Merge branch 'main' into K8SPS-367-delete-pvc-finalizer

e2e-tests/tests/gr-tls-cert-manager/04-assert.yaml

@@ -36,11 +36,11 @@ spec:
 status:
   conditions:
     - message: Certificate is up to date and has not expired
-      observedGeneration: 2
+      observedGeneration: 1
       reason: Ready
       status: 'True'
       type: Ready
-  revision: 2
+  revision: 1
 ---
 apiVersion: apps/v1
 kind: StatefulSet

e2e-tests/tests/gr-tls-cert-manager/05-check-cert.yaml

@@ -17,6 +17,5 @@ commands:
         "*.gr-tls-cert-manager-orchestrator.'"${NAMESPACE}"'.svc",
         "*.gr-tls-cert-manager-router",
         "*.gr-tls-cert-manager-router.'"${NAMESPACE}"'",
-        "*.gr-tls-cert-manager-router.'"${NAMESPACE}"'.svc",
-        "mysql-1.example.com"
+        "*.gr-tls-cert-manager-router.'"${NAMESPACE}"'.svc"
       ]'

e2e-tests/tests/gr-tls-cert-manager/06-assert.yaml

@@ -36,19 +36,19 @@ spec:
 status:
   conditions:
     - message: Certificate is up to date and has not expired
-      observedGeneration: 2
+      observedGeneration: 1
       reason: Ready
       status: 'True'
       type: Ready
-  revision: 3
+  revision: 2
 ---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  generation: 3
+  generation: 2
   name: gr-tls-cert-manager-mysql
 status:
-  observedGeneration: 3
+  observedGeneration: 2
   replicas: 3
   readyReplicas: 3
 ---
@@ -63,7 +63,7 @@ metadata:
     app.kubernetes.io/name: percona-server
     app.kubernetes.io/part-of: percona-server
 status:
-  observedGeneration: 3
+  observedGeneration: 2
   replicas: 3
   updatedReplicas: 3
   readyReplicas: 3

e2e-tests/tests/tls-cert-manager/04-assert.yaml

@@ -36,11 +36,11 @@ spec:
 status:
   conditions:
     - message: Certificate is up to date and has not expired
-      observedGeneration: 2
+      observedGeneration: 1
       reason: Ready
       status: 'True'
       type: Ready
-  revision: 2
+  revision: 1
 ---
 apiVersion: apps/v1
 kind: StatefulSet

e2e-tests/tests/tls-cert-manager/05-check-cert.yaml

@@ -17,6 +17,5 @@ commands:
         "*.tls-cert-manager-orchestrator.'"${NAMESPACE}"'.svc",
         "*.tls-cert-manager-router",
         "*.tls-cert-manager-router.'"${NAMESPACE}"'",
-        "*.tls-cert-manager-router.'"${NAMESPACE}"'.svc",
-        "mysql-1.example.com"
+        "*.tls-cert-manager-router.'"${NAMESPACE}"'.svc"
       ]'

e2e-tests/tests/tls-cert-manager/06-assert.yaml

@@ -36,29 +36,29 @@ spec:
 status:
   conditions:
     - message: Certificate is up to date and has not expired
-      observedGeneration: 2
+      observedGeneration: 1
       reason: Ready
       status: 'True'
       type: Ready
-  revision: 3
+  revision: 2
 ---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  generation: 3
+  generation: 2
   name: tls-cert-manager-mysql
 status:
-  observedGeneration: 3
+  observedGeneration: 2
   replicas: 3
   readyReplicas: 3
 ---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  generation: 3
+  generation: 2
   name: tls-cert-manager-orc
 status:
-  observedGeneration: 3
+  observedGeneration: 2
   replicas: 3
   readyReplicas: 3
 ---

pkg/controller/ps/tls.go

@@ -25,7 +25,21 @@ import (
 func (r *PerconaServerMySQLReconciler) ensureTLSSecret(ctx context.Context, cr *apiv1alpha1.PerconaServerMySQL) error {
 	log := logf.FromContext(ctx)
 
-	err := r.ensureSSLByCertManager(ctx, cr)
+	secretObj := corev1.Secret{}
+	err := r.Client.Get(context.TODO(),
+		types.NamespacedName{
+			Namespace: cr.Namespace,
+			Name:      cr.Spec.SSLSecretName,
+		},
+		&secretObj,
+	)
+
+	// don't create ssl secret if it is created by customer not by operator
+	if err == nil && !metav1.IsControlledBy(&secretObj, cr) {
+		return nil
+	}
+
+	err = r.ensureSSLByCertManager(ctx, cr)
 	if err != nil {
 		if cr.Spec.TLS != nil && cr.Spec.TLS.IssuerConf != nil {
 			log.Error(err, fmt.Sprintf("Failed to ensure certificate by cert-manager. Check `.spec.tls.issuerConf` in PerconaServerMySQL %s/%s", cr.Namespace, cr.Name))