From cc5a5667c81d5aea9c539ff94557d40d96f36602 Mon Sep 17 00:00:00 2001 From: Brandon Caton Date: Tue, 1 Oct 2024 10:48:49 -0400 Subject: [PATCH 01/10] mirror(deployment-template): add postgresql client certificate overlay for authentication (PROJQUAY-2417) (#963) (#966) Missed that we need the certificate handling in the mirror pod when using Postgres SSL authentication Co-authored-by: Michaela Lang <94735640+michaelalang@users.noreply.github.com> --- .../components/mirror/mirror.deployment.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/kustomize/components/mirror/mirror.deployment.yaml b/kustomize/components/mirror/mirror.deployment.yaml index daa194ea8..b13aabe33 100644 --- a/kustomize/components/mirror/mirror.deployment.yaml +++ b/kustomize/components/mirror/mirror.deployment.yaml @@ -49,6 +49,18 @@ spec: name: extra-ca-certs - secret: name: quay-config-tls + - name: postgres-certs + projected: + sources: + - secret: + name: postgresql-ca + optional: true + - secret: + name: postgresql-client-certs + optional: true + - name: postgres-certs-store + emptyDir: + sizeLimit: 5Mi initContainers: - name: quay-mirror-init image: quay.io/projectquay/quay:latest @@ -99,6 +111,10 @@ spec: - name: extra-ca-certs readOnly: true mountPath: /conf/stack/extra_ca_certs + - name: postgres-certs + mountPath: /run/secrets/postgresql + - name: postgres-certs-store + mountPath: /.postgresql resources: requests: cpu: 500m From 2d9f2fe161ee3043ca79bbc2fd69bcfcc36bf8d2 Mon Sep 17 00:00:00 2001 From: OpenShift Cherrypick Robot Date: Tue, 8 Oct 2024 15:27:26 +0200 Subject: [PATCH 02/10] [redhat-3.13] blocker: fixing recursed accumulation of path for managed clair resources (PROJQUAY-7993) (#970) The scale-down component was never rendered because of the incorrect path. The clair-postgres and clair-app needed to scale back after the postgres upgrade. This change ensures following flow in the case where clair is managed: - Scale down clair-app - Scale down clair-postgres - Upgrade clair-postgres - Scale up clair-postgres - Scale up clair-app --------- Co-authored-by: Shubhra Deshpande --- .../scale-down-clair/clair-pg-scale-up.patch.yaml | 6 ++++++ .../scale-down-clair/clair.deployment-scale-up.patch.yaml | 6 ++++++ .../clairpgupgrade/scale-down-clair/kustomization.yaml | 6 ++++-- pkg/kustomize/kustomize.go | 3 ++- 4 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 kustomize/components/clairpgupgrade/scale-down-clair/clair-pg-scale-up.patch.yaml create mode 100644 kustomize/components/clairpgupgrade/scale-down-clair/clair.deployment-scale-up.patch.yaml diff --git a/kustomize/components/clairpgupgrade/scale-down-clair/clair-pg-scale-up.patch.yaml b/kustomize/components/clairpgupgrade/scale-down-clair/clair-pg-scale-up.patch.yaml new file mode 100644 index 000000000..875b1827f --- /dev/null +++ b/kustomize/components/clairpgupgrade/scale-down-clair/clair-pg-scale-up.patch.yaml @@ -0,0 +1,6 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: clair-app +spec: + replicas: 2 diff --git a/kustomize/components/clairpgupgrade/scale-down-clair/clair.deployment-scale-up.patch.yaml b/kustomize/components/clairpgupgrade/scale-down-clair/clair.deployment-scale-up.patch.yaml new file mode 100644 index 000000000..25835358e --- /dev/null +++ b/kustomize/components/clairpgupgrade/scale-down-clair/clair.deployment-scale-up.patch.yaml @@ -0,0 +1,6 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: clair-postgres +spec: + replicas: 2 \ No newline at end of file diff --git a/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml b/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml index c81ba473a..52e98776d 100644 --- a/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml +++ b/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml @@ -2,5 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component patchesStrategicMerge: - ./clair.deployment.patch.yaml -resources: - - "../base" + - ./clair-pg-scale-up.patch.yaml + - ./clair.deployment-scale-up.patch.yaml +components: + - ../base diff --git a/pkg/kustomize/kustomize.go b/pkg/kustomize/kustomize.go index b2d64c5f9..b72e63ced 100644 --- a/pkg/kustomize/kustomize.go +++ b/pkg/kustomize/kustomize.go @@ -439,8 +439,9 @@ func KustomizationFor( if ctx.NeedsClairPgUpgrade { if v1.ComponentIsManaged(quay.Spec.Components, v1.ComponentClair) { componentPaths = append(componentPaths, "../components/clairpgupgrade/scale-down-clair") + } else { + componentPaths = append(componentPaths, "../components/clairpgupgrade/base") } - componentPaths = append(componentPaths, "../components/clairpgupgrade/base") } images := []types.Image{} From 7e64e6412654e2578622e7d138df5241728e5e2e Mon Sep 17 00:00:00 2001 From: Shubhra Deshpande Date: Wed, 9 Oct 2024 12:25:28 -0400 Subject: [PATCH 03/10] removed scale-up-clair component --- .../scale-down-clair/clair-pg-scale-up.patch.yaml | 6 ------ .../scale-down-clair/clair.deployment-scale-up.patch.yaml | 6 ------ .../clairpgupgrade/scale-down-clair/kustomization.yaml | 2 -- 3 files changed, 14 deletions(-) delete mode 100644 kustomize/components/clairpgupgrade/scale-down-clair/clair-pg-scale-up.patch.yaml delete mode 100644 kustomize/components/clairpgupgrade/scale-down-clair/clair.deployment-scale-up.patch.yaml diff --git a/kustomize/components/clairpgupgrade/scale-down-clair/clair-pg-scale-up.patch.yaml b/kustomize/components/clairpgupgrade/scale-down-clair/clair-pg-scale-up.patch.yaml deleted file mode 100644 index 875b1827f..000000000 --- a/kustomize/components/clairpgupgrade/scale-down-clair/clair-pg-scale-up.patch.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: clair-app -spec: - replicas: 2 diff --git a/kustomize/components/clairpgupgrade/scale-down-clair/clair.deployment-scale-up.patch.yaml b/kustomize/components/clairpgupgrade/scale-down-clair/clair.deployment-scale-up.patch.yaml deleted file mode 100644 index 25835358e..000000000 --- a/kustomize/components/clairpgupgrade/scale-down-clair/clair.deployment-scale-up.patch.