusters.yaml b/config/crd/bases/pxc.percona.com_perconaxtradbclusters.yaml index a0f5e1196a..f69d051119 100644 --- a/config/crd/bases/pxc.percona.com_perconaxtradbclusters.yaml +++ b/config/crd/bases/pxc.percona.com_perconaxtradbclusters.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusters.pxc.percona.com spec: group: pxc.percona.com @@ -73,8 +72,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array pitr: properties: @@ -160,11 +161,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -176,12 +179,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -190,6 +196,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -206,11 +213,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -222,16 +231,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -253,16 +267,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -286,20 +303,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -313,6 +334,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -329,16 +351,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -362,26 +387,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -403,16 +433,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -436,20 +469,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -463,6 +500,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -479,16 +517,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -512,26 +553,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -580,12 +626,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -595,6 +643,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -610,17 +659,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -631,16 +683,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -698,6 +761,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -736,6 +808,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -748,6 +821,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -840,16 +914,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -907,6 +984,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -919,6 +997,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -965,16 +1044,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -1016,11 +1098,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1032,12 +1116,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1046,6 +1133,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1062,11 +1150,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1078,16 +1168,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -1109,16 +1204,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1142,20 +1240,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1169,6 +1271,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1185,16 +1288,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1218,26 +1324,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1259,16 +1370,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1292,20 +1406,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1319,6 +1437,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1335,16 +1454,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1368,26 +1490,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -1403,16 +1530,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1513,6 +1651,8 @@ spec: items: type: string type: array + onlyReaders: + type: boolean trafficPolicy: type: string type: @@ -1535,8 +1675,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -1552,6 +1694,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -1569,6 +1712,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1610,6 +1754,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -1627,6 +1772,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1672,6 +1818,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1702,6 +1849,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1767,6 +1915,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -1805,6 +1962,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -1817,6 +1975,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -1842,6 +2001,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1872,6 +2032,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1994,6 +2155,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2006,6 +2168,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -2052,16 +2215,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -2077,6 +2243,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -2120,6 +2287,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -2220,6 +2390,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -2229,8 +2400,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -2245,8 +2418,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -2272,11 +2447,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -2286,8 +2464,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -2314,6 +2494,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -2334,10 +2515,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -2362,6 +2545,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2374,6 +2558,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -2420,16 +2605,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -2456,10 +2644,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -2476,8 +2666,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -2555,13 +2747,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -2635,16 +2830,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -2673,11 +2871,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -2692,6 +2893,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -2712,10 +2914,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -2734,11 +2938,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -2753,6 +2960,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -2784,6 +2992,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -2791,8 +3000,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -2812,8 +3023,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -2849,6 +3062,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -2863,8 +3077,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -2894,10 +3110,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -2912,12 +3130,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -2927,6 +3147,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -2942,43 +3163,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -2993,6 +3225,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -3010,6 +3243,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -3051,6 +3285,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -3068,6 +3303,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -3110,6 +3346,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -3140,6 +3377,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -3214,6 +3452,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -3244,6 +3483,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -3334,16 +3574,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -3399,6 +3650,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -3429,6 +3681,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -3491,6 +3744,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -3502,6 +3758,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -3511,6 +3769,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -3556,16 +3817,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -3621,6 +3885,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -3633,6 +3898,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -3679,16 +3945,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -3756,16 +4025,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -3865,16 +4145,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -3994,11 +4285,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -4010,12 +4303,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -4024,6 +4320,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -4040,11 +4337,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -4056,16 +4355,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -4087,16 +4391,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -4120,20 +4427,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -4147,6 +4458,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -4163,16 +4475,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -4196,26 +4511,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -4237,16 +4557,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -4270,20 +4593,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -4297,6 +4624,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -4313,16 +4641,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -4346,26 +4677,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -4381,16 +4717,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4486,8 +4833,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -4503,6 +4852,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -4520,6 +4870,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4561,6 +4912,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -4578,6 +4930,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4623,6 +4976,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4653,6 +5007,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4718,6 +5073,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -4756,6 +5120,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -4768,6 +5133,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -4793,6 +5159,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4823,6 +5190,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4937,6 +5305,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -4949,6 +5318,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -4995,16 +5365,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -5020,6 +5393,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -5063,6 +5437,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -5163,6 +5540,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -5172,8 +5550,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -5188,8 +5568,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -5215,11 +5597,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -5229,8 +5614,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -5257,6 +5644,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -5277,10 +5665,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -5305,6 +5695,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -5317,6 +5708,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -5363,16 +5755,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -5399,10 +5794,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -5419,8 +5816,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -5498,13 +5897,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -5578,16 +5980,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -5616,11 +6021,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -5635,6 +6043,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -5655,10 +6064,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -5677,11 +6088,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -5696,6 +6110,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -5727,6 +6142,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -5734,8 +6150,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -5755,8 +6173,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -5792,6 +6212,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -5806,8 +6227,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -5837,10 +6260,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -5855,12 +6280,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -5870,6 +6297,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -5885,43 +6313,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -5936,6 +6375,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -5953,6 +6393,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5994,6 +6435,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -6011,6 +6453,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6053,6 +6496,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -6083,6 +6527,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6157,6 +6602,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -6187,6 +6633,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6277,16 +6724,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -6342,6 +6800,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -6372,6 +6831,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6434,6 +6894,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -6445,6 +6908,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -6454,6 +6919,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -6499,16 +6967,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -6564,6 +7035,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -6576,6 +7048,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -6622,16 +7095,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -6667,11 +7143,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -6683,12 +7161,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -6697,6 +7178,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -6713,11 +7195,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -6729,16 +7213,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -6760,16 +7249,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -6793,20 +7285,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -6820,6 +7316,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -6836,16 +7333,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -6869,26 +7369,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -6910,16 +7415,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -6943,20 +7451,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -6970,6 +7482,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -6986,16 +7499,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7019,26 +7535,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -7056,16 +7577,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -7161,8 +7693,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -7178,6 +7712,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -7195,6 +7730,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7236,6 +7772,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -7253,6 +7790,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7298,6 +7836,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -7328,6 +7867,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7393,6 +7933,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -7431,6 +7980,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -7443,6 +7993,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -7468,6 +8019,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -7498,6 +8050,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7645,6 +8198,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -7657,6 +8211,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -7703,16 +8258,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -7728,6 +8286,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -7771,6 +8330,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -7871,6 +8433,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -7880,8 +8443,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -7896,8 +8461,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -7923,11 +8490,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -7937,8 +8507,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -7965,6 +8537,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -7985,10 +8558,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -8013,6 +8588,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -8025,6 +8601,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8071,16 +8648,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -8107,10 +8687,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -8127,8 +8709,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -8206,13 +8790,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -8286,16 +8873,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -8324,11 +8914,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -8343,6 +8936,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8363,10 +8957,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -8385,11 +8981,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -8404,6 +9003,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -8435,6 +9035,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -8442,8 +9043,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -8463,8 +9066,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -8500,6 +9105,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -8514,8 +9120,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -8545,10 +9153,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -8563,12 +9173,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -8578,6 +9190,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -8593,43 +9206,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -8644,6 +9268,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -8661,6 +9286,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8702,6 +9328,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -8719,6 +9346,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8761,6 +9389,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -8791,6 +9420,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8865,6 +9495,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -8895,6 +9526,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8985,16 +9617,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -9050,6 +9693,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9080,6 +9724,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9142,6 +9787,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -9153,6 +9801,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -9162,6 +9812,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -9207,16 +9860,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -9272,6 +9928,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -9284,6 +9941,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -9330,16 +9988,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -9363,6 +10024,8 @@ spec: items: type: string type: array + enabled: + type: boolean issuerConf: properties: group: @@ -9375,6 +10038,17 @@ spec: - name type: object type: object + unsafeFlags: + properties: + backupIfUnhealthy: + type: boolean + proxySize: + type: boolean + pxcSize: + type: boolean + tls: + type: boolean + type: object updateStrategy: type: string upgradeOptions: @@ -9551,9 +10225,3 @@ spec: specReplicasPath: .spec.pxc.size statusReplicasPath: .status.pxc.size status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deploy/backup/backup.yaml b/deploy/backup/backup.yaml index c91d9e65e1..8000555984 100644 --- a/deploy/backup/backup.yaml +++ b/deploy/backup/backup.yaml @@ -2,7 +2,7 @@ apiVersion: pxc.percona.com/v1 kind: PerconaXtraDBClusterBackup metadata: # finalizers: -# - delete-s3-backup +# - percona.com/delete-backup name: backup1 spec: pxcCluster: cluster1 diff --git a/deploy/bundle.yaml b/deploy/bundle.yaml index 427889438f..39893440ec 100644 --- a/deploy/bundle.yaml +++ b/deploy/bundle.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusterbackups.pxc.percona.com spec: group: pxc.percona.com @@ -88,12 +87,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -103,6 +104,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -118,17 +120,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -233,19 +238,12 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusterrestores.pxc.percona.com spec: group: pxc.percona.com @@ -408,12 +406,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -423,6 +423,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -438,17 +439,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -604,19 +608,12 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusters.pxc.percona.com spec: group: pxc.percona.com @@ -975,8 +972,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array pitr: properties: @@ -1062,11 +1061,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1078,12 +1079,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1092,6 +1096,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1108,11 +1113,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1124,16 +1131,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -1155,16 +1167,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1188,20 +1203,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1215,6 +1234,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1231,16 +1251,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1264,26 +1287,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1305,16 +1333,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1338,20 +1369,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1365,6 +1400,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1381,16 +1417,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1414,26 +1453,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1482,12 +1526,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1497,6 +1543,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1512,17 +1559,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1533,16 +1583,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1600,6 +1661,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -1638,6 +1708,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -1650,6 +1721,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -1742,16 +1814,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1809,6 +1884,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -1821,6 +1897,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -1867,16 +1944,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -1918,11 +1998,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1934,12 +2016,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1948,6 +2033,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1964,11 +2050,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1980,16 +2068,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -2011,16 +2104,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2044,20 +2140,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -2071,6 +2171,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -2087,16 +2188,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2120,26 +2224,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -2161,16 +2270,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2194,20 +2306,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -2221,6 +2337,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -2237,16 +2354,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2270,26 +2390,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -2305,16 +2430,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -2415,6 +2551,8 @@ spec: items: type: string type: array + onlyReaders: + type: boolean trafficPolicy: type: string type: @@ -2437,8 +2575,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -2454,6 +2594,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -2471,6 +2612,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2512,6 +2654,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -2529,6 +2672,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2574,6 +2718,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -2604,6 +2749,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2669,6 +2815,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2707,6 +2862,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -2719,6 +2875,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2744,6 +2901,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -2774,6 +2932,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2896,6 +3055,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2908,6 +3068,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -2954,16 +3115,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -2979,6 +3143,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -3022,6 +3187,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -3122,6 +3290,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -3131,8 +3300,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -3147,8 +3318,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -3174,11 +3347,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -3188,8 +3364,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -3216,6 +3394,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -3236,10 +3415,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -3264,6 +3445,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -3276,6 +3458,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -3322,16 +3505,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -3358,10 +3544,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -3378,8 +3566,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -3457,13 +3647,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -3537,16 +3730,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -3575,11 +3771,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -3594,6 +3793,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -3614,10 +3814,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -3636,11 +3838,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -3655,6 +3860,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -3686,6 +3892,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -3693,8 +3900,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -3714,8 +3923,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -3751,6 +3962,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3765,8 +3977,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -3796,10 +4010,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -3814,12 +4030,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -3829,6 +4047,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -3844,43 +4063,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -3895,6 +4125,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -3912,6 +4143,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -3953,6 +4185,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -3970,6 +4203,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4012,6 +4246,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4042,6 +4277,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4116,6 +4352,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4146,6 +4383,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4236,16 +4474,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4301,6 +4550,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4331,6 +4581,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4393,6 +4644,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -4404,6 +4658,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -4413,6 +4669,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -4458,16 +4717,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -4523,6 +4785,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -4535,6 +4798,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -4581,16 +4845,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -4658,16 +4925,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4767,16 +5045,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4896,11 +5185,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -4912,12 +5203,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -4926,6 +5220,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -4942,11 +5237,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -4958,16 +5255,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -4989,16 +5291,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5022,20 +5327,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -5049,6 +5358,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -5065,16 +5375,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5098,26 +5411,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -5139,16 +5457,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5172,20 +5493,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -5199,6 +5524,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -5215,16 +5541,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5248,26 +5577,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -5283,16 +5617,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -5388,8 +5733,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -5405,6 +5752,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -5422,6 +5770,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5463,6 +5812,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -5480,6 +5830,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5525,6 +5876,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -5555,6 +5907,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5620,6 +5973,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -5658,6 +6020,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -5670,6 +6033,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -5695,6 +6059,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -5725,6 +6090,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5839,6 +6205,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -5851,6 +6218,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -5897,16 +6265,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -5922,6 +6293,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -5965,6 +6337,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -6065,6 +6440,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -6074,8 +6450,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -6090,8 +6468,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -6117,11 +6497,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -6131,8 +6514,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -6159,6 +6544,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -6179,10 +6565,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -6207,6 +6595,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -6219,6 +6608,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -6265,16 +6655,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -6301,10 +6694,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -6321,8 +6716,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -6400,13 +6797,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -6480,16 +6880,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -6518,11 +6921,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -6537,6 +6943,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -6557,10 +6964,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -6579,11 +6988,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -6598,6 +7010,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -6629,6 +7042,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -6636,8 +7050,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -6657,8 +7073,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -6694,6 +7112,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -6708,8 +7127,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -6739,10 +7160,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -6757,12 +7180,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -6772,6 +7197,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -6787,43 +7213,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -6838,6 +7275,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -6855,6 +7293,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6896,6 +7335,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -6913,6 +7353,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6955,6 +7396,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -6985,6 +7427,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7059,6 +7502,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -7089,6 +7533,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7179,16 +7624,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -7244,6 +7700,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -7274,6 +7731,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7336,6 +7794,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -7347,6 +7808,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -7356,6 +7819,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -7401,16 +7867,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7466,6 +7935,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -7478,6 +7948,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -7524,16 +7995,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -7569,11 +8043,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -7585,12 +8061,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -7599,6 +8078,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -7615,11 +8095,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -7631,16 +8113,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -7662,16 +8149,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7695,20 +8185,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -7722,6 +8216,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -7738,16 +8233,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7771,26 +8269,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -7812,16 +8315,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7845,20 +8351,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -7872,6 +8382,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -7888,16 +8399,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7921,26 +8435,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -7958,16 +8477,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -8063,8 +8593,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -8080,6 +8612,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -8097,6 +8630,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8138,6 +8672,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -8155,6 +8690,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8200,6 +8736,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -8230,6 +8767,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8295,6 +8833,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -8333,6 +8880,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -8345,6 +8893,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -8370,6 +8919,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -8400,6 +8950,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8547,6 +9098,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -8559,6 +9111,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8605,16 +9158,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -8630,6 +9186,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -8673,6 +9230,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -8773,6 +9333,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -8782,8 +9343,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -8798,8 +9361,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -8825,11 +9390,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -8839,8 +9407,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -8867,6 +9437,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8887,10 +9458,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -8915,6 +9488,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -8927,6 +9501,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8973,16 +9548,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -9009,10 +9587,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -9029,8 +9609,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -9108,13 +9690,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -9188,16 +9773,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -9226,11 +9814,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -9245,6 +9836,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -9265,10 +9857,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -9287,11 +9881,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -9306,6 +9903,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -9337,6 +9935,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -9344,8 +9943,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -9365,8 +9966,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -9402,6 +10005,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -9416,8 +10020,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -9447,10 +10053,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -9465,12 +10073,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -9480,6 +10090,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -9495,43 +10106,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -9546,6 +10168,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -9563,6 +10186,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9604,6 +10228,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -9621,6 +10246,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9663,6 +10289,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9693,6 +10320,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9767,6 +10395,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9797,6 +10426,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9887,16 +10517,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -9952,6 +10593,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9982,6 +10624,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -10044,6 +10687,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -10055,6 +10701,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -10064,6 +10712,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -10109,16 +10760,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -10174,6 +10828,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -10186,6 +10841,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -10232,16 +10888,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -10265,6 +10924,8 @@ spec: items: type: string type: array + enabled: + type: boolean issuerConf: properties: group: @@ -10277,6 +10938,17 @@ spec: - name type: object type: object + unsafeFlags: + properties: + backupIfUnhealthy: + type: boolean + proxySize: + type: boolean + pxcSize: + type: boolean + tls: + type: boolean + type: object updateStrategy: type: string upgradeOptions: @@ -10453,12 +11125,6 @@ spec: specReplicasPath: .spec.pxc.size statusReplicasPath: .status.pxc.size status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 @@ -10552,12 +11218,16 @@ rules: - patch - delete - apiGroups: + - events.k8s.io - "" resources: - events verbs: - create - patch + - get + - list + - watch - apiGroups: - certmanager.k8s.io - cert-manager.io diff --git a/deploy/cr.yaml b/deploy/cr.yaml index 0f3b8b54ea..668acad0e8 100644 --- a/deploy/cr.yaml +++ b/deploy/cr.yaml @@ -3,10 +3,10 @@ kind: PerconaXtraDBCluster metadata: name: cluster1 finalizers: - - delete-pxc-pods-in-order -# - delete-ssl -# - delete-proxysql-pvc -# - delete-pxc-pvc + - percona.com/delete-pxc-pods-in-order +# - percona.com/delete-ssl +# - percona.com/delete-proxysql-pvc +# - percona.com/delete-pxc-pvc # annotations: # percona.com/issue-vault-token: "true" spec: @@ -30,7 +30,8 @@ spec: # memory: 200M # cpu: 200m # enableCRValidationWebhook: true -# tls: + tls: + enabled: true # SANs: # - pxc-1.example.com # - pxc-2.example.com @@ -39,7 +40,11 @@ spec: # name: special-selfsigned-issuer # kind: ClusterIssuer # group: cert-manager.io - allowUnsafeConfigurations: false +# unsafeFlags: +# tls: false +# pxcSize: false +# proxySize: false +# backupIfUnhealthy: false # pause: false updateStrategy: SmartUpdate upgradeOptions: @@ -284,7 +289,8 @@ spec: # - 10.0.0.0/8 # loadBalancerIP: 127.0.0.1 # exposeReplicas: -# enabled: false +# enabled: true +# onlyReaders: false # type: ClusterIP # annotations: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp @@ -548,7 +554,7 @@ spec: cpu: 200m pmm: enabled: false - image: percona/pmm-client:2.41.1 + image: percona/pmm-client:2.41.2 serverHost: monitoring-service # serverUser: admin # pxcParams: "--disable-tablestats-limit=2000" diff --git a/deploy/crd.yaml b/deploy/crd.yaml index 8cb8b233cb..0d7823042a 100644 --- a/deploy/crd.yaml +++ b/deploy/crd.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusterbackups.pxc.percona.com spec: group: pxc.percona.com @@ -88,12 +87,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -103,6 +104,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -118,17 +120,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -233,19 +238,12 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusterrestores.pxc.percona.com spec: group: pxc.percona.com @@ -408,12 +406,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -423,6 +423,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -438,17 +439,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -604,19 +608,12 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusters.pxc.percona.com spec: group: pxc.percona.com @@ -975,8 +972,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array pitr: properties: @@ -1062,11 +1061,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1078,12 +1079,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1092,6 +1096,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1108,11 +1113,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1124,16 +1131,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -1155,16 +1167,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1188,20 +1203,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1215,6 +1234,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1231,16 +1251,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1264,26 +1287,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1305,16 +1333,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1338,20 +1369,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1365,6 +1400,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1381,16 +1417,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1414,26 +1453,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1482,12 +1526,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1497,6 +1543,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1512,17 +1559,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1533,16 +1583,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1600,6 +1661,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -1638,6 +1708,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -1650,6 +1721,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -1742,16 +1814,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1809,6 +1884,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -1821,6 +1897,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -1867,16 +1944,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -1918,11 +1998,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1934,12 +2016,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1948,6 +2033,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1964,11 +2050,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1980,16 +2068,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -2011,16 +2104,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2044,20 +2140,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -2071,6 +2171,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -2087,16 +2188,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2120,26 +2224,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -2161,16 +2270,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2194,20 +2306,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -2221,6 +2337,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -2237,16 +2354,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2270,26 +2390,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -2305,16 +2430,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -2415,6 +2551,8 @@ spec: items: type: string type: array + onlyReaders: + type: boolean trafficPolicy: type: string type: @@ -2437,8 +2575,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -2454,6 +2594,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -2471,6 +2612,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2512,6 +2654,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -2529,6 +2672,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2574,6 +2718,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -2604,6 +2749,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2669,6 +2815,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2707,6 +2862,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -2719,6 +2875,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2744,6 +2901,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -2774,6 +2932,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2896,6 +3055,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2908,6 +3068,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -2954,16 +3115,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -2979,6 +3143,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -3022,6 +3187,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -3122,6 +3290,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -3131,8 +3300,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -3147,8 +3318,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -3174,11 +3347,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -3188,8 +3364,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -3216,6 +3394,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -3236,10 +3415,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -3264,6 +3445,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -3276,6 +3458,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -3322,16 +3505,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -3358,10 +3544,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -3378,8 +3566,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -3457,13 +3647,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -3537,16 +3730,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -3575,11 +3771,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -3594,6 +3793,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -3614,10 +3814,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -3636,11 +3838,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -3655,6 +3860,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -3686,6 +3892,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -3693,8 +3900,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -3714,8 +3923,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -3751,6 +3962,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3765,8 +3977,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -3796,10 +4010,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -3814,12 +4030,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -3829,6 +4047,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -3844,43 +4063,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -3895,6 +4125,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -3912,6 +4143,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -3953,6 +4185,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -3970,6 +4203,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4012,6 +4246,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4042,6 +4277,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4116,6 +4352,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4146,6 +4383,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4236,16 +4474,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4301,6 +4550,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4331,6 +4581,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4393,6 +4644,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -4404,6 +4658,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -4413,6 +4669,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -4458,16 +4717,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -4523,6 +4785,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -4535,6 +4798,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -4581,16 +4845,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -4658,16 +4925,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4767,16 +5045,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4896,11 +5185,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -4912,12 +5203,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -4926,6 +5220,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -4942,11 +5237,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -4958,16 +5255,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -4989,16 +5291,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5022,20 +5327,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -5049,6 +5358,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -5065,16 +5375,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5098,26 +5411,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -5139,16 +5457,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5172,20 +5493,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -5199,6 +5524,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -5215,16 +5541,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5248,26 +5577,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -5283,16 +5617,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -5388,8 +5733,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -5405,6 +5752,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -5422,6 +5770,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5463,6 +5812,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -5480,6 +5830,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5525,6 +5876,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -5555,6 +5907,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5620,6 +5973,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -5658,6 +6020,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -5670,6 +6033,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -5695,6 +6059,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -5725,6 +6090,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5839,6 +6205,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -5851,6 +6218,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -5897,16 +6265,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -5922,6 +6293,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -5965,6 +6337,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -6065,6 +6440,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -6074,8 +6450,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -6090,8 +6468,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -6117,11 +6497,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -6131,8 +6514,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -6159,6 +6544,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -6179,10 +6565,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -6207,6 +6595,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -6219,6 +6608,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -6265,16 +6655,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -6301,10 +6694,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -6321,8 +6716,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -6400,13 +6797,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -6480,16 +6880,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -6518,11 +6921,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -6537,6 +6943,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -6557,10 +6964,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -6579,11 +6988,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -6598,6 +7010,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -6629,6 +7042,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -6636,8 +7050,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -6657,8 +7073,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -6694,6 +7112,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -6708,8 +7127,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -6739,10 +7160,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -6757,12 +7180,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -6772,6 +7197,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -6787,43 +7213,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -6838,6 +7275,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -6855,6 +7293,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6896,6 +7335,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -6913,6 +7353,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6955,6 +7396,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -6985,6 +7427,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7059,6 +7502,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -7089,6 +7533,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7179,16 +7624,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -7244,6 +7700,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -7274,6 +7731,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7336,6 +7794,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -7347,6 +7808,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -7356,6 +7819,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -7401,16 +7867,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7466,6 +7935,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -7478,6 +7948,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -7524,16 +7995,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -7569,11 +8043,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -7585,12 +8061,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -7599,6 +8078,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -7615,11 +8095,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -7631,16 +8113,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -7662,16 +8149,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7695,20 +8185,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -7722,6 +8216,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -7738,16 +8233,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7771,26 +8269,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -7812,16 +8315,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7845,20 +8351,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -7872,6 +8382,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -7888,16 +8399,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7921,26 +8435,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -7958,16 +8477,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -8063,8 +8593,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -8080,6 +8612,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -8097,6 +8630,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8138,6 +8672,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -8155,6 +8690,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8200,6 +8736,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -8230,6 +8767,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8295,6 +8833,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -8333,6 +8880,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -8345,6 +8893,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -8370,6 +8919,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -8400,6 +8950,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8547,6 +9098,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -8559,6 +9111,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8605,16 +9158,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -8630,6 +9186,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -8673,6 +9230,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -8773,6 +9333,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -8782,8 +9343,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -8798,8 +9361,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -8825,11 +9390,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -8839,8 +9407,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -8867,6 +9437,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8887,10 +9458,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -8915,6 +9488,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -8927,6 +9501,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8973,16 +9548,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -9009,10 +9587,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -9029,8 +9609,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -9108,13 +9690,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -9188,16 +9773,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -9226,11 +9814,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -9245,6 +9836,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -9265,10 +9857,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -9287,11 +9881,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -9306,6 +9903,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -9337,6 +9935,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -9344,8 +9943,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -9365,8 +9966,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -9402,6 +10005,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -9416,8 +10020,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -9447,10 +10053,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -9465,12 +10073,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -9480,6 +10090,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -9495,43 +10106,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -9546,6 +10168,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -9563,6 +10186,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9604,6 +10228,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -9621,6 +10246,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9663,6 +10289,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9693,6 +10320,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9767,6 +10395,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9797,6 +10426,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9887,16 +10517,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -9952,6 +10593,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9982,6 +10624,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -10044,6 +10687,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -10055,6 +10701,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -10064,6 +10712,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -10109,16 +10760,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -10174,6 +10828,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -10186,6 +10841,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -10232,16 +10888,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -10265,6 +10924,8 @@ spec: items: type: string type: array + enabled: + type: boolean issuerConf: properties: group: @@ -10277,6 +10938,17 @@ spec: - name type: object type: object + unsafeFlags: + properties: + backupIfUnhealthy: + type: boolean + proxySize: + type: boolean + pxcSize: + type: boolean + tls: + type: boolean + type: object updateStrategy: type: string upgradeOptions: @@ -10453,9 +11125,3 @@ spec: specReplicasPath: .spec.pxc.size statusReplicasPath: .status.pxc.size status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deploy/cw-bundle.yaml b/deploy/cw-bundle.yaml index 3f15c50102..4504a5a798 100644 --- a/deploy/cw-bundle.yaml +++ b/deploy/cw-bundle.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusterbackups.pxc.percona.com spec: group: pxc.percona.com @@ -88,12 +87,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -103,6 +104,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -118,17 +120,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -233,19 +238,12 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusterrestores.pxc.percona.com spec: group: pxc.percona.com @@ -408,12 +406,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -423,6 +423,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -438,17 +439,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -604,19 +608,12 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: perconaxtradbclusters.pxc.percona.com spec: group: pxc.percona.com @@ -975,8 +972,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array pitr: properties: @@ -1062,11 +1061,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1078,12 +1079,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1092,6 +1096,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1108,11 +1113,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1124,16 +1131,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -1155,16 +1167,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1188,20 +1203,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1215,6 +1234,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1231,16 +1251,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1264,26 +1287,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1305,16 +1333,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1338,20 +1369,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1365,6 +1400,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1381,16 +1417,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1414,26 +1453,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1482,12 +1526,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1497,6 +1543,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1512,17 +1559,20 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1533,16 +1583,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1600,6 +1661,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -1638,6 +1708,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -1650,6 +1721,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -1742,16 +1814,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -1809,6 +1884,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -1821,6 +1897,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -1867,16 +1944,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -1918,11 +1998,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1934,12 +2016,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1948,6 +2033,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1964,11 +2050,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1980,16 +2068,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -2011,16 +2104,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2044,20 +2140,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -2071,6 +2171,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -2087,16 +2188,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2120,26 +2224,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -2161,16 +2270,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2194,20 +2306,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -2221,6 +2337,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -2237,16 +2354,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2270,26 +2390,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -2305,16 +2430,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -2415,6 +2551,8 @@ spec: items: type: string type: array + onlyReaders: + type: boolean trafficPolicy: type: string type: @@ -2437,8 +2575,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -2454,6 +2594,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -2471,6 +2612,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2512,6 +2654,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -2529,6 +2672,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2574,6 +2718,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -2604,6 +2749,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2669,6 +2815,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2707,6 +2862,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -2719,6 +2875,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2744,6 +2901,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -2774,6 +2932,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -2896,6 +3055,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2908,6 +3068,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -2954,16 +3115,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -2979,6 +3143,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -3022,6 +3187,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -3122,6 +3290,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -3131,8 +3300,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -3147,8 +3318,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -3174,11 +3347,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -3188,8 +3364,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -3216,6 +3394,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -3236,10 +3415,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -3264,6 +3445,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -3276,6 +3458,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -3322,16 +3505,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -3358,10 +3544,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -3378,8 +3566,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -3457,13 +3647,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -3537,16 +3730,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -3575,11 +3771,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -3594,6 +3793,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -3614,10 +3814,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -3636,11 +3838,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -3655,6 +3860,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -3686,6 +3892,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -3693,8 +3900,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -3714,8 +3923,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -3751,6 +3962,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3765,8 +3977,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -3796,10 +4010,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -3814,12 +4030,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -3829,6 +4047,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -3844,43 +4063,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -3895,6 +4125,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -3912,6 +4143,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -3953,6 +4185,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -3970,6 +4203,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4012,6 +4246,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4042,6 +4277,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4116,6 +4352,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4146,6 +4383,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4236,16 +4474,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4301,6 +4550,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -4331,6 +4581,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -4393,6 +4644,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -4404,6 +4658,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -4413,6 +4669,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -4458,16 +4717,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -4523,6 +4785,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -4535,6 +4798,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -4581,16 +4845,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -4658,16 +4925,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4767,16 +5045,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -4896,11 +5185,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -4912,12 +5203,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -4926,6 +5220,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -4942,11 +5237,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -4958,16 +5255,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -4989,16 +5291,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5022,20 +5327,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -5049,6 +5358,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -5065,16 +5375,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5098,26 +5411,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -5139,16 +5457,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5172,20 +5493,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -5199,6 +5524,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -5215,16 +5541,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -5248,26 +5577,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -5283,16 +5617,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -5388,8 +5733,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -5405,6 +5752,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -5422,6 +5770,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5463,6 +5812,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -5480,6 +5830,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5525,6 +5876,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -5555,6 +5907,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5620,6 +5973,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -5658,6 +6020,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -5670,6 +6033,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -5695,6 +6059,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -5725,6 +6090,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -5839,6 +6205,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -5851,6 +6218,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -5897,16 +6265,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -5922,6 +6293,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -5965,6 +6337,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -6065,6 +6440,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -6074,8 +6450,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -6090,8 +6468,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -6117,11 +6497,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -6131,8 +6514,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -6159,6 +6544,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -6179,10 +6565,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -6207,6 +6595,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -6219,6 +6608,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -6265,16 +6655,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -6301,10 +6694,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -6321,8 +6716,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -6400,13 +6797,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -6480,16 +6880,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -6518,11 +6921,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -6537,6 +6943,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -6557,10 +6964,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -6579,11 +6988,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -6598,6 +7010,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -6629,6 +7042,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -6636,8 +7050,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -6657,8 +7073,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -6694,6 +7112,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -6708,8 +7127,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -6739,10 +7160,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -6757,12 +7180,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -6772,6 +7197,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -6787,43 +7213,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -6838,6 +7275,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -6855,6 +7293,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6896,6 +7335,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -6913,6 +7353,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -6955,6 +7396,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -6985,6 +7427,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7059,6 +7502,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -7089,6 +7533,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7179,16 +7624,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -7244,6 +7700,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -7274,6 +7731,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -7336,6 +7794,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -7347,6 +7808,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -7356,6 +7819,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -7401,16 +7867,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7466,6 +7935,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -7478,6 +7948,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -7524,16 +7995,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -7569,11 +8043,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -7585,12 +8061,15 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -7599,6 +8078,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -7615,11 +8095,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -7631,16 +8113,21 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -7662,16 +8149,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7695,20 +8185,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -7722,6 +8216,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -7738,16 +8233,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7771,26 +8269,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -7812,16 +8315,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7845,20 +8351,24 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -7872,6 +8382,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -7888,16 +8399,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -7921,26 +8435,31 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object antiAffinityTopologyKey: @@ -7958,16 +8477,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -8063,8 +8593,10 @@ spec: items: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -8080,6 +8612,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -8097,6 +8630,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8138,6 +8672,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -8155,6 +8690,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8200,6 +8736,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -8230,6 +8767,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8295,6 +8833,15 @@ spec: type: object podSecurityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -8333,6 +8880,7 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic sysctls: items: properties: @@ -8345,6 +8893,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -8370,6 +8919,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -8400,6 +8950,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -8547,6 +9098,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -8559,6 +9111,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8605,16 +9158,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -8630,6 +9186,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic allocatedResourceStatuses: additionalProperties: type: string @@ -8673,6 +9230,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentVolumeAttributesClassName: type: string modifyVolumeStatus: @@ -8773,6 +9333,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -8782,8 +9343,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -8798,8 +9361,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeID: type: string required: @@ -8825,11 +9390,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic csi: properties: driver: @@ -8839,8 +9407,10 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -8867,6 +9437,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -8887,10 +9458,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -8915,6 +9488,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -8927,6 +9501,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -8973,16 +9548,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -9009,10 +9587,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -9029,8 +9609,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object @@ -9108,13 +9690,16 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -9188,16 +9773,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string optional: @@ -9226,11 +9814,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: properties: items: @@ -9245,6 +9836,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: format: int32 type: integer @@ -9265,10 +9857,12 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -9287,11 +9881,14 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: properties: audience: @@ -9306,6 +9903,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -9337,6 +9935,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic pool: type: string readOnly: @@ -9344,8 +9943,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic user: type: string required: @@ -9365,8 +9966,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -9402,6 +10005,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -9416,8 +10020,10 @@ spec: secretRef: properties: name: + default: "" type: string type: object + x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -9447,10 +10053,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic command: items: type: string type: array + x-kubernetes-list-type: atomic env: items: properties: @@ -9465,12 +10073,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -9480,6 +10090,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -9495,43 +10106,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map envFrom: items: properties: configMapRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: properties: name: + default: "" type: string optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic image: type: string imagePullPolicy: @@ -9546,6 +10168,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -9563,6 +10186,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9604,6 +10228,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object httpGet: properties: @@ -9621,6 +10246,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9663,6 +10289,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9693,6 +10320,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9767,6 +10395,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9797,6 +10426,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -9887,16 +10517,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -9952,6 +10593,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -9982,6 +10624,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -10044,6 +10687,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map volumeMounts: items: properties: @@ -10055,6 +10701,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -10064,6 +10712,9 @@ spec: - name type: object type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map workingDir: type: string required: @@ -10109,16 +10760,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -10174,6 +10828,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -10186,6 +10841,7 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -10232,16 +10888,19 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic storageClassName: type: string volumeAttributesClassName: @@ -10265,6 +10924,8 @@ spec: items: type: string type: array + enabled: + type: boolean issuerConf: properties: group: @@ -10277,6 +10938,17 @@ spec: - name type: object type: object + unsafeFlags: + properties: + backupIfUnhealthy: + type: boolean + proxySize: + type: boolean + pxcSize: + type: boolean + tls: + type: boolean + type: object updateStrategy: type: string upgradeOptions: @@ -10453,12 +11125,6 @@ spec: specReplicasPath: .spec.pxc.size statusReplicasPath: .status.pxc.size status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -10564,12 +11230,16 @@ rules: - patch - delete - apiGroups: + - events.k8s.io - "" resources: - events verbs: - create - patch + - get + - list + - watch - apiGroups: - certmanager.k8s.io - cert-manager.io diff --git a/deploy/cw-rbac.yaml b/deploy/cw-rbac.yaml index 42f4bd286f..0e57e69ca1 100644 --- a/deploy/cw-rbac.yaml +++ b/deploy/cw-rbac.yaml @@ -102,12 +102,16 @@ rules: - patch - delete - apiGroups: + - events.k8s.io - "" resources: - events verbs: - create - patch + - get + - list + - watch - apiGroups: - certmanager.k8s.io - cert-manager.io diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index b8f3ba4163..b406502887 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -90,12 +90,16 @@ rules: - patch - delete - apiGroups: + - events.k8s.io - "" resources: - events verbs: - create - patch + - get + - list + - watch - apiGroups: - certmanager.k8s.io - cert-manager.io diff --git a/e2e-tests/affinity/conf/custom.yml b/e2e-tests/affinity/conf/custom.yml index 924c81640a..23217bc465 100644 --- a/e2e-tests/affinity/conf/custom.yml +++ b/e2e-tests/affinity/conf/custom.yml @@ -62,7 +62,7 @@ spec: - another-node-label-value proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/affinity/conf/hostname.yml b/e2e-tests/affinity/conf/hostname.yml index 1ebe5db559..a62a26aeb5 100644 --- a/e2e-tests/affinity/conf/hostname.yml +++ b/e2e-tests/affinity/conf/hostname.yml @@ -24,7 +24,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/affinity/conf/region.yml b/e2e-tests/affinity/conf/region.yml index f0ee8a477e..09440c04ca 100644 --- a/e2e-tests/affinity/conf/region.yml +++ b/e2e-tests/affinity/conf/region.yml @@ -24,7 +24,7 @@ spec: antiAffinityTopologyKey: "failure-domain.beta.kubernetes.io/region" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/affinity/conf/zone.yml b/e2e-tests/affinity/conf/zone.yml index ff5e626c9e..f92c2aa51d 100644 --- a/e2e-tests/affinity/conf/zone.yml +++ b/e2e-tests/affinity/conf/zone.yml @@ -24,7 +24,7 @@ spec: antiAffinityTopologyKey: "failure-domain.beta.kubernetes.io/zone" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/big-data/conf/some-name.yml b/e2e-tests/big-data/conf/some-name.yml index 5dff9e3b01..82f66b6a71 100644 --- a/e2e-tests/big-data/conf/some-name.yml +++ b/e2e-tests/big-data/conf/some-name.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: some-name finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets pause: false diff --git a/e2e-tests/conf/some-name.yml b/e2e-tests/conf/some-name.yml index b6057e4af8..a4448cd7a5 100644 --- a/e2e-tests/conf/some-name.yml +++ b/e2e-tests/conf/some-name.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: some-name finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order # annotations: # percona.com/issue-vault-token: "true" spec: diff --git a/e2e-tests/cross-site/conf/cross-site-replica.yml b/e2e-tests/cross-site/conf/cross-site-replica.yml index 0306e2c81f..2a1ee73d4e 100644 --- a/e2e-tests/cross-site/conf/cross-site-replica.yml +++ b/e2e-tests/cross-site/conf/cross-site-replica.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: cross-site-replica finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets vaultSecretName: some-name-vault diff --git a/e2e-tests/cross-site/conf/cross-site-source.yml b/e2e-tests/cross-site/conf/cross-site-source.yml index 601a51f550..f3831f55e0 100644 --- a/e2e-tests/cross-site/conf/cross-site-source.yml +++ b/e2e-tests/cross-site/conf/cross-site-source.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: cross-site-source finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets vaultSecretName: some-name-vault diff --git a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3-k129.yml b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3-k129.yml index 7ac32ca9a4..ff9647b44c 100644 --- a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3-k129.yml +++ b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3-k129.yml @@ -75,6 +75,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -82,6 +84,17 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -90,6 +103,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3-oc.yml b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3-oc.yml index ba56fdd6b6..222af6f3bd 100644 --- a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3-oc.yml +++ b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3-oc.yml @@ -74,6 +74,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -81,6 +83,17 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -88,6 +101,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3.yml b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3.yml index 146879b7de..1e208493bd 100644 --- a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3.yml +++ b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-aws-s3.yml @@ -74,6 +74,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -81,6 +83,17 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -89,6 +102,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob-k129.yml b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob-k129.yml index 9c1b2eb81b..d0dc4a7c00 100644 --- a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob-k129.yml +++ b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob-k129.yml @@ -69,6 +69,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -76,6 +78,17 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -84,6 +97,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob-oc.yml b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob-oc.yml index 2f5ba14d7b..a11cea102a 100644 --- a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob-oc.yml +++ b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob-oc.yml @@ -68,6 +68,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -75,6 +77,17 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -82,6 +95,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob.yml b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob.yml index 6c9f40270a..314182540e 100644 --- a/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob.yml +++ b/e2e-tests/demand-backup-cloud/compare/job.batch_xb-on-demand-backup-azure-blob.yml @@ -68,6 +68,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -75,6 +77,17 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -83,6 +96,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup-cloud/conf/demand-backup-cloud.yml b/e2e-tests/demand-backup-cloud/conf/demand-backup-cloud.yml index 6ed6fd2d83..f8d97c3d18 100644 --- a/e2e-tests/demand-backup-cloud/conf/demand-backup-cloud.yml +++ b/e2e-tests/demand-backup-cloud/conf/demand-backup-cloud.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: demand-backup-cloud finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order # annotations: # percona.com/issue-vault-token: "true" spec: @@ -38,7 +38,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/demand-backup-cloud/conf/on-demand-backup-aws-s3.yml b/e2e-tests/demand-backup-cloud/conf/on-demand-backup-aws-s3.yml index f71c1f01e8..6f4200826e 100644 --- a/e2e-tests/demand-backup-cloud/conf/on-demand-backup-aws-s3.yml +++ b/e2e-tests/demand-backup-cloud/conf/on-demand-backup-aws-s3.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBClusterBackup metadata: name: on-demand-backup-aws-s3 finalizers: - - delete-s3-backup + - percona.com/delete-backup spec: pxcCluster: demand-backup-cloud storageName: aws-s3 diff --git a/e2e-tests/demand-backup-cloud/conf/on-demand-backup-azure-blob.yml b/e2e-tests/demand-backup-cloud/conf/on-demand-backup-azure-blob.yml index 6437bc3984..f6563139a7 100644 --- a/e2e-tests/demand-backup-cloud/conf/on-demand-backup-azure-blob.yml +++ b/e2e-tests/demand-backup-cloud/conf/on-demand-backup-azure-blob.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBClusterBackup metadata: name: on-demand-backup-azure-blob finalizers: - - delete-s3-backup + - percona.com/delete-backup spec: pxcCluster: demand-backup-cloud storageName: azure-blob diff --git a/e2e-tests/demand-backup-cloud/conf/on-demand-backup-gcp-cs.yml b/e2e-tests/demand-backup-cloud/conf/on-demand-backup-gcp-cs.yml index 27c720f10b..d31b4317b0 100644 --- a/e2e-tests/demand-backup-cloud/conf/on-demand-backup-gcp-cs.yml +++ b/e2e-tests/demand-backup-cloud/conf/on-demand-backup-gcp-cs.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBClusterBackup metadata: name: on-demand-backup-gcp-cs finalizers: - - delete-s3-backup + - percona.com/delete-backup spec: pxcCluster: demand-backup-cloud storageName: gcp-cs diff --git a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127-oc.yml b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127-oc.yml index fff4c352c6..b8bfb32a78 100644 --- a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127-oc.yml +++ b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127-oc.yml @@ -68,7 +68,8 @@ spec: cpu: "1" memory: 2G requests: - memory: 2G + cpu: 500m + memory: 500M terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127.yml b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127.yml index fa8394e01f..40f6243fb2 100644 --- a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127.yml +++ b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k127.yml @@ -68,7 +68,8 @@ spec: cpu: "1" memory: 2G requests: - memory: 2G + cpu: 500m + memory: 500M terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k129.yml b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k129.yml index dc82e61b2d..d95bac803b 100644 --- a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k129.yml +++ b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-k129.yml @@ -70,7 +70,8 @@ spec: cpu: "1" memory: 2G requests: - memory: 2G + cpu: 500m + memory: 500M terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-oc.yml b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-oc.yml index 75b35bbc9e..8e5714955e 100644 --- a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-oc.yml +++ b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup-oc.yml @@ -66,7 +66,8 @@ spec: cpu: "1" memory: 2G requests: - memory: 2G + cpu: 500m + memory: 500M terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup.yml b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup.yml index f12a3eb32b..8bbd644bf4 100644 --- a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup.yml +++ b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-minio-demand-backup.yml @@ -66,7 +66,8 @@ spec: cpu: "1" memory: 2G requests: - memory: 2G + cpu: 500m + memory: 500M terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-pvc-bsource-demand-backup.yml b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-pvc-bsource-demand-backup.yml new file mode 100644 index 0000000000..d3143a263d --- /dev/null +++ b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-pvc-bsource-demand-backup.yml @@ -0,0 +1,81 @@ +apiVersion: batch/v1 +kind: Job +metadata: + generation: 1 + labels: + job-name: restore-job-on-demand-backup-pvc-bsource-demand-backup + name: restore-job-on-demand-backup-pvc-bsource-demand-backup + ownerReferences: + - controller: true + kind: PerconaXtraDBClusterRestore + name: on-demand-backup-pvc-bsource +spec: + backoffLimit: 4 + completionMode: NonIndexed + completions: 1 + parallelism: 1 + selector: + matchLabels: {} + suspend: false + template: + metadata: + labels: + job-name: restore-job-on-demand-backup-pvc-bsource-demand-backup + spec: + containers: + - command: + - recovery-pvc-joiner.sh + env: + - name: RESTORE_SRC_SERVICE + value: restore-src-on-demand-backup-pvc-bsource-demand-backup + - name: XB_USE_MEMORY + value: "750000000" + imagePullPolicy: Always + name: xtrabackup + resources: + limits: + cpu: "2" + memory: 1G + requests: + cpu: 500m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /datadir + name: datadir + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + dnsPolicy: ClusterFirst + restartPolicy: Never + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir-demand-backup-pxc-0 + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: demand-backup-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: demand-backup-ssl diff --git a/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-pvc-demand-backup.yml b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-pvc-demand-backup.yml new file mode 100644 index 0000000000..2c21d5c383 --- /dev/null +++ b/e2e-tests/demand-backup/compare/job_restore-job-on-demand-backup-pvc-demand-backup.yml @@ -0,0 +1,81 @@ +apiVersion: batch/v1 +kind: Job +metadata: + generation: 1 + labels: + job-name: restore-job-on-demand-backup-pvc-demand-backup + name: restore-job-on-demand-backup-pvc-demand-backup + ownerReferences: + - controller: true + kind: PerconaXtraDBClusterRestore + name: on-demand-backup-pvc +spec: + backoffLimit: 4 + completionMode: NonIndexed + completions: 1 + parallelism: 1 + selector: + matchLabels: {} + suspend: false + template: + metadata: + labels: + job-name: restore-job-on-demand-backup-pvc-demand-backup + spec: + containers: + - command: + - recovery-pvc-joiner.sh + env: + - name: RESTORE_SRC_SERVICE + value: restore-src-on-demand-backup-pvc-demand-backup + - name: XB_USE_MEMORY + value: 2GB + imagePullPolicy: Always + name: xtrabackup + resources: + limits: + cpu: "2" + memory: 3G + requests: + cpu: 500m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /datadir + name: datadir + - mountPath: /etc/mysql/vault-keyring-secret + name: vault-keyring-secret + - mountPath: /etc/mysql/ssl + name: ssl + - mountPath: /etc/mysql/ssl-internal + name: ssl-internal + dnsPolicy: ClusterFirst + restartPolicy: Never + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + supplementalGroups: + - 1001 + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + volumes: + - name: datadir + persistentVolumeClaim: + claimName: datadir-demand-backup-pxc-0 + - name: vault-keyring-secret + secret: + defaultMode: 420 + optional: true + secretName: some-name-vault + - name: ssl-internal + secret: + defaultMode: 420 + optional: true + secretName: demand-backup-ssl-internal + - name: ssl + secret: + defaultMode: 420 + optional: false + secretName: demand-backup-ssl diff --git a/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio-k129.yml b/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio-k129.yml index eb4fece477..ddf5f3bc84 100644 --- a/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio-k129.yml +++ b/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio-k129.yml @@ -82,6 +82,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -89,6 +91,23 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: + limits: + cpu: "1" + memory: 2G + requests: + cpu: 500m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -97,6 +116,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio-oc.yml b/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio-oc.yml index 04f674aefa..7568540b98 100644 --- a/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio-oc.yml +++ b/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio-oc.yml @@ -81,6 +81,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -88,6 +90,23 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: + limits: + cpu: "1" + memory: 2G + requests: + cpu: 500m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -95,6 +114,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio.yml b/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio.yml index 486a7ad8c0..2d41b80ca0 100644 --- a/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio.yml +++ b/e2e-tests/demand-backup/compare/job_xb-on-demand-backup-minio.yml @@ -81,6 +81,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -88,6 +90,23 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: + limits: + cpu: "1" + memory: 2G + requests: + cpu: 500m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -96,6 +115,8 @@ spec: - 1001 terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/demand-backup/conf/demand-backup.yml b/e2e-tests/demand-backup/conf/demand-backup.yml index 0796ca2588..449e7473f4 100644 --- a/e2e-tests/demand-backup/conf/demand-backup.yml +++ b/e2e-tests/demand-backup/conf/demand-backup.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: demand-backup finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order # annotations: # percona.com/issue-vault-token: "true" spec: diff --git a/e2e-tests/demand-backup/conf/on-demand-backup-minio.yml b/e2e-tests/demand-backup/conf/on-demand-backup-minio.yml index fcaff5dd44..4e9322c6a3 100644 --- a/e2e-tests/demand-backup/conf/on-demand-backup-minio.yml +++ b/e2e-tests/demand-backup/conf/on-demand-backup-minio.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBClusterBackup metadata: name: on-demand-backup-minio finalizers: - - delete-s3-backup + - percona.com/delete-backup spec: pxcCluster: demand-backup storageName: minio diff --git a/e2e-tests/demand-backup/conf/restore-on-demand-backup-pvc-bsource.yaml b/e2e-tests/demand-backup/conf/restore-on-demand-backup-pvc-bsource.yaml index 4a5dd44c00..bc059e7043 100644 --- a/e2e-tests/demand-backup/conf/restore-on-demand-backup-pvc-bsource.yaml +++ b/e2e-tests/demand-backup/conf/restore-on-demand-backup-pvc-bsource.yaml @@ -7,3 +7,10 @@ spec: backupSource: destination: pvc/xb-on-demand-backup-pvc-bsource storageName: pvc + resources: + requests: + memory: 0.5G + cpu: 500m + limits: + memory: "1G" + cpu: "2" diff --git a/e2e-tests/demand-backup/conf/restore-on-demand-backup-pvc.yaml b/e2e-tests/demand-backup/conf/restore-on-demand-backup-pvc.yaml index 9057ef055c..a504889b76 100644 --- a/e2e-tests/demand-backup/conf/restore-on-demand-backup-pvc.yaml +++ b/e2e-tests/demand-backup/conf/restore-on-demand-backup-pvc.yaml @@ -5,3 +5,10 @@ metadata: spec: pxcCluster: demand-backup backupName: on-demand-backup-pvc + resources: + requests: + memory: 0.5G + cpu: 500m + limits: + memory: "3G" + cpu: "2" diff --git a/e2e-tests/demand-backup/run b/e2e-tests/demand-backup/run index 88e2556204..ff1861cf77 100755 --- a/e2e-tests/demand-backup/run +++ b/e2e-tests/demand-backup/run @@ -18,10 +18,12 @@ main() { run_backup "$cluster" "on-demand-backup-pvc" run_recovery_check "$cluster" "on-demand-backup-pvc" + compare_kubectl job/restore-job-on-demand-backup-pvc-demand-backup check_pvc_md5 run_backup "$cluster" "on-demand-backup-pvc-bsource" run_recovery_check "$cluster" "on-demand-backup-pvc-bsource" + compare_kubectl job/restore-job-on-demand-backup-pvc-bsource-demand-backup run_backup "$cluster" "on-demand-backup-minio" compare_kubectl job/xb-on-demand-backup-minio diff --git a/e2e-tests/functions b/e2e-tests/functions index a0f8cce75d..eb85beb778 100755 --- a/e2e-tests/functions +++ b/e2e-tests/functions @@ -26,14 +26,13 @@ namespace="${test_name}-${RANDOM}" replica_namespace="${test_name}-replica-${RANDOM}" conf_dir=$(realpath $test_dir/../conf || :) src_dir=$(realpath $test_dir/../..) -logs_dir=$(realpath $test_dir/../logs) - +logs_dir=$(realpath "$test_dir"/../logs || :) if [[ ${ENABLE_LOGGING} == "true" ]]; then if [ ! -d "${logs_dir}" ]; then mkdir "${logs_dir}" fi log_file_name=$(echo "$test_name-$MYSQL_VERSION" | tr '.' '-') - exec &> >(tee ${logs_dir}/${log_file_name}.log) + exec &> >(tee "${logs_dir}"/"${log_file_name}".log) echo "Log: ${logs_dir}/${log_file_name}.log" fi @@ -1383,6 +1382,19 @@ function check_pxc_liveness() { done } +function check_generation() { + local generation="$1" + local container="$2" + local cluster="$3" + local current_generation + + current_generation="$(kubectl_bin get statefulset "${cluster}-${container}" -o jsonpath='{.metadata.generation}')" + if [[ ${generation} != "${current_generation}" ]]; then + echo "Generation for resource ${container} is: ${current_generation}, but should be: ${generation}" + exit 1 + fi +} + function compare_generation() { local generation="$1" local proxy="$2" @@ -1395,11 +1407,7 @@ function compare_generation() { containers=(pxc proxysql) fi for container in "${containers[@]}"; do - current_generation="$(kubectl_bin get statefulset "${cluster}-${container}" -o jsonpath='{.metadata.generation}')" - if [[ ${generation} != "${current_generation}" ]]; then - echo "Generation for resource ${container} is: ${current_generation}, but should be: ${generation}" - exit 1 - fi + check_generation "$generation" "$container" "$cluster" done } @@ -1486,7 +1494,8 @@ function prepare_cr_yaml() { .spec.backup.storages.minio.s3.region = \"us-east-1\" | .spec.backup.storages.minio.s3.bucket = \"operator-testing\" | .spec.backup.storages.minio.s3.endpointUrl = \"http://minio-service.#namespace:9000/\" | - .spec.backup.storages.minio.type = \"s3\" + .spec.backup.storages.minio.type = \"s3\" | + .spec.pmm.image = \"-pmm\" " - >"${cr_yaml}" if [[ ${proxy} == "haproxy" ]]; then yq -i eval ' diff --git a/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-k127.yml b/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-k127.yml index caad04d28e..2e48d5cef3 100644 --- a/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-k127.yml +++ b/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-k127.yml @@ -109,6 +109,8 @@ spec: env: - name: PXC_SERVICE value: haproxy-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: haproxy-env-vars-haproxy diff --git a/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-secret-k127.yml b/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-secret-k127.yml index 744180ad61..0af8e2f86d 100644 --- a/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-secret-k127.yml +++ b/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-secret-k127.yml @@ -109,6 +109,8 @@ spec: env: - name: PXC_SERVICE value: haproxy-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: haproxy-env-vars-haproxy diff --git a/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-secret.yml b/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-secret.yml index 1985fbd0b5..6d72316d1b 100644 --- a/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-secret.yml +++ b/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy-secret.yml @@ -106,6 +106,8 @@ spec: env: - name: PXC_SERVICE value: haproxy-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: haproxy-env-vars-haproxy diff --git a/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy.yml b/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy.yml index a299603c31..e5380fb0f3 100644 --- a/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy.yml +++ b/e2e-tests/haproxy/compare/statefulset_haproxy-haproxy.yml @@ -106,6 +106,8 @@ spec: env: - name: PXC_SERVICE value: haproxy-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: haproxy-env-vars-haproxy diff --git a/e2e-tests/haproxy/conf/haproxy.yml b/e2e-tests/haproxy/conf/haproxy.yml index 9ec7471b94..f7b330ebbc 100644 --- a/e2e-tests/haproxy/conf/haproxy.yml +++ b/e2e-tests/haproxy/conf/haproxy.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: haproxy finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: initContainer: resources: @@ -101,7 +101,7 @@ spec: default_backend galera-replica-nodes proxysql: enabled: false - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/init-deploy/compare/xtrabackup-80.sql b/e2e-tests/init-deploy/compare/xtrabackup-80.sql index e527f789a0..b2449b68b2 100644 --- a/e2e-tests/init-deploy/compare/xtrabackup-80.sql +++ b/e2e-tests/init-deploy/compare/xtrabackup-80.sql @@ -1,2 +1,2 @@ -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `xtrabackup`@`%` -GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ABORT_EXEMPT,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FIREWALL_EXEMPT,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SENSITIVE_VARIABLES_OBSERVER,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,TELEMETRY_LOG_ADMIN,XA_RECOVER_ADMIN ON *.