From 0c707accef4486924484259b3824286ab7bf6f51 Mon Sep 17 00:00:00 2001 From: Natalia Marukovich Date: Sun, 18 Aug 2024 15:22:25 +0200 Subject: [PATCH 1/4] fix deletion of custom ssl secret by finalizer --- pkg/controller/ps/tls.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkg/controller/ps/tls.go b/pkg/controller/ps/tls.go index b808687be..37db9fba9 100644 --- a/pkg/controller/ps/tls.go +++ b/pkg/controller/ps/tls.go @@ -25,7 +25,17 @@ import ( func (r *PerconaServerMySQLReconciler) ensureTLSSecret(ctx context.Context, cr *apiv1alpha1.PerconaServerMySQL) error { log := logf.FromContext(ctx) - err := r.ensureSSLByCertManager(ctx, cr) + secret := &corev1.Secret{} + err := r.Client.Get(ctx, types.NamespacedName{ + Namespace: cr.Namespace, + Name: cr.Spec.SSLSecretName, + }, secret) + + if cr.Spec.SSLSecretName != "" && err == nil { + return nil + } + + err = r.ensureSSLByCertManager(ctx, cr) if err != nil { if cr.Spec.TLS != nil && cr.Spec.TLS.IssuerConf != nil { log.Error(err, fmt.Sprintf("Failed to ensure certificate by cert-manager. Check `.spec.tls.issuerConf` in PerconaServerMySQL %s/%s", cr.Namespace, cr.Name)) From 6469171283f492be6413f62b8062316e7eb77fe8 Mon Sep 17 00:00:00 2001 From: Natalia Marukovich Date: Sun, 18 Aug 2024 19:15:16 +0200 Subject: [PATCH 2/4] fix PR comemnts --- pkg/controller/ps/tls.go | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/pkg/controller/ps/tls.go b/pkg/controller/ps/tls.go index 37db9fba9..0b05adf5c 100644 --- a/pkg/controller/ps/tls.go +++ b/pkg/controller/ps/tls.go @@ -25,17 +25,21 @@ import ( func (r *PerconaServerMySQLReconciler) ensureTLSSecret(ctx context.Context, cr *apiv1alpha1.PerconaServerMySQL) error { log := logf.FromContext(ctx) - secret := &corev1.Secret{} - err := r.Client.Get(ctx, types.NamespacedName{ - Namespace: cr.Namespace, - Name: cr.Spec.SSLSecretName, - }, secret) + secretObj := corev1.Secret{} + errSecret := r.Client.Get(context.TODO(), + types.NamespacedName{ + Namespace: cr.Namespace, + Name: cr.Spec.SSLSecretName, + }, + &secretObj, + ) - if cr.Spec.SSLSecretName != "" && err == nil { + // don't create secret ssl-internal if secret ssl is not created by operator + if errSecret == nil && !metav1.IsControlledBy(&secretObj, cr) { return nil } - err = r.ensureSSLByCertManager(ctx, cr) + err := r.ensureSSLByCertManager(ctx, cr) if err != nil { if cr.Spec.TLS != nil && cr.Spec.TLS.IssuerConf != nil { log.Error(err, fmt.Sprintf("Failed to ensure certificate by cert-manager. Check `.spec.tls.issuerConf` in PerconaServerMySQL %s/%s", cr.Namespace, cr.Name)) From 2306d33495232b05cbeaa1e024687756b81f2410 Mon Sep 17 00:00:00 2001 From: Natalia Marukovich Date: Sun, 18 Aug 2024 21:16:48 +0200 Subject: [PATCH 3/4] fix PR comments --- pkg/controller/ps/tls.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/controller/ps/tls.go b/pkg/controller/ps/tls.go index 0b05adf5c..fed943d2e 100644 --- a/pkg/controller/ps/tls.go +++ b/pkg/controller/ps/tls.go @@ -26,7 +26,7 @@ func (r *PerconaServerMySQLReconciler) ensureTLSSecret(ctx context.Context, cr * log := logf.FromContext(ctx) secretObj := corev1.Secret{} - errSecret := r.Client.Get(context.TODO(), + err := r.Client.Get(context.TODO(), types.NamespacedName{ Namespace: cr.Namespace, Name: cr.Spec.SSLSecretName, @@ -34,12 +34,12 @@ func (r *PerconaServerMySQLReconciler) ensureTLSSecret(ctx context.Context, cr * &secretObj, ) - // don't create secret ssl-internal if secret ssl is not created by operator - if errSecret == nil && !metav1.IsControlledBy(&secretObj, cr) { + // don't create ssl secret if it is created by customer not by operator + if err == nil && !metav1.IsControlledBy(&secretObj, cr) { return nil } - err := r.ensureSSLByCertManager(ctx, cr) + err = r.ensureSSLByCertManager(ctx, cr) if err != nil { if cr.Spec.TLS != nil && cr.Spec.TLS.IssuerConf != nil { log.Error(err, fmt.Sprintf("Failed to ensure certificate by cert-manager. Check `.spec.tls.issuerConf` in PerconaServerMySQL %s/%s", cr.Namespace, cr.Name)) From 89a3a5a34ac206c202b05eac75d78030ffac98aa Mon Sep 17 00:00:00 2001 From: Natalia Marukovich Date: Tue, 20 Aug 2024 00:43:03 +0300 Subject: [PATCH 4/4] fix tests --- e2e-tests/tests/gr-tls-cert-manager/04-assert.yaml | 4 ++-- .../tests/gr-tls-cert-manager/05-check-cert.yaml | 3 +-- e2e-tests/tests/gr-tls-cert-manager/06-assert.yaml | 10 +++++----- e2e-tests/tests/tls-cert-manager/04-assert.yaml | 4 ++-- e2e-tests/tests/tls-cert-manager/05-check-cert.yaml | 3 +-- e2e-tests/tests/tls-cert-manager/06-assert.yaml | 12 ++++++------ 6 files changed, 17 insertions(+), 19 deletions(-) diff --git a/e2e-tests/tests/gr-tls-cert-manager/04-assert.yaml b/e2e-tests/tests/gr-tls-cert-manager/04-assert.yaml index 18cf44438..07de41d71 100644 --- a/e2e-tests/tests/gr-tls-cert-manager/04-assert.yaml +++ b/e2e-tests/tests/gr-tls-cert-manager/04-assert.yaml @@ -36,11 +36,11 @@ spec: status: conditions: - message: Certificate is up to date and has not expired - observedGeneration: 2 + observedGeneration: 1 reason: Ready status: 'True' type: Ready - revision: 2 + revision: 1 --- apiVersion: apps/v1 kind: StatefulSet diff --git a/e2e-tests/tests/gr-tls-cert-manager/05-check-cert.yaml b/e2e-tests/tests/gr-tls-cert-manager/05-check-cert.yaml index 35ca29679..7a44e42ab 100644 --- a/e2e-tests/tests/gr-tls-cert-manager/05-check-cert.yaml +++ b/e2e-tests/tests/gr-tls-cert-manager/05-check-cert.yaml @@ -17,6 +17,5 @@ commands: "*.gr-tls-cert-manager-orchestrator.'"${NAMESPACE}"'.svc", "*.gr-tls-cert-manager-router", "*.gr-tls-cert-manager-router.'"${NAMESPACE}"'", - "*.gr-tls-cert-manager-router.'"${NAMESPACE}"'.svc", - "mysql-1.example.com" + "*.gr-tls-cert-manager-router.'"${NAMESPACE}"'.svc" ]' diff --git a/e2e-tests/tests/gr-tls-cert-manager/06-assert.yaml b/e2e-tests/tests/gr-tls-cert-manager/06-assert.yaml index c95a2db66..4ece0f4a0 100644 --- a/e2e-tests/tests/gr-tls-cert-manager/06-assert.yaml +++ b/e2e-tests/tests/gr-tls-cert-manager/06-assert.yaml @@ -36,19 +36,19 @@ spec: status: conditions: - message: Certificate is up to date and has not expired - observedGeneration: 2 + observedGeneration: 1 reason: Ready status: 'True' type: Ready - revision: 3 + revision: 2 --- apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 2 name: gr-tls-cert-manager-mysql status: - observedGeneration: 3 + observedGeneration: 2 replicas: 3 readyReplicas: 3 --- @@ -63,7 +63,7 @@ metadata: app.kubernetes.io/name: percona-server app.kubernetes.io/part-of: percona-server status: - observedGeneration: 3 + observedGeneration: 2 replicas: 3 updatedReplicas: 3 readyReplicas: 3 diff --git a/e2e-tests/tests/tls-cert-manager/04-assert.yaml b/e2e-tests/tests/tls-cert-manager/04-assert.yaml index 563c754d0..018e9cb3f 100644 --- a/e2e-tests/tests/tls-cert-manager/04-assert.yaml +++ b/e2e-tests/tests/tls-cert-manager/04-assert.yaml @@ -36,11 +36,11 @@ spec: status: conditions: - message: Certificate is up to date and has not expired - observedGeneration: 2 + observedGeneration: 1 reason: Ready status: 'True' type: Ready - revision: 2 + revision: 1 --- apiVersion: apps/v1 kind: StatefulSet diff --git a/e2e-tests/tests/tls-cert-manager/05-check-cert.yaml b/e2e-tests/tests/tls-cert-manager/05-check-cert.yaml index d1b5b786c..b65c07694 100644 --- a/e2e-tests/tests/tls-cert-manager/05-check-cert.yaml +++ b/e2e-tests/tests/tls-cert-manager/05-check-cert.yaml @@ -17,6 +17,5 @@ commands: "*.tls-cert-manager-orchestrator.'"${NAMESPACE}"'.svc", "*.tls-cert-manager-router", "*.tls-cert-manager-router.'"${NAMESPACE}"'", - "*.tls-cert-manager-router.'"${NAMESPACE}"'.svc", - "mysql-1.example.com" + "*.tls-cert-manager-router.'"${NAMESPACE}"'.svc" ]' diff --git a/e2e-tests/tests/tls-cert-manager/06-assert.yaml b/e2e-tests/tests/tls-cert-manager/06-assert.yaml index d2589da27..6fea42802 100644 --- a/e2e-tests/tests/tls-cert-manager/06-assert.yaml +++ b/e2e-tests/tests/tls-cert-manager/06-assert.yaml @@ -36,29 +36,29 @@ spec: status: conditions: - message: Certificate is up to date and has not expired - observedGeneration: 2 + observedGeneration: 1 reason: Ready status: 'True' type: Ready - revision: 3 + revision: 2 --- apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 2 name: tls-cert-manager-mysql status: - observedGeneration: 3 + observedGeneration: 2 replicas: 3 readyReplicas: 3 --- apiVersion: apps/v1 kind: StatefulSet metadata: - generation: 3 + generation: 2 name: tls-cert-manager-orc status: - observedGeneration: 3 + observedGeneration: 2 replicas: 3 readyReplicas: 3 ---