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: clair-postgres -spec: - replicas: 2 \ No newline at end of file diff --git a/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml b/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml index 52e98776d..2c1e46073 100644 --- a/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml +++ b/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml @@ -2,7 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component patchesStrategicMerge: - ./clair.deployment.patch.yaml - - ./clair-pg-scale-up.patch.yaml - - ./clair.deployment-scale-up.patch.yaml components: - ../base From 2328b226b74033dd0158a3cdb2fab56994060ce3 Mon Sep 17 00:00:00 2001 From: Shubhra Deshpande Date: Wed, 9 Oct 2024 13:47:05 -0400 Subject: [PATCH 04/10] moved base clair upgrade component outof scale-down resource --- .../clairpgupgrade/scale-down-clair/kustomization.yaml | 2 -- pkg/kustomize/kustomize.go | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml b/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml index 2c1e46073..20889f796 100644 --- a/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml +++ b/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml @@ -2,5 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component patchesStrategicMerge: - ./clair.deployment.patch.yaml -components: - - ../base diff --git a/pkg/kustomize/kustomize.go b/pkg/kustomize/kustomize.go index b72e63ced..cba76530a 100644 --- a/pkg/kustomize/kustomize.go +++ b/pkg/kustomize/kustomize.go @@ -439,9 +439,9 @@ func KustomizationFor( if ctx.NeedsClairPgUpgrade { if v1.ComponentIsManaged(quay.Spec.Components, v1.ComponentClair) { componentPaths = append(componentPaths, "../components/clairpgupgrade/scale-down-clair") - } else { - componentPaths = append(componentPaths, "../components/clairpgupgrade/base") } + componentPaths = append(componentPaths, "../components/clairpgupgrade/base") + } images := []types.Image{} From 4ebde73fa0d8299867e37bdc76d2889d511ba996 Mon Sep 17 00:00:00 2001 From: Shubhra Deshpande Date: Wed, 9 Oct 2024 18:31:22 -0400 Subject: [PATCH 05/10] pgupgradecomponent: seperated controller logic for clair and quay components --- apis/quay/v1/quayregistry_types.go | 18 +++--- controllers/quay/features.go | 60 +++++++++++-------- controllers/quay/quayregistry_controller.go | 4 +- .../quay/quayregistry_controller_test.go | 4 +- e2e/ca_rotation/00-assert.yaml | 2 +- e2e/ca_rotation/01-assert.yaml | 2 +- e2e/happy_path/00-assert.yaml | 2 +- e2e/hpa/00-assert.yaml | 2 +- e2e/hpa/01-assert.yaml | 2 +- e2e/hpa/03-assert.yaml | 2 +- .../00-assert.yaml | 2 +- e2e/unmanage_mirror/00-assert.yaml | 2 +- e2e/unmanage_mirror/01-assert.yaml | 2 +- .../scale-down-clair/kustomization.yaml | 2 + pkg/cmpstatus/evaluator_test.go | 16 ++--- .../{postgres.go => quaypostgres.go} | 10 ++-- ...{postgres_test.go => quaypostgres_test.go} | 16 ++--- pkg/kustomize/kustomize.go | 23 +++---- pkg/kustomize/kustomize_test.go | 2 +- pkg/kustomize/secrets.go | 6 +- pkg/middleware/middleware.go | 2 +- 21 files changed, 97 insertions(+), 84 deletions(-) rename pkg/cmpstatus/{postgres.go => quaypostgres.go} (87%) rename pkg/cmpstatus/{postgres_test.go => quaypostgres_test.go} (91%) diff --git a/apis/quay/v1/quayregistry_types.go b/apis/quay/v1/quayregistry_types.go index 74ffb4b04..4e66b69a3 100644 --- a/apis/quay/v1/quayregistry_types.go +++ b/apis/quay/v1/quayregistry_types.go @@ -45,7 +45,7 @@ type ComponentKind string // Follow a list of constants representing all supported components. const ( ComponentQuay ComponentKind = "quay" - ComponentPostgres ComponentKind = "postgres" + ComponentQuayPostgres ComponentKind = "postgres" ComponentClair ComponentKind = "clair" ComponentClairPostgres ComponentKind = "clairpostgres" ComponentRedis ComponentKind = "redis" @@ -60,7 +60,7 @@ const ( // AllComponents holds a list of all supported components. var AllComponents = []ComponentKind{ ComponentQuay, - ComponentPostgres, + ComponentQuayPostgres, ComponentClair, ComponentRedis, ComponentHPA, @@ -73,7 +73,7 @@ var AllComponents = []ComponentKind{ } var requiredComponents = []ComponentKind{ - ComponentPostgres, + ComponentQuayPostgres, ComponentObjectStorage, ComponentRoute, ComponentRedis, @@ -81,7 +81,7 @@ var requiredComponents = []ComponentKind{ } var supportsVolumeOverride = []ComponentKind{ - ComponentPostgres, + ComponentQuayPostgres, ComponentClair, } @@ -89,7 +89,7 @@ var supportsEnvOverride = []ComponentKind{ ComponentQuay, ComponentClair, ComponentMirror, - ComponentPostgres, + ComponentQuayPostgres, ComponentRedis, } @@ -97,7 +97,7 @@ var supportsResourceOverrides = []ComponentKind{ ComponentQuay, ComponentClair, ComponentMirror, - ComponentPostgres, + ComponentQuayPostgres, ComponentClairPostgres, } @@ -170,7 +170,7 @@ const ( ConditionTypeRolloutBlocked ConditionType = "RolloutBlocked" ConditionComponentsCreated ConditionType = "ComponentsCreated" ComponentQuayReady ConditionType = "ComponentQuayReady" - ComponentPostgresReady ConditionType = "ComponentPostgresReady" + ComponentQuayPostgresReady ConditionType = "ComponentQuayPostgresReady" ComponentClairReady ConditionType = "ComponentClairReady" ComponentClairPostgresReady ConditionType = "ComponentClairPostgresReady" ComponentRedisReady ConditionType = "ComponentRedisReady" @@ -678,7 +678,7 @@ func FieldGroupNameFor(cmp ComponentKind) (string, error) { switch cmp { case ComponentClair: return "SecurityScanner", nil - case ComponentPostgres: + case ComponentQuayPostgres: return "Database", nil case ComponentClairPostgres: return "", nil @@ -901,7 +901,7 @@ func RemoveUnusedConditions(quay *QuayRegistry) { ConditionTypeRolloutBlocked, ConditionComponentsCreated, ComponentQuayReady, - ComponentPostgresReady, + ComponentQuayPostgresReady, ComponentClairReady, ComponentClairPostgresReady, ComponentRedisReady, diff --git a/controllers/quay/features.go b/controllers/quay/features.go index 740e58a5c..344c3365f 100644 --- a/controllers/quay/features.go +++ b/controllers/quay/features.go @@ -409,14 +409,20 @@ func (r *QuayRegistryReconciler) checkMonitoringAvailable( func (r *QuayRegistryReconciler) checkNeedsPostgresUpgradeForComponent( ctx context.Context, qctx *quaycontext.QuayRegistryContext, quay *v1.QuayRegistry, component v1.ComponentKind, ) error { - var deploymentName string - if component == v1.ComponentClairPostgres { - deploymentName = fmt.Sprintf("%s-%s", quay.GetName(), "clair-postgres") - } else if component == v1.ComponentPostgres { - deploymentName = fmt.Sprintf("%s-%s", quay.GetName(), "quay-database") - } else { + componentInfo := map[v1.ComponentKind]struct { + deploymentSuffix string + upgradeField *bool + }{ + v1.ComponentClairPostgres: {"clair-postgres", &qctx.NeedsClairPgUpgrade}, + v1.ComponentQuayPostgres: {"quay-database", &qctx.NeedsPgUpgrade}, + } + + info, ok := componentInfo[component] + if !ok { return fmt.Errorf("invalid component kind: %s", component) } + + deploymentName := fmt.Sprintf("%s-%s", quay.GetName(), info.deploymentSuffix) r.Log.Info(fmt.Sprintf("getting %s version", component)) postgresDeployment := &appsv1.Deployment{} @@ -432,39 +438,41 @@ func (r *QuayRegistryReconciler) checkNeedsPostgresUpgradeForComponent( return nil } - r.Log.Info(fmt.Sprintf("%s deployment found", component), "image", postgresDeployment.Spec.Template.Spec.Containers[0].Image) deployedImageName := postgresDeployment.Spec.Template.Spec.Containers[0].Image - expectedImage, err := kustomize.ComponentImageFor(v1.ComponentPostgres) + r.Log.Info(fmt.Sprintf("%s deployment found", component), "image", deployedImageName) + + expectedImage, err := kustomize.ComponentImageFor(component) if err != nil { - r.Log.Error(err, "failed to get postgres image") + return fmt.Errorf("failed to get image for %s: %w", component, err) } - var expectedName string - if expectedImage.NewName != "" { - expectedName = expectedImage.NewName - } else { + expectedName := expectedImage.NewName + if expectedName == "" { expectedName = expectedImage.Name } - currentName := deployedImageName - if len(strings.Split(currentName, "@")) == 2 { - currentName = strings.Split(currentName, "@")[0] - } else if len(strings.Split(currentName, ":")) == 2 { - currentName = strings.Split(currentName, ":")[0] - } + + currentName := extractImageName(deployedImageName) + if currentName != expectedName { - if component == v1.ComponentClairPostgres { - r.Log.Info("clair-postgres needs to perform an upgrade, marking in context") - qctx.NeedsClairPgUpgrade = true - } else if component == v1.ComponentPostgres { - r.Log.Info("postgres needs to perform an upgrade, marking in context") - qctx.NeedsPgUpgrade = true - } + r.Log.Info(fmt.Sprintf("%s needs to perform an upgrade, marking in context", component)) + *info.upgradeField = true } else { r.Log.Info(fmt.Sprintf("%s does not need to perform an upgrade", component)) } return nil +} +func extractImageName(imageName string) string { + parts := strings.Split(imageName, "@") + if len(parts) > 1 { + return parts[0] + } + parts = strings.Split(imageName, ":") + if len(parts) > 1 { + return parts[0] + } + return imageName } // Taken from https://stackoverflow.com/questions/46735347/how-can-i-fetch-a-certificate-from-a-url diff --git a/controllers/quay/quayregistry_controller.go b/controllers/quay/quayregistry_controller.go index 75fadd2a8..c5de3db7d 100644 --- a/controllers/quay/quayregistry_controller.go +++ b/controllers/quay/quayregistry_controller.go @@ -524,8 +524,8 @@ func (r *QuayRegistryReconciler) Reconcile(ctx context.Context, req ctrl.Request } // Populate the QuayContext with whether or not the QuayRegistry needs an upgrade - if v1.ComponentIsManaged(updatedQuay.Spec.Components, v1.ComponentPostgres) { - err := r.checkNeedsPostgresUpgradeForComponent(ctx, quayContext, updatedQuay, v1.ComponentPostgres) + if v1.ComponentIsManaged(updatedQuay.Spec.Components, v1.ComponentQuayPostgres) { + err := r.checkNeedsPostgresUpgradeForComponent(ctx, quayContext, updatedQuay, v1.ComponentQuayPostgres) if err != nil { return r.reconcileWithCondition( ctx, diff --git a/controllers/quay/quayregistry_controller_test.go b/controllers/quay/quayregistry_controller_test.go index 47a07635e..834294332 100644 --- a/controllers/quay/quayregistry_controller_test.go +++ b/controllers/quay/quayregistry_controller_test.go @@ -499,7 +499,7 @@ func Test_hasNecessaryConfig(t *testing.T) { name: "unmanaged postgres without config", experr: true, cfg: map[string][]byte{}, - quay: quayWithUnmanagedComponents(v1.ComponentPostgres), + quay: quayWithUnmanagedComponents(v1.ComponentQuayPostgres), }, { name: "unmanaged postgres with config", @@ -507,7 +507,7 @@ func Test_hasNecessaryConfig(t *testing.T) { cfg: map[string][]byte{ "config.yaml": []byte("DB_CONNECTION_ARGS: 'a'\nDB_URI: 'b'"), }, - quay: quayWithUnmanagedComponents(v1.ComponentPostgres), + quay: quayWithUnmanagedComponents(v1.ComponentQuayPostgres), }, { name: "unmanaged clair without config", diff --git a/e2e/ca_rotation/00-assert.yaml b/e2e/ca_rotation/00-assert.yaml index 10a4c3509..6d25305d2 100644 --- a/e2e/ca_rotation/00-assert.yaml +++ b/e2e/ca_rotation/00-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentNotManaged status: "True" - - type: ComponentPostgresReady + - type: ComponentQuayPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/e2e/ca_rotation/01-assert.yaml b/e2e/ca_rotation/01-assert.yaml index 10a4c3509..6d25305d2 100644 --- a/e2e/ca_rotation/01-assert.yaml +++ b/e2e/ca_rotation/01-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentNotManaged status: "True" - - type: ComponentPostgresReady + - type: ComponentQuayPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/e2e/happy_path/00-assert.yaml b/e2e/happy_path/00-assert.yaml index 9c9bf24d2..7cb9c845c 100644 --- a/e2e/happy_path/00-assert.yaml +++ b/e2e/happy_path/00-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentReady status: "True" - - type: ComponentPostgresReady + - type: ComponentQuayPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/e2e/hpa/00-assert.yaml b/e2e/hpa/00-assert.yaml index 5e7e7c16d..94bdecdb9 100644 --- a/e2e/hpa/00-assert.yaml +++ b/e2e/hpa/00-assert.yaml @@ -45,7 +45,7 @@ status: - message: Deployment hpa-quay-database healthy reason: ComponentReady status: "True" - type: ComponentPostgresReady + type: ComponentQuayPostgresReady - message: Object bucket claim bound reason: ComponentReady status: "True" diff --git a/e2e/hpa/01-assert.yaml b/e2e/hpa/01-assert.yaml index 7e014af2f..9c9d72a53 100644 --- a/e2e/hpa/01-assert.yaml +++ b/e2e/hpa/01-assert.yaml @@ -46,7 +46,7 @@ status: - message: Deployment hpa-quay-database healthy reason: ComponentReady status: "True" - type: ComponentPostgresReady + type: ComponentQuayPostgresReady - message: Object bucket claim bound reason: ComponentReady status: "True" diff --git a/e2e/hpa/03-assert.yaml b/e2e/hpa/03-assert.yaml index 8fcb5b876..8f83fd9d1 100644 --- a/e2e/hpa/03-assert.yaml +++ b/e2e/hpa/03-assert.yaml @@ -46,7 +46,7 @@ status: - message: Deployment hpa-quay-database healthy reason: ComponentReady status: "True" - type: ComponentPostgresReady + type: ComponentQuayPostgresReady - message: Object bucket claim bound reason: ComponentReady status: "True" diff --git a/e2e/managed_clair_unmanaged_clairpostgres/00-assert.yaml b/e2e/managed_clair_unmanaged_clairpostgres/00-assert.yaml index 7de385634..fc7d8cff7 100644 --- a/e2e/managed_clair_unmanaged_clairpostgres/00-assert.yaml +++ b/e2e/managed_clair_unmanaged_clairpostgres/00-assert.yaml @@ -32,7 +32,7 @@ status: - type: ComponentHPAReady - type: ComponentRouteReady - type: ComponentMonitoringReady - - type: ComponentPostgresReady + - type: ComponentQuayPostgresReady - type: ComponentObjectStorageReady - type: ComponentClairReady - message: ClairPostgres not managed by the operator diff --git a/e2e/unmanage_mirror/00-assert.yaml b/e2e/unmanage_mirror/00-assert.yaml index a695e7c0d..30b52b258 100644 --- a/e2e/unmanage_mirror/00-assert.yaml +++ b/e2e/unmanage_mirror/00-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentReady status: "True" - - type: ComponentPostgresReady + - type: ComponentQuayPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/e2e/unmanage_mirror/01-assert.yaml b/e2e/unmanage_mirror/01-assert.yaml index 0b8e072f1..a8a74bc0a 100644 --- a/e2e/unmanage_mirror/01-assert.yaml +++ b/e2e/unmanage_mirror/01-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentReady status: "True" - - type: ComponentPostgresReady + - type: ComponentQuayPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml b/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml index 20889f796..98ef6db54 100644 --- a/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml +++ b/kustomize/components/clairpgupgrade/scale-down-clair/kustomization.yaml @@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component patchesStrategicMerge: - ./clair.deployment.patch.yaml +components: + - "../base" \ No newline at end of file diff --git a/pkg/cmpstatus/evaluator_test.go b/pkg/cmpstatus/evaluator_test.go index 10b8bc297..20adc3dad 100644 --- a/pkg/cmpstatus/evaluator_test.go +++ b/pkg/cmpstatus/evaluator_test.go @@ -38,7 +38,7 @@ func TestEvaluate(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentPostgres, + Kind: qv1.ComponentQuayPostgres, Managed: true, }, { @@ -100,7 +100,7 @@ func TestEvaluate(t *testing.T) { Message: "PrometheusRule registry-quay-prometheus-rules not found", }, { - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not found", @@ -166,7 +166,7 @@ func TestEvaluate(t *testing.T) { Managed: true, }, { - Kind: qv1.ComponentPostgres, + Kind: qv1.ComponentQuayPostgres, Managed: true, }, { @@ -435,7 +435,7 @@ func TestEvaluate(t *testing.T) { Message: "ServiceMonitor and PrometheusRules created", }, { - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentReady, Message: "Deployment registry-quay-database healthy", @@ -499,7 +499,7 @@ func TestEvaluate(t *testing.T) { Managed: true, }, { - Kind: qv1.ComponentPostgres, + Kind: qv1.ComponentQuayPostgres, Managed: true, }, { @@ -791,7 +791,7 @@ func TestEvaluate(t *testing.T) { Message: "ServiceMonitor and PrometheusRules created", }, { - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentReady, Message: "Deployment registry-quay-database healthy", @@ -855,7 +855,7 @@ func TestEvaluate(t *testing.T) { Managed: true, }, { - Kind: qv1.ComponentPostgres, + Kind: qv1.ComponentQuayPostgres, Managed: true, }, { @@ -1170,7 +1170,7 @@ func TestEvaluate(t *testing.T) { Message: "ServiceMonitor and PrometheusRules created", }, { - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentReady, Message: "Deployment registry-quay-database healthy", diff --git a/pkg/cmpstatus/postgres.go b/pkg/cmpstatus/quaypostgres.go similarity index 87% rename from pkg/cmpstatus/postgres.go rename to pkg/cmpstatus/quaypostgres.go index 68d2c6690..7e2df0ed6 100644 --- a/pkg/cmpstatus/postgres.go +++ b/pkg/cmpstatus/quaypostgres.go @@ -30,9 +30,9 @@ func (p *Postgres) Name() string { func (p *Postgres) Check(ctx context.Context, reg qv1.QuayRegistry) (qv1.Condition, error) { var zero qv1.Condition - if !qv1.ComponentIsManaged(reg.Spec.Components, qv1.ComponentPostgres) { + if !qv1.ComponentIsManaged(reg.Spec.Components, qv1.ComponentQuayPostgres) { return qv1.Condition{ - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentUnmanaged, Message: "Postgres