* TO `xtrabackup`@`%` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `xtrabackup`@`%` WITH GRANT OPTION +GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ABORT_EXEMPT,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FIREWALL_EXEMPT,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SENSITIVE_VARIABLES_OBSERVER,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,TELEMETRY_LOG_ADMIN,XA_RECOVER_ADMIN ON *.* TO `xtrabackup`@`%` WITH GRANT OPTION diff --git a/e2e-tests/init-deploy/compare/xtrabackup.sql b/e2e-tests/init-deploy/compare/xtrabackup.sql index cbbae2bf34..9c721534d7 100644 --- a/e2e-tests/init-deploy/compare/xtrabackup.sql +++ b/e2e-tests/init-deploy/compare/xtrabackup.sql @@ -1 +1 @@ -GRANT ALL PRIVILEGES ON *.* TO 'xtrabackup'@'%' +GRANT ALL PRIVILEGES ON *.* TO 'xtrabackup'@'%' WITH GRANT OPTION diff --git a/e2e-tests/limits/conf/no-limits.yml b/e2e-tests/limits/conf/no-limits.yml index 99bf439e98..8ba92cb9d4 100644 --- a/e2e-tests/limits/conf/no-limits.yml +++ b/e2e-tests/limits/conf/no-limits.yml @@ -23,7 +23,7 @@ spec: antiAffinityTopologyKey: none proxysql: enabled: true - size: 1 + size: 2 image: -proxysql imagePullPolicy: IfNotPresent resources: diff --git a/e2e-tests/limits/conf/no-requests-no-limits.yml b/e2e-tests/limits/conf/no-requests-no-limits.yml index 2e0a5fc9dd..ed9e15fac7 100644 --- a/e2e-tests/limits/conf/no-requests-no-limits.yml +++ b/e2e-tests/limits/conf/no-requests-no-limits.yml @@ -18,7 +18,7 @@ spec: antiAffinityTopologyKey: none proxysql: enabled: true - size: 1 + size: 2 image: -proxysql volumeSpec: persistentVolumeClaim: diff --git a/e2e-tests/limits/conf/no-requests.yml b/e2e-tests/limits/conf/no-requests.yml index f9f9455602..6b591a5c0a 100644 --- a/e2e-tests/limits/conf/no-requests.yml +++ b/e2e-tests/limits/conf/no-requests.yml @@ -22,7 +22,7 @@ spec: antiAffinityTopologyKey: none proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: limits: diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-k127.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-k127.yml index 9d48317fca..c10e067267 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-k127.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-k127.yml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 4 name: monitoring-haproxy ownerReferences: - controller: true @@ -242,6 +242,8 @@ spec: env: - name: PXC_SERVICE value: monitoring-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: my-env-var-secrets diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-no-prefix-k127.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-no-prefix-k127.yml index 9272c3d5a9..d2a8cebda5 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-no-prefix-k127.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-no-prefix-k127.yml @@ -242,6 +242,8 @@ spec: env: - name: PXC_SERVICE value: monitoring-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: my-env-var-secrets diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-no-prefix.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-no-prefix.yml index 629d1d7f07..cf2e490e7b 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-no-prefix.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy-no-prefix.yml @@ -239,6 +239,8 @@ spec: env: - name: PXC_SERVICE value: monitoring-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: my-env-var-secrets diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy.yml index 18b479409b..44e2719b39 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-haproxy.yml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 4 name: monitoring-haproxy ownerReferences: - controller: true @@ -239,6 +239,8 @@ spec: env: - name: PXC_SERVICE value: monitoring-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: my-env-var-secrets diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127-oc.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127-oc.yml index dd3fd6a8c4..ee4db078e2 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127-oc.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127-oc.yml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 4 name: monitoring-pxc ownerReferences: - controller: true diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127.yml index c11da21cbe..828af4fd02 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-k127.yml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 4 name: monitoring-pxc ownerReferences: - controller: true diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-oc.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-oc.yml index c9af8ec435..1fb62e8d5b 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-oc.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc-oc.yml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 4 name: monitoring-pxc ownerReferences: - controller: true diff --git a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc.yml b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc.yml index 121fe3f20a..11a4046909 100644 --- a/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc.yml +++ b/e2e-tests/monitoring-2-0/compare/statefulset_monitoring-pxc.yml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 4 name: monitoring-pxc ownerReferences: - controller: true diff --git a/e2e-tests/monitoring-2-0/conf/monitoring.yml b/e2e-tests/monitoring-2-0/conf/monitoring.yml index c217ecf5bc..2813085992 100644 --- a/e2e-tests/monitoring-2-0/conf/monitoring.yml +++ b/e2e-tests/monitoring-2-0/conf/monitoring.yml @@ -22,7 +22,7 @@ spec: envVarsSecret: my-env-var-secrets haproxy: enabled: true - size: 1 + size: 2 image: -haproxy resources: requests: diff --git a/e2e-tests/monitoring-2-0/run b/e2e-tests/monitoring-2-0/run index f04d0790ed..70a903f9d8 100755 --- a/e2e-tests/monitoring-2-0/run +++ b/e2e-tests/monitoring-2-0/run @@ -83,6 +83,9 @@ compare_kubectl statefulset/$cluster-haproxy "-no-prefix" desc 'apply my-env-var-secrets to add PMM_PREFIX' kubectl_bin apply -f "$test_dir/conf/envsecrets.yaml" +wait_for_generation "sts/$cluster-pxc" 3 +wait_for_generation "sts/$cluster-haproxy" 3 + desc 'add new PMM API key to secret' API_KEY_NEW=$(curl --insecure -X POST -H "Content-Type: application/json" -d '{"name":"operator-new", "role": "Admin"}' "https://admin:$ADMIN_PASSWORD@$(get_service_endpoint monitoring-service)/graph/api/auth/keys" | jq .key) kubectl_bin patch secret my-cluster-secrets --type merge --patch '{"stringData": {"pmmserverkey": '"$API_KEY_NEW"'}}' @@ -91,8 +94,9 @@ desc 'delete old PMM key' ID_API_KEY_OLD=$(curl --insecure -X GET "https://admin:$ADMIN_PASSWORD@$(get_service_endpoint monitoring-service)/graph/api/auth/keys" | jq '.[] | select( .name == "operator").id') curl --insecure -X DELETE "https://admin:$ADMIN_PASSWORD@$(get_service_endpoint monitoring-service)/graph/api/auth/keys/$ID_API_KEY_OLD" -wait_for_generation "sts/$cluster-pxc" 3 -wait_for_generation "sts/$cluster-haproxy" 3 +wait_for_generation "sts/$cluster-pxc" 4 +wait_for_generation "sts/$cluster-haproxy" 4 + sleep 10 kubectl wait pod -l 'app.kubernetes.io/managed-by=percona-xtradb-cluster-operator' --for=condition=ready --timeout=600s diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127-oc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127-oc.yml index e05fe9a893..923b854f69 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127-oc.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127-oc.yml @@ -182,7 +182,7 @@ spec: - name: ssl secret: defaultMode: 420 - optional: true + optional: false secretName: one-pod-ssl - configMap: defaultMode: 420 diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127.yml index afeb058636..daee571149 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-k127.yml @@ -183,7 +183,7 @@ spec: - name: ssl secret: defaultMode: 420 - optional: true + optional: false secretName: one-pod-ssl - configMap: defaultMode: 420 diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-oc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-oc.yml index 9893dc41da..df3aef4d16 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-oc.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-oc.yml @@ -179,7 +179,7 @@ spec: - name: ssl secret: defaultMode: 420 - optional: true + optional: false secretName: one-pod-ssl - configMap: defaultMode: 420 diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127-oc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127-oc.yml index 6966c711dd..556f7de7a5 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127-oc.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127-oc.yml @@ -182,7 +182,7 @@ spec: - name: ssl secret: defaultMode: 420 - optional: true + optional: false secretName: one-pod-ssl - configMap: defaultMode: 420 diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127.yml index c404822a48..5f157034ea 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-k127.yml @@ -183,7 +183,7 @@ spec: - name: ssl secret: defaultMode: 420 - optional: true + optional: false secretName: one-pod-ssl - configMap: defaultMode: 420 diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-oc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-oc.yml index 7ef2ed304c..895c7f20ce 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-oc.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret-oc.yml @@ -179,7 +179,7 @@ spec: - name: ssl secret: defaultMode: 420 - optional: true + optional: false secretName: one-pod-ssl - configMap: defaultMode: 420 diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret.yml index 635da6c7bc..21958bd52f 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc-secret.yml @@ -180,7 +180,7 @@ spec: - name: ssl secret: defaultMode: 420 - optional: true + optional: false secretName: one-pod-ssl - configMap: defaultMode: 420 diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc.yml index ba772520dd..547168812f 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-pxc.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-pxc.yml @@ -180,7 +180,7 @@ spec: - name: ssl secret: defaultMode: 420 - optional: true + optional: false secretName: one-pod-ssl - configMap: defaultMode: 420 diff --git a/e2e-tests/one-pod/conf/one-pod.yml b/e2e-tests/one-pod/conf/one-pod.yml index ee07e8fcbf..7a39e7eacc 100644 --- a/e2e-tests/one-pod/conf/one-pod.yml +++ b/e2e-tests/one-pod/conf/one-pod.yml @@ -4,7 +4,9 @@ metadata: name: one-pod spec: secretsName: my-cluster-secrets - allowUnsafeConfigurations: true + unsafeFlags: + pxcSize: true + proxySize: true pause: false pxc: size: 1 diff --git a/e2e-tests/one-pod/run b/e2e-tests/one-pod/run index cc0f0c28a8..cf9557b1b0 100755 --- a/e2e-tests/one-pod/run +++ b/e2e-tests/one-pod/run @@ -10,7 +10,7 @@ set_debug spinup_pxc() { local cluster=$1 local config=$2 - local size="${3:-3}" + local size="${3:-1}" desc 'create first PXC cluster' kubectl_bin apply \ @@ -19,7 +19,7 @@ spinup_pxc() { apply_config "$conf_dir/client.yml" apply_config "$config" - desc 'check if all 3 Pods started' + desc "check if all ${size} pods are started" wait_for_running "$cluster-pxc" "$size" sleep 15 diff --git a/e2e-tests/operator-self-healing-chaos/conf/operator-chaos.yml b/e2e-tests/operator-self-healing-chaos/conf/operator-chaos.yml index 8f9f4dcc56..e02af3fac9 100644 --- a/e2e-tests/operator-self-healing-chaos/conf/operator-chaos.yml +++ b/e2e-tests/operator-self-healing-chaos/conf/operator-chaos.yml @@ -24,7 +24,7 @@ spec: antiAffinityTopologyKey: none proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/pitr-gap-errors/conf/pitr-gap-errors.yml b/e2e-tests/pitr-gap-errors/conf/pitr-gap-errors.yml index 0de79ab86b..830b9aea17 100755 --- a/e2e-tests/pitr-gap-errors/conf/pitr-gap-errors.yml +++ b/e2e-tests/pitr-gap-errors/conf/pitr-gap-errors.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: pitr-gap-errors finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order # annotations: # percona.com/issue-vault-token: "true" spec: diff --git a/e2e-tests/pitr-gap-errors/conf/restore-on-pitr-minio-gap-no-pitr.yaml b/e2e-tests/pitr-gap-errors/conf/restore-on-pitr-minio-gap-no-pitr.yaml new file mode 100755 index 0000000000..15c467b54f --- /dev/null +++ b/e2e-tests/pitr-gap-errors/conf/restore-on-pitr-minio-gap-no-pitr.yaml @@ -0,0 +1,7 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBClusterRestore +metadata: + name: on-pitr-minio-gap-no-pitr +spec: + pxcCluster: pitr-gap-errors + backupName: on-pitr-minio-gap diff --git a/e2e-tests/pitr-gap-errors/run b/e2e-tests/pitr-gap-errors/run index 222c0b45a4..7154c182b6 100755 --- a/e2e-tests/pitr-gap-errors/run +++ b/e2e-tests/pitr-gap-errors/run @@ -146,6 +146,15 @@ check_binlog_gap_restore() { compare_mysql_cmd "select-gap" "SELECT * from test.gap;" "-h $cluster-pxc-1.$cluster-pxc -uroot -proot_password" compare_mysql_cmd "select-gap" "SELECT * from test.gap;" "-h $cluster-pxc-2.$cluster-pxc -uroot -proot_password" kubectl_bin delete -f "$test_dir/conf/restore-on-pitr-minio-gap-force.yaml" + elif [ "$type" == "no-pitr" ]; then + kubectl_bin apply -f $test_dir/conf/restore-on-pitr-minio-gap-no-pitr.yaml + wait_backup_restore "on-pitr-minio-gap-no-pitr" "Succeeded" + local backup_error=$(kubectl_bin get pxc-restore on-pitr-minio-gap-no-pitr -ojsonpath='{.status.comments}' | grep -c "Backup doesn't guarantee consistent recovery with PITR. Annotate PerconaXtraDBClusterRestore with percona.com/unsafe-pitr to force it.") + if [[ $backup_error -ne 0 ]]; then + echo "ERROR: Restore without PiTR is failed because backups is tagged PiTR unready in the backup condition." + kubectl_bin get pxc-backup on-pitr-minio-gap -oyaml + exit 1 + fi else echo "Wrong restore type!" exit 1 @@ -344,6 +353,7 @@ main() { check_binlog_gap_error check_binlog_gap_restore "error" check_binlog_gap_restore "force" + check_binlog_gap_restore "no-pitr" desc "done binlog gap test" invalid_binlog_test diff --git a/e2e-tests/pitr/conf/pitr.yml b/e2e-tests/pitr/conf/pitr.yml index 7eb66d62b3..fbced6e1f8 100755 --- a/e2e-tests/pitr/conf/pitr.yml +++ b/e2e-tests/pitr/conf/pitr.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: pitr finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order # annotations: # percona.com/issue-vault-token: "true" spec: diff --git a/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-haproxy-k127.yml b/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-haproxy-k127.yml index 3de08e0097..0a6dc71548 100644 --- a/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-haproxy-k127.yml +++ b/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-haproxy-k127.yml @@ -105,6 +105,8 @@ spec: value: proxy-protocol-pxc - name: IS_PROXY_PROTOCOL value: "yes" + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: proxy-protocol-env-vars-haproxy diff --git a/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-haproxy.yml b/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-haproxy.yml index 815ad55508..e091339e92 100644 --- a/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-haproxy.yml +++ b/e2e-tests/proxy-protocol/compare/statefulset_proxy-protocol-haproxy.yml @@ -102,6 +102,8 @@ spec: value: proxy-protocol-pxc - name: IS_PROXY_PROTOCOL value: "yes" + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: proxy-protocol-env-vars-haproxy diff --git a/e2e-tests/proxy-protocol/conf/proxy-protocol.yml b/e2e-tests/proxy-protocol/conf/proxy-protocol.yml index 2886276bac..2eeee3282d 100644 --- a/e2e-tests/proxy-protocol/conf/proxy-protocol.yml +++ b/e2e-tests/proxy-protocol/conf/proxy-protocol.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: proxy-protocol finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets pxc: diff --git a/e2e-tests/proxysql-sidecar-res-limits/conf/side-car.yml b/e2e-tests/proxysql-sidecar-res-limits/conf/side-car.yml index d6f0e06229..d0ea625f8e 100644 --- a/e2e-tests/proxysql-sidecar-res-limits/conf/side-car.yml +++ b/e2e-tests/proxysql-sidecar-res-limits/conf/side-car.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: side-car finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets sslSecretName: some-name-ssl @@ -27,7 +27,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql serviceType: LoadBalancer resources: diff --git a/e2e-tests/pvc-resize/conf/eks-storageclass.yml b/e2e-tests/pvc-resize/conf/eks-storageclass.yml new file mode 100644 index 0000000000..6cbe684a7d --- /dev/null +++ b/e2e-tests/pvc-resize/conf/eks-storageclass.yml @@ -0,0 +1,11 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: gp2-resizable +parameters: + fsType: ext4 + type: gp2 +provisioner: kubernetes.io/aws-ebs +reclaimPolicy: Delete +volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true diff --git a/e2e-tests/pvc-resize/conf/resourcequota.yml b/e2e-tests/pvc-resize/conf/resourcequota.yml new file mode 100644 index 0000000000..0c51e49f58 --- /dev/null +++ b/e2e-tests/pvc-resize/conf/resourcequota.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: default-storage-quota +spec: + hard: + STORAGECLASS.storageclass.storage.k8s.io/requests.storage: QUOTA \ No newline at end of file diff --git a/e2e-tests/pvc-resize/conf/some-name-eks.yml b/e2e-tests/pvc-resize/conf/some-name-eks.yml new file mode 100644 index 0000000000..6e1cce518b --- /dev/null +++ b/e2e-tests/pvc-resize/conf/some-name-eks.yml @@ -0,0 +1,83 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: some-name + finalizers: + - percona.com/delete-proxysql-pvc + - percona.com/delete-pxc-pvc + # annotations: + # percona.com/issue-vault-token: "true" +spec: + secretsName: my-cluster-secrets + vaultSecretName: some-name-vault + pause: false + pxc: + size: 3 + image: -pxc + resources: + requests: + memory: 0.1G + cpu: 100m + limits: + memory: "1G" + cpu: "1" + volumeSpec: + persistentVolumeClaim: + storageClassName: gp2-resizable + resources: + requests: + storage: 2Gi + affinity: + antiAffinityTopologyKey: "kubernetes.io/hostname" + haproxy: + enabled: true + size: 2 + image: -haproxy + resources: + requests: + memory: 0.1G + cpu: 100m + limits: + memory: 1G + cpu: 700m + affinity: + antiAffinityTopologyKey: "kubernetes.io/hostname" + logcollector: + enabled: true + image: -logcollector + pmm: + enabled: false + image: perconalab/pmm-client:1.17.1 + serverHost: monitoring-service + serverUser: pmm + backup: + image: -backup + storages: + pvc: + type: filesystem + volume: + persistentVolumeClaim: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 1Gi + aws-s3: + type: s3 + s3: + region: us-east-1 + bucket: operator-testing + credentialsSecret: aws-s3-secret + minio: + type: s3 + s3: + credentialsSecret: minio-secret + region: us-east-1 + bucket: operator-testing + endpointUrl: http://minio-service:9000/ + gcp-cs: + type: s3 + s3: + credentialsSecret: gcp-cs-secret + region: us-east-1 + bucket: operator-testing + endpointUrl: https://storage.googleapis.com diff --git a/e2e-tests/pvc-resize/conf/some-name.yml b/e2e-tests/pvc-resize/conf/some-name.yml new file mode 100644 index 0000000000..9adae8206e --- /dev/null +++ b/e2e-tests/pvc-resize/conf/some-name.yml @@ -0,0 +1,81 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: some-name + finalizers: + - percona.com/delete-pxc-pods-in-order + # annotations: + # percona.com/issue-vault-token: "true" +spec: + secretsName: my-cluster-secrets + vaultSecretName: some-name-vault + pause: false + pxc: + size: 3 + image: -pxc + resources: + requests: + memory: 0.1G + cpu: 100m + limits: + memory: "1G" + cpu: "1" + volumeSpec: + persistentVolumeClaim: + resources: + requests: + storage: 2Gi + affinity: + antiAffinityTopologyKey: "kubernetes.io/hostname" + haproxy: + enabled: true + size: 2 + image: -haproxy + resources: + requests: + memory: 0.1G + cpu: 100m + limits: + memory: 1G + cpu: 700m + affinity: + antiAffinityTopologyKey: "kubernetes.io/hostname" + logcollector: + enabled: true + image: -logcollector + pmm: + enabled: false + image: perconalab/pmm-client:1.17.1 + serverHost: monitoring-service + serverUser: pmm + backup: + image: -backup + storages: + pvc: + type: filesystem + volume: + persistentVolumeClaim: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 1Gi + aws-s3: + type: s3 + s3: + region: us-east-1 + bucket: operator-testing + credentialsSecret: aws-s3-secret + minio: + type: s3 + s3: + credentialsSecret: minio-secret + region: us-east-1 + bucket: operator-testing + endpointUrl: http://minio-service:9000/ + gcp-cs: + type: s3 + s3: + credentialsSecret: gcp-cs-secret + region: us-east-1 + bucket: operator-testing + endpointUrl: https://storage.googleapis.com diff --git a/e2e-tests/pvc-resize/run b/e2e-tests/pvc-resize/run index 3d72186ffa..6412a99670 100755 --- a/e2e-tests/pvc-resize/run +++ b/e2e-tests/pvc-resize/run @@ -5,39 +5,174 @@ set -o errexit test_dir=$(realpath $(dirname $0)) . ${test_dir}/../functions +function patch_pvc_request() { + local cluster=$1 + local size=$2 + + echo "Patching PVC request to ${size} in ${cluster}" + + kubectl_bin patch pxc ${cluster} --type=json -p='[{"op": "replace", "path": "/spec/pxc/volumeSpec/persistentVolumeClaim/resources/requests/storage", "value":"'"${size}"'"}]' +} + +function get_default_storageclass() { + kubectl_bin get sc -o jsonpath='{.items[?(@.metadata.annotations.storageclass\.kubernetes\.io/is-default-class=="true")].metadata.name}' +} + +function ensure_default_sc_allows_expansion() { + local default_sc=$(get_default_storageclass) + + echo "Checking if default storageclass ${default_sc} allows volume expansion" + + local allowVolumeExpansion=$(kubectl_bin get sc -o jsonpath='{.items[?(@.metadata.name=="'"${default_sc}"'")].allowVolumeExpansion}') + + if [[ "${allowVolumeExpansion}" != "true" ]]; then + echo "Default storageclass ${default_sc} does not allow volume expansion" + exit 0 + fi +} + +function apply_resourcequota() { + local quota=$1 + local default_sc=$(get_default_storageclass) + + echo "Applying resourcequota for default storageclass ${default_sc} with quota ${quota}" + + cat ${test_dir}/conf/resourcequota.yml | + sed "s/STORAGECLASS/${default_sc}/" | + sed "s/QUOTA/${quota}/" | + kubectl_bin apply -f - +} + +function wait_cluster_status() { + local cluster=$1 + local expected=$2 + + echo -n "Waiting for pxc/${cluster} status to be ${expected}" + until [[ $(kubectl_bin get pxc ${cluster} -o jsonpath='{.status.state}') == ${expected} ]]; do + if [[ $retry -ge 60 ]]; then + echo + echo "pxc/${cluster} did not reach ${expected} status, max retries exceeded" + exit 1 + fi + echo -n "." + sleep 5 + + retry=$((retry + 1)) + done + + echo + echo "pxc/${cluster} status is ${expected}" +} + set_debug -if [[ $EKS == 1 ]]; then - echo "Skip the test. We don't run it for EKS." - exit 0 +if [ "$EKS" == 1 ]; then + echo "EKS environment detected, creating storageclass for EBS volumes" + kubectl_bin apply -f ${test_dir}/conf/eks-storageclass.yml +else + ensure_default_sc_allows_expansion fi create_infra ${namespace} desc 'create first PXC cluster' cluster="some-name" -spinup_pxc "${cluster}" "$conf_dir/$cluster.yml" "3" "10" "${conf_dir}/secrets.yml" -kubectl_bin patch pxc "$cluster" --type=merge --patch '{ - "spec": { "pxc": { "volumeSpec": { "persistentVolumeClaim": { "resources": { "requests": { "storage": "4Gi" } } } } } } -}' +if [ "$EKS" == 1 ]; then + spinup_pxc "${cluster}" "$test_dir/conf/$cluster-eks.yml" "3" "10" "${conf_dir}/secrets.yml" +else + spinup_pxc "${cluster}" "$test_dir/conf/$cluster.yml" "3" "10" "${conf_dir}/secrets.yml" +fi + +desc "test scaling" + +patch_pvc_request "${cluster}" "3Gi" wait_cluster_consistency "$cluster" 3 2 for pvc in $(kubectl_bin get pvc -l app.kubernetes.io/component=pxc -o name); do retry=0 - until [[ $(kubectl_bin get ${pvc} -o jsonpath={.status.capacity.storage}) == "4Gi" ]]; do + echo -n "Waiting for ${pvc} to be resized" + until [[ $(kubectl_bin get ${pvc} -o jsonpath={.status.capacity.storage}) == "3Gi" ]]; do if [[ $retry -ge 60 ]]; then - echo "PVC ${pvc} was not resized, max retries exceeded" + echo + echo "pvc/${pvc} was not resized, max retries exceeded" exit 1 fi - echo "Waiting for PVC ${pvc} to be resized" + echo -n "." sleep 5 retry=$((retry + 1)) done - echo "PVC ${pvc} was resized" + echo + echo "${pvc} was resized" done +if [ "$EKS" == 1 ]; then + # EKS rate limits PVC expansion for the same EBS volume (1 expand operation in every 6 hours), + # so we need to delete and recreate the cluster + echo "Deleting and recreating PXC cluster ${cluster}" + kubectl_bin delete pxc ${cluster} + spinup_pxc "${cluster}" "$test_dir/conf/$cluster-eks.yml" "3" "10" "${conf_dir}/secrets.yml" +fi + +desc 'create resourcequota' + +# We're setting the quota to 12Gi, so we can only resize the first PVC to 4Gi +# the others should fail to resize due to the exceeded quota but operator should +# handle the error and keep the cluster ready +apply_resourcequota 10Gi +patch_pvc_request "${cluster}" "4Gi" +wait_cluster_consistency "$cluster" 3 2 +echo + +echo -n "Waiting for pvc/datadir-some-name-pxc-0 to be resized" +until [[ $(kubectl_bin get pvc datadir-some-name-pxc-0 -o jsonpath={.status.capacity.storage}) == "4Gi" ]]; do + if [[ $retry -ge 60 ]]; then + echo + echo "pvc/datadir-some-name-pxc-0 was not resized, max retries exceeded" + exit 1 + fi + echo -n "." + sleep 5 + + retry=$((retry + 1)) +done +echo +echo "pvc/datadir-some-name-pxc-0 was resized" + +# We're setting the quota to 16Gi, so we can resize all PVCs to 4Gi +apply_resourcequota 12Gi +patch_pvc_request "${cluster}" "4Gi" +wait_cluster_consistency "$cluster" 3 2 +echo +for pvc in $(kubectl_bin get pvc -l app.kubernetes.io/component=pxc -o name); do + retry=0 + echo -n "Waiting for pvc/${pvc} to be resized" + until [[ $(kubectl_bin get ${pvc} -o jsonpath={.status.capacity.storage}) == "4Gi" ]]; do + if [[ $retry -ge 60 ]]; then + echo + echo "pvc/${pvc} was not resized, max retries exceeded" + exit 1 + fi + echo -n "." + sleep 5 + + retry=$((retry + 1)) + done + echo + echo "pvc/${pvc} was resized" +done + +desc "test downscale" + +# operator shouldn't try to downscale the PVCs and set status to error +patch_pvc_request "${cluster}" "1Gi" +wait_cluster_status ${cluster} "error" + +# user should be able to restore to the previous size and make the cluster ready +patch_pvc_request "${cluster}" "4Gi" +wait_cluster_status ${cluster} "ready" + destroy "${namespace}" -desc "test passed" \ No newline at end of file +desc "test passed" diff --git a/e2e-tests/scaling-proxysql/conf/scaling-proxysql.yml b/e2e-tests/scaling-proxysql/conf/scaling-proxysql.yml index 822502ad9c..864e8fccc5 100644 --- a/e2e-tests/scaling-proxysql/conf/scaling-proxysql.yml +++ b/e2e-tests/scaling-proxysql/conf/scaling-proxysql.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: scaling-proxysql finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets sslSecretName: some-name-ssl @@ -26,7 +26,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/scaling-proxysql/run b/e2e-tests/scaling-proxysql/run index 0b4f36e796..769f047e3c 100755 --- a/e2e-tests/scaling-proxysql/run +++ b/e2e-tests/scaling-proxysql/run @@ -13,9 +13,9 @@ cluster="scaling-proxysql" spinup_pxc "$cluster" "$test_dir/conf/${cluster}.yml" desc 'scale up from 1 to 3' -cat_config "$test_dir/conf/$cluster.yml" \ - | sed -e 's/size: 1/size: 3/' \ - | kubectl_bin apply -f- +cat_config "$test_dir/conf/$cluster.yml" | + sed -e 's/size: 2/size: 3/' | + kubectl_bin apply -f- desc 'check if all 3 Pods started' wait_for_running $cluster-proxysql 3 @@ -29,24 +29,24 @@ desc 'check new Pods exists in ProxySQL' pod0=$cluster-proxysql-0 pod1=$cluster-proxysql-1 pod2=$cluster-proxysql-2 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-0" \ - | grep $pod0 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-0" \ - | grep $pod1 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-0" \ - | grep $pod2 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-1" \ - | grep $pod0 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-1" \ - | grep $pod1 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-1" \ - | grep $pod2 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-2" \ - | grep $pod0 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-2" \ - | grep $pod1 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-2" \ - | grep $pod2 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-0" | + grep $pod0 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-0" | + grep $pod1 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-0" | + grep $pod2 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-1" | + grep $pod0 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-1" | + grep $pod1 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-1" | + grep $pod2 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-2" | + grep $pod0 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-2" | + grep $pod1 +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-2" | + grep $pod2 desc 'scale down from 3 to 1' apply_config $test_dir/conf/$cluster.yml @@ -59,8 +59,8 @@ compare_kubectl pvc/proxydata-$cluster-proxysql-2 desc 'check if Pod deleted from ProxySQL' sleep 30 -run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-0" \ - | (grep $pod2 && exit 1 || :) +run_mysql_local 'SELECT hostname FROM runtime_proxysql_servers;' "-h127.0.0.1 -P6032 -uproxyadmin -padmin_password" "$cluster-proxysql-0" | + (grep $pod2 && exit 1 || :) destroy $namespace desc "test passed" diff --git a/e2e-tests/scaling/conf/scaling.yml b/e2e-tests/scaling/conf/scaling.yml index 6126589bef..d2273b355b 100644 --- a/e2e-tests/scaling/conf/scaling.yml +++ b/e2e-tests/scaling/conf/scaling.yml @@ -22,7 +22,7 @@ spec: antiAffinityTopologyKey: none proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-pvc-k129.yml b/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-pvc-k129.yml index 15984702d3..9407c1f58a 100644 --- a/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-pvc-k129.yml +++ b/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-pvc-k129.yml @@ -62,6 +62,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /backup name: xtrabackup - mountPath: /etc/mysql/ssl @@ -71,6 +73,19 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -83,6 +98,8 @@ spec: serviceAccountName: percona-xtradb-cluster-operator-workload terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: xtrabackup persistentVolumeClaim: claimName: xb-on-demand-backup-pvc diff --git a/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-pvc.yml b/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-pvc.yml index a65cc89e75..28fd47dcd5 100644 --- a/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-pvc.yml +++ b/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-pvc.yml @@ -61,6 +61,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /backup name: xtrabackup - mountPath: /etc/mysql/ssl @@ -70,6 +72,19 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -82,6 +97,8 @@ spec: serviceAccountName: percona-xtradb-cluster-operator-workload terminationGracePeriodSeconds: 30 volumes: + - emptyDir: {} + name: bin - name: xtrabackup persistentVolumeClaim: claimName: xb-on-demand-backup-pvc diff --git a/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-s3-k129.yml b/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-s3-k129.yml index cf2f977ba1..65af78f8df 100644 --- a/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-s3-k129.yml +++ b/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-s3-k129.yml @@ -78,6 +78,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -85,6 +87,19 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -107,6 +122,8 @@ spec: topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-s3.yml b/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-s3.yml index 67f699cc5a..a884cbfcb2 100644 --- a/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-s3.yml +++ b/e2e-tests/security-context/compare/job.batch_xb-on-demand-backup-s3.yml @@ -77,6 +77,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - mountPath: /opt/percona + name: bin - mountPath: /etc/mysql/ssl name: ssl - mountPath: /etc/mysql/ssl-internal @@ -84,6 +86,19 @@ spec: - mountPath: /etc/mysql/vault-keyring-secret name: vault-keyring-secret dnsPolicy: ClusterFirst + initContainers: + - command: + - /backup-init-entrypoint.sh + imagePullPolicy: Always + name: backup-init + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/percona + name: bin restartPolicy: Never schedulerName: default-scheduler securityContext: @@ -106,6 +121,8 @@ spec: topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway volumes: + - emptyDir: {} + name: bin - name: ssl secret: defaultMode: 420 diff --git a/e2e-tests/security-context/conf/sec-context-changes.yml b/e2e-tests/security-context/conf/sec-context-changes.yml index edce3483c0..ff904c9f3c 100644 --- a/e2e-tests/security-context/conf/sec-context-changes.yml +++ b/e2e-tests/security-context/conf/sec-context-changes.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: sec-context finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets sslSecretName: some-name-ssl @@ -50,7 +50,7 @@ spec: runAsUser: 1001 runAsGroup: 1001 supplementalGroups: [1001] - size: 1 + size: 2 image: -proxysql serviceAccountName: percona-xtradb-cluster-operator-workload resources: diff --git a/e2e-tests/security-context/conf/sec-context.yml b/e2e-tests/security-context/conf/sec-context.yml index aaf2a9c4ad..9167c0b287 100644 --- a/e2e-tests/security-context/conf/sec-context.yml +++ b/e2e-tests/security-context/conf/sec-context.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: sec-context finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets sslSecretName: some-name-ssl @@ -40,7 +40,7 @@ spec: podSecurityContext: runAsUser: 1001 fsGroup: 1001 - size: 1 + size: 2 image: -proxysql serviceAccountName: percona-xtradb-cluster-operator-workload resources: diff --git a/e2e-tests/self-healing-advanced-chaos/conf/self-healing-advanced.yml b/e2e-tests/self-healing-advanced-chaos/conf/self-healing-advanced.yml index e03394b405..a3cbd8714c 100644 --- a/e2e-tests/self-healing-advanced-chaos/conf/self-healing-advanced.yml +++ b/e2e-tests/self-healing-advanced-chaos/conf/self-healing-advanced.yml @@ -26,7 +26,7 @@ spec: topologyKey: kubernetes.io/hostname proxysql: enabled: true - size: 1 + size: 2 image: -proxysql volumeSpec: persistentVolumeClaim: diff --git a/e2e-tests/smart-update1/conf/smart-update-haproxy.yml b/e2e-tests/smart-update1/conf/smart-update-haproxy.yml index c1d101bb44..5d36197559 100644 --- a/e2e-tests/smart-update1/conf/smart-update-haproxy.yml +++ b/e2e-tests/smart-update1/conf/smart-update-haproxy.