not managed by the operator", @@ -49,7 +49,7 @@ func (p *Postgres) Check(ctx context.Context, reg qv1.QuayRegistry) (qv1.Conditi if err := p.Client.Get(ctx, nsn, &dep); err != nil { if errors.IsNotFound(err) { return qv1.Condition{ - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not found", @@ -61,7 +61,7 @@ func (p *Postgres) Check(ctx context.Context, reg qv1.QuayRegistry) (qv1.Conditi if !qv1.Owns(reg, &dep) { return qv1.Condition{ - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not owned by QuayRegistry", @@ -70,6 +70,6 @@ func (p *Postgres) Check(ctx context.Context, reg qv1.QuayRegistry) (qv1.Conditi } cond := p.deploy.check(dep) - cond.Type = qv1.ComponentPostgresReady + cond.Type = qv1.ComponentQuayPostgresReady return cond, nil } diff --git a/pkg/cmpstatus/postgres_test.go b/pkg/cmpstatus/quaypostgres_test.go similarity index 91% rename from pkg/cmpstatus/postgres_test.go rename to pkg/cmpstatus/quaypostgres_test.go index 9f568bbaa..1fa734a10 100644 --- a/pkg/cmpstatus/postgres_test.go +++ b/pkg/cmpstatus/quaypostgres_test.go @@ -32,14 +32,14 @@ func TestPostgresCheck(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentPostgres, + Kind: qv1.ComponentQuayPostgres, Managed: false, }, }, }, }, cond: qv1.Condition{ - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentUnmanaged, Message: "Postgres not managed by the operator", @@ -55,14 +55,14 @@ func TestPostgresCheck(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentPostgres, + Kind: qv1.ComponentQuayPostgres, Managed: true, }, }, }, }, cond: qv1.Condition{ - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not found", @@ -78,7 +78,7 @@ func TestPostgresCheck(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentPostgres, + Kind: qv1.ComponentQuayPostgres, Managed: true, }, }, @@ -92,7 +92,7 @@ func TestPostgresCheck(t *testing.T) { }, }, cond: qv1.Condition{ - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not owned by QuayRegistry", @@ -108,7 +108,7 @@ func TestPostgresCheck(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentPostgres, + Kind: qv1.ComponentQuayPostgres, Managed: true, }, }, @@ -140,7 +140,7 @@ func TestPostgresCheck(t *testing.T) { }, }, cond: qv1.Condition{ - Type: qv1.ComponentPostgresReady, + Type: qv1.ComponentQuayPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Deployment registry-quay-database: something went wrong", diff --git a/pkg/kustomize/kustomize.go b/pkg/kustomize/kustomize.go index cba76530a..b9e848a17 100644 --- a/pkg/kustomize/kustomize.go +++ b/pkg/kustomize/kustomize.go @@ -52,16 +52,18 @@ const ( // to use. If set, returns a Kustomize image override for the given component. func ComponentImageFor(component v1.ComponentKind) (types.Image, error) { envVarFor := map[v1.ComponentKind]string{ - v1.ComponentQuay: componentImagePrefix + "QUAY", - v1.ComponentClair: componentImagePrefix + "CLAIR", - v1.ComponentRedis: componentImagePrefix + "REDIS", - v1.ComponentPostgres: componentImagePrefix + "POSTGRES", + v1.ComponentQuay: componentImagePrefix + "QUAY", + v1.ComponentClair: componentImagePrefix + "CLAIR", + v1.ComponentRedis: componentImagePrefix + "REDIS", + v1.ComponentQuayPostgres: componentImagePrefix + "QUAY_POSTGRES", + v1.ComponentClairPostgres: componentImagePrefix + "CLAIR_POSTGRES", } defaultImagesFor := map[v1.ComponentKind]string{ - v1.ComponentQuay: "quay.io/projectquay/quay", - v1.ComponentClair: "quay.io/projectquay/clair", - v1.ComponentRedis: "docker.io/library/redis", - v1.ComponentPostgres: "quay.io/sclorg/postgresql-13-c9s", + v1.ComponentQuay: "quay.io/projectquay/quay", + v1.ComponentClair: "quay.io/projectquay/clair", + v1.ComponentRedis: "docker.io/library/redis", + v1.ComponentQuayPostgres: "quay.io/sclorg/postgresql-13-c9s", + v1.ComponentClairPostgres: "quay.io/sclorg/postgresql-15-c9s", } imageOverride := types.Image{ @@ -439,8 +441,9 @@ func KustomizationFor( if ctx.NeedsClairPgUpgrade { if v1.ComponentIsManaged(quay.Spec.Components, v1.ComponentClair) { componentPaths = append(componentPaths, "../components/clairpgupgrade/scale-down-clair") + } else { + componentPaths = append(componentPaths, "../components/clairpgupgrade/base") } - componentPaths = append(componentPaths, "../components/clairpgupgrade/base") } @@ -551,7 +554,7 @@ func Inflate( if dbURI, ok := parsedUserConfig["DB_URI"].(string); ok && len(dbURI) > 0 { dbCfgHasChanged = parsedUserConfig["DB_URI"] != ctx.DbUri ctx.DbUri = dbURI - } else if v1.ComponentIsManaged(quay.Spec.Components, v1.ComponentPostgres) && len(ctx.DbUri) == 0 { + } else if v1.ComponentIsManaged(quay.Spec.Components, v1.ComponentQuayPostgres) && len(ctx.DbUri) == 0 { dbCfgHasChanged = true log.Info("managed `DB_URI` not found in config, generating new one") user := quay.GetName() + "-quay-database" diff --git a/pkg/kustomize/kustomize_test.go b/pkg/kustomize/kustomize_test.go index 2ec37be44..2fdff9986 100644 --- a/pkg/kustomize/kustomize_test.go +++ b/pkg/kustomize/kustomize_test.go @@ -723,7 +723,7 @@ func TestInflate(t *testing.T) { } assert.Equal(string(managedKeys.Data["SECRET_KEY"]), config["SECRET_KEY"], test.name) - if test.ctx.DbUri == "" && v1.ComponentIsManaged(test.quayRegistry.Spec.Components, v1.ComponentPostgres) { + if test.ctx.DbUri == "" && v1.ComponentIsManaged(test.quayRegistry.Spec.Components, v1.ComponentQuayPostgres) { assert.Greater(len(string(managedKeys.Data["DB_URI"])), 0, test.name) assert.Greater(len(config["DB_URI"].(string)), 0, test.name) } else { diff --git a/pkg/kustomize/secrets.go b/pkg/kustomize/secrets.go index fd5314ce4..b088b4141 100644 --- a/pkg/kustomize/secrets.go +++ b/pkg/kustomize/secrets.go @@ -78,7 +78,7 @@ func FieldGroupFor( } return fieldGroup, nil - case v1.ComponentPostgres: + case v1.ComponentQuayPostgres: fieldGroup, err := database.NewDatabaseFieldGroup(map[string]interface{}{}) if err != nil { return nil, err @@ -236,7 +236,7 @@ func ContainsComponentConfig( case v1.ComponentClair: fields = (&securityscanner.SecurityScannerFieldGroup{}).Fields() - case v1.ComponentPostgres: + case v1.ComponentQuayPostgres: fields = (&database.DatabaseFieldGroup{}).Fields() case v1.ComponentClairPostgres: @@ -309,7 +309,7 @@ func ContainsComponentConfig( // componentConfigFilesFor returns specific config files for managed components of a Quay registry. func componentConfigFilesFor(log logr.Logger, qctx *quaycontext.QuayRegistryContext, component v1.ComponentKind, quay *v1.QuayRegistry, configFiles map[string][]byte) (map[string][]byte, error) { switch component { - case v1.ComponentPostgres: + case v1.ComponentQuayPostgres: dbConfig, ok := configFiles["postgres.config.yaml"] if !ok { return nil, fmt.Errorf("cannot generate managed component config file for `postgres` if `postgres.config.yaml` is missing") diff --git a/pkg/middleware/middleware.go b/pkg/middleware/middleware.go index 488577d33..f9004a9f1 100644 --- a/pkg/middleware/middleware.go +++ b/pkg/middleware/middleware.go @@ -199,7 +199,7 @@ func Process(quay *v1.QuayRegistry, qctx *quaycontext.QuayRegistryContext, obj c var override *resource.Quantity switch quayComponentLabel { case "postgres": - override = v1.GetVolumeSizeOverrideForComponent(quay, v1.ComponentPostgres) + override = v1.GetVolumeSizeOverrideForComponent(quay, v1.ComponentQuayPostgres) case "clair-postgres": override = v1.GetVolumeSizeOverrideForComponent(quay, v1.ComponentClair) } From b0edc1f85f2c7c57d714ecd387b6a749fe31d1de Mon Sep 17 00:00:00 2001 From: Shubhra Deshpande Date: Thu, 10 Oct 2024 15:35:38 -0400 Subject: [PATCH 06/10] pgmigration: updated clairpostgres component to have separate upgrade component --- apis/quay/v1/quayregistry_types.go | 20 +++++---- .../quay-operator.clusterserviceversion.yaml | 4 ++ controllers/quay/features.go | 4 +- controllers/quay/quayregistry_controller.go | 4 +- .../quay/quayregistry_controller_test.go | 4 +- e2e/ca_rotation/00-assert.yaml | 2 +- e2e/ca_rotation/01-assert.yaml | 2 +- e2e/happy_path/00-assert.yaml | 2 +- e2e/hpa/00-assert.yaml | 2 +- e2e/hpa/01-assert.yaml | 2 +- e2e/hpa/03-assert.yaml | 2 +- .../00-assert.yaml | 2 +- e2e/unmanage_mirror/00-assert.yaml | 2 +- e2e/unmanage_mirror/01-assert.yaml | 2 +- hack/build.sh | 6 +++ hack/prepare-upstream.sh | 6 +++ pkg/cmpstatus/evaluator_test.go | 16 +++---- pkg/cmpstatus/quaypostgres.go | 10 ++--- pkg/cmpstatus/quaypostgres_test.go | 16 +++---- pkg/kustomize/kustomize.go | 44 ++++++++++++++++--- pkg/kustomize/kustomize_test.go | 16 ++++--- pkg/kustomize/secrets.go | 6 +-- pkg/middleware/middleware.go | 4 +- pkg/middleware/middleware_test.go | 1 + 24 files changed, 116 insertions(+), 63 deletions(-) diff --git a/apis/quay/v1/quayregistry_types.go b/apis/quay/v1/quayregistry_types.go index 4e66b69a3..5ccd568f3 100644 --- a/apis/quay/v1/quayregistry_types.go +++ b/apis/quay/v1/quayregistry_types.go @@ -45,7 +45,7 @@ type ComponentKind string // Follow a list of constants representing all supported components. const ( ComponentQuay ComponentKind = "quay" - ComponentQuayPostgres ComponentKind = "postgres" + ComponentPostgres ComponentKind = "postgres" ComponentClair ComponentKind = "clair" ComponentClairPostgres ComponentKind = "clairpostgres" ComponentRedis ComponentKind = "redis" @@ -60,7 +60,7 @@ const ( // AllComponents holds a list of all supported components. var AllComponents = []ComponentKind{ ComponentQuay, - ComponentQuayPostgres, + ComponentPostgres, ComponentClair, ComponentRedis, ComponentHPA, @@ -73,7 +73,7 @@ var AllComponents = []ComponentKind{ } var requiredComponents = []ComponentKind{ - ComponentQuayPostgres, + ComponentPostgres, ComponentObjectStorage, ComponentRoute, ComponentRedis, @@ -81,23 +81,25 @@ var requiredComponents = []ComponentKind{ } var supportsVolumeOverride = []ComponentKind{ - ComponentQuayPostgres, + ComponentPostgres, ComponentClair, + ComponentClairPostgres, } var supportsEnvOverride = []ComponentKind{ ComponentQuay, ComponentClair, ComponentMirror, - ComponentQuayPostgres, + ComponentPostgres, ComponentRedis, + ComponentClairPostgres, } var supportsResourceOverrides = []ComponentKind{ ComponentQuay, ComponentClair, ComponentMirror, - ComponentQuayPostgres, + ComponentPostgres, ComponentClairPostgres, } @@ -170,7 +172,7 @@ const ( ConditionTypeRolloutBlocked ConditionType = "RolloutBlocked" ConditionComponentsCreated ConditionType = "ComponentsCreated" ComponentQuayReady ConditionType = "ComponentQuayReady" - ComponentQuayPostgresReady ConditionType = "ComponentQuayPostgresReady" + ComponentPostgresReady ConditionType = "ComponentPostgresReady" ComponentClairReady ConditionType = "ComponentClairReady" ComponentClairPostgresReady ConditionType = "ComponentClairPostgresReady" ComponentRedisReady ConditionType = "ComponentRedisReady" @@ -678,7 +680,7 @@ func FieldGroupNameFor(cmp ComponentKind) (string, error) { switch cmp { case ComponentClair: return "SecurityScanner", nil - case ComponentQuayPostgres: + case ComponentPostgres: return "Database", nil case ComponentClairPostgres: return "", nil @@ -901,7 +903,7 @@ func RemoveUnusedConditions(quay *QuayRegistry) { ConditionTypeRolloutBlocked, ConditionComponentsCreated, ComponentQuayReady, - ComponentQuayPostgresReady, + ComponentPostgresReady, ComponentClairReady, ComponentClairPostgresReady, ComponentRedisReady, diff --git a/bundle/manifests/quay-operator.clusterserviceversion.yaml b/bundle/manifests/quay-operator.clusterserviceversion.yaml index 6c4700a61..2c45bf758 100644 --- a/bundle/manifests/quay-operator.clusterserviceversion.yaml +++ b/bundle/manifests/quay-operator.clusterserviceversion.yaml @@ -161,6 +161,10 @@ spec: value: quay.io/sclorg/postgresql-13-c9s:latest - name: RELATED_IMAGE_COMPONENT_POSTGRES_PREVIOUS value: centos/postgresql-10-centos7:latest + - name: RELATED_IMAGE_COMPONENT_CLAIRPOSTGRES + value: quay.io/sclorg/postgresql-15-c9s:latest + - name: RELATED_IMAGE_COMPONENT_CLAIRPOSTGRES_PREVIOUS + value: quay.io/sclorg/postgresql-13-c9s:latest - name: RELATED_IMAGE_COMPONENT_REDIS value: docker.io/library/redis:7.0 serviceAccountName: quay-operator diff --git a/controllers/quay/features.go b/controllers/quay/features.go index 344c3365f..b8511b6f9 100644 --- a/controllers/quay/features.go +++ b/controllers/quay/features.go @@ -414,7 +414,7 @@ func (r *QuayRegistryReconciler) checkNeedsPostgresUpgradeForComponent( upgradeField *bool }{ v1.ComponentClairPostgres: {"clair-postgres", &qctx.NeedsClairPgUpgrade}, - v1.ComponentQuayPostgres: {"quay-database", &qctx.NeedsPgUpgrade}, + v1.ComponentPostgres: {"quay-database", &qctx.NeedsPgUpgrade}, } info, ok := componentInfo[component] @@ -443,7 +443,7 @@ func (r *QuayRegistryReconciler) checkNeedsPostgresUpgradeForComponent( expectedImage, err := kustomize.ComponentImageFor(component) if err != nil { - return fmt.Errorf("failed to get image for %s: %w", component, err) + r.Log.Error(err, "failed to get postgres image") } expectedName := expectedImage.NewName diff --git a/controllers/quay/quayregistry_controller.go b/controllers/quay/quayregistry_controller.go index c5de3db7d..75fadd2a8 100644 --- a/controllers/quay/quayregistry_controller.go +++ b/controllers/quay/quayregistry_controller.go @@ -524,8 +524,8 @@ func (r *QuayRegistryReconciler) Reconcile(ctx context.Context, req ctrl.Request } // Populate the QuayContext with whether or not the QuayRegistry needs an upgrade - if v1.ComponentIsManaged(updatedQuay.Spec.Components, v1.ComponentQuayPostgres) { - err := r.checkNeedsPostgresUpgradeForComponent(ctx, quayContext, updatedQuay, v1.ComponentQuayPostgres) + if v1.ComponentIsManaged(updatedQuay.Spec.Components, v1.ComponentPostgres) { + err := r.checkNeedsPostgresUpgradeForComponent(ctx, quayContext, updatedQuay, v1.ComponentPostgres) if err != nil { return r.reconcileWithCondition( ctx, diff --git a/controllers/quay/quayregistry_controller_test.go b/controllers/quay/quayregistry_controller_test.go index 834294332..47a07635e 100644 --- a/controllers/quay/quayregistry_controller_test.go +++ b/controllers/quay/quayregistry_controller_test.go @@ -499,7 +499,7 @@ func Test_hasNecessaryConfig(t *testing.T) { name: "unmanaged postgres without config", experr: true, cfg: map[string][]byte{}, - quay: quayWithUnmanagedComponents(v1.ComponentQuayPostgres), + quay: quayWithUnmanagedComponents(v1.ComponentPostgres), }, { name: "unmanaged postgres with config", @@ -507,7 +507,7 @@ func Test_hasNecessaryConfig(t *testing.T) { cfg: map[string][]byte{ "config.yaml": []byte("DB_CONNECTION_ARGS: 'a'\nDB_URI: 'b'"), }, - quay: quayWithUnmanagedComponents(v1.ComponentQuayPostgres), + quay: quayWithUnmanagedComponents(v1.ComponentPostgres), }, { name: "unmanaged clair without config", diff --git a/e2e/ca_rotation/00-assert.yaml b/e2e/ca_rotation/00-assert.yaml index 6d25305d2..10a4c3509 100644 --- a/e2e/ca_rotation/00-assert.yaml +++ b/e2e/ca_rotation/00-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentNotManaged status: "True" - - type: ComponentQuayPostgresReady + - type: ComponentPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/e2e/ca_rotation/01-assert.yaml b/e2e/ca_rotation/01-assert.yaml index 6d25305d2..10a4c3509 100644 --- a/e2e/ca_rotation/01-assert.yaml +++ b/e2e/ca_rotation/01-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentNotManaged status: "True" - - type: ComponentQuayPostgresReady + - type: ComponentPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/e2e/happy_path/00-assert.yaml b/e2e/happy_path/00-assert.yaml index 7cb9c845c..9c9bf24d2 100644 --- a/e2e/happy_path/00-assert.yaml +++ b/e2e/happy_path/00-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentReady status: "True" - - type: ComponentQuayPostgresReady + - type: ComponentPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/e2e/hpa/00-assert.yaml b/e2e/hpa/00-assert.yaml index 94bdecdb9..5e7e7c16d 100644 --- a/e2e/hpa/00-assert.yaml +++ b/e2e/hpa/00-assert.yaml @@ -45,7 +45,7 @@ status: - message: Deployment hpa-quay-database healthy reason: ComponentReady status: "True" - type: ComponentQuayPostgresReady + type: ComponentPostgresReady - message: Object bucket claim bound reason: ComponentReady status: "True" diff --git a/e2e/hpa/01-assert.yaml b/e2e/hpa/01-assert.yaml index 9c9d72a53..7e014af2f 100644 --- a/e2e/hpa/01-assert.yaml +++ b/e2e/hpa/01-assert.yaml @@ -46,7 +46,7 @@ status: - message: Deployment hpa-quay-database healthy reason: ComponentReady status: "True" - type: ComponentQuayPostgresReady + type: ComponentPostgresReady - message: Object bucket claim bound reason: ComponentReady status: "True" diff --git a/e2e/hpa/03-assert.yaml b/e2e/hpa/03-assert.yaml index 8f83fd9d1..8fcb5b876 100644 --- a/e2e/hpa/03-assert.yaml +++ b/e2e/hpa/03-assert.yaml @@ -46,7 +46,7 @@ status: - message: Deployment hpa-quay-database healthy reason: ComponentReady status: "True" - type: ComponentQuayPostgresReady + type: ComponentPostgresReady - message: Object bucket claim bound reason: ComponentReady status: "True" diff --git a/e2e/managed_clair_unmanaged_clairpostgres/00-assert.yaml b/e2e/managed_clair_unmanaged_clairpostgres/00-assert.yaml index fc7d8cff7..7de385634 100644 --- a/e2e/managed_clair_unmanaged_clairpostgres/00-assert.yaml +++ b/e2e/managed_clair_unmanaged_clairpostgres/00-assert.yaml @@ -32,7 +32,7 @@ status: - type: ComponentHPAReady - type: ComponentRouteReady - type: ComponentMonitoringReady - - type: ComponentQuayPostgresReady + - type: ComponentPostgresReady - type: ComponentObjectStorageReady - type: ComponentClairReady - message: ClairPostgres not managed by the operator diff --git a/e2e/unmanage_mirror/00-assert.yaml