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: smart-update finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: crVersion: 9.9.9 updateStrategy: SmartUpdate @@ -32,7 +32,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: false - size: 1 + size: 2 image: -proxysql resources: requests: @@ -50,7 +50,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" haproxy: enabled: true - size: 1 + size: 2 image: -haproxy resources: requests: diff --git a/e2e-tests/smart-update1/conf/smart-update-version-service-reachable.yml b/e2e-tests/smart-update1/conf/smart-update-version-service-reachable.yml index c1d101bb44..5d36197559 100644 --- a/e2e-tests/smart-update1/conf/smart-update-version-service-reachable.yml +++ b/e2e-tests/smart-update1/conf/smart-update-version-service-reachable.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: smart-update finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: crVersion: 9.9.9 updateStrategy: SmartUpdate @@ -32,7 +32,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: false - size: 1 + size: 2 image: -proxysql resources: requests: @@ -50,7 +50,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" haproxy: enabled: true - size: 1 + size: 2 image: -haproxy resources: requests: diff --git a/e2e-tests/smart-update1/conf/smart-update-version-service-unreachable.yml b/e2e-tests/smart-update1/conf/smart-update-version-service-unreachable.yml index 245672de2f..f26dfca4c8 100644 --- a/e2e-tests/smart-update1/conf/smart-update-version-service-unreachable.yml +++ b/e2e-tests/smart-update1/conf/smart-update-version-service-unreachable.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: smart-update finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: crVersion: 9.9.9 updateStrategy: SmartUpdate @@ -32,7 +32,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: false - size: 1 + size: 2 image: -proxysql resources: requests: @@ -50,7 +50,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" haproxy: enabled: true - size: 1 + size: 2 image: -haproxy resources: requests: diff --git a/e2e-tests/smart-update1/conf/smart-update.yml b/e2e-tests/smart-update1/conf/smart-update.yml index 0d7dcf6fe3..fa58e6e869 100644 --- a/e2e-tests/smart-update1/conf/smart-update.yml +++ b/e2e-tests/smart-update1/conf/smart-update.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: smart-update finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: crVersion: 9.9.9 updateStrategy: SmartUpdate @@ -32,7 +32,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/smart-update2/conf/smart-update-haproxy.yml b/e2e-tests/smart-update2/conf/smart-update-haproxy.yml index c1d101bb44..5d36197559 100644 --- a/e2e-tests/smart-update2/conf/smart-update-haproxy.yml +++ b/e2e-tests/smart-update2/conf/smart-update-haproxy.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: smart-update finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: crVersion: 9.9.9 updateStrategy: SmartUpdate @@ -32,7 +32,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: false - size: 1 + size: 2 image: -proxysql resources: requests: @@ -50,7 +50,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" haproxy: enabled: true - size: 1 + size: 2 image: -haproxy resources: requests: diff --git a/e2e-tests/smart-update2/conf/smart-update-version-service-reachable.yml b/e2e-tests/smart-update2/conf/smart-update-version-service-reachable.yml index c1d101bb44..5d36197559 100644 --- a/e2e-tests/smart-update2/conf/smart-update-version-service-reachable.yml +++ b/e2e-tests/smart-update2/conf/smart-update-version-service-reachable.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: smart-update finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: crVersion: 9.9.9 updateStrategy: SmartUpdate @@ -32,7 +32,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: false - size: 1 + size: 2 image: -proxysql resources: requests: @@ -50,7 +50,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" haproxy: enabled: true - size: 1 + size: 2 image: -haproxy resources: requests: diff --git a/e2e-tests/smart-update2/conf/smart-update-version-service-unreachable.yml b/e2e-tests/smart-update2/conf/smart-update-version-service-unreachable.yml index 245672de2f..f26dfca4c8 100644 --- a/e2e-tests/smart-update2/conf/smart-update-version-service-unreachable.yml +++ b/e2e-tests/smart-update2/conf/smart-update-version-service-unreachable.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: smart-update finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: crVersion: 9.9.9 updateStrategy: SmartUpdate @@ -32,7 +32,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: false - size: 1 + size: 2 image: -proxysql resources: requests: @@ -50,7 +50,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" haproxy: enabled: true - size: 1 + size: 2 image: -haproxy resources: requests: diff --git a/e2e-tests/smart-update2/conf/smart-update.yml b/e2e-tests/smart-update2/conf/smart-update.yml index 0d7dcf6fe3..fa58e6e869 100644 --- a/e2e-tests/smart-update2/conf/smart-update.yml +++ b/e2e-tests/smart-update2/conf/smart-update.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: smart-update finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: crVersion: 9.9.9 updateStrategy: SmartUpdate @@ -32,7 +32,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: true - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/smart-update2/run b/e2e-tests/smart-update2/run index bc8dcb051b..dc1a84f132 100755 --- a/e2e-tests/smart-update2/run +++ b/e2e-tests/smart-update2/run @@ -173,7 +173,7 @@ function check_telemetry_transfer() { [[ -s ${tmp_dir}/disabled_telemetry.version-service.log.json ]] && exit 1 fi - kubectl_bin patch pxc minimal-cluster --type=merge -p '{"metadata":{"finalizers":["delete-pxc-pvc"]}}' + kubectl_bin patch pxc minimal-cluster --type=merge -p '{"metadata":{"finalizers":["percona.com/delete-pxc-pvc"]}}' kubectl_bin delete pod ${OPERATOR_NS:+-n $OPERATOR_NS} "$(get_operator_pod)" kubectl_bin delete pxc --all kubectl_bin delete deploy pxc-client diff --git a/e2e-tests/storage/conf/emptydir.yml b/e2e-tests/storage/conf/emptydir.yml index 98a22e5858..af2c8817bc 100644 --- a/e2e-tests/storage/conf/emptydir.yml +++ b/e2e-tests/storage/conf/emptydir.yml @@ -15,7 +15,7 @@ spec: ephemeral-storage: 1G proxysql: enabled: true - size: 1 + size: 2 image: -proxysql volumeSpec: emptyDir: {} diff --git a/e2e-tests/storage/conf/hostpath.yml b/e2e-tests/storage/conf/hostpath.yml index b2ae8fac51..4e638d9e65 100644 --- a/e2e-tests/storage/conf/hostpath.yml +++ b/e2e-tests/storage/conf/hostpath.yml @@ -20,7 +20,7 @@ spec: supplementalGroups: [1001] proxysql: enabled: true - size: 1 + size: 2 image: -proxysql volumeSpec: hostPath: diff --git a/e2e-tests/tls-issue-cert-manager-ref/conf/some-name-tls-issueref.yml b/e2e-tests/tls-issue-cert-manager-ref/conf/some-name-tls-issueref.yml index 2ec01b2d2f..ea1d1531e1 100644 --- a/e2e-tests/tls-issue-cert-manager-ref/conf/some-name-tls-issueref.yml +++ b/e2e-tests/tls-issue-cert-manager-ref/conf/some-name-tls-issueref.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: some-name-tls-issueref finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: tls: SANs: diff --git a/e2e-tests/tls-issue-cert-manager-ref/run b/e2e-tests/tls-issue-cert-manager-ref/run index ae6744d652..5bc9baa12b 100755 --- a/e2e-tests/tls-issue-cert-manager-ref/run +++ b/e2e-tests/tls-issue-cert-manager-ref/run @@ -11,7 +11,6 @@ main() { create_infra $namespace cluster="some-name-tls-issueref" - desc 'deploy cert manager' deploy_cert_manager desc 'create issuer' diff --git a/e2e-tests/tls-issue-cert-manager/conf/some-name-tls-issue-haproxy.yml b/e2e-tests/tls-issue-cert-manager/conf/some-name-tls-issue-haproxy.yml index e40a1c6b15..b258645407 100644 --- a/e2e-tests/tls-issue-cert-manager/conf/some-name-tls-issue-haproxy.yml +++ b/e2e-tests/tls-issue-cert-manager/conf/some-name-tls-issue-haproxy.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: some-name-tls-issue finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: tls: SANs: @@ -30,7 +30,7 @@ spec: antiAffinityTopologyKey: "kubernetes.io/hostname" proxysql: enabled: false - size: 1 + size: 2 image: -proxysql resources: requests: diff --git a/e2e-tests/tls-issue-cert-manager/conf/some-name-tls-issue.yml b/e2e-tests/tls-issue-cert-manager/conf/some-name-tls-issue.yml index 0c1dbb7213..84700992ea 100644 --- a/e2e-tests/tls-issue-cert-manager/conf/some-name-tls-issue.yml +++ b/e2e-tests/tls-issue-cert-manager/conf/some-name-tls-issue.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: some-name-tls-issue finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: tls: SANs: @@ -48,7 +48,7 @@ spec: storage: 2Gi haproxy: enabled: false - size: 1 + size: 2 image: -haproxy resources: requests: diff --git a/e2e-tests/tls-issue-cert-manager/run b/e2e-tests/tls-issue-cert-manager/run index d21c4591c4..81c9afb0a3 100755 --- a/e2e-tests/tls-issue-cert-manager/run +++ b/e2e-tests/tls-issue-cert-manager/run @@ -21,7 +21,6 @@ main() { create_infra $namespace cluster="some-name-tls-issue" - desc 'deploy cert manager' deploy_cert_manager desc 'create pxc cluster' diff --git a/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-haproxy-k127.yml b/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-haproxy-k127.yml index dce4cb9cd6..56b52c3538 100644 --- a/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-haproxy-k127.yml +++ b/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-haproxy-k127.yml @@ -112,6 +112,8 @@ spec: env: - name: PXC_SERVICE value: upgrade-haproxy-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: upgrade-haproxy-env-vars-haproxy diff --git a/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-haproxy.yml b/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-haproxy.yml index c214970ab4..0ac89ea985 100644 --- a/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-haproxy.yml +++ b/e2e-tests/upgrade-haproxy/compare/statefulset_upgrade-haproxy-haproxy.yml @@ -109,6 +109,8 @@ spec: env: - name: PXC_SERVICE value: upgrade-haproxy-pxc + - name: REPLICAS_SVC_ONLY_READERS + value: "false" envFrom: - secretRef: name: upgrade-haproxy-env-vars-haproxy diff --git a/e2e-tests/users/compare/select-2.sql b/e2e-tests/users/compare/select-2.sql index d41773703b..bea26c472e 100644 --- a/e2e-tests/users/compare/select-2.sql +++ b/e2e-tests/users/compare/select-2.sql @@ -12,6 +12,7 @@ mysql_query_rules mysql_query_rules_fast_routing mysql_replication_hostgroups mysql_servers +mysql_servers_ssl_params mysql_users proxysql_servers restapi_routes @@ -29,6 +30,7 @@ runtime_mysql_query_rules runtime_mysql_query_rules_fast_routing runtime_mysql_replication_hostgroups runtime_mysql_servers +runtime_mysql_servers_ssl_params runtime_mysql_users runtime_proxysql_servers runtime_restapi_routes diff --git a/e2e-tests/users/conf/some-name.yml b/e2e-tests/users/conf/some-name.yml index 3ff0cd9c56..ce30c6c6b7 100644 --- a/e2e-tests/users/conf/some-name.yml +++ b/e2e-tests/users/conf/some-name.yml @@ -3,7 +3,7 @@ kind: PerconaXtraDBCluster metadata: name: some-name finalizers: - - delete-pxc-pods-in-order + - percona.com/delete-pxc-pods-in-order spec: secretsName: my-cluster-secrets vaultSecretName: some-name-vault diff --git a/e2e-tests/users/run b/e2e-tests/users/run index da6d9e5431..723df7353b 100755 --- a/e2e-tests/users/run +++ b/e2e-tests/users/run @@ -135,10 +135,21 @@ newpassencrypted=$(echo -n "$newpass" | base64) apply_config "$test_dir/conf/some-name.yml" sleep 15 wait_cluster_consistency "$cluster" 3 3 +if [[ $IMAGE_PXC =~ 5\.7 ]]; then + check_generation "2" "haproxy" "${cluster}" +else + check_generation "1" "haproxy" "${cluster}" +fi patch_secret "my-cluster-secrets" "monitor" "$newpassencrypted" sleep 15 wait_cluster_consistency "$cluster" 3 3 compare_mysql_cmd "select-3" "SHOW DATABASES;" "-h $cluster-haproxy -umonitor -p'$newpass'" +if [[ $IMAGE_PXC =~ 5\.7 ]]; then + check_generation "3" "haproxy" "${cluster}" +else + check_generation "1" "haproxy" "${cluster}" +fi + destroy "${namespace}" desc "test passed" diff --git a/e2e-tests/validation-hook/conf/cr-simple.yaml b/e2e-tests/validation-hook/conf/cr-simple.yaml index 47f4b9e4cb..91ba587dff 100644 --- a/e2e-tests/validation-hook/conf/cr-simple.yaml +++ b/e2e-tests/validation-hook/conf/cr-simple.yaml @@ -3,9 +3,11 @@ kind: PerconaXtraDBCluster metadata: name: simple-pxc spec: - crVersion: 1.10.0 + crVersion: 1.15.0 secretsName: simple-dev-secrets - allowUnsafeConfigurations: true + unsafeFlags: + pxcSize: true + proxySize: true enableCRValidationWebhook: true haproxy: diff --git a/e2e-tests/validation-hook/conf/cr-with-haproxy-and-proxysql.yaml b/e2e-tests/validation-hook/conf/cr-with-haproxy-and-proxysql.yaml index b5ee27225e..ab79c59e6e 100644 --- a/e2e-tests/validation-hook/conf/cr-with-haproxy-and-proxysql.yaml +++ b/e2e-tests/validation-hook/conf/cr-with-haproxy-and-proxysql.yaml @@ -3,13 +3,13 @@ kind: PerconaXtraDBCluster metadata: name: cluster1 finalizers: - - delete-pxc-pods-in-order -# - delete-proxysql-pvc -# - delete-pxc-pvc + - percona.com/delete-pxc-pods-in-order +# - percona.com/delete-proxysql-pvc +# - percona.com/delete-pxc-pvc # annotations: # percona.com/issue-vault-token: "true" spec: - crVersion: 1.10.0 + crVersion: 1.15.0 secretsName: my-cluster-secrets vaultSecretName: keyring-secret-vault sslSecretName: my-cluster-ssl @@ -24,7 +24,6 @@ spec: # name: special-selfsigned-issuer # kind: ClusterIssuer # group: cert-manager.io - allowUnsafeConfigurations: false # pause: false updateStrategy: SmartUpdate upgradeOptions: diff --git a/e2e-tests/validation-hook/conf/cr-with-invalid-version.yaml b/e2e-tests/validation-hook/conf/cr-with-invalid-version.yaml index ce700b8032..5a4d8c2116 100644 --- a/e2e-tests/validation-hook/conf/cr-with-invalid-version.yaml +++ b/e2e-tests/validation-hook/conf/cr-with-invalid-version.yaml @@ -10,13 +10,13 @@ spec: haproxy: image: perconalab/percona-xtradb-cluster-operator:main-haproxy - size: 1 + size: 2 enabled: true replicasServiceEnabled: false pxc: image: percona/percona-xtradb-cluster:8.0 - size: 1 + size: 3 forceUnsafeBootstrap: false volumeSpec: persistentVolumeClaim: diff --git a/e2e-tests/validation-hook/conf/cr-with-no-storage.yaml b/e2e-tests/validation-hook/conf/cr-with-no-storage.yaml index f6d31a70e1..3969554e0e 100644 --- a/e2e-tests/validation-hook/conf/cr-with-no-storage.yaml +++ b/e2e-tests/validation-hook/conf/cr-with-no-storage.yaml @@ -26,7 +26,7 @@ spec: antiAffinityTopologyKey: none proxysql: enabled: true - size: 1 + size: 2 image: -proxysql # volumeSpec: # emptyDir: {} diff --git a/e2e-tests/validation-hook/conf/cr-with-too-long-name.yaml b/e2e-tests/validation-hook/conf/cr-with-too-long-name.yaml index 882bb38a23..6a2c256204 100644 --- a/e2e-tests/validation-hook/conf/cr-with-too-long-name.yaml +++ b/e2e-tests/validation-hook/conf/cr-with-too-long-name.yaml @@ -3,9 +3,9 @@ kind: PerconaXtraDBCluster metadata: name: cluster1fdsafdsfasgasdfdsafdsageafeawfaw finalizers: - - delete-pxc-pods-in-order -# - delete-proxysql-pvc -# - delete-pxc-pvc + - percona.com/delete-pxc-pods-in-order +# - percona.com/delete-proxysql-pvc +# - percona.com/delete-pxc-pvc # annotations: # percona.com/issue-vault-token: "true" spec: diff --git a/go.mod b/go.mod index 6dc22cdac3..e8d1cfa3d1 100644 --- a/go.mod +++ b/go.mod @@ -1,49 +1,52 @@ module github.com/percona/percona-xtradb-cluster-operator -go 1.21 +go 1.22.0 + +toolchain go1.22.2 require ( - github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.1 + github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 github.com/Percona-Lab/percona-version-service/api v0.0.0-20201216104127-a39f2dded3cc github.com/caarlos0/env v3.5.0+incompatible - github.com/cert-manager/cert-manager v1.14.4 + github.com/cert-manager/cert-manager v1.15.1 github.com/flosch/pongo2/v6 v6.0.0 github.com/go-ini/ini v1.67.0 - github.com/go-logr/logr v1.4.1 + github.com/go-logr/logr v1.4.2 github.com/go-logr/zapr v1.3.0 github.com/go-openapi/errors v0.22.0 github.com/go-openapi/runtime v0.28.0 github.com/go-openapi/strfmt v0.23.0 github.com/go-openapi/swag v0.23.0 github.com/go-openapi/validate v0.24.0 - github.com/go-sql-driver/mysql v1.7.1 + github.com/go-sql-driver/mysql v1.8.1 github.com/google/go-cmp v0.6.0 - github.com/hashicorp/go-version v1.6.0 - github.com/minio/minio-go/v7 v7.0.67 - github.com/onsi/ginkgo/v2 v2.15.0 - github.com/onsi/gomega v1.31.1 + github.com/hashicorp/go-version v1.7.0 + github.com/minio/minio-go/v7 v7.0.73 + github.com/onsi/ginkgo/v2 v2.19.0 + github.com/onsi/gomega v1.33.1 github.com/pkg/errors v0.9.1 github.com/robfig/cron/v3 v3.0.1 go.uber.org/zap v1.27.0 - golang.org/x/sync v0.6.0 - k8s.io/api v0.29.3 - k8s.io/apimachinery v0.29.3 - k8s.io/client-go v0.29.3 - k8s.io/klog/v2 v2.120.1 - sigs.k8s.io/controller-runtime v0.17.2 + golang.org/x/sync v0.7.0 + k8s.io/api v0.30.2 + k8s.io/apimachinery v0.30.2 + k8s.io/client-go v0.30.2 + k8s.io/klog/v2 v2.130.1 + sigs.k8s.io/controller-runtime v0.18.4 ) require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + filippo.io/edwards25519 v1.1.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dustin/go-humanize v1.0.1 // indirect - github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/evanphx/json-patch v5.7.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.23.0 // indirect @@ -51,24 +54,23 @@ require ( github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/loads v0.22.0 // indirect github.com/go-openapi/spec v0.21.0 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect + github.com/goccy/go-json v0.10.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20211214055906-6f57359322fd // indirect + github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/websocket v1.5.0 // indirect + github.com/gorilla/websocket v1.5.1 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.4 // indirect - github.com/klauspost/cpuid/v2 v2.2.6 // indirect + github.com/klauspost/compress v1.17.9 // indirect + github.com/klauspost/cpuid/v2 v2.2.8 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/minio/md5-simd v1.1.2 // indirect - github.com/minio/sha256-simd v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/spdystream v0.2.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -78,38 +80,34 @@ require ( github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.45.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.46.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/rs/xid v1.5.0 // indirect - github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/pflag v1.0.5 // indirect go.mongodb.org/mongo-driver v1.14.0 // indirect - go.opentelemetry.io/otel v1.24.0 // indirect - go.opentelemetry.io/otel/metric v1.24.0 // indirect - go.opentelemetry.io/otel/trace v1.24.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.18.0 // indirect - golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect - golang.org/x/net v0.20.0 // indirect - golang.org/x/oauth2 v0.15.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.16.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/crypto v0.24.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.16.1 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.29.0 // indirect - k8s.io/component-base v0.29.0 // indirect - k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect - sigs.k8s.io/gateway-api v1.0.0 // indirect + k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/go.sum b/go.sum index 2dfa2eac67..cc5cba0ad3 100644 --- a/go.sum +++ b/go.sum @@ -1,15 +1,17 @@ -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 h1:c4k2FIYIh4xtwqrQwV0Ct1v5+ehlNXj5NI/MWVsiTkQ= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2/go.mod h1:5FDJtLEO/GxwNgUxbwrY3LP0pEoThTQJtk2oysdXHxM= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0 h1:AifHbc4mg0x9zW52WOpKbsHaDKuRhlI7TVl47thgQ70= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0/go.mod h1:T5RfihdXtBDxt1Ch2wobif3TvzTdumDy29kahv6AV9A= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.1 h1:fXPMAmuh0gDuRDey0atC8cXBuKIlqCzCkL8sm1n9Ov0= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.1/go.mod h1:SUZc9YRRHfx2+FAQKNDGrssXehqLpxmwRv2mC/5ntj4= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 h1:YUUxeiOWgdAQE3pXt2H7QXzZs0q8UBjgRbl56qo8GYM= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2/go.mod h1:dmXQgZuiSubAecswZE+Sm8jkvEa7kQgTPVRvwL/nd0E= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/Percona-Lab/percona-version-service/api v0.0.0-20201216104127-a39f2dded3cc h1:Teed8lKNzSXdHZCd8HhOJVNptRyShOdsul5w6656IVE= github.com/Percona-Lab/percona-version-service/api v0.0.0-20201216104127-a39f2dded3cc/go.mod h1:QDbZ+DHh0CkTHN6LRkMQd1pEl3b30EaNZ9FA97Mb3TA= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -20,27 +22,22 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/caarlos0/env v3.5.0+incompatible h1:Yy0UN8o9Wtr/jGHZDpCBLpNrzcFLLM2yixi/rBrKyJs= github.com/caarlos0/env v3.5.0+incompatible/go.mod h1:tdCsowwCzMLdkqRYDlHpZCp2UooDD3MspDBjZ2AD02Y= -github.com/cert-manager/cert-manager v1.14.4 h1:DLXIZHx3jhkViYfobXo+N7/od/oj4YgG6AJw4ORJnYs= -github.com/cert-manager/cert-manager v1.14.4/go.mod h1:d+CBeRu5MbpHTfXkkiiamUhnfdvhbThoOPwilU4UM98= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/cert-manager/cert-manager v1.15.1 h1:HSG4k2GlJ2YgTLkZfQzrArNaQpM9+ehDDg550IxAD94= +github.com/cert-manager/cert-manager v1.15.1/go.mod h1:p98JoGv3J9JhdKU9ngsj2EhWGI6/GlU7kpjWu5lf2js= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= -github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= -github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= -github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/flosch/pongo2/v6 v6.0.0 h1:lsGru8IAzHgIAw6H2m4PCyleO58I40ow6apih0WprMU= github.com/flosch/pongo2/v6 v6.0.0/go.mod h1:CuDpFm47R0uGGE7z13/tTlt1Y6zdxvr2RLT5LJhsHEU= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= @@ -48,8 +45,8 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -74,39 +71,37 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= -github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= -github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= +github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= -github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y= -github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -115,11 +110,11 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= -github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM= +github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -128,14 +123,10 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= -github.com/minio/minio-go/v7 v7.0.67 h1:BeBvZWAS+kRJm1vGTMJYVjKUNoo0FoEt/wUWdUtfmh8= -github.com/minio/minio-go/v7 v7.0.67/go.mod h1:+UXocnUeZ3wHvVh5s95gcrA4YjMIbccT6ubB+1m054A= -github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= -github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= +github.com/minio/minio-go/v7 v7.0.73 h1:qr2vi96Qm7kZ4v7LLebjte+MQh621fFWnv93p12htEo= +github.com/minio/minio-go/v7 v7.0.73/go.mod h1:qydcVzV8Hqtj1VtEocfxbmVFa2siu6HGa+LDEPogjD8= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= @@ -151,10 +142,10 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= -github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= @@ -166,41 +157,36 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= +github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= -go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= -go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= -go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= -go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= -go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= -go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= -go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= +go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -210,106 +196,81 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= -golang.org/x/exp v0.0.0-20231226003508-02704c960a9b h1:kLiC65FbiHWFAOu+lxwNPujcsl8VYyTYYEZnsOO1WK4= -golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= -golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= -k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= -k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= -k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= -k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= -k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= -k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= -k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko= -k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022/go.mod h1:sIV51WBTkZrlGOJMCDZDA1IaPBUDTulPpD4y7oe038k= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= +sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/pkg/apis/pxc/v1/pxc_types.go b/pkg/apis/pxc/v1/pxc_types.go index ddb9035a54..82fe959245 100644 --- a/pkg/apis/pxc/v1/pxc_types.go +++ b/pkg/apis/pxc/v1/pxc_types.go @@ -46,6 +46,7 @@ type PerconaXtraDBClusterSpec struct { UpdateStrategy appsv1.StatefulSetUpdateStrategyType `json:"updateStrategy,omitempty"` UpgradeOptions UpgradeOptions `json:"upgradeOptions,omitempty"` AllowUnsafeConfig bool `json:"allowUnsafeConfigurations,omitempty"` + Unsafe UnsafeFlags `json:"unsafeFlags,omitempty"` // Deprecated, should be removed in the future. Use InitContainer.Image instead InitImage string `json:"initImage,omitempty"` @@ -56,6 +57,13 @@ type PerconaXtraDBClusterSpec struct { IgnoreLabels []string `json:"ignoreLabels,omitempty"` } +type UnsafeFlags struct { + TLS bool `json:"tls,omitempty"` + PXCSize bool `json:"pxcSize,omitempty"` + ProxySize bool `json:"proxySize,omitempty"` + BackupIfUnhealthy bool `json:"backupIfUnhealthy,omitempty"` +} + type InitContainerSpec struct { Image string `json:"image,omitempty"` Resources *corev1.ResourceRequirements `json:"resources,omitempty"` @@ -104,6 +112,7 @@ type ReplicationSource struct { } type TLSSpec struct { + Enabled *bool `json:"enabled,omitempty"` SANs []string `json:"SANs,omitempty"` IssuerConf *cmmeta.ObjectReference `json:"issuerConf,omitempty"` } @@ -169,6 +178,7 @@ type PXCScheduledBackupSchedule struct { // +kubebuilder:validation:Required StorageName string `json:"storageName,omitempty"` } + type AppState string const ( @@ -479,8 +489,8 @@ type ProxySQLSpec struct { type HAProxySpec struct { PodSpec `json:",inline"` - ExposePrimary ServiceExpose `json:"exposePrimary,omitempty"` - ExposeReplicas *ServiceExpose `json:"exposeReplicas,omitempty"` + ExposePrimary ServiceExpose `json:"exposePrimary,omitempty"` + ExposeReplicas *ReplicasServiceExpose `json:"exposeReplicas,omitempty"` // Deprecated: Use ExposeReplica.Enabled instead ReplicasServiceEnabled *bool `json:"replicasServiceEnabled,omitempty"` @@ -490,6 +500,11 @@ type HAProxySpec struct { ReplicasLoadBalancerIP string `json:"replicasLoadBalancerIP,omitempty"` } +type ReplicasServiceExpose struct { + ServiceExpose `json:",inline"` + OnlyReaders bool `json:"onlyReaders,omitempty"` +} + type PodDisruptionBudgetSpec struct { MinAvailable *intstr.IntOrString `json:"minAvailable,omitempty"` MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"` @@ -628,10 +643,6 @@ const ( BackupStorageAzure BackupStorageType = "azure" ) -const ( - FinalizerDeleteS3Backup string = "delete-s3-backup" // TODO: rename to a more appropriate name like `delete-backup` -) - type BackupStorageS3Spec struct { Bucket string `json:"bucket"` CredentialsSecret string `json:"credentialsSecret"` @@ -720,6 +731,7 @@ var NoCustomVolumeErr = errors.New("no custom volume found") // +kubebuilder:object:generate=false type App interface { + InitContainers(cr *PerconaXtraDBCluster, initImageName string) []corev1.Container AppContainer(spec *PodSpec, secrets string, cr *PerconaXtraDBCluster, availableVolumes []corev1.Volume) (corev1.Container, error) SidecarContainers(spec *PodSpec, secrets string, cr *PerconaXtraDBCluster) ([]corev1.Container, error) PMMContainer(ctx context.Context, cl client.Client, spec *PMMSpec, secret *corev1.Secret, cr *PerconaXtraDBCluster) (*corev1.Container, error) @@ -772,6 +784,10 @@ func (cr *PerconaXtraDBCluster) ShouldWaitForTokenIssue() bool { return ok } +func (cr *PerconaXtraDBCluster) TLSEnabled() bool { + return !(cr.Spec.Unsafe.TLS && !*cr.Spec.TLS.Enabled) +} + // CheckNSetDefaults sets defaults options and overwrites wrong settings // and checks if other options' values are allowable // returned "changed" means CR should be updated on cluster @@ -832,7 +848,33 @@ func (cr *PerconaXtraDBCluster) CheckNSetDefaults(serverVersion *version.ServerV } } - setSafeDefaults(c, logger) + t := true + if c.TLS == nil { + c.TLS = &TLSSpec{Enabled: &t} + } + + if c.TLS.Enabled == nil { + c.TLS.Enabled = &t + } + + if c.AllowUnsafeConfig { + c.Unsafe = UnsafeFlags{ + TLS: true, + PXCSize: true, + ProxySize: true, + BackupIfUnhealthy: true, + } + } + + if cr.DeletionTimestamp == nil && !cr.Spec.Pause { + if cr.CompareVersionWith("1.15.0") < 0 { + setSafeDefaults(c, logger) + } else { + if err := cr.checkSafeDefaults(); err != nil { + return errors.Wrap(err, "check safe defaults") + } + } + } // Set maxUnavailable = 1 by default for PodDisruptionBudget-PXC. // It's a description of the number of pods from that set that can be unavailable after the eviction. @@ -893,8 +935,10 @@ func (cr *PerconaXtraDBCluster) CheckNSetDefaults(serverVersion *version.ServerV if c.HAProxyEnabled() { if cr.CompareVersionWith("1.14.0") >= 0 { if c.HAProxy.ExposeReplicas == nil { - c.HAProxy.ExposeReplicas = &ServiceExpose{ - Enabled: true, + c.HAProxy.ExposeReplicas = &ReplicasServiceExpose{ + ServiceExpose: ServiceExpose{ + Enabled: true, + }, } } } else { @@ -1141,6 +1185,38 @@ func (cr *PerconaXtraDBCluster) setProbesDefaults() { } } +func (cr *PerconaXtraDBCluster) checkSafeDefaults() error { + if !cr.Spec.Unsafe.TLS && !cr.TLSEnabled() { + return errors.New("TLS must be enabled. Set spec.unsafeFlags.tls to true to disable this check") + } + + if !cr.Spec.Unsafe.PXCSize { + if cr.Spec.PXC.Size < 3 { + return errors.New("PXC size must be at least 3. Set spec.unsafeFlags.pxcSize to true to disable this check") + } else if cr.Spec.PXC.Size > maxSafePXCSize { + return errors.Errorf("PXC size must be at most %d. Set spec.unsafeFlags.pxcSize to true to disable this check", maxSafePXCSize) + } + + if cr.Spec.PXC.Size%2 == 0 { + return errors.New("PXC size must be an odd number. Set spec.unsafeFlags.pxcSize to true to disable this check") + } + } + + if cr.Spec.ProxySQLEnabled() && !cr.Spec.Unsafe.ProxySize { + if cr.Spec.ProxySQL.Size < minSafeProxySize { + return errors.Errorf("ProxySQL size must be at least %d. Set spec.unsafeFlags.proxySize to true to disable this check", minSafeProxySize) + } + } + + if cr.Spec.HAProxyEnabled() && !cr.Spec.Unsafe.ProxySize { + if cr.Spec.HAProxy.Size < minSafeProxySize { + return errors.Errorf("HAProxy size must be at least %d. Set spec.unsafeFlags.proxySize to true to disable this check", minSafeProxySize) + } + } + + return nil +} + func setSafeDefaults(spec *PerconaXtraDBClusterSpec, log logr.Logger) { if spec.AllowUnsafeConfig { return @@ -1401,7 +1477,7 @@ func (cr *PerconaXtraDBCluster) HAProxyReplicasServiceEnabled() bool { return *cr.Spec.HAProxy.ReplicasServiceEnabled } - return cr.Spec.HAProxy.ExposeReplicas.Enabled + return cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Enabled } func (cr *PerconaXtraDBCluster) ProxySQLEnabled() bool { @@ -1449,8 +1525,8 @@ func (cr *PerconaXtraDBCluster) CanBackup() error { return nil } - if !cr.Spec.AllowUnsafeConfig { - return errors.Errorf("allowUnsafeConfigurations must be true to run backup on cluster with status %s", cr.Status.Status) + if !cr.Spec.Unsafe.BackupIfUnhealthy { + return errors.Errorf("unsafe.backupIfUnhealthy must be true to run backup on cluster with status %s", cr.Status.Status) } if cr.Status.PXC.Ready < int32(1) { diff --git a/pkg/apis/pxc/v1/zz_generated.deepcopy.go b/pkg/apis/pxc/v1/zz_generated.deepcopy.go index 8854cee985..190995a7c4 100644 --- a/pkg/apis/pxc/v1/zz_generated.deepcopy.go +++ b/pkg/apis/pxc/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. @@ -246,7 +245,7 @@ func (in *HAProxySpec) DeepCopyInto(out *HAProxySpec) { in.ExposePrimary.DeepCopyInto(&out.ExposePrimary) if in.ExposeReplicas != nil { in, out := &in.ExposeReplicas, &out.ExposeReplicas - *out = new(ServiceExpose) + *out = new(ReplicasServiceExpose) (*in).DeepCopyInto(*out) } if in.ReplicasServiceEnabled != nil { @@ -474,7 +473,8 @@ func (in *PXCScheduledBackup) DeepCopyInto(out *PXCScheduledBackup) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(BackupStorageSpec) (*in).DeepCopyInto(*out) } @@ -824,6 +824,7 @@ func (in *PerconaXtraDBClusterSpec) DeepCopyInto(out *PerconaXtraDBClusterSpec) (*in).DeepCopyInto(*out) } out.UpgradeOptions = in.UpgradeOptions + out.Unsafe = in.Unsafe in.InitContainer.DeepCopyInto(&out.InitContainer) if in.EnableCRValidationWebhook != nil { in, out := &in.EnableCRValidationWebhook, &out.EnableCRValidationWebhook @@ -1116,6 +1117,22 @@ func (in *ProxySQLSpec) DeepCopy() *ProxySQLSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplicasServiceExpose) DeepCopyInto(out *ReplicasServiceExpose) { + *out = *in + in.ServiceExpose.DeepCopyInto(&out.ServiceExpose) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicasServiceExpose. +func (in *ReplicasServiceExpose) DeepCopy() *ReplicasServiceExpose { + if in == nil { + return nil + } + out := new(ReplicasServiceExpose) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ReplicationChannel) DeepCopyInto(out *ReplicationChannel) { *out = *in @@ -1244,6 +1261,11 @@ func (in *ServiceExpose) DeepCopy() *ServiceExpose { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.SANs != nil { in, out := &in.SANs, &out.SANs *out = make([]string, len(*in)) @@ -1266,6 +1288,21 @@ func (in *TLSSpec) DeepCopy() *TLSSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UnsafeFlags) DeepCopyInto(out *UnsafeFlags) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsafeFlags. +func (in *UnsafeFlags) DeepCopy() *UnsafeFlags { + if in == nil { + return nil + } + out := new(UnsafeFlags) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UpgradeOptions) DeepCopyInto(out *UpgradeOptions) { *out = *in diff --git a/pkg/controller/pxc/backup.go b/pkg/controller/pxc/backup.go index 720c18221d..1ea53e3994 100644 --- a/pkg/controller/pxc/backup.go +++ b/pkg/controller/pxc/backup.go @@ -11,6 +11,8 @@ import ( "strings" "time" + "github.com/percona/percona-xtradb-cluster-operator/pkg/naming" + "github.com/pkg/errors" "github.com/robfig/cron/v3" appsv1 "k8s.io/api/apps/v1" @@ -22,6 +24,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" + "github.com/percona/percona-xtradb-cluster-operator/pkg/k8s" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/deployment" ) @@ -42,7 +45,11 @@ func (r *ReconcilePerconaXtraDBCluster) reconcileBackups(ctx context.Context, cr return errors.Wrap(err, "failed to check if restore is running") } if cr.Status.Status == api.AppStateReady && cr.Spec.Backup.PITR.Enabled && !cr.Spec.Pause && !restoreRunning { - binlogCollector, err := deployment.GetBinlogCollectorDeployment(cr) + initImage, err := k8s.GetInitImage(ctx, cr, r.client) + if err != nil { + return errors.Wrap(err, "failed to get init image") + } + binlogCollector, err := deployment.GetBinlogCollectorDeployment(cr, initImage) if err != nil { return errors.Errorf("get binlog collector deployment for cluster '%s': %v", cr.Name, err) } @@ -191,7 +198,11 @@ func (r *ReconcilePerconaXtraDBCluster) createBackupJob(ctx context.Context, cr var fins []string switch storageType { case api.BackupStorageS3, api.BackupStorageAzure: - fins = append(fins, api.FinalizerDeleteS3Backup) + if cr.CompareVersionWith("1.15.0") < 0 { + fins = append(fins, naming.FinalizerDeleteS3Backup) + } else { + fins = append(fins, naming.FinalizerDeleteBackup) + } } return func() { @@ -267,9 +278,11 @@ func trimNameRight(name string, ln int) string { type minHeap []api.PerconaXtraDBClusterBackup func (h minHeap) Len() int { return len(h) } + func (h minHeap) Less(i, j int) bool { return h[i].CreationTimestamp.Before(&h[j].CreationTimestamp) } + func (h minHeap) Swap(i, j int) { h[i], h[j] = h[j], h[i] } func (h *minHeap) Push(x interface{}) { diff --git a/pkg/controller/pxc/controller.go b/pkg/controller/pxc/controller.go index 102db1f589..6b2969e423 100644 --- a/pkg/controller/pxc/controller.go +++ b/pkg/controller/pxc/controller.go @@ -15,6 +15,7 @@ import ( "github.com/robfig/cron/v3" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + policyv1 "k8s.io/api/policy/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -32,6 +33,7 @@ import ( "github.com/percona/percona-xtradb-cluster-operator/clientcmd" api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" "github.com/percona/percona-xtradb-cluster-operator/pkg/k8s" + "github.com/percona/percona-xtradb-cluster-operator/pkg/naming" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/config" @@ -197,6 +199,13 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r return reconcile.Result{}, err } + defer func() { + uerr := r.updateStatus(o, false, err) + if uerr != nil { + log.Error(uerr, "Update status") + } + }() + if err := r.setCRVersion(ctx, o); err != nil { return reconcile.Result{}, errors.Wrap(err, "set CR version") } @@ -211,19 +220,37 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r for _, fnlz := range o.GetFinalizers() { var sfs api.StatefulApp switch fnlz { + case naming.FinalizerDeleteSSL: + err = r.deleteCerts(o) + case naming.FinalizerDeleteProxysqlPvc: + sfs = statefulset.NewProxy(o) + // deletePVC is always true on this stage + // because we never reach this point without finalizers + err = r.deleteStatefulSet(o, sfs, true, false) + case naming.FinalizerDeletePxcPvc: + sfs = statefulset.NewNode(o) + err = r.deleteStatefulSet(o, sfs, true, true) + // nil error gonna be returned only when there is no more pods to delete (only 0 left) + // until than finalizer won't be deleted + case naming.FinalizerDeletePxcPodsInOrder: + err = r.deletePXCPods(o) case "delete-ssl": + log.Info("The value delete-ssl is deprecated and will be deleted in 1.18.0. Use percona.com/delete-ssl") err = r.deleteCerts(o) case "delete-proxysql-pvc": + log.Info("The value delete-proxysql-pvc is deprecated and will be deleted in 1.18.0. Use percona.com/delete-proxysql-pvc") sfs = statefulset.NewProxy(o) // deletePVC is always true on this stage // because we never reach this point without finalizers err = r.deleteStatefulSet(o, sfs, true, false) case "delete-pxc-pvc": + log.Info("The value delete-pxc-pvc is deprecated and will be deleted in 1.18.0. Use percona.com/delete-pxc-pvc") sfs = statefulset.NewNode(o) err = r.deleteStatefulSet(o, sfs, true, true) // nil error gonna be returned only when there is no more pods to delete (only 0 left) // until than finalizer won't be deleted case "delete-pxc-pods-in-order": + log.Info("The value delete-pxc-pods-in-order is deprecated and will be deleted in 1.18.0. Use percona.com/delete-pxc-pods-in-order") err = r.deletePXCPods(o) } if err != nil { @@ -244,13 +271,6 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r return rr, nil } - defer func() { - uerr := r.updateStatus(o, false, err) - if uerr != nil { - log.Error(uerr, "Update status") - } - }() - if o.CompareVersionWith("1.7.0") >= 0 && *o.Spec.PXC.AutoRecovery { err = r.recoverFullClusterCrashIfNeeded(ctx, o) if err != nil { @@ -276,6 +296,8 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r return reconcile.Result{}, errors.Wrap(err, "reconcile users secret") } + // TODO: We should not use ReconcileUsersResult. Instead, we should update the statefulset annotations in the reconcileUsers method as soon as possible. + // Currently, if an error occurs before the statefulsets are updated with annotations, and reconcileUsers has a different result on the next reconcile, the statefulsets will not have the required annotations. userReconcileResult := &ReconcileUsersResult{} urr, err := r.reconcileUsers(ctx, o) @@ -303,27 +325,9 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r if err != nil { return reconcile.Result{}, err } - initImageName, err := getInitImage(ctx, o, r.client) - if err != nil { - return reconcile.Result{}, errors.Wrap(err, "failed to get initImage") - } - - inits := []corev1.Container{} - if o.CompareVersionWith("1.5.0") >= 0 { - var initResources corev1.ResourceRequirements - if o.CompareVersionWith("1.6.0") >= 0 { - initResources = o.Spec.PXC.Resources - } - if o.Spec.InitContainer.Resources != nil { - initResources = *o.Spec.InitContainer.Resources - } - initC := statefulset.EntrypointInitContainer(initImageName, app.DataVolumeName, initResources, o.Spec.PXC.ContainerSecurityContext, o.Spec.PXC.ImagePullPolicy) - inits = append(inits, initC) - } pxcSet := statefulset.NewNode(o) - pxc.MergeTemplateAnnotations(pxcSet.StatefulSet(), userReconcileResult.pxcAnnotations) - err = r.updatePod(ctx, pxcSet, o.Spec.PXC.PodSpec, o, inits) + err = r.updatePod(ctx, pxcSet, o.Spec.PXC.PodSpec, o, userReconcileResult.pxcAnnotations) if err != nil { return reconcile.Result{}, errors.Wrap(err, "pxc upgrade error") } @@ -332,17 +336,17 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r if o.CompareVersionWith("1.14.0") >= 0 { saveOldSvcMeta = len(o.Spec.PXC.Expose.Labels) == 0 && len(o.Spec.PXC.Expose.Annotations) == 0 } - err = r.createOrUpdateService(o, pxc.NewServicePXC(o), saveOldSvcMeta) + err = r.createOrUpdateService(ctx, o, pxc.NewServicePXC(o), saveOldSvcMeta) if err != nil { return reconcile.Result{}, errors.Wrap(err, "PXC service upgrade error") } - err = r.createOrUpdateService(o, pxc.NewServicePXCUnready(o), true) + err = r.createOrUpdateService(ctx, o, pxc.NewServicePXCUnready(o), true) if err != nil { return reconcile.Result{}, errors.Wrap(err, "PXC service upgrade error") } if o.Spec.PXC.Expose.Enabled { - err = r.ensurePxcPodServices(o) + err = r.ensurePxcPodServices(ctx, o) if err != nil { return rr, errors.Wrap(err, "create replication services") } @@ -353,45 +357,32 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r } } - var proxyInits []corev1.Container - if o.CompareVersionWith("1.13.0") >= 0 { - initResources := o.Spec.PXC.Resources - if o.Spec.InitContainer.Resources != nil { - initResources = *o.Spec.InitContainer.Resources - } - proxyInits = []corev1.Container{ - statefulset.EntrypointInitContainer(initImageName, app.BinVolumeName, initResources, o.Spec.PXC.ContainerSecurityContext, o.Spec.PXC.ImagePullPolicy), - } - } - - if err := r.reconcileHAProxy(ctx, o, userReconcileResult.proxyAnnotations, proxyInits); err != nil { + if err := r.reconcileHAProxy(ctx, o, userReconcileResult.haproxyAnnotations); err != nil { return reconcile.Result{}, err } proxysqlSet := statefulset.NewProxy(o) - pxc.MergeTemplateAnnotations(proxysqlSet.StatefulSet(), userReconcileResult.proxyAnnotations) - if o.Spec.ProxySQLEnabled() { - err = r.updatePod(ctx, proxysqlSet, &o.Spec.ProxySQL.PodSpec, o, proxyInits) + err = r.updatePod(ctx, proxysqlSet, &o.Spec.ProxySQL.PodSpec, o, userReconcileResult.proxysqlAnnotations) if err != nil { return reconcile.Result{}, errors.Wrap(err, "ProxySQL upgrade error") } svc := pxc.NewServiceProxySQL(o) if o.CompareVersionWith("1.14.0") >= 0 { - err = r.createOrUpdateService(o, svc, len(o.Spec.ProxySQL.Expose.Labels) == 0 && len(o.Spec.ProxySQL.Expose.Annotations) == 0) + err = r.createOrUpdateService(ctx, o, svc, len(o.Spec.ProxySQL.Expose.Labels) == 0 && len(o.Spec.ProxySQL.Expose.Annotations) == 0) if err != nil { return reconcile.Result{}, errors.Wrapf(err, "%s upgrade error", svc.Name) } } else { - err = r.createOrUpdateService(o, svc, len(o.Spec.ProxySQL.ServiceLabels) == 0 && len(o.Spec.ProxySQL.ServiceAnnotations) == 0) + err = r.createOrUpdateService(ctx, o, svc, len(o.Spec.ProxySQL.ServiceLabels) == 0 && len(o.Spec.ProxySQL.ServiceAnnotations) == 0) if err != nil { return reconcile.Result{}, errors.Wrapf(err, "%s upgrade error", svc.Name) } } svc = pxc.NewServiceProxySQLUnready(o) - err = r.createOrUpdateService(o, svc, true) + err = r.createOrUpdateService(ctx, o, svc, true) if err != nil { return reconcile.Result{}, errors.Wrapf(err, "%s upgrade error", svc.Name) } @@ -399,7 +390,7 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r // check if there is need to delete pvc deletePVC := false for _, fnlz := range o.GetFinalizers() { - if fnlz == "delete-proxysql-pvc" { + if fnlz == naming.FinalizerDeleteProxysqlPvc { deletePVC = true break } @@ -455,7 +446,7 @@ func (r *ReconcilePerconaXtraDBCluster) Reconcile(ctx context.Context, request r return rr, nil } -func (r *ReconcilePerconaXtraDBCluster) reconcileHAProxy(ctx context.Context, cr *api.PerconaXtraDBCluster, annotations map[string]string, initContainers []corev1.Container) error { +func (r *ReconcilePerconaXtraDBCluster) reconcileHAProxy(ctx context.Context, cr *api.PerconaXtraDBCluster, templateAnnotations map[string]string) error { if !cr.HAProxyEnabled() { if err := r.deleteServices(pxc.NewServiceHAProxyReplicas(cr)); err != nil { return errors.Wrap(err, "delete HAProxy replica service") @@ -479,9 +470,8 @@ func (r *ReconcilePerconaXtraDBCluster) reconcileHAProxy(ctx context.Context, cr return errors.Wrap(err, "get haproxy env vars secret") } sts := statefulset.NewHAProxy(cr) - pxc.MergeTemplateAnnotations(sts.StatefulSet(), annotations) - if err := r.updatePod(ctx, sts, &cr.Spec.HAProxy.PodSpec, cr, initContainers); err != nil { + if err := r.updatePod(ctx, sts, &cr.Spec.HAProxy.PodSpec, cr, templateAnnotations); err != nil { return errors.Wrap(err, "HAProxy upgrade error") } svc := pxc.NewServiceHAProxy(cr) @@ -489,12 +479,12 @@ func (r *ReconcilePerconaXtraDBCluster) reconcileHAProxy(ctx context.Context, cr expose := cr.Spec.HAProxy.ExposePrimary if cr.CompareVersionWith("1.14.0") >= 0 { - err := r.createOrUpdateService(cr, svc, len(expose.Labels) == 0 && len(expose.Annotations) == 0) + err := r.createOrUpdateService(ctx, cr, svc, len(expose.Labels) == 0 && len(expose.Annotations) == 0) if err != nil { return errors.Wrapf(err, "%s upgrade error", svc.Name) } } else { - err := r.createOrUpdateService(cr, svc, len(podSpec.ServiceLabels) == 0 && len(podSpec.ServiceAnnotations) == 0) + err := r.createOrUpdateService(ctx, cr, svc, len(podSpec.ServiceLabels) == 0 && len(podSpec.ServiceAnnotations) == 0) if err != nil { return errors.Wrapf(err, "%s upgrade error", svc.Name) } @@ -509,12 +499,12 @@ func (r *ReconcilePerconaXtraDBCluster) reconcileHAProxy(ctx context.Context, cr if cr.CompareVersionWith("1.14.0") >= 0 { e := cr.Spec.HAProxy.ExposeReplicas - err = r.createOrUpdateService(cr, svc, len(e.Labels) == 0 && len(e.Annotations) == 0) + err = r.createOrUpdateService(ctx, cr, svc, len(e.ServiceExpose.Labels) == 0 && len(e.ServiceExpose.Annotations) == 0) if err != nil { return errors.Wrapf(err, "%s upgrade error", svc.Name) } } else { - err = r.createOrUpdateService(cr, svc, len(podSpec.ReplicasServiceLabels) == 0 && len(podSpec.ReplicasServiceAnnotations) == 0) + err = r.createOrUpdateService(ctx, cr, svc, len(podSpec.ReplicasServiceLabels) == 0 && len(podSpec.ReplicasServiceAnnotations) == 0) if err != nil { return errors.Wrapf(err, "%s upgrade error", svc.Name) } @@ -543,7 +533,7 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc return err } - initImageName, err := getInitImage(ctx, cr, r.client) + initImageName, err := k8s.GetInitImage(ctx, cr, r.client) if err != nil { return errors.Wrap(err, "failed to get initImage") } @@ -571,7 +561,7 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc if client.IgnoreNotFound(err) != nil { return errors.Wrap(err, "get internal secret") } - nodeSet, err := pxc.StatefulSet(ctx, r.client, stsApp, cr.Spec.PXC.PodSpec, cr, secrets, inits, log, r.getConfigVolume) + nodeSet, err := pxc.StatefulSet(ctx, r.client, stsApp, cr.Spec.PXC.PodSpec, cr, secrets, initImageName, r.getConfigVolume) if err != nil { return errors.Wrap(err, "get pxc statefulset") } @@ -605,7 +595,7 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc cr.Spec.PXC.SSLSecretName, cr.Spec.PXC.SSLInternalSecretName) } - sslHash, err := r.getSecretHash(cr, cr.Spec.PXC.SSLSecretName, cr.Spec.AllowUnsafeConfig) + sslHash, err := r.getSecretHash(cr, cr.Spec.PXC.SSLSecretName, !cr.TLSEnabled()) if err != nil { return errors.Wrap(err, "get secret hash") } @@ -613,7 +603,7 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc nodeSet.Spec.Template.Annotations["percona.com/ssl-hash"] = sslHash } - sslInternalHash, err := r.getSecretHash(cr, cr.Spec.PXC.SSLInternalSecretName, cr.Spec.AllowUnsafeConfig) + sslInternalHash, err := r.getSecretHash(cr, cr.Spec.PXC.SSLInternalSecretName, !cr.TLSEnabled()) if err != nil && !k8serrors.IsNotFound(err) { return errors.Wrap(err, "get internal secret hash") } @@ -644,15 +634,15 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc return err } - err = r.createOrUpdate(cr, nodeSet) + err = r.createOrUpdate(ctx, cr, nodeSet) if err != nil { return errors.Wrap(err, "create newStatefulSetNode") } // PodDisruptionBudget object for nodes - err = r.client.Get(context.TODO(), types.NamespacedName{Name: nodeSet.Name, Namespace: nodeSet.Namespace}, nodeSet) + err = r.client.Get(ctx, types.NamespacedName{Name: nodeSet.Name, Namespace: nodeSet.Namespace}, nodeSet) if err == nil { - err := r.reconcilePDB(cr, cr.Spec.PXC.PodDisruptionBudget, stsApp, nodeSet) + err := r.reconcilePDB(ctx, cr, cr.Spec.PXC.PodDisruptionBudget, stsApp, nodeSet) if err != nil { return errors.Wrapf(err, "PodDisruptionBudget for %s", nodeSet.Name) } @@ -660,21 +650,10 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc return errors.Wrap(err, "get PXC stateful set") } - var proxyInits []corev1.Container - if cr.CompareVersionWith("1.13.0") >= 0 { - initResources := cr.Spec.PXC.Resources - if cr.Spec.InitContainer.Resources != nil { - initResources = *cr.Spec.InitContainer.Resources - } - proxyInits = []corev1.Container{ - statefulset.EntrypointInitContainer(initImageName, app.BinVolumeName, initResources, cr.Spec.PXC.ContainerSecurityContext, cr.Spec.PXC.ImagePullPolicy), - } - } - // HAProxy StatefulSet if cr.HAProxyEnabled() { sfsHAProxy := statefulset.NewHAProxy(cr) - haProxySet, err := pxc.StatefulSet(ctx, r.client, sfsHAProxy, &cr.Spec.HAProxy.PodSpec, cr, secrets, proxyInits, log, r.getConfigVolume) + haProxySet, err := pxc.StatefulSet(ctx, r.client, sfsHAProxy, &cr.Spec.HAProxy.PodSpec, cr, secrets, initImageName, r.getConfigVolume) if err != nil { return errors.Wrap(err, "create HAProxy StatefulSet") } @@ -715,9 +694,9 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc } // PodDisruptionBudget object for HAProxy - err = r.client.Get(context.TODO(), types.NamespacedName{Name: haProxySet.Name, Namespace: haProxySet.Namespace}, haProxySet) + err = r.client.Get(ctx, types.NamespacedName{Name: haProxySet.Name, Namespace: haProxySet.Namespace}, haProxySet) if err == nil { - err := r.reconcilePDB(cr, cr.Spec.HAProxy.PodDisruptionBudget, sfsHAProxy, haProxySet) + err := r.reconcilePDB(ctx, cr, cr.Spec.HAProxy.PodDisruptionBudget, sfsHAProxy, haProxySet) if err != nil { return errors.Wrapf(err, "PodDisruptionBudget for %s", haProxySet.Name) } @@ -728,7 +707,7 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc if cr.Spec.ProxySQLEnabled() { sfsProxy := statefulset.NewProxy(cr) - proxySet, err := pxc.StatefulSet(ctx, r.client, sfsProxy, &cr.Spec.ProxySQL.PodSpec, cr, secrets, proxyInits, log, r.getConfigVolume) + proxySet, err := pxc.StatefulSet(ctx, r.client, sfsProxy, &cr.Spec.ProxySQL.PodSpec, cr, secrets, initImageName, r.getConfigVolume) if err != nil { return errors.Wrap(err, "create ProxySQL Service") } @@ -780,9 +759,9 @@ func (r *ReconcilePerconaXtraDBCluster) deploy(ctx context.Context, cr *api.Perc } // PodDisruptionBudget object for ProxySQL - err = r.client.Get(context.TODO(), types.NamespacedName{Name: proxySet.Name, Namespace: proxySet.Namespace}, proxySet) + err = r.client.Get(ctx, types.NamespacedName{Name: proxySet.Name, Namespace: proxySet.Namespace}, proxySet) if err == nil { - err := r.reconcilePDB(cr, cr.Spec.ProxySQL.PodDisruptionBudget, sfsProxy, proxySet) + err := r.reconcilePDB(ctx, cr, cr.Spec.ProxySQL.PodDisruptionBudget, sfsProxy, proxySet) if err != nil { return errors.Wrapf(err, "PodDisruptionBudget for %s", proxySet.Name) } @@ -957,7 +936,7 @@ func (r *ReconcilePerconaXtraDBCluster) createHookScriptConfigMap(cr *api.Percon return nil } -func (r *ReconcilePerconaXtraDBCluster) reconcilePDB(cr *api.PerconaXtraDBCluster, spec *api.PodDisruptionBudgetSpec, sfs api.StatefulApp, owner runtime.Object) error { +func (r *ReconcilePerconaXtraDBCluster) reconcilePDB(ctx context.Context, cr *api.PerconaXtraDBCluster, spec *api.PodDisruptionBudgetSpec, sfs api.StatefulApp, owner runtime.Object) error { if spec == nil { return nil } @@ -968,7 +947,7 @@ func (r *ReconcilePerconaXtraDBCluster) reconcilePDB(cr *api.PerconaXtraDBCluste return errors.Wrap(err, "set owner reference") } - return errors.Wrap(r.createOrUpdate(cr, pdb), "reconcile pdb") + return errors.Wrap(r.createOrUpdate(ctx, cr, pdb), "reconcile pdb") } func (r *ReconcilePerconaXtraDBCluster) deletePXCPods(cr *api.PerconaXtraDBCluster) error { @@ -1294,7 +1273,9 @@ func deleteConfigMapIfExists(cl client.Client, cr *api.PerconaXtraDBCluster, cmN return cl.Delete(context.Background(), configMap) } -func (r *ReconcilePerconaXtraDBCluster) createOrUpdate(cr *api.PerconaXtraDBCluster, obj client.Object) error { +func (r *ReconcilePerconaXtraDBCluster) createOrUpdate(ctx context.Context, cr *api.PerconaXtraDBCluster, obj client.Object) error { + log := logf.FromContext(ctx) + if obj.GetAnnotations() == nil { obj.SetAnnotations(make(map[string]string)) } @@ -1318,7 +1299,7 @@ func (r *ReconcilePerconaXtraDBCluster) createOrUpdate(cr *api.PerconaXtraDBClus } oldObject := reflect.New(val.Type()).Interface().(client.Object) - err = r.client.Get(context.Background(), types.NamespacedName{ + err = r.client.Get(ctx, types.NamespacedName{ Name: obj.GetName(), Namespace: obj.GetNamespace(), }, oldObject) @@ -1328,22 +1309,26 @@ func (r *ReconcilePerconaXtraDBCluster) createOrUpdate(cr *api.PerconaXtraDBClus } if k8serrors.IsNotFound(err) { - return r.client.Create(context.TODO(), obj) + log.V(1).Info("Creating object", "object", obj.GetName()) + return r.client.Create(ctx, obj) } if oldObject.GetAnnotations()["percona.com/last-config-hash"] != hash || !isObjectMetaEqual(obj, oldObject) { - obj.SetResourceVersion(oldObject.GetResourceVersion()) switch object := obj.(type) { case *corev1.Service: object.Spec.ClusterIP = oldObject.(*corev1.Service).Spec.ClusterIP if object.Spec.Type == corev1.ServiceTypeLoadBalancer { object.Spec.HealthCheckNodePort = oldObject.(*corev1.Service).Spec.HealthCheckNodePort } + case *policyv1.PodDisruptionBudget: + obj.SetResourceVersion(oldObject.GetResourceVersion()) } - return r.client.Update(context.TODO(), obj) + log.V(1).Info("Updating object", "object", obj.GetName()) + + return r.client.Update(ctx, obj) } return nil @@ -1393,22 +1378,22 @@ func mergeMaps(x, y map[string]string) map[string]string { return x } -func (r *ReconcilePerconaXtraDBCluster) createOrUpdateService(cr *api.PerconaXtraDBCluster, svc *corev1.Service, saveOldMeta bool) error { +func (r *ReconcilePerconaXtraDBCluster) createOrUpdateService(ctx context.Context, cr *api.PerconaXtraDBCluster, svc *corev1.Service, saveOldMeta bool) error { err := setControllerReference(cr, svc, r.scheme) if err != nil { return errors.Wrap(err, "set controller reference") } if !saveOldMeta && len(cr.Spec.IgnoreAnnotations) == 0 && len(cr.Spec.IgnoreLabels) == 0 { - return r.createOrUpdate(cr, svc) + return r.createOrUpdate(ctx, cr, svc) } oldSvc := new(corev1.Service) - err = r.client.Get(context.TODO(), types.NamespacedName{ + err = r.client.Get(ctx, types.NamespacedName{ Name: svc.GetName(), Namespace: svc.GetNamespace(), }, oldSvc) if err != nil { if k8serrors.IsNotFound(err) { - return r.createOrUpdate(cr, svc) + return r.createOrUpdate(ctx, cr, svc) } return errors.Wrap(err, "get object") } @@ -1419,7 +1404,7 @@ func (r *ReconcilePerconaXtraDBCluster) createOrUpdateService(cr *api.PerconaXtr } setIgnoredAnnotationsAndLabels(cr, svc, oldSvc) - return r.createOrUpdate(cr, svc) + return r.createOrUpdate(ctx, cr, svc) } func getObjectHash(obj runtime.Object) (string, error) { @@ -1489,33 +1474,3 @@ func (r *ReconcilePerconaXtraDBCluster) getConfigVolume(nsName, cvName, cmName s return corev1.Volume{}, api.NoCustomVolumeErr } - -func getInitImage(ctx context.Context, cr *api.PerconaXtraDBCluster, cli client.Client) (string, error) { - if len(cr.Spec.InitContainer.Image) > 0 { - return cr.Spec.InitContainer.Image, nil - } - if len(cr.Spec.InitImage) > 0 { - return cr.Spec.InitImage, nil - } - operatorPod, err := k8s.OperatorPod(ctx, cli) - if err != nil { - return "", errors.Wrap(err, "get operator deployment") - } - imageName, err := operatorImageName(&operatorPod) - if err != nil { - return "", err - } - if cr.CompareVersionWith(version.Version) != 0 { - imageName = strings.Split(imageName, ":")[0] + ":" + cr.Spec.CRVersion - } - return imageName, nil -} - -func operatorImageName(operatorPod *corev1.Pod) (string, error) { - for _, c := range operatorPod.Spec.Containers { - if c.Name == "percona-xtradb-cluster-operator" { - return c.Image, nil - } - } - return "", errors.New("operator image not found") -} diff --git a/pkg/controller/pxc/controller_test.go b/pkg/controller/pxc/controller_test.go index 7ce6772fc3..e3185f6119 100644 --- a/pkg/controller/pxc/controller_test.go +++ b/pkg/controller/pxc/controller_test.go @@ -13,6 +13,7 @@ import ( . "github.com/onsi/gomega" gs "github.com/onsi/gomega/gstruct" api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" + "github.com/percona/percona-xtradb-cluster-operator/pkg/naming" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/statefulset" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -109,7 +110,7 @@ var _ = Describe("Finalizer delete-ssl", Ordered, func() { Expect(err).NotTo(HaveOccurred()) }) - cr.Finalizers = append(cr.Finalizers, "delete-ssl") + cr.Finalizers = append(cr.Finalizers, naming.FinalizerDeleteSSL) cr.Spec.SSLSecretName = "cluster1-ssl" cr.Spec.SSLInternalSecretName = "cluster1-ssl-internal" @@ -262,7 +263,7 @@ var _ = Describe("Finalizer delete-proxysql-pvc", Ordered, func() { Expect(err).NotTo(HaveOccurred()) }) - cr.Finalizers = append(cr.Finalizers, "delete-proxysql-pvc") + cr.Finalizers = append(cr.Finalizers, naming.FinalizerDeleteProxysqlPvc) cr.Spec.SecretsName = "cluster1-secrets" cr.Spec.HAProxy.Enabled = false cr.Spec.ProxySQL.Enabled = true @@ -422,7 +423,7 @@ var _ = Describe("Finalizer delete-pxc-pvc", Ordered, func() { It("should read default cr.yaml", func() { Expect(err).NotTo(HaveOccurred()) }) - cr.Finalizers = append(cr.Finalizers, "delete-pxc-pvc") + cr.Finalizers = append(cr.Finalizers, naming.FinalizerDeletePxcPvc) cr.Spec.SecretsName = "cluster1-secrets" sfsWithOwner := appsv1.StatefulSet{} diff --git a/pkg/controller/pxc/replication.go b/pkg/controller/pxc/replication.go index 99db028f5e..efa9d59cdc 100644 --- a/pkg/controller/pxc/replication.go +++ b/pkg/controller/pxc/replication.go @@ -25,7 +25,7 @@ const replicationPodLabel = "percona.com/replicationPod" var minReplicationVersion = version.Must(version.NewVersion("8.0.23-14.1")) -func (r *ReconcilePerconaXtraDBCluster) ensurePxcPodServices(cr *api.PerconaXtraDBCluster) error { +func (r *ReconcilePerconaXtraDBCluster) ensurePxcPodServices(ctx context.Context, cr *api.PerconaXtraDBCluster) error { if cr.Spec.Pause { return nil } @@ -52,7 +52,7 @@ func (r *ReconcilePerconaXtraDBCluster) ensurePxcPodServices(cr *api.PerconaXtra svcName := fmt.Sprintf("%s-pxc-%d", cr.Name, i) svc := NewExposedPXCService(svcName, cr) - err = r.createOrUpdateService(cr, svc, len(cr.Spec.PXC.Expose.Annotations) == 0) + err = r.createOrUpdateService(ctx, cr, svc, len(cr.Spec.PXC.Expose.Annotations) == 0) if err != nil { return errors.Wrap(err, "failed to ensure pxc service") } diff --git a/pkg/controller/pxc/service_test.go b/pkg/controller/pxc/service_test.go index 1afc4d9728..52d0da60d0 100644 --- a/pkg/controller/pxc/service_test.go +++ b/pkg/controller/pxc/service_test.go @@ -13,6 +13,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/reconcile" + pxcv1 "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc" ) @@ -103,8 +104,17 @@ var _ = Describe("Service labels and annotations", Ordered, func() { cr.Spec.PXC.Expose.Annotations = map[string]string{"cr-annotation": "test"} cr.Spec.HAProxy.ExposePrimary.Labels = map[string]string{"cr-label": "test"} cr.Spec.HAProxy.ExposePrimary.Annotations = map[string]string{"cr-annotation": "test"} - cr.Spec.HAProxy.ExposeReplicas.Labels = map[string]string{"cr-label": "test"} - cr.Spec.HAProxy.ExposeReplicas.Annotations = map[string]string{"cr-annotation": "test"} + + if cr.Spec.HAProxy.ExposeReplicas == nil { + cr.Spec.HAProxy.ExposeReplicas = &pxcv1.ReplicasServiceExpose{ + ServiceExpose: pxcv1.ServiceExpose{ + Enabled: true, + }, + } + } + + cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Labels = map[string]string{"cr-label": "test"} + cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Annotations = map[string]string{"cr-annotation": "test"} cr.Spec.ProxySQL.Expose.Labels = map[string]string{"cr-label": "test"} cr.Spec.ProxySQL.Expose.Annotations = map[string]string{"cr-annotation": "test"} Expect(k8sClient.Update(ctx, cr)).Should(Succeed()) @@ -192,8 +202,8 @@ var _ = Describe("Service labels and annotations", Ordered, func() { cr.Spec.PXC.Expose.Annotations = nil cr.Spec.HAProxy.ExposePrimary.Labels = nil cr.Spec.HAProxy.ExposePrimary.Annotations = nil - cr.Spec.HAProxy.ExposeReplicas.Labels = nil - cr.Spec.HAProxy.ExposeReplicas.Annotations = nil + cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Labels = nil + cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Annotations = nil cr.Spec.ProxySQL.Expose.Labels = nil cr.Spec.ProxySQL.Expose.Annotations = nil Expect(k8sClient.Update(ctx, cr)).To(Succeed()) diff --git a/pkg/controller/pxc/status_test.go b/pkg/controller/pxc/status_test.go index 8c50af6f98..44437bf334 100644 --- a/pkg/controller/pxc/status_test.go +++ b/pkg/controller/pxc/status_test.go @@ -56,9 +56,11 @@ func newCR(name, namespace string) *api.PerconaXtraDBCluster { Enabled: false, Type: corev1.ServiceTypeClusterIP, }, - ExposeReplicas: &api.ServiceExpose{ - Enabled: false, - Type: corev1.ServiceTypeClusterIP, + ExposeReplicas: &api.ReplicasServiceExpose{ + ServiceExpose: api.ServiceExpose{ + Enabled: false, + Type: corev1.ServiceTypeClusterIP, + }, }, }, ProxySQL: &api.ProxySQLSpec{ diff --git a/pkg/controller/pxc/tls.go b/pkg/controller/pxc/tls.go index db78c0a762..57dc306017 100644 --- a/pkg/controller/pxc/tls.go +++ b/pkg/controller/pxc/tls.go @@ -18,9 +18,10 @@ import ( ) func (r *ReconcilePerconaXtraDBCluster) reconcileSSL(cr *api.PerconaXtraDBCluster) error { - if cr.Spec.AllowUnsafeConfig && (cr.Spec.TLS == nil || cr.Spec.TLS.IssuerConf == nil) { + if !cr.TLSEnabled() { return nil } + secretObj := corev1.Secret{} secretInternalObj := corev1.Secret{} errSecret := r.client.Get(context.TODO(), diff --git a/pkg/controller/pxc/upgrade.go b/pkg/controller/pxc/upgrade.go index 3ab3d1169b..1af4456750 100644 --- a/pkg/controller/pxc/upgrade.go +++ b/pkg/controller/pxc/upgrade.go @@ -11,22 +11,23 @@ import ( "time" "github.com/pkg/errors" - appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/types" + k8sretry "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" + "github.com/percona/percona-xtradb-cluster-operator/pkg/k8s" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/queries" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/users" ) -func (r *ReconcilePerconaXtraDBCluster) updatePod(ctx context.Context, sfs api.StatefulApp, podSpec *api.PodSpec, cr *api.PerconaXtraDBCluster, initContainers []corev1.Container) error { +func (r *ReconcilePerconaXtraDBCluster) updatePod(ctx context.Context, sfs api.StatefulApp, podSpec *api.PodSpec, cr *api.PerconaXtraDBCluster, newAnnotations map[string]string) error { log := logf.FromContext(ctx) if cr.PVCResizeInProgress() { @@ -34,32 +35,7 @@ func (r *ReconcilePerconaXtraDBCluster) updatePod(ctx context.Context, sfs api.S return nil } - currentSet := sfs.StatefulSet() - newAnnotations := currentSet.Spec.Template.Annotations // need this step to save all new annotations that was set to currentSet in this reconcile loop - err := r.client.Get(ctx, types.NamespacedName{Name: currentSet.Name, Namespace: currentSet.Namespace}, currentSet) - if err != nil { - return errors.Wrap(err, "failed to get statefulset") - } - - currentSet.Spec.UpdateStrategy = sfs.UpdateStrategy(cr) - - // support annotation adjustements - pxc.MergeTemplateAnnotations(currentSet, podSpec.Annotations) - - // change the pod size - currentSet.Spec.Replicas = &podSpec.Size - currentSet.Spec.Template.Spec.SecurityContext = podSpec.PodSecurityContext - currentSet.Spec.Template.Spec.ImagePullSecrets = podSpec.ImagePullSecrets - - if currentSet.Spec.Template.Labels == nil { - currentSet.Spec.Template.Labels = make(map[string]string) - } - - for k, v := range podSpec.Labels { - currentSet.Spec.Template.Labels[k] = v - } - - err = r.reconcileConfigMap(cr) + err := r.reconcileConfigMap(cr) if err != nil { return errors.Wrap(err, "upgradePod/updateApp error: update db config error") } @@ -71,154 +47,88 @@ func (r *ReconcilePerconaXtraDBCluster) updatePod(ctx context.Context, sfs api.S return errors.Wrap(err, "getting config hash") } - if currentSet.Spec.Template.Annotations == nil { - currentSet.Spec.Template.Annotations = make(map[string]string) - } - - pxc.MergeTemplateAnnotations(currentSet, newAnnotations) - - if cr.CompareVersionWith("1.1.0") >= 0 { - currentSet.Spec.Template.Annotations["percona.com/configuration-hash"] = configHash - } - if cr.CompareVersionWith("1.5.0") >= 0 { - currentSet.Spec.Template.Spec.ServiceAccountName = podSpec.ServiceAccountName + envVarsHash, err := r.getSecretHash(cr, cr.Spec.PXC.EnvVarsSecretName, true) + if isHAproxy(sfs) { + envVarsHash, err = r.getSecretHash(cr, cr.Spec.HAProxy.EnvVarsSecretName, true) + } else if isProxySQL(sfs) { + envVarsHash, err = r.getSecretHash(cr, cr.Spec.ProxySQL.EnvVarsSecretName, true) } - - // change TLS secret configuration - sslHash, err := r.getSecretHash(cr, cr.Spec.PXC.SSLSecretName, cr.Spec.AllowUnsafeConfig) if err != nil { return errors.Wrap(err, "upgradePod/updateApp error: update secret error") } - if sslHash != "" && cr.CompareVersionWith("1.1.0") >= 0 { - currentSet.Spec.Template.Annotations["percona.com/ssl-hash"] = sslHash - } - - sslInternalHash, err := r.getSecretHash(cr, cr.Spec.PXC.SSLInternalSecretName, cr.Spec.AllowUnsafeConfig) - if err != nil && !k8serrors.IsNotFound(err) { - return errors.Wrap(err, "upgradePod/updateApp error: update secret error") - } - if sslInternalHash != "" && cr.CompareVersionWith("1.1.0") >= 0 { - currentSet.Spec.Template.Annotations["percona.com/ssl-internal-hash"] = sslInternalHash - } - vaultConfigHash, err := r.getSecretHash(cr, cr.Spec.VaultSecretName, true) - if err != nil { - return errors.Wrap(err, "upgradePod/updateApp error: update secret error") - } - if vaultConfigHash != "" && cr.CompareVersionWith("1.6.0") >= 0 && !isHAproxy(sfs) { - currentSet.Spec.Template.Annotations["percona.com/vault-config-hash"] = vaultConfigHash - } - - if cr.CompareVersionWith("1.9.0") >= 0 { - envVarsHash, err := r.getSecretHash(cr, cr.Spec.PXC.EnvVarsSecretName, true) - if isHAproxy(sfs) { - envVarsHash, err = r.getSecretHash(cr, cr.Spec.HAProxy.EnvVarsSecretName, true) - } else if isProxySQL(sfs) { - envVarsHash, err = r.getSecretHash(cr, cr.Spec.ProxySQL.EnvVarsSecretName, true) + var vaultConfigHash, sslHash, sslInternalHash string + if !isHAproxy(sfs) { + vaultConfigHash, err = r.getSecretHash(cr, cr.Spec.VaultSecretName, true) + if err != nil { + return errors.Wrap(err, "upgradePod/updateApp error: update secret error") } + sslHash, err = r.getSecretHash(cr, cr.Spec.PXC.SSLSecretName, !cr.TLSEnabled()) if err != nil { return errors.Wrap(err, "upgradePod/updateApp error: update secret error") } - if envVarsHash != "" { - currentSet.Spec.Template.Annotations["percona.com/env-secret-config-hash"] = envVarsHash + sslInternalHash, err = r.getSecretHash(cr, cr.Spec.PXC.SSLInternalSecretName, !cr.TLSEnabled()) + if err != nil && !k8serrors.IsNotFound(err) { + return errors.Wrap(err, "upgradePod/updateApp error: update secret error") } } - if isHAproxy(sfs) && cr.CompareVersionWith("1.6.0") >= 0 { - delete(currentSet.Spec.Template.Annotations, "percona.com/ssl-internal-hash") - delete(currentSet.Spec.Template.Annotations, "percona.com/ssl-hash") + hashAnnotations := map[string]string{ + "percona.com/configuration-hash": configHash, + "percona.com/ssl-hash": sslHash, + "percona.com/ssl-internal-hash": sslInternalHash, + "percona.com/vault-config-hash": vaultConfigHash, + "percona.com/env-secret-config-hash": envVarsHash, } - var newContainers []corev1.Container - var newInitContainers []corev1.Container - - secretsName := cr.Spec.SecretsName - if cr.CompareVersionWith("1.6.0") >= 0 { - secretsName = "internal-" + cr.Name - } - - secret := new(corev1.Secret) + secrets := new(corev1.Secret) err = r.client.Get(ctx, types.NamespacedName{ - Name: secretsName, Namespace: cr.Namespace, - }, secret) + Name: "internal-" + cr.Name, Namespace: cr.Namespace, + }, secrets) if client.IgnoreNotFound(err) != nil { return errors.Wrap(err, "get internal secret") } - // pmm container - if cr.Spec.PMM != nil && cr.Spec.PMM.IsEnabled(secret) { - pmmC, err := sfs.PMMContainer(ctx, r.client, cr.Spec.PMM, secret, cr) - if err != nil { - return errors.Wrap(err, "pmm container error") - } - if pmmC != nil { - newContainers = append(newContainers, *pmmC) - } - } - // log-collector container - if cr.Spec.LogCollector != nil && cr.Spec.LogCollector.Enabled && cr.CompareVersionWith("1.7.0") >= 0 { - logCollectorC, err := sfs.LogCollectorContainer(cr.Spec.LogCollector, cr.Spec.LogCollectorSecretName, secretsName, cr) - if err != nil { - return errors.Wrap(err, "logcollector container error") - } - if logCollectorC != nil { - newContainers = append(newContainers, logCollectorC...) - } - } - - // volumes - sfsVolume, err := sfs.Volumes(podSpec, cr, r.getConfigVolume) + initImageName, err := k8s.GetInitImage(ctx, cr, r.client) if err != nil { - return errors.Wrap(err, "volumes error") + return errors.Wrap(err, "failed to get initImage") } - // application container - appC, err := sfs.AppContainer(podSpec, secretsName, cr, sfsVolume.Volumes) - if err != nil { - return errors.Wrap(err, "app container error") - } + err = k8sretry.RetryOnConflict(k8sretry.DefaultRetry, func() error { + currentSet := sfs.StatefulSet() + err := r.client.Get(ctx, types.NamespacedName{Name: currentSet.Name, Namespace: currentSet.Namespace}, currentSet) + if err != nil { + return errors.Wrap(err, "failed to get statefulset") + } + annotations := currentSet.Spec.Template.Annotations + labels := currentSet.Spec.Template.Labels - newContainers = append(newContainers, appC) + sts, err := pxc.StatefulSet(ctx, r.client, sfs, podSpec, cr, secrets, initImageName, r.getConfigVolume) + if err != nil { + return errors.Wrap(err, "construct statefulset") + } - if len(initContainers) > 0 { - newInitContainers = append(newInitContainers, initContainers...) - } + // support annotation adjustements + pxc.MergeMaps(annotations, sts.Spec.Template.Annotations, newAnnotations) - if podSpec.ForceUnsafeBootstrap { - log.Info("spec.pxc.forceUnsafeBootstrap option is not supported since v1.10") + pxc.MergeMaps(labels, sts.Spec.Template.Labels) - if cr.CompareVersionWith("1.10.0") < 0 { - ic := appC.DeepCopy() - ic.Name = ic.Name + "-init-unsafe" - ic.Resources = podSpec.Resources - ic.ReadinessProbe = nil - ic.LivenessProbe = nil - ic.Command = []string{"/var/lib/mysql/unsafe-bootstrap.sh"} - newInitContainers = append(newInitContainers, *ic) + for k, v := range hashAnnotations { + if v != "" || k == "percona.com/configuration-hash" { + annotations[k] = v + } } - } - // sidecars - sideC, err := sfs.SidecarContainers(podSpec, secretsName, cr) - if err != nil { - return errors.Wrap(err, "sidecar container error") - } - newContainers = append(newContainers, sideC...) - - newContainers = api.AddSidecarContainers(log, newContainers, podSpec.Sidecars) - - currentSet.Spec.Template.Spec.Containers = newContainers - currentSet.Spec.Template.Spec.InitContainers = newInitContainers - currentSet.Spec.Template.Spec.Affinity = pxc.PodAffinity(podSpec.Affinity, sfs) - currentSet.Spec.Template.Spec.TopologySpreadConstraints = pxc.PodTopologySpreadConstraints(podSpec.TopologySpreadConstraints, sfs.Labels()) - if sfsVolume != nil && sfsVolume.Volumes != nil { - currentSet.Spec.Template.Spec.Volumes = sfsVolume.Volumes - } - currentSet.Spec.Template.Spec.Volumes = api.AddSidecarVolumes(log, currentSet.Spec.Template.Spec.Volumes, podSpec.SidecarVolumes) - currentSet.Spec.Template.Spec.Tolerations = podSpec.Tolerations - err = r.createOrUpdate(cr, currentSet) + sts.Spec.Template.Annotations = annotations + sts.Spec.Template.Labels = labels + err = r.createOrUpdate(ctx, cr, sts) + if err != nil { + return errors.Wrap(err, "update error") + } + return nil + }) if err != nil { - return errors.Wrap(err, "update error") + return errors.Wrap(err, "failed to create or update sts") } if cr.Spec.UpdateStrategy != api.SmartUpdateStatefulSetStrategyType { diff --git a/pkg/controller/pxc/users.go b/pkg/controller/pxc/users.go index 1ed6dda85a..55d4a99f57 100644 --- a/pkg/controller/pxc/users.go +++ b/pkg/controller/pxc/users.go @@ -34,13 +34,15 @@ var PassNotPropagatedError = errors.New("password not yet propagated") type userUpdateActions struct { restartPXC bool - restartProxy bool + restartProxySQL bool + restartHAProxy bool updateReplicationPass bool } type ReconcileUsersResult struct { pxcAnnotations map[string]string - proxyAnnotations map[string]string + proxysqlAnnotations map[string]string + haproxyAnnotations map[string]string updateReplicationPassword bool } @@ -128,14 +130,18 @@ func (r *ReconcilePerconaXtraDBCluster) reconcileUsers(ctx context.Context, cr * updateReplicationPassword: actions.updateReplicationPass, } - if actions.restartProxy { + if actions.restartProxySQL && cr.ProxySQLEnabled() { log.Info("Proxy pods will be restarted", "last-applied-secret", newSecretDataHash) - result.proxyAnnotations = map[string]string{"last-applied-secret": newSecretDataHash} + result.proxysqlAnnotations = map[string]string{"last-applied-secret": newSecretDataHash} } if actions.restartPXC { log.Info("PXC pods will be restarted", "last-applied-secret", newSecretDataHash) result.pxcAnnotations = map[string]string{"last-applied-secret": newSecretDataHash} } + if actions.restartHAProxy && cr.HAProxyEnabled() { + log.Info("HAProxy pods will be restarted", "last-applied-secret", newSecretDataHash) + result.haproxyAnnotations = map[string]string{"last-applied-secret": newSecretDataHash} + } return result, nil } @@ -323,7 +329,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleOperatorUser(ctx context.Context, } log.Info("Internal secrets updated", "user", user.Name) - actions.restartProxy = true + actions.restartProxySQL = true err = r.discardOldPassword(cr, secrets, internalSecrets, user) if err != nil { @@ -465,7 +471,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleMonitorUser(ctx context.Context, c return PassNotPropagatedError } - actions.restartProxy = true + actions.restartProxySQL = true if cr.Spec.PMM != nil && cr.Spec.PMM.IsEnabled(internalSecrets) { actions.restartPXC = true } @@ -499,7 +505,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleMonitorUser(ctx context.Context, c log.Info("Proxy user updated", "user", user.Name) } - actions.restartProxy = true + actions.restartProxySQL = true if cr.Spec.PMM != nil && cr.Spec.PMM.IsEnabled(internalSecrets) { actions.restartPXC = true } @@ -562,11 +568,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleXtrabackupUser(ctx context.Context user := &users.SysUser{ Name: users.Xtrabackup, Pass: string(secrets.Data[users.Xtrabackup]), - Hosts: []string{"localhost"}, - } - - if cr.CompareVersionWith("1.7.0") >= 0 { - user.Hosts = []string{"%"} + Hosts: []string{"%"}, } if cr.Status.PXC.Ready > 0 { @@ -574,8 +576,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleXtrabackupUser(ctx context.Context return err } - if cr.CompareVersionWith("1.7.0") >= 0 { - // xtrabackup user need more grants for work in version more then 1.6.0 + if cr.CompareVersionWith("1.15.0") >= 0 { err := r.updateXtrabackupUserGrant(ctx, cr, internalSecrets) if err != nil { return errors.Wrap(err, "update xtrabackup user grant") @@ -639,7 +640,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleXtrabackupUser(ctx context.Context func (r *ReconcilePerconaXtraDBCluster) updateXtrabackupUserGrant(ctx context.Context, cr *api.PerconaXtraDBCluster, secrets *corev1.Secret) error { log := logf.FromContext(ctx) - annotationName := "grant-for-1.7.0-xtrabackup-user" + annotationName := "grant-for-1.15.0-xtrabackup-user" if secrets.Annotations[annotationName] == "done" { return nil } @@ -650,7 +651,7 @@ func (r *ReconcilePerconaXtraDBCluster) updateXtrabackupUserGrant(ctx context.Co } defer um.Close() - err = um.Update170XtrabackupUser(string(secrets.Data[users.Xtrabackup])) + err = um.Update1150XtrabackupUser(string(secrets.Data[users.Xtrabackup])) if err != nil { return errors.Wrap(err, "update xtrabackup grant") } @@ -835,7 +836,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleProxyadminUser(ctx context.Context } log.Info("Internal secrets updated", "user", user.Name) - actions.restartProxy = true + actions.restartProxySQL = true return nil } @@ -885,7 +886,8 @@ func (r *ReconcilePerconaXtraDBCluster) handlePMMUser(ctx context.Context, cr *a log.Info("Internal secrets updated", "user", name) actions.restartPXC = true - actions.restartProxy = true + actions.restartProxySQL = true + actions.restartHAProxy = true return nil } diff --git a/pkg/controller/pxc/users_without_dp.go b/pkg/controller/pxc/users_without_dp.go index e2704eff2f..3aea25076c 100644 --- a/pkg/controller/pxc/users_without_dp.go +++ b/pkg/controller/pxc/users_without_dp.go @@ -57,6 +57,7 @@ func (r *ReconcilePerconaXtraDBCluster) updateUsersWithoutDP(ctx context.Context return res, nil } + func (r *ReconcilePerconaXtraDBCluster) handleRootUserWithoutDP(ctx context.Context, cr *api.PerconaXtraDBCluster, secrets, internalSecrets *corev1.Secret, actions *userUpdateActions) error { if cr.Status.Status != api.AppStateReady && !r.invalidPasswordApplied(cr.Status) { return nil @@ -154,7 +155,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleOperatorUserWithoutDP(ctx context. } log.Info("Internal secrets updated", "user", user.Name) - actions.restartProxy = true + actions.restartProxySQL = true return nil } @@ -241,7 +242,10 @@ func (r *ReconcilePerconaXtraDBCluster) handleMonitorUserWithoutDP(ctx context.C log.Info("Proxy user updated", "user", user.Name) } - actions.restartProxy = true + // We should restart HAProxy if the monitor user password has been changed only on version 5.7 + actions.restartHAProxy = true + + actions.restartProxySQL = true if cr.Spec.PMM != nil && cr.Spec.PMM.IsEnabled(internalSecrets) { actions.restartPXC = true } @@ -263,11 +267,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleXtrabackupUserWithoutDP(ctx contex user := &users.SysUser{ Name: users.Xtrabackup, Pass: string(secrets.Data[users.Xtrabackup]), - Hosts: []string{"localhost"}, - } - - if cr.CompareVersionWith("1.7.0") >= 0 { - user.Hosts = []string{"%"} + Hosts: []string{"%"}, } if cr.Status.PXC.Ready > 0 { @@ -275,8 +275,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleXtrabackupUserWithoutDP(ctx contex return err } - if cr.CompareVersionWith("1.7.0") >= 0 { - // monitor user need more grants for work in version more then 1.6.0 + if cr.CompareVersionWith("1.15.0") >= 0 { err := r.updateXtrabackupUserGrant(ctx, cr, internalSecrets) if err != nil { return errors.Wrap(err, "update xtrabackup user grant") @@ -416,7 +415,7 @@ func (r *ReconcilePerconaXtraDBCluster) handleProxyadminUserWithoutDP(ctx contex } log.Info("Internal secrets updated", "user", user.Name) - actions.restartProxy = true + actions.restartProxySQL = true return nil } diff --git a/pkg/controller/pxc/volumes.go b/pkg/controller/pxc/volumes.go index d9953f0fe8..aad92e8072 100644 --- a/pkg/controller/pxc/volumes.go +++ b/pkg/controller/pxc/volumes.go @@ -4,25 +4,34 @@ import ( "context" "slices" "strings" + "time" "github.com/pkg/errors" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + eventsv1 "k8s.io/api/events/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/apimachinery/pkg/labels" "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" - api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" + pxcv1 "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" "github.com/percona/percona-xtradb-cluster-operator/pkg/k8s" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/statefulset" ) -func (r *ReconcilePerconaXtraDBCluster) reconcilePersistentVolumes(ctx context.Context, cr *api.PerconaXtraDBCluster) error { - log := logf.FromContext(ctx) +func validatePVCName(pvc corev1.PersistentVolumeClaim, sts *appsv1.StatefulSet) bool { + return strings.HasPrefix(pvc.Name, "datadir-"+sts.Name) +} +func (r *ReconcilePerconaXtraDBCluster) reconcilePersistentVolumes(ctx context.Context, cr *pxcv1.PerconaXtraDBCluster) error { pxcSet := statefulset.NewNode(cr) sts := pxcSet.StatefulSet() - labels := map[string]string{ + ls := map[string]string{ "app.kubernetes.io/component": "pxc", "app.kubernetes.io/instance": cr.Name, "app.kubernetes.io/managed-by": "percona-xtradb-cluster-operator", @@ -30,15 +39,110 @@ func (r *ReconcilePerconaXtraDBCluster) reconcilePersistentVolumes(ctx context.C "app.kubernetes.io/part-of": "percona-xtradb-cluster", } - pvcList := corev1.PersistentVolumeClaimList{} - if err := r.client.List(ctx, &pvcList, client.InNamespace(cr.Namespace), client.MatchingLabels(labels)); err != nil { - return errors.Wrap(err, "list persistentvolumeclaims") + log := logf.FromContext(ctx).WithName("PVCResize").WithValues("sts", sts.Name) + + pvcList := &corev1.PersistentVolumeClaimList{} + err := r.client.List(ctx, pvcList, &client.ListOptions{ + Namespace: sts.Namespace, + LabelSelector: labels.SelectorFromSet(ls), + }) + if err != nil { + return errors.Wrap(err, "list PVCs") + } + + if len(pvcList.Items) == 0 { + return nil + } + + podList := corev1.PodList{} + if err := r.client.List(ctx, &podList, client.InNamespace(cr.Namespace), client.MatchingLabels(ls)); err != nil { + return errors.Wrap(err, "list pods") + } + + podNames := make([]string, 0, len(podList.Items)) + for _, pod := range podList.Items { + podNames = append(podNames, pod.Name) + } + + pvcsToUpdate := make([]string, 0, len(pvcList.Items)) + for _, pvc := range pvcList.Items { + if !validatePVCName(pvc, sts) { + continue + } + + podName := strings.SplitN(pvc.Name, "-", 2)[1] + if !slices.Contains(podNames, podName) { + continue + } + + pvcsToUpdate = append(pvcsToUpdate, pvc.Name) + } + + if len(pvcsToUpdate) == 0 { + return nil + } + + var actual resource.Quantity + for _, pvc := range pvcList.Items { + if !validatePVCName(pvc, sts) { + continue + } + + if pvc.Status.Capacity == nil || pvc.Status.Capacity.Storage() == nil { + continue + } + + // we need to find the smallest size among all PVCs + // since it indicates a failed resize operation + if actual.IsZero() || pvc.Status.Capacity.Storage().Cmp(actual) < 0 { + actual = *pvc.Status.Capacity.Storage() + } + } + + if actual.IsZero() { + return nil + } + + sts = sts.DeepCopy() + if err := r.client.Get(ctx, client.ObjectKeyFromObject(sts), sts); err != nil { + if k8serrors.IsNotFound(err) { + return nil + } + return errors.Wrapf(err, "get statefulset %s", client.ObjectKeyFromObject(sts)) + } + + var volumeTemplate corev1.PersistentVolumeClaim + for _, vct := range sts.Spec.VolumeClaimTemplates { + if vct.Name == "datadir" { + volumeTemplate = vct + } + } + + configured := volumeTemplate.Spec.Resources.Requests[corev1.ResourceStorage] + requested := cr.Spec.PXC.VolumeSpec.PersistentVolumeClaim.Resources.Requests[corev1.ResourceStorage] + + if requested.Format == resource.DecimalSI { + requested, err = resource.ParseQuantity(requested.String() + "i") + if err != nil { + return errors.Wrap(err, "parse requested storage size") + } } if cr.PVCResizeInProgress() { - resizeInProgress := false + resizeStartedAt, err := time.Parse(time.RFC3339, cr.GetAnnotations()[pxcv1.AnnotationPVCResizeInProgress]) + if err != nil { + return errors.Wrap(err, "parse annotation") + } + + updatedPVCs := 0 for _, pvc := range pvcList.Items { - if !strings.HasPrefix(pvc.Name, "datadir-"+sts.Name) { + if !validatePVCName(pvc, sts) { + continue + } + + if pvc.Status.Capacity.Storage().Cmp(requested) == 0 { + updatedPVCs++ + log.Info("PVC resize finished", "name", pvc.Name, "size", pvc.Status.Capacity.Storage()) continue } @@ -49,102 +153,146 @@ func (r *ReconcilePerconaXtraDBCluster) reconcilePersistentVolumes(ctx context.C switch condition.Type { case corev1.PersistentVolumeClaimResizing, corev1.PersistentVolumeClaimFileSystemResizePending: - resizeInProgress = true log.V(1).Info(condition.Message, "pvc", pvc.Name, "type", condition.Type, "lastTransitionTime", condition.LastTransitionTime) log.Info("PVC resize in progress", "pvc", pvc.Name, "lastTransitionTime", condition.LastTransitionTime) } } - } - if !resizeInProgress { - if err := k8s.DeannotateObject(ctx, r.client, cr, api.AnnotationPVCResizeInProgress); err != nil { - return errors.Wrap(err, "deannotate pxc") + events := &eventsv1.EventList{} + if err := r.client.List(ctx, events, &client.ListOptions{ + Namespace: sts.Namespace, + FieldSelector: fields.SelectorFromSet(map[string]string{"regarding.name": pvc.Name}), + }); err != nil { + return errors.Wrapf(err, "list events for pvc/%s", pvc.Name) } - log.Info("PVC resize completed") + for _, event := range events.Items { + eventTime := event.EventTime.Time + if event.EventTime.IsZero() { + eventTime = event.DeprecatedFirstTimestamp.Time + } - return nil - } - } + if eventTime.Before(resizeStartedAt) { + continue + } - err := r.client.Get(ctx, client.ObjectKeyFromObject(sts), sts) - if err != nil { - if k8serrors.IsNotFound(err) { - return nil + switch event.Reason { + case "Resizing", "ExternalExpanding", "FileSystemResizeRequired": + log.Info("PVC resize in progress", "pvc", pvc.Name, "reason", event.Reason, "message", event.Note) + case "FileSystemResizeSuccessful": + log.Info("PVC resize completed", "pvc", pvc.Name, "reason", event.Reason, "message", event.Note) + case "VolumeResizeFailed": + log.Error(nil, "PVC resize failed", "pvc", pvc.Name, "reason", event.Reason, "message", event.Note) + + if err := r.handlePVCResizeFailure(ctx, cr, configured); err != nil { + return err + } + + return errors.Errorf("volume resize failed: %s", event.Note) + } + } } - return errors.Wrapf(err, "get statefulset/%s", sts.Name) - } - if cr.Spec.PXC.VolumeSpec.PersistentVolumeClaim == nil { - return nil - } + resizeSucceeded := updatedPVCs == len(pvcsToUpdate) + if resizeSucceeded { + log.Info("Deleting statefulset") - var volumeTemplate corev1.PersistentVolumeClaim - for _, vct := range sts.Spec.VolumeClaimTemplates { - if vct.Name == "datadir" { - volumeTemplate = vct + if err := r.client.Delete(ctx, sts, client.PropagationPolicy("Orphan")); err != nil { + if k8serrors.IsNotFound(err) { + return nil + } + return errors.Wrapf(err, "delete statefulset/%s", sts.Name) + } + + if err := k8s.DeannotateObject(ctx, r.client, cr, pxcv1.AnnotationPVCResizeInProgress); err != nil { + return errors.Wrap(err, "deannotate pxc") + } + + log.Info("PVC resize completed") + + return nil } } - requested := cr.Spec.PXC.VolumeSpec.PersistentVolumeClaim.Resources.Requests[corev1.ResourceStorage] - actual := volumeTemplate.Spec.Resources.Requests[corev1.ResourceStorage] - if requested.Cmp(actual) < 0 { - return errors.Wrap(err, "requested storage is less than actual") + return errors.Errorf("requested storage (%s) is less than actual storage (%s)", requested.String(), actual.String()) } - if requested.Cmp(actual) == 0 { + if requested.Cmp(configured) == 0 || requested.Cmp(actual) == 0 { return nil } - err = k8s.AnnotateObject(ctx, r.client, cr, map[string]string{api.AnnotationPVCResizeInProgress: "true"}) + err = k8s.AnnotateObject(ctx, r.client, cr, map[string]string{pxcv1.AnnotationPVCResizeInProgress: metav1.Now().Format(time.RFC3339)}) if err != nil { return errors.Wrap(err, "annotate pxc") } - podList := corev1.PodList{} - if err := r.client.List(ctx, &podList, client.InNamespace(cr.Namespace), client.MatchingLabels(labels)); err != nil { - return errors.Wrap(err, "list pods") - } - - podNames := make([]string, 0, len(podList.Items)) - for _, pod := range podList.Items { - podNames = append(podNames, pod.Name) - } + log.Info("Resizing PVCs", "requested", requested, "actual", actual, "pvcList", strings.Join(pvcsToUpdate, ",")) - pvcsToUpdate := make([]string, 0, len(pvcList.Items)) for _, pvc := range pvcList.Items { - if !strings.HasPrefix(pvc.Name, "datadir-"+sts.Name) { + if !slices.Contains(pvcsToUpdate, pvc.Name) { continue } - podName := strings.SplitN(pvc.Name, "-", 2)[1] - if !slices.Contains(podNames, podName) { + if pvc.Status.Capacity.Storage().Cmp(requested) == 0 { + log.Info("PVC already resized", "name", pvc.Name, "actual", pvc.Status.Capacity.Storage(), "requested", requested) continue } - pvcsToUpdate = append(pvcsToUpdate, pvc.Name) + log.Info("Resizing PVC", "name", pvc.Name, "actual", pvc.Status.Capacity.Storage(), "requested", requested) + pvc.Spec.Resources.Requests[corev1.ResourceStorage] = requested + + if err := r.client.Update(ctx, &pvc); err != nil { + switch { + case strings.Contains(err.Error(), "exceeded quota"): + log.Error(err, "PVC resize failed", "reason", "ExceededQuota", "message", err.Error()) + + if err := r.handlePVCResizeFailure(ctx, cr, configured); err != nil { + return err + } + + return errors.Wrapf(err, "update persistentvolumeclaim/%s", pvc.Name) + case strings.Contains(err.Error(), "the storageclass that provisions the pvc must support resize"): + log.Error(err, "PVC resize failed", "reason", "StorageClassNotSupportResize", "message", err.Error()) + + if err := r.handlePVCResizeFailure(ctx, cr, configured); err != nil { + return err + } + + return errors.Wrapf(err, "update persistentvolumeclaim/%s", pvc.Name) + default: + return errors.Wrapf(err, "update persistentvolumeclaim/%s", pvc.Name) + } + } + + log.Info("PVC resize started", "pvc", pvc.Name, "requested", requested) } - log.Info("Resizing PVCs", "requested", requested, "actual", actual, "pvcList", strings.Join(pvcsToUpdate, ",")) + return nil +} - log.Info("Deleting statefulset", "name", sts.Name) +func (r *ReconcilePerconaXtraDBCluster) handlePVCResizeFailure(ctx context.Context, cr *pxcv1.PerconaXtraDBCluster, originalSize resource.Quantity) error { + if err := r.revertVolumeTemplate(ctx, cr, originalSize); err != nil { + return errors.Wrapf(err, "revert volume template in pxc/%s", cr.Name) + } - if err := r.client.Delete(ctx, sts, client.PropagationPolicy("Orphan")); err != nil { - return errors.Wrapf(err, "delete statefulset/%s", sts.Name) + if err := k8s.DeannotateObject(ctx, r.client, cr, pxcv1.AnnotationPVCResizeInProgress); err != nil { + return errors.Wrapf(err, "deannotate pxc/%s", cr.Name) } - for _, pvc := range pvcList.Items { - if !slices.Contains(pvcsToUpdate, pvc.Name) { - continue - } + return nil +} - log.Info("Resizing PVC", "name", pvc.Name) - pvc.Spec.Resources.Requests[corev1.ResourceStorage] = requested +func (r *ReconcilePerconaXtraDBCluster) revertVolumeTemplate(ctx context.Context, cr *pxcv1.PerconaXtraDBCluster, originalSize resource.Quantity) error { + log := logf.FromContext(ctx) - if err := r.client.Update(ctx, &pvc); err != nil { - return errors.Wrapf(err, "update persistentvolumeclaim/%s", pvc.Name) - } + orig := cr.DeepCopy() + + log.Info("Reverting volume template for PXC", "originalSize", originalSize) + cr.Spec.PXC.VolumeSpec.PersistentVolumeClaim.Resources.Requests[corev1.ResourceStorage] = originalSize + + if err := r.client.Patch(ctx, cr.DeepCopy(), client.MergeFrom(orig)); err != nil { + return errors.Wrapf(err, "patch pxc/%s", cr.Name) } return nil diff --git a/pkg/controller/pxcbackup/controller.go b/pkg/controller/pxcbackup/controller.go index c091c61711..ba8a8e0b11 100644 --- a/pkg/controller/pxcbackup/controller.go +++ b/pkg/controller/pxcbackup/controller.go @@ -9,6 +9,8 @@ import ( "sync" "time" + "github.com/percona/percona-xtradb-cluster-operator/pkg/naming" + "github.com/pkg/errors" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" @@ -27,6 +29,7 @@ import ( "github.com/percona/percona-xtradb-cluster-operator/clientcmd" api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" + "github.com/percona/percona-xtradb-cluster-operator/pkg/k8s" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/deployment" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/backup" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/backup/storage" @@ -191,7 +194,11 @@ func (r *ReconcilePerconaXtraDBClusterBackup) Reconcile(ctx context.Context, req bcp := backup.New(cluster) job := bcp.Job(cr, cluster) - job.Spec, err = bcp.JobSpec(cr.Spec, cluster, job) + initImage, err := k8s.GetInitImage(ctx, cluster, r.client) + if err != nil { + return rr, errors.Wrap(err, "failed to get initImage") + } + job.Spec, err = bcp.JobSpec(cr.Spec, cluster, job, initImage) if err != nil { return rr, errors.Wrap(err, "can't create job spec") } @@ -305,7 +312,7 @@ func (r *ReconcilePerconaXtraDBClusterBackup) runDeleteBackupFinalizer(ctx conte for _, f := range cr.GetFinalizers() { var err error switch f { - case api.FinalizerDeleteS3Backup: + case naming.FinalizerDeleteS3Backup, naming.FinalizerDeleteBackup: if (cr.Status.S3 == nil && cr.Status.Azure == nil) || cr.Status.Destination == "" { continue } @@ -326,7 +333,7 @@ func (r *ReconcilePerconaXtraDBClusterBackup) runDeleteBackupFinalizer(ctx conte if err != nil { log.Info("failed to delete backup", "backup path", cr.Status.Destination, "error", err.Error()) finalizers = append(finalizers, f) - } else if f == api.FinalizerDeleteS3Backup { + } else if f == naming.FinalizerDeleteS3Backup || f == naming.FinalizerDeleteBackup { log.Info("backup was removed", "name", cr.Name) } } @@ -497,13 +504,13 @@ func (r *ReconcilePerconaXtraDBClusterBackup) updateJobStatus(bcp *api.PerconaXt return errors.Wrap(err, "get binlog collector pod") } - if err := deployment.RemoveGapFile(context.TODO(), r.clientcmd, collectorPod); err != nil { + if err := deployment.RemoveGapFile(context.TODO(), cluster, r.clientcmd, collectorPod); err != nil { if !errors.Is(err, deployment.GapFileNotFound) { return errors.Wrap(err, "remove gap file") } } - if err := deployment.RemoveTimelineFile(context.TODO(), r.clientcmd, collectorPod); err != nil { + if err := deployment.RemoveTimelineFile(context.TODO(), cluster, r.clientcmd, collectorPod); err != nil { return errors.Wrap(err, "remove timeline file") } } diff --git a/pkg/controller/pxcrestore/controller.go b/pkg/controller/pxcrestore/controller.go index 87c8bf0a81..78049f9050 100644 --- a/pkg/controller/pxcrestore/controller.go +++ b/pkg/controller/pxcrestore/controller.go @@ -168,23 +168,25 @@ func (r *ReconcilePerconaXtraDBClusterRestore) Reconcile(ctx context.Context, re return reconcile.Result{}, fmt.Errorf("wrong PXC options: %v", err) } - err = backup.CheckPITRErrors(ctx, r.client, r.clientcmd, cluster) - if err != nil { - return reconcile.Result{}, err - } - bcp, err := r.getBackup(ctx, cr) if err != nil { return rr, errors.Wrap(err, "get backup") } - annotations := cr.GetAnnotations() - _, unsafePITR := annotations[api.AnnotationUnsafePITR] - cond := meta.FindStatusCondition(bcp.Status.Conditions, api.BackupConditionPITRReady) - if cond != nil && cond.Status == metav1.ConditionFalse && !unsafePITR { - msg := fmt.Sprintf("Backup doesn't guarantee consistent recovery with PITR. Annotate PerconaXtraDBClusterRestore with %s to force it.", api.AnnotationUnsafePITR) - err = errors.New(msg) - return reconcile.Result{}, nil + if cr.Spec.PITR != nil { + err = backup.CheckPITRErrors(ctx, r.client, r.clientcmd, cluster) + if err != nil { + return reconcile.Result{}, err + } + + annotations := cr.GetAnnotations() + _, unsafePITR := annotations[api.AnnotationUnsafePITR] + cond := meta.FindStatusCondition(bcp.Status.Conditions, api.BackupConditionPITRReady) + if cond != nil && cond.Status == metav1.ConditionFalse && !unsafePITR { + msg := fmt.Sprintf("Backup doesn't guarantee consistent recovery with PITR. Annotate PerconaXtraDBClusterRestore with %s to force it.", api.AnnotationUnsafePITR) + err = errors.New(msg) + return reconcile.Result{}, nil + } } err = r.validate(ctx, cr, bcp, cluster) @@ -227,9 +229,9 @@ func (r *ReconcilePerconaXtraDBClusterRestore) Reconcile(ctx context.Context, re if cr.Spec.PITR != nil { oldSize := cluster.Spec.PXC.Size - oldUnsafe := cluster.Spec.AllowUnsafeConfig + oldUnsafe := cluster.Spec.Unsafe.PXCSize cluster.Spec.PXC.Size = 1 - cluster.Spec.AllowUnsafeConfig = true + cluster.Spec.Unsafe.PXCSize = true if err := r.startCluster(cluster); err != nil { return rr, errors.Wrap(err, "restart cluster for pitr") @@ -247,7 +249,7 @@ func (r *ReconcilePerconaXtraDBClusterRestore) Reconcile(ctx context.Context, re } cluster.Spec.PXC.Size = oldSize - cluster.Spec.AllowUnsafeConfig = oldUnsafe + cluster.Spec.Unsafe.PXCSize = oldUnsafe log.Info("starting cluster", "cluster", cr.Spec.PXCCluster) err = r.setStatus(cr, api.RestoreStartCluster, "") diff --git a/pkg/controller/pxcrestore/restore.go b/pkg/controller/pxcrestore/restore.go index 232d051337..9722a03f01 100644 --- a/pkg/controller/pxcrestore/restore.go +++ b/pkg/controller/pxcrestore/restore.go @@ -22,7 +22,7 @@ func (r *ReconcilePerconaXtraDBClusterRestore) restore(ctx context.Context, cr * return errors.New("undefined backup section in a cluster spec") } - restorer, err := r.getRestorer(cr, bcp, cluster) + restorer, err := r.getRestorer(ctx, cr, bcp, cluster) if err != nil { return errors.Wrap(err, "failed to get restorer") } @@ -49,7 +49,7 @@ func (r *ReconcilePerconaXtraDBClusterRestore) restore(ctx context.Context, cr * func (r *ReconcilePerconaXtraDBClusterRestore) pitr(ctx context.Context, cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster) error { log := logf.FromContext(ctx) - restorer, err := r.getRestorer(cr, bcp, cluster) + restorer, err := r.getRestorer(ctx, cr, bcp, cluster) if err != nil { return errors.Wrap(err, "failed to get restorer") } @@ -73,7 +73,7 @@ func (r *ReconcilePerconaXtraDBClusterRestore) pitr(ctx context.Context, cr *api } func (r *ReconcilePerconaXtraDBClusterRestore) validate(ctx context.Context, cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster) error { - restorer, err := r.getRestorer(cr, bcp, cluster) + restorer, err := r.getRestorer(ctx, cr, bcp, cluster) if err != nil { return errors.Wrap(err, "failed to get restorer") } diff --git a/pkg/controller/pxcrestore/restorer.go b/pkg/controller/pxcrestore/restorer.go index 04fa0fb237..95c3f19f41 100644 --- a/pkg/controller/pxcrestore/restorer.go +++ b/pkg/controller/pxcrestore/restorer.go @@ -31,15 +31,16 @@ type Restorer interface { type s3 struct{ *restorerOptions } -func (s *s3) Init(context.Context) error { return nil } +func (s *s3) Init(context.Context) error { return nil } + func (s *s3) Finalize(context.Context) error { return nil } func (s *s3) Job() (*batchv1.Job, error) { - return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.bcp.Status.Destination, false) + return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.initImage, s.bcp.Status.Destination, false) } func (s *s3) PITRJob() (*batchv1.Job, error) { - return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.bcp.Status.Destination, true) + return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.initImage, s.bcp.Status.Destination, true) } func (s *s3) ValidateJob(ctx context.Context, job *batchv1.Job) error { @@ -117,7 +118,7 @@ func (s *pvc) Validate(ctx context.Context) error { } func (s *pvc) Job() (*batchv1.Job, error) { - return backup.RestoreJob(s.cr, s.bcp, s.cluster, "", false) + return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.initImage, "", false) } func (s *pvc) PITRJob() (*batchv1.Job, error) { @@ -184,15 +185,16 @@ func (s *pvc) Finalize(ctx context.Context) error { type azure struct{ *restorerOptions } -func (s *azure) Init(context.Context) error { return nil } +func (s *azure) Init(context.Context) error { return nil } + func (s *azure) Finalize(context.Context) error { return nil } func (s *azure) Job() (*batchv1.Job, error) { - return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.bcp.Status.Destination, false) + return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.initImage, s.bcp.Status.Destination, false) } func (s *azure) PITRJob() (*batchv1.Job, error) { - return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.bcp.Status.Destination, true) + return backup.RestoreJob(s.cr, s.bcp, s.cluster, s.initImage, s.bcp.Status.Destination, true) } func (s *azure) Validate(ctx context.Context) error { @@ -218,6 +220,7 @@ func (s *azure) Validate(ctx context.Context) error { } func (r *ReconcilePerconaXtraDBClusterRestore) getRestorer( + ctx context.Context, cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, @@ -230,6 +233,12 @@ func (r *ReconcilePerconaXtraDBClusterRestore) getRestorer( scheme: r.scheme, newStorageClient: r.newStorageClientFunc, } + initImage, err := k8s.GetInitImage(ctx, cluster, r.client) + if err != nil { + return nil, errors.New("failed to get init image") + } + s.initImage = initImage + switch s.bcp.Status.Destination.StorageTypePrefix() { case api.PVCStoragePrefix: sr := pvc{&s} @@ -251,6 +260,7 @@ type restorerOptions struct { k8sClient client.Client scheme *runtime.Scheme newStorageClient storage.NewClientFunc + initImage string } func (opts *restorerOptions) ValidateJob(ctx context.Context, job *batchv1.Job) error { diff --git a/pkg/k8s/annotation.go b/pkg/k8s/annotation.go index de8346b013..2775abdeee 100644 --- a/pkg/k8s/annotation.go +++ b/pkg/k8s/annotation.go @@ -3,50 +3,49 @@ package k8s import ( "context" - "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" ) // AnnotateObject adds the specified annotations to the object func AnnotateObject(ctx context.Context, c client.Client, obj client.Object, annotations map[string]string) error { - return retry.RetryOnConflict(retry.DefaultRetry, func() error { - _obj := obj.DeepCopyObject().(client.Object) - err := c.Get(ctx, client.ObjectKeyFromObject(obj), _obj) - if err != nil { - return err - } - - a := _obj.GetAnnotations() - if a == nil { - a = make(map[string]string) - } - - for k, v := range annotations { - a[k] = v - } - _obj.SetAnnotations(a) - - return c.Patch(ctx, _obj, client.MergeFrom(obj)) - }) + o := obj.DeepCopyObject().(client.Object) + err := c.Get(ctx, client.ObjectKeyFromObject(obj), o) + if err != nil { + return err + } + + orig := o.DeepCopyObject().(client.Object) + + a := o.GetAnnotations() + if a == nil { + a = make(map[string]string) + } + + for k, v := range annotations { + a[k] = v + } + o.SetAnnotations(a) + + return c.Patch(ctx, o, client.MergeFrom(orig)) } // DeannotateObject removes the specified annotation from the object func DeannotateObject(ctx context.Context, c client.Client, obj client.Object, annotation string) error { - return retry.RetryOnConflict(retry.DefaultRetry, func() error { - _obj := obj.DeepCopyObject().(client.Object) - err := c.Get(ctx, client.ObjectKeyFromObject(obj), _obj) - if err != nil { - return err - } - - a := _obj.GetAnnotations() - if a == nil { - a = make(map[string]string) - } - - delete(a, annotation) - _obj.SetAnnotations(a) - - return c.Patch(ctx, _obj, client.MergeFrom(obj)) - }) + o := obj.DeepCopyObject().(client.Object) + err := c.Get(ctx, client.ObjectKeyFromObject(obj), o) + if err != nil { + return err + } + + orig := o.DeepCopyObject().(client.Object) + + a := o.GetAnnotations() + if a == nil { + a = make(map[string]string) + } + + delete(a, annotation) + o.SetAnnotations(a) + + return c.Patch(ctx, o, client.MergeFrom(orig)) } diff --git a/pkg/k8s/utils.go b/pkg/k8s/utils.go index a6555135ba..f77464c305 100644 --- a/pkg/k8s/utils.go +++ b/pkg/k8s/utils.go @@ -1,9 +1,17 @@ package k8s import ( + "context" "fmt" "os" "strings" + + "github.com/pkg/errors" + corev1 "k8s.io/api/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" + "github.com/percona/percona-xtradb-cluster-operator/version" ) const WatchNamespaceEnvVar = "WATCH_NAMESPACE" @@ -26,3 +34,33 @@ func GetOperatorNamespace() (string, error) { return strings.TrimSpace(string(nsBytes)), nil } + +func GetInitImage(ctx context.Context, cr *api.PerconaXtraDBCluster, cli client.Client) (string, error) { + if len(cr.Spec.InitContainer.Image) > 0 { + return cr.Spec.InitContainer.Image, nil + } + if len(cr.Spec.InitImage) > 0 { + return cr.Spec.InitImage, nil + } + operatorPod, err := OperatorPod(ctx, cli) + if err != nil { + return "", errors.Wrap(err, "get operator deployment") + } + imageName, err := operatorImageName(&operatorPod) + if err != nil { + return "", err + } + if cr.CompareVersionWith(version.Version) != 0 { + imageName = strings.Split(imageName, ":")[0] + ":" + cr.Spec.CRVersion + } + return imageName, nil +} + +func operatorImageName(operatorPod *corev1.Pod) (string, error) { + for _, c := range operatorPod.Spec.Containers { + if c.Name == "percona-xtradb-cluster-operator" { + return c.Image, nil + } + } + return "", errors.New("operator image not found") +} diff --git a/pkg/naming/naming.go b/pkg/naming/naming.go new file mode 100644 index 0000000000..c5734a03c5 --- /dev/null +++ b/pkg/naming/naming.go @@ -0,0 +1,16 @@ +package naming + +const ( + annotationPrefix = "percona.com/" +) + +const ( + FinalizerDeleteSSL = annotationPrefix + "delete-ssl" + FinalizerDeletePxcPodsInOrder = annotationPrefix + "delete-pxc-pods-in-order" + FinalizerDeleteProxysqlPvc = annotationPrefix + "delete-proxysql-pvc" + FinalizerDeletePxcPvc = annotationPrefix + "delete-pxc-pvc" + FinalizerDeleteBackup = annotationPrefix + "delete-backup" + + // TODO depricated in 1.15.0 should be deleted in 1.18.0 + FinalizerDeleteS3Backup = annotationPrefix + "delete-s3-backup" +) diff --git a/pkg/pxc/app/app.go b/pkg/pxc/app/app.go index ca35f58e2b..7c7e03e540 100644 --- a/pkg/pxc/app/app.go +++ b/pkg/pxc/app/app.go @@ -5,3 +5,7 @@ const ( BinVolumeName = "bin" Name = "pxc" ) + +const ( + BinVolumeMountPath = "/opt/percona" +) diff --git a/pkg/pxc/app/deployment/binlog-collector.go b/pkg/pxc/app/deployment/binlog-collector.go index 14462768ed..5a0ff12331 100644 --- a/pkg/pxc/app/deployment/binlog-collector.go +++ b/pkg/pxc/app/deployment/binlog-collector.go @@ -19,10 +19,11 @@ import ( api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app" + "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/statefulset" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/users" ) -func GetBinlogCollectorDeployment(cr *api.PerconaXtraDBCluster) (appsv1.Deployment, error) { +func GetBinlogCollectorDeployment(cr *api.PerconaXtraDBCluster, initImage string) (appsv1.Deployment, error) { binlogCollectorName := GetBinlogCollectorDeploymentName(cr) pxcUser := users.Xtrabackup sleepTime := fmt.Sprintf("%.2f", cr.Spec.Backup.PITR.TimeBetweenUploads) @@ -97,6 +98,30 @@ func GetBinlogCollectorDeployment(cr *api.PerconaXtraDBCluster) (appsv1.Deployme } replicas := int32(1) + var initContainers []corev1.Container + volumes := []corev1.Volume{ + app.GetSecretVolumes("mysql-users-secret-file", "internal-"+cr.Name, false), + } + if cr.CompareVersionWith("1.15.0") >= 0 { + container.Command = []string{"/opt/percona/pitr"} + initContainers = []corev1.Container{statefulset.PitrInitContainer(cr, cr.Spec.Backup.PITR.Resources, initImage)} + volumes = append(volumes, + corev1.Volume{ + Name: app.BinVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, + ) + + container.VolumeMounts = append(container.VolumeMounts, + corev1.VolumeMount{ + Name: app.BinVolumeName, + MountPath: app.BinVolumeMountPath, + }, + ) + } + return appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ APIVersion: "apps/v1", @@ -119,6 +144,7 @@ func GetBinlogCollectorDeployment(cr *api.PerconaXtraDBCluster) (appsv1.Deployme Annotations: cr.Spec.Backup.Storages[cr.Spec.Backup.PITR.StorageName].Annotations, }, Spec: corev1.PodSpec{ + InitContainers: initContainers, Containers: []corev1.Container{container}, ImagePullSecrets: cr.Spec.Backup.ImagePullSecrets, ServiceAccountName: cr.Spec.Backup.ServiceAccountName, @@ -129,10 +155,8 @@ func GetBinlogCollectorDeployment(cr *api.PerconaXtraDBCluster) (appsv1.Deployme NodeSelector: cr.Spec.Backup.Storages[cr.Spec.Backup.PITR.StorageName].NodeSelector, SchedulerName: cr.Spec.Backup.Storages[cr.Spec.Backup.PITR.StorageName].SchedulerName, PriorityClassName: cr.Spec.Backup.Storages[cr.Spec.Backup.PITR.StorageName].PriorityClassName, - Volumes: []corev1.Volume{ - app.GetSecretVolumes("mysql-users-secret-file", "internal-"+cr.Name, false), - }, - RuntimeClassName: cr.Spec.Backup.Storages[cr.Spec.Backup.PITR.StorageName].RuntimeClassName, + Volumes: volumes, + RuntimeClassName: cr.Spec.Backup.Storages[cr.Spec.Backup.PITR.StorageName].RuntimeClassName, }, }, }, @@ -283,7 +307,7 @@ func GetBinlogCollectorPod(ctx context.Context, c client.Client, cr *api.Percona var GapFileNotFound = errors.New("gap file not found") -func RemoveGapFile(ctx context.Context, c *clientcmd.Client, pod *corev1.Pod) error { +func RemoveGapFile(ctx context.Context, cr *api.PerconaXtraDBCluster, c *clientcmd.Client, pod *corev1.Pod) error { stderrBuf := &bytes.Buffer{} err := c.Exec(pod, "pitr", []string{"/bin/bash", "-c", "rm /tmp/gap-detected"}, nil, nil, stderrBuf, false) if err != nil { @@ -296,7 +320,7 @@ func RemoveGapFile(ctx context.Context, c *clientcmd.Client, pod *corev1.Pod) er return nil } -func RemoveTimelineFile(ctx context.Context, c *clientcmd.Client, pod *corev1.Pod) error { +func RemoveTimelineFile(ctx context.Context, cr *api.PerconaXtraDBCluster, c *clientcmd.Client, pod *corev1.Pod) error { stderrBuf := &bytes.Buffer{} err := c.Exec(pod, "pitr", []string{"/bin/bash", "-c", "rm /tmp/pitr-timeline"}, nil, nil, stderrBuf, false) if err != nil { diff --git a/pkg/pxc/app/pvc.go b/pkg/pxc/app/pvc.go index 246e78cf9d..9f706ea10a 100644 --- a/pkg/pxc/app/pvc.go +++ b/pkg/pxc/app/pvc.go @@ -25,6 +25,6 @@ func VolumeSpec(vspec *api.VolumeSpec) corev1.PersistentVolumeClaimSpec { AccessModes: vspec.PersistentVolumeClaim.AccessModes, Resources: vspec.PersistentVolumeClaim.Resources, DataSource: vspec.PersistentVolumeClaim.DataSource, - DataSourceRef: vspec.PersistentVolumeClaim.DataSourceRef, + DataSourceRef: vspec.PersistentVolumeClaim.DataSourceRef, } } diff --git a/pkg/pxc/app/statefulset/haproxy.go b/pkg/pxc/app/statefulset/haproxy.go index 6f317d6f6e..f15638dd79 100644 --- a/pkg/pxc/app/statefulset/haproxy.go +++ b/pkg/pxc/app/statefulset/haproxy.go @@ -3,6 +3,7 @@ package statefulset import ( "context" "fmt" + "strconv" "github.com/pkg/errors" appsv1 "k8s.io/api/apps/v1" @@ -61,6 +62,10 @@ func (c *HAProxy) Name() string { return haproxyName } +func (c *HAProxy) InitContainers(cr *api.PerconaXtraDBCluster, initImageName string) []corev1.Container { + return proxyInitContainers(cr, initImageName) +} + func (c *HAProxy) AppContainer(spec *api.PodSpec, secrets string, cr *api.PerconaXtraDBCluster, _ []corev1.Volume, ) (corev1.Container, error) { @@ -290,6 +295,13 @@ func (c *HAProxy) SidecarContainers(spec *api.PodSpec, secrets string, cr *api.P }) } + if cr.CompareVersionWith("1.15.0") >= 0 { + container.Env = append(container.Env, corev1.EnvVar{ + Name: "REPLICAS_SVC_ONLY_READERS", + Value: strconv.FormatBool(cr.Spec.HAProxy.ExposeReplicas.OnlyReaders), + }) + } + return []corev1.Container{container}, nil } diff --git a/pkg/pxc/app/statefulset/init.go b/pkg/pxc/app/statefulset/init.go index 4d55129160..610f6b59f6 100644 --- a/pkg/pxc/app/statefulset/init.go +++ b/pkg/pxc/app/statefulset/init.go @@ -2,6 +2,9 @@ package statefulset import ( corev1 "k8s.io/api/core/v1" + + api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" + "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app" ) func EntrypointInitContainer(initImageName string, volumeName string, resources corev1.ResourceRequirements, securityContext *corev1.SecurityContext, pullPolicy corev1.PullPolicy) corev1.Container { @@ -20,3 +23,37 @@ func EntrypointInitContainer(initImageName string, volumeName string, resources Resources: resources, } } + +func PitrInitContainer(cluster *api.PerconaXtraDBCluster, resources corev1.ResourceRequirements, initImageName string) corev1.Container { + return corev1.Container{ + VolumeMounts: []corev1.VolumeMount{ + { + Name: app.BinVolumeName, + MountPath: app.BinVolumeMountPath, + }, + }, + Image: initImageName, + ImagePullPolicy: cluster.Spec.Backup.ImagePullPolicy, + Name: "pitr-init", + Command: []string{"/pitr-init-entrypoint.sh"}, + SecurityContext: cluster.Spec.PXC.ContainerSecurityContext, + Resources: resources, + } +} + +func BackupInitContainer(cluster *api.PerconaXtraDBCluster, resources corev1.ResourceRequirements, initImageName string, securityContext *corev1.SecurityContext) corev1.Container { + return corev1.Container{ + VolumeMounts: []corev1.VolumeMount{ + { + Name: app.BinVolumeName, + MountPath: app.BinVolumeMountPath, + }, + }, + Image: initImageName, + ImagePullPolicy: cluster.Spec.Backup.ImagePullPolicy, + Name: "backup-init", + Command: []string{"/backup-init-entrypoint.sh"}, + SecurityContext: securityContext, + Resources: resources, + } +} diff --git a/pkg/pxc/app/statefulset/node.go b/pkg/pxc/app/statefulset/node.go index 298b02b0a8..1263841b1a 100644 --- a/pkg/pxc/app/statefulset/node.go +++ b/pkg/pxc/app/statefulset/node.go @@ -5,6 +5,7 @@ import ( "fmt" "hash/fnv" + "github.com/pkg/errors" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -15,7 +16,6 @@ import ( app "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/config" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/users" - "github.com/pkg/errors" ) const ( @@ -59,6 +59,18 @@ func (c *Node) Name() string { return app.Name } +func (c *Node) InitContainers(cr *api.PerconaXtraDBCluster, initImageName string) []corev1.Container { + initResources := cr.Spec.PXC.Resources + if cr.Spec.InitContainer.Resources != nil { + initResources = *cr.Spec.InitContainer.Resources + } + + inits := []corev1.Container{ + EntrypointInitContainer(initImageName, app.DataVolumeName, initResources, cr.Spec.PXC.ContainerSecurityContext, cr.Spec.PXC.ImagePullPolicy), + } + return inits +} + func (c *Node) AppContainer(spec *api.PodSpec, secrets string, cr *api.PerconaXtraDBCluster, _ []corev1.Volume) (corev1.Container, error) { redinessDelay := int32(15) if spec.ReadinessInitialDelaySeconds != nil { @@ -510,12 +522,17 @@ func (c *Node) Volumes(podSpec *api.PodSpec, cr *api.PerconaXtraDBCluster, vg ap return nil, err } + sslVolume := app.GetSecretVolumes("ssl", podSpec.SSLSecretName, !cr.TLSEnabled()) + if cr.CompareVersionWith("1.15.0") < 0 { + sslVolume = app.GetSecretVolumes("ssl", podSpec.SSLSecretName, cr.Spec.AllowUnsafeConfig) + } + vol.Volumes = append( vol.Volumes, app.GetTmpVolume("tmp"), configVolume, app.GetSecretVolumes("ssl-internal", podSpec.SSLInternalSecretName, true), - app.GetSecretVolumes("ssl", podSpec.SSLSecretName, cr.Spec.AllowUnsafeConfig), + sslVolume, app.GetConfigVolumes("auto-config", config.AutoTuneConfigMapName(cr.Name, app.Name)), app.GetSecretVolumes(VaultSecretVolumeName, podSpec.VaultSecretName, true), app.GetSecretVolumes("mysql-users-secret-file", "internal-"+cr.Name, false), diff --git a/pkg/pxc/app/statefulset/proxysql.go b/pkg/pxc/app/statefulset/proxysql.go index 276dbb73c2..dcd9f92071 100644 --- a/pkg/pxc/app/statefulset/proxysql.go +++ b/pkg/pxc/app/statefulset/proxysql.go @@ -3,6 +3,7 @@ package statefulset import ( "context" + "github.com/pkg/errors" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -12,7 +13,6 @@ import ( api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" app "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/users" - "github.com/pkg/errors" ) const ( @@ -58,6 +58,24 @@ func (c *Proxy) Name() string { return proxyName } +func (c *Proxy) InitContainers(cr *api.PerconaXtraDBCluster, initImageName string) []corev1.Container { + return proxyInitContainers(cr, initImageName) +} + +func proxyInitContainers(cr *api.PerconaXtraDBCluster, initImageName string) []corev1.Container { + inits := []corev1.Container{} + if cr.CompareVersionWith("1.13.0") >= 0 { + initResources := cr.Spec.PXC.Resources + if cr.Spec.InitContainer.Resources != nil { + initResources = *cr.Spec.InitContainer.Resources + } + inits = []corev1.Container{ + EntrypointInitContainer(initImageName, app.BinVolumeName, initResources, cr.Spec.PXC.ContainerSecurityContext, cr.Spec.PXC.ImagePullPolicy), + } + } + return inits +} + func (c *Proxy) AppContainer(spec *api.PodSpec, secrets string, cr *api.PerconaXtraDBCluster, availableVolumes []corev1.Volume, ) (corev1.Container, error) { @@ -245,7 +263,7 @@ func (c *Proxy) SidecarContainers(spec *api.PodSpec, secrets string, cr *api.Per }, }, } - if cr.Spec.AllowUnsafeConfig && (cr.Spec.TLS == nil || cr.Spec.TLS.IssuerConf == nil) { + if !cr.TLSEnabled() { pxcMonit.Env = append(pxcMonit.Env, corev1.EnvVar{ Name: "SSL_DIR", Value: "/dev/null", @@ -421,11 +439,16 @@ func (c *Proxy) PMMContainer(ctx context.Context, cl client.Client, spec *api.PM func (c *Proxy) Volumes(podSpec *api.PodSpec, cr *api.PerconaXtraDBCluster, vg api.CustomVolumeGetter) (*api.Volume, error) { ls := c.Labels() + sslVolume := app.GetSecretVolumes("ssl", podSpec.SSLSecretName, !cr.TLSEnabled()) + if cr.CompareVersionWith("1.15.0") < 0 { + sslVolume = app.GetSecretVolumes("ssl", podSpec.SSLSecretName, cr.Spec.AllowUnsafeConfig) + } + vol := app.Volumes(podSpec, proxyDataVolumeName) vol.Volumes = append( vol.Volumes, app.GetSecretVolumes("ssl-internal", podSpec.SSLInternalSecretName, true), - app.GetSecretVolumes("ssl", podSpec.SSLSecretName, cr.Spec.AllowUnsafeConfig), + sslVolume, ) configVolume, err := vg(cr.Namespace, proxyConfigVolumeName, ls["app.kubernetes.io/instance"]+"-proxysql", false) diff --git a/pkg/pxc/backup/job.go b/pkg/pxc/backup/job.go index 53a6a8ee9f..9daaba51ba 100644 --- a/pkg/pxc/backup/job.go +++ b/pkg/pxc/backup/job.go @@ -12,6 +12,7 @@ import ( api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app" + "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/statefulset" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/users" "github.com/percona/percona-xtradb-cluster-operator/pkg/util" ) @@ -41,7 +42,7 @@ func (*Backup) Job(cr *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraD } } -func (bcp *Backup) JobSpec(spec api.PXCBackupSpec, cluster *api.PerconaXtraDBCluster, job *batchv1.Job) (batchv1.JobSpec, error) { +func (bcp *Backup) JobSpec(spec api.PXCBackupSpec, cluster *api.PerconaXtraDBCluster, job *batchv1.Job, initImage string) (batchv1.JobSpec, error) { manualSelector := true backoffLimit := int32(10) if cluster.CompareVersionWith("1.11.0") >= 0 && cluster.Spec.Backup.BackoffLimit != nil { @@ -74,6 +75,29 @@ func (bcp *Backup) JobSpec(spec api.PXCBackupSpec, cluster *api.PerconaXtraDBClu } envs = util.MergeEnvLists(envs, spec.ContainerOptions.GetEnvVar(cluster, spec.StorageName)) + var volumeMounts []corev1.VolumeMount + var volumes []corev1.Volume + var initContainers []corev1.Container + if cluster.CompareVersionWith("1.15.0") >= 0 { + volumes = append(volumes, + corev1.Volume{ + Name: app.BinVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, + ) + + volumeMounts = append(volumeMounts, + corev1.VolumeMount{ + Name: app.BinVolumeName, + MountPath: app.BinVolumeMountPath, + }, + ) + + initContainers = append(initContainers, statefulset.BackupInitContainer(cluster, storage.Resources, initImage, storage.ContainerSecurityContext)) + } + return batchv1.JobSpec{ BackoffLimit: &backoffLimit, ManualSelector: &manualSelector, @@ -90,6 +114,7 @@ func (bcp *Backup) JobSpec(spec api.PXCBackupSpec, cluster *api.PerconaXtraDBClu ImagePullSecrets: bcp.imagePullSecrets, RestartPolicy: corev1.RestartPolicyNever, ServiceAccountName: cluster.Spec.Backup.ServiceAccountName, + InitContainers: initContainers, Containers: []corev1.Container{ { Name: "xtrabackup", @@ -99,6 +124,7 @@ func (bcp *Backup) JobSpec(spec api.PXCBackupSpec, cluster *api.PerconaXtraDBClu Command: []string{"bash", "/usr/bin/backup.sh"}, Env: envs, Resources: storage.Resources, + VolumeMounts: volumeMounts, }, }, Affinity: storage.Affinity, @@ -108,6 +134,7 @@ func (bcp *Backup) JobSpec(spec api.PXCBackupSpec, cluster *api.PerconaXtraDBClu SchedulerName: storage.SchedulerName, PriorityClassName: storage.PriorityClassName, RuntimeClassName: storage.RuntimeClassName, + Volumes: volumes, }, }, }, nil @@ -179,16 +206,16 @@ func SetStoragePVC(job *batchv1.JobSpec, cr *api.PerconaXtraDBClusterBackup, vol return errors.New("no containers in job spec") } - job.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{ + job.Template.Spec.Containers[0].VolumeMounts = append(job.Template.Spec.Containers[0].VolumeMounts, []corev1.VolumeMount{ { Name: pvc.Name, MountPath: "/backup", }, - } + }...) - job.Template.Spec.Volumes = []corev1.Volume{ + job.Template.Spec.Volumes = append(job.Template.Spec.Volumes, []corev1.Volume{ pvc, - } + }...) err := appendStorageSecret(job, cr) if err != nil { @@ -243,9 +270,6 @@ func SetStorageAzure(job *batchv1.JobSpec, cr *api.PerconaXtraDBClusterBackup) e job.Template.Spec.Containers[0].Env = append(job.Template.Spec.Containers[0].Env, storageAccount, accessKey, containerName, endpoint, storageClass, backupPath) // add SSL volumes - job.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{} - job.Template.Spec.Volumes = []corev1.Volume{} - err := appendStorageSecret(job, cr) if err != nil { return errors.Wrap(err, "failed to append storage secrets") @@ -258,19 +282,13 @@ func SetStorageS3(job *batchv1.JobSpec, cr *api.PerconaXtraDBClusterBackup) erro if cr.Status.S3 == nil { return errors.New("s3 storage is not specified in backup status") } - s3 := cr.Status.S3 - accessKey := corev1.EnvVar{ - Name: "ACCESS_KEY_ID", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: app.SecretKeySelector(s3.CredentialsSecret, "AWS_ACCESS_KEY_ID"), - }, - } - secretKey := corev1.EnvVar{ - Name: "SECRET_ACCESS_KEY", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: app.SecretKeySelector(s3.CredentialsSecret, "AWS_SECRET_ACCESS_KEY"), - }, + + if len(job.Template.Spec.Containers) == 0 { + return errors.New("no containers in job spec") } + + s3 := cr.Status.S3 + region := corev1.EnvVar{ Name: "DEFAULT_REGION", Value: s3.Region, @@ -280,10 +298,24 @@ func SetStorageS3(job *batchv1.JobSpec, cr *api.PerconaXtraDBClusterBackup) erro Value: s3.EndpointURL, } - if len(job.Template.Spec.Containers) == 0 { - return errors.New("no containers in job spec") + if s3.CredentialsSecret != "" { + accessKey := corev1.EnvVar{ + Name: "ACCESS_KEY_ID", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: app.SecretKeySelector(s3.CredentialsSecret, "AWS_ACCESS_KEY_ID"), + }, + } + secretKey := corev1.EnvVar{ + Name: "SECRET_ACCESS_KEY", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: app.SecretKeySelector(s3.CredentialsSecret, "AWS_SECRET_ACCESS_KEY"), + }, + } + + job.Template.Spec.Containers[0].Env = append(job.Template.Spec.Containers[0].Env, accessKey, secretKey) } - job.Template.Spec.Containers[0].Env = append(job.Template.Spec.Containers[0].Env, accessKey, secretKey, region, endpoint) + + job.Template.Spec.Containers[0].Env = append(job.Template.Spec.Containers[0].Env, region, endpoint) bucket, prefix := s3.BucketAndPrefix() if bucket == "" { @@ -302,9 +334,6 @@ func SetStorageS3(job *batchv1.JobSpec, cr *api.PerconaXtraDBClusterBackup) erro job.Template.Spec.Containers[0].Env = append(job.Template.Spec.Containers[0].Env, bucketEnv, bucketPathEnv) // add SSL volumes - job.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{} - job.Template.Spec.Volumes = []corev1.Volume{} - err := appendStorageSecret(job, cr) if err != nil { return errors.Wrap(err, "failed to append storage secrets") diff --git a/pkg/pxc/backup/pitr.go b/pkg/pxc/backup/pitr.go index f3f6d3ffdc..2653c1badd 100644 --- a/pkg/pxc/backup/pitr.go +++ b/pkg/pxc/backup/pitr.go @@ -14,7 +14,6 @@ import ( "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" @@ -59,6 +58,7 @@ func CheckPITRErrors(ctx context.Context, cl client.Client, clcmd *clientcmd.Cli stdoutBuf := &bytes.Buffer{} stderrBuf := &bytes.Buffer{} + err = clcmd.Exec(collectorPod, "pitr", []string{"/bin/bash", "-c", "cat /tmp/gap-detected"}, nil, stdoutBuf, stderrBuf, false) if err != nil { if strings.Contains(stderrBuf.String(), "No such file or directory") { @@ -88,7 +88,7 @@ func CheckPITRErrors(ctx context.Context, cl client.Client, clcmd *clientcmd.Cli return errors.Wrap(err, "update backup status") } - if err := deployment.RemoveGapFile(ctx, clcmd, collectorPod); err != nil { + if err := deployment.RemoveGapFile(ctx, cr, clcmd, collectorPod); err != nil { if !errors.Is(err, deployment.GapFileNotFound) { return errors.Wrap(err, "remove gap file") } diff --git a/pkg/pxc/backup/restore.go b/pkg/pxc/backup/restore.go index b29053f775..109067aa0e 100644 --- a/pkg/pxc/backup/restore.go +++ b/pkg/pxc/backup/restore.go @@ -15,6 +15,7 @@ import ( api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app" + "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/app/statefulset" "github.com/percona/percona-xtradb-cluster-operator/pkg/pxc/users" "github.com/percona/percona-xtradb-cluster-operator/pkg/util" ) @@ -68,6 +69,11 @@ func PVCRestorePod(cr *api.PerconaXtraDBClusterRestore, bcpStorageName, pvcName } labels["name"] = "restore-src-" + cr.Name + "-" + cr.Spec.PXCCluster + sslVolume := app.GetSecretVolumes("ssl", cluster.Spec.PXC.SSLSecretName, !cluster.TLSEnabled()) + if cluster.CompareVersionWith("1.15.0") < 0 { + sslVolume = app.GetSecretVolumes("ssl", cluster.Spec.PXC.SSLSecretName, cluster.Spec.AllowUnsafeConfig) + } + return &corev1.Pod{ TypeMeta: metav1.TypeMeta{ APIVersion: "v1", @@ -120,7 +126,7 @@ func PVCRestorePod(cr *api.PerconaXtraDBClusterRestore, bcpStorageName, pvcName }, }, app.GetSecretVolumes("ssl-internal", cluster.Spec.PXC.SSLInternalSecretName, true), - app.GetSecretVolumes("ssl", cluster.Spec.PXC.SSLSecretName, cluster.Spec.AllowUnsafeConfig), + sslVolume, app.GetSecretVolumes("vault-keyring-secret", cluster.Spec.PXC.VaultSecretName, true), }, RestartPolicy: corev1.RestartPolicyAlways, @@ -136,7 +142,7 @@ func PVCRestorePod(cr *api.PerconaXtraDBClusterRestore, bcpStorageName, pvcName }, nil } -func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, destination api.PXCBackupDestination, pitr bool) (*batchv1.Job, error) { +func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClusterBackup, cluster *api.PerconaXtraDBCluster, initImage string, destination api.PXCBackupDestination, pitr bool) (*batchv1.Job, error) { switch bcp.Status.GetStorageType(cluster) { case api.BackupStorageAzure: if bcp.Status.Azure == nil { @@ -162,7 +168,7 @@ func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClust MountPath: "/etc/mysql/vault-keyring-secret", }, } - jobPVCs := []corev1.Volume{ + volumes := []corev1.Volume{ { Name: "datadir", VolumeSource: corev1.VolumeSource{ @@ -173,8 +179,13 @@ func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClust }, app.GetSecretVolumes("vault-keyring-secret", cluster.Spec.PXC.VaultSecretName, true), } - var command []string + sslVolume := app.GetSecretVolumes("ssl", cluster.Spec.PXC.SSLSecretName, !cluster.TLSEnabled()) + if cluster.CompareVersionWith("1.15.0") < 0 { + sslVolume = app.GetSecretVolumes("ssl", cluster.Spec.PXC.SSLSecretName, cluster.Spec.AllowUnsafeConfig) + } + + var command []string switch bcp.Status.GetStorageType(cluster) { case api.BackupStorageFilesystem: command = []string{"recovery-pvc-joiner.sh"} @@ -188,9 +199,9 @@ func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClust MountPath: "/etc/mysql/ssl-internal", }, }...) - jobPVCs = append(jobPVCs, []corev1.Volume{ + volumes = append(volumes, []corev1.Volume{ app.GetSecretVolumes("ssl-internal", cluster.Spec.PXC.SSLInternalSecretName, true), - app.GetSecretVolumes("ssl", cluster.Spec.PXC.SSLSecretName, cluster.Spec.AllowUnsafeConfig), + sslVolume, }...) case api.BackupStorageAzure, api.BackupStorageS3: command = []string{"recovery-cloud.sh"} @@ -203,13 +214,38 @@ func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClust } jobName = "pitr-job-" + cr.Name + "-" + cr.Spec.PXCCluster volumeMounts = []corev1.VolumeMount{} - jobPVCs = []corev1.Volume{} - command = []string{"pitr", "recover"} + volumes = []corev1.Volume{} + command = []string{"/opt/percona/pitr", "recover"} + if cluster.CompareVersionWith("1.15.0") < 0 { + command = []string{"pitr", "recover"} + } } default: return nil, errors.Errorf("invalid storage type was specified in status, got: %s", bcp.Status.GetStorageType(cluster)) } + var initContainers []corev1.Container + if pitr { + if cluster.CompareVersionWith("1.15.0") >= 0 { + initContainers = []corev1.Container{statefulset.PitrInitContainer(cluster, cr.Spec.Resources, initImage)} + volumes = append(volumes, + corev1.Volume{ + Name: app.BinVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, + ) + + volumeMounts = append(volumeMounts, + corev1.VolumeMount{ + Name: app.BinVolumeName, + MountPath: app.BinVolumeMountPath, + }, + ) + } + } + envs, err := restoreJobEnvs(bcp, cr, cluster, destination, pitr) if err != nil { return nil, errors.Wrap(err, "restore job envs") @@ -233,11 +269,12 @@ func RestoreJob(cr *api.PerconaXtraDBClusterRestore, bcp *api.PerconaXtraDBClust Spec: corev1.PodSpec{ ImagePullSecrets: cluster.Spec.Backup.ImagePullSecrets, SecurityContext: cluster.Spec.PXC.PodSecurityContext, + InitContainers: initContainers, Containers: []corev1.Container{ xtrabackupContainer(cr, cluster, command, volumeMounts, envs), }, RestartPolicy: corev1.RestartPolicyNever, - Volumes: jobPVCs, + Volumes: volumes, NodeSelector: cluster.Spec.PXC.NodeSelector, Affinity: cluster.Spec.PXC.Affinity.Advanced, TopologySpreadConstraints: pxc.PodTopologySpreadConstraints(cluster.Spec.PXC.TopologySpreadConstraints, cluster.Spec.PXC.Labels), @@ -558,7 +595,7 @@ func xtrabackupContainer(cr *api.PerconaXtraDBClusterRestore, cluster *api.Perco container.Resources = cluster.Spec.PXC.Resources } - useMem, k8sq := xbMemoryUse(container.Resources) + useMem := xbMemoryUse(container.Resources) container.Env = append( container.Env, corev1.EnvVar{ @@ -566,15 +603,11 @@ func xtrabackupContainer(cr *api.PerconaXtraDBClusterRestore, cluster *api.Perco Value: useMem, }, ) - if k8sq.Value() > 0 { - container.Resources.Requests = corev1.ResourceList{ - corev1.ResourceMemory: k8sq, - } - } return container } -func xbMemoryUse(res corev1.ResourceRequirements) (useMem string, k8sQuantity resource.Quantity) { +func xbMemoryUse(res corev1.ResourceRequirements) string { + var k8sQuantity resource.Quantity if _, ok := res.Requests[corev1.ResourceMemory]; ok { k8sQuantity = *res.Requests.Memory() } @@ -582,7 +615,7 @@ func xbMemoryUse(res corev1.ResourceRequirements) (useMem string, k8sQuantity re k8sQuantity = *res.Limits.Memory() } - useMem = "100MB" + useMem := "100MB" useMem75 := k8sQuantity.Value() / int64(100) * int64(75) if useMem75 > 2000000000 { @@ -591,5 +624,5 @@ func xbMemoryUse(res corev1.ResourceRequirements) (useMem string, k8sQuantity re useMem = strconv.FormatInt(useMem75, 10) } - return useMem, k8sQuantity + return useMem } diff --git a/pkg/pxc/service.go b/pkg/pxc/service.go index eca7a9515d..aee0ed83b7 100644 --- a/pkg/pxc/service.go +++ b/pkg/pxc/service.go @@ -450,16 +450,18 @@ func NewServiceHAProxy(cr *api.PerconaXtraDBCluster) *corev1.Service { func NewServiceHAProxyReplicas(cr *api.PerconaXtraDBCluster) *corev1.Service { if cr.CompareVersionWith("1.14.0") >= 0 && cr.Spec.HAProxy != nil { if cr.Spec.HAProxy.ExposeReplicas == nil { - cr.Spec.HAProxy.ExposeReplicas = &api.ServiceExpose{ - Enabled: true, + cr.Spec.HAProxy.ExposeReplicas = &api.ReplicasServiceExpose{ + ServiceExpose: api.ServiceExpose{ + Enabled: true, + }, } } } svcType := corev1.ServiceTypeClusterIP if cr.Spec.HAProxy != nil { - if cr.CompareVersionWith("1.14.0") >= 0 && len(cr.Spec.HAProxy.ExposeReplicas.Type) > 0 { - svcType = cr.Spec.HAProxy.ExposeReplicas.Type + if cr.CompareVersionWith("1.14.0") >= 0 && len(cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Type) > 0 { + svcType = cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Type } else if len(cr.Spec.HAProxy.ReplicasServiceType) > 0 { svcType = cr.Spec.HAProxy.ReplicasServiceType } @@ -477,8 +479,8 @@ func NewServiceHAProxyReplicas(cr *api.PerconaXtraDBCluster) *corev1.Service { loadBalancerIP := "" if cr.Spec.HAProxy != nil { if cr.CompareVersionWith("1.14.0") >= 0 { - serviceAnnotations = cr.Spec.HAProxy.ExposeReplicas.Annotations - serviceLabels = fillServiceLabels(serviceLabels, cr.Spec.HAProxy.ExposeReplicas.Labels) + serviceAnnotations = cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Annotations + serviceLabels = fillServiceLabels(serviceLabels, cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Labels) } else if cr.CompareVersionWith("1.12.0") >= 0 { serviceAnnotations = cr.Spec.HAProxy.ReplicasServiceAnnotations serviceLabels = fillServiceLabels(serviceLabels, cr.Spec.HAProxy.PodSpec.ReplicasServiceLabels) @@ -488,12 +490,12 @@ func NewServiceHAProxyReplicas(cr *api.PerconaXtraDBCluster) *corev1.Service { } if cr.CompareVersionWith("1.14.0") >= 0 { - if cr.Spec.HAProxy.ExposeReplicas.LoadBalancerSourceRanges != nil { - loadBalancerSourceRanges = cr.Spec.HAProxy.ExposeReplicas.LoadBalancerSourceRanges + if cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.LoadBalancerSourceRanges != nil { + loadBalancerSourceRanges = cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.LoadBalancerSourceRanges } else { loadBalancerSourceRanges = cr.Spec.HAProxy.ExposePrimary.LoadBalancerSourceRanges } - loadBalancerIP = cr.Spec.HAProxy.ExposeReplicas.LoadBalancerIP + loadBalancerIP = cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.LoadBalancerIP } else { if cr.Spec.HAProxy.ReplicasLoadBalancerSourceRanges != nil { loadBalancerSourceRanges = cr.Spec.HAProxy.ReplicasLoadBalancerSourceRanges @@ -538,8 +540,8 @@ func NewServiceHAProxyReplicas(cr *api.PerconaXtraDBCluster) *corev1.Service { svcTrafficPolicyType := corev1.ServiceExternalTrafficPolicyTypeCluster if cr.Spec.HAProxy != nil { - if cr.CompareVersionWith("1.14.0") >= 0 && len(cr.Spec.HAProxy.ExposeReplicas.ExternalTrafficPolicy) > 0 { - svcTrafficPolicyType = cr.Spec.HAProxy.ExposeReplicas.ExternalTrafficPolicy + if cr.CompareVersionWith("1.14.0") >= 0 && len(cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.ExternalTrafficPolicy) > 0 { + svcTrafficPolicyType = cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.ExternalTrafficPolicy } else if len(cr.Spec.HAProxy.ReplicasExternalTrafficPolicy) > 0 { svcTrafficPolicyType = cr.Spec.HAProxy.ReplicasExternalTrafficPolicy } @@ -549,8 +551,8 @@ func NewServiceHAProxyReplicas(cr *api.PerconaXtraDBCluster) *corev1.Service { } if cr.Spec.HAProxy != nil { - if cr.CompareVersionWith("1.14.0") >= 0 && cr.Spec.HAProxy.ExposeReplicas.Annotations != nil { - if cr.Spec.HAProxy.ExposeReplicas.Annotations[HeadlessServiceAnnotation] == "true" && svcType == corev1.ServiceTypeClusterIP { + if cr.CompareVersionWith("1.14.0") >= 0 && cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Annotations != nil { + if cr.Spec.HAProxy.ExposeReplicas.ServiceExpose.Annotations[HeadlessServiceAnnotation] == "true" && svcType == corev1.ServiceTypeClusterIP { obj.Annotations[HeadlessServiceAnnotation] = "true" obj.Spec.ClusterIP = corev1.ClusterIPNone } diff --git a/pkg/pxc/statefulset.go b/pkg/pxc/statefulset.go index f7aee99e00..75bcadee68 100644 --- a/pkg/pxc/statefulset.go +++ b/pkg/pxc/statefulset.go @@ -5,20 +5,22 @@ import ( "fmt" "strings" - "github.com/go-logr/logr" "github.com/pkg/errors" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + logf "sigs.k8s.io/controller-runtime/pkg/log" api "github.com/percona/percona-xtradb-cluster-operator/pkg/apis/pxc/v1" ) // StatefulSet returns StatefulSet according for app to podSpec func StatefulSet(ctx context.Context, cl client.Client, sfs api.StatefulApp, podSpec *api.PodSpec, cr *api.PerconaXtraDBCluster, secret *corev1.Secret, - initContainers []corev1.Container, log logr.Logger, vg api.CustomVolumeGetter, + initImageName string, vg api.CustomVolumeGetter, ) (*appsv1.StatefulSet, error) { + log := logf.FromContext(ctx) + pod := corev1.PodSpec{ SecurityContext: podSpec.PodSecurityContext, NodeSelector: podSpec.NodeSelector, @@ -80,6 +82,7 @@ func StatefulSet(ctx context.Context, cl client.Client, sfs api.StatefulApp, pod } } + initContainers := sfs.InitContainers(cr, initImageName) if len(initContainers) > 0 { pod.InitContainers = append(pod.InitContainers, initContainers...) } @@ -199,10 +202,16 @@ func MergeTemplateAnnotations(sfs *appsv1.StatefulSet, annotations map[string]st if len(annotations) == 0 { return } - if sfs.Spec.Template.Annotations == nil { - sfs.Spec.Template.Annotations = make(map[string]string) + MergeMaps(sfs.Spec.Template.Annotations, annotations) +} + +func MergeMaps(dest map[string]string, mapList ...map[string]string) { + if dest == nil { + dest = make(map[string]string) } - for k, v := range annotations { - sfs.Spec.Template.Annotations[k] = v + for _, m := range mapList { + for k, v := range m { + dest[k] = v + } } } diff --git a/pkg/pxc/users/users.go b/pkg/pxc/users/users.go index e2ad6050f5..0f79573afe 100644 --- a/pkg/pxc/users/users.go +++ b/pkg/pxc/users/users.go @@ -239,15 +239,15 @@ func (u *Manager) Update160MonitorUserGrant(pass string) (err error) { return nil } -// Update170XtrabackupUser grants all needed rights to the xtrabackup user -func (u *Manager) Update170XtrabackupUser(pass string) (err error) { +// Update1150XtrabackupUser grants all needed rights to the xtrabackup user +func (u *Manager) Update1150XtrabackupUser(pass string) (err error) { _, err = u.db.Exec("CREATE USER IF NOT EXISTS 'xtrabackup'@'%' IDENTIFIED BY ?", pass) if err != nil { return errors.Wrap(err, "create operator user") } - _, err = u.db.Exec("GRANT ALL ON *.* TO 'xtrabackup'@'%'") + _, err = u.db.Exec("GRANT ALL ON *.* TO 'xtrabackup'@'%' WITH GRANT OPTION") if err != nil { return errors.Wrapf(err, "grant privileges to user xtrabackup") }