b/e2e/unmanage_mirror/00-assert.yaml index 30b52b258..a695e7c0d 100644 --- a/e2e/unmanage_mirror/00-assert.yaml +++ b/e2e/unmanage_mirror/00-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentReady status: "True" - - type: ComponentQuayPostgresReady + - type: ComponentPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/e2e/unmanage_mirror/01-assert.yaml b/e2e/unmanage_mirror/01-assert.yaml index a8a74bc0a..0b8e072f1 100644 --- a/e2e/unmanage_mirror/01-assert.yaml +++ b/e2e/unmanage_mirror/01-assert.yaml @@ -37,7 +37,7 @@ status: - type: ComponentMonitoringReady reason: ComponentReady status: "True" - - type: ComponentQuayPostgresReady + - type: ComponentPostgresReady reason: ComponentReady status: "True" - type: ComponentObjectStorageReady diff --git a/hack/build.sh b/hack/build.sh index de8d773bc..81c3563fb 100755 --- a/hack/build.sh +++ b/hack/build.sh @@ -69,6 +69,8 @@ digest "${REGISTRY}/${NAMESPACE}/quay-builder:${TAG}" BUILDER_DIGEST digest "${REGISTRY}/${NAMESPACE}/quay-builder-qemu:3.9.0" BUILDER_QEMU_DIGEST digest quay.io/sclorg/postgresql-13-c9s:latest POSTGRES_DIGEST digest centos/postgresql-10-centos7:latest POSTGRES_OLD_DIGEST +digest quay.io/sclorg/postgresql-15-c9s:latest POSTGRES_CLAIR_DIGEST +digest quay.io/sclorg/postgresql-13-c9s:latest POSTGRES_CLAIR_OLD_DIGEST digest docker.io/library/redis:7.0 REDIS_DIGEST # need exporting so that yq can see them @@ -79,6 +81,8 @@ export BUILDER_DIGEST export BUILDER_QEMU_DIGEST export POSTGRES_DIGEST export POSTGRES_OLD_DIGEST +export POSTGRES_CLAIR_DIGEST +export POSTGRES_CLAIR_OLD_DIGEST export REDIS_DIGEST @@ -98,6 +102,8 @@ yq eval -i ' .spec.install.spec.deployments[0].spec.template.spec.containers[0].env[] |= select(.name == "RELATED_IMAGE_COMPONENT_BUILDER_QEMU") .value = strenv(BUILDER_QEMU_DIGEST) | .spec.install.spec.deployments[0].spec.template.spec.containers[0].env[] |= select(.name == "RELATED_IMAGE_COMPONENT_POSTGRES") .value = strenv(POSTGRES_DIGEST) | .spec.install.spec.deployments[0].spec.template.spec.containers[0].env[] |= select(.name == "RELATED_IMAGE_COMPONENT_POSTGRES_PREVIOUS") .value = strenv(POSTGRES_OLD_DIGEST) | + .spec.install.spec.deployments[0].spec.template.spec.containers[0].env[] |= select(.name == "RELATED_IMAGE_COMPONENT_CLAIRPOSTGRES") .value = strenv(POSTGRES_CLAIR_DIGEST) | + .spec.install.spec.deployments[0].spec.template.spec.containers[0].env[] |= select(.name == "RELATED_IMAGE_COMPONENT_CLAIRPOSTGRES_PREVIOUS") .value = strenv(POSTGRES_CLAIR_OLD_DIGEST) | .spec.install.spec.deployments[0].spec.template.spec.containers[0].env[] |= select(.name == "RELATED_IMAGE_COMPONENT_REDIS") .value = strenv(REDIS_DIGEST) ' "${CSV_PATH}" diff --git a/hack/prepare-upstream.sh b/hack/prepare-upstream.sh index d33fbe51c..84c172a3d 100755 --- a/hack/prepare-upstream.sh +++ b/hack/prepare-upstream.sh @@ -21,11 +21,15 @@ digest() { POSTGRES_DIGEST=$(digest POSTGRES) POSTGRES_PREVIOUS_DIGEST=$(digest POSTGRES_PREVIOUS) +POSTGRES_CLAIR_DIGEST=$(digest POSTGRES_CLAIR) +POSTGRES_CLAIR_PREVIOUS_DIGEST=$(digest POSTGRES_CLAIR_PREVIOUS) REDIS_DIGEST=$(digest REDIS) # export variables for yq export POSTGRES_DIGEST export POSTGRES_PREVIOUS_DIGEST +export POSTGRES_CLAIR_DIGEST +export POSTGRES_CLAIR_PREVIOUS_DIGEST export REDIS_DIGEST yq eval -i ' @@ -41,6 +45,8 @@ yq eval -i ' select(.name == "RELATED_IMAGE_COMPONENT_QUAY").value = ("quay.io/projectquay/quay:${RELEASE}" | envsubst) | select(.name == "RELATED_IMAGE_COMPONENT_POSTGRES").value = strenv(POSTGRES_DIGEST) | select(.name == "RELATED_IMAGE_COMPONENT_POSTGRES_PREVIOUS").value = strenv(POSTGRES_PREVIOUS_DIGEST) | + select(.name == "RELATED_IMAGE_COMPONENT_CLAIRPOSTGRES").value = strenv(POSTGRES_CLAIR_DIGEST) | + select(.name == "RELATED_IMAGE_COMPONENT_CLAIRPOSTGRES_PREVIOUS").value = strenv(POSTGRES_CLAIR_PREVIOUS_DIGEST) | select(.name == "RELATED_IMAGE_COMPONENT_REDIS").value = strenv(REDIS_DIGEST) ) | .spec.version = strenv(RELEASE) | diff --git a/pkg/cmpstatus/evaluator_test.go b/pkg/cmpstatus/evaluator_test.go index 20adc3dad..10b8bc297 100644 --- a/pkg/cmpstatus/evaluator_test.go +++ b/pkg/cmpstatus/evaluator_test.go @@ -38,7 +38,7 @@ func TestEvaluate(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentQuayPostgres, + Kind: qv1.ComponentPostgres, Managed: true, }, { @@ -100,7 +100,7 @@ func TestEvaluate(t *testing.T) { Message: "PrometheusRule registry-quay-prometheus-rules not found", }, { - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not found", @@ -166,7 +166,7 @@ func TestEvaluate(t *testing.T) { Managed: true, }, { - Kind: qv1.ComponentQuayPostgres, + Kind: qv1.ComponentPostgres, Managed: true, }, { @@ -435,7 +435,7 @@ func TestEvaluate(t *testing.T) { Message: "ServiceMonitor and PrometheusRules created", }, { - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentReady, Message: "Deployment registry-quay-database healthy", @@ -499,7 +499,7 @@ func TestEvaluate(t *testing.T) { Managed: true, }, { - Kind: qv1.ComponentQuayPostgres, + Kind: qv1.ComponentPostgres, Managed: true, }, { @@ -791,7 +791,7 @@ func TestEvaluate(t *testing.T) { Message: "ServiceMonitor and PrometheusRules created", }, { - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentReady, Message: "Deployment registry-quay-database healthy", @@ -855,7 +855,7 @@ func TestEvaluate(t *testing.T) { Managed: true, }, { - Kind: qv1.ComponentQuayPostgres, + Kind: qv1.ComponentPostgres, Managed: true, }, { @@ -1170,7 +1170,7 @@ func TestEvaluate(t *testing.T) { Message: "ServiceMonitor and PrometheusRules created", }, { - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentReady, Message: "Deployment registry-quay-database healthy", diff --git a/pkg/cmpstatus/quaypostgres.go b/pkg/cmpstatus/quaypostgres.go index 7e2df0ed6..68d2c6690 100644 --- a/pkg/cmpstatus/quaypostgres.go +++ b/pkg/cmpstatus/quaypostgres.go @@ -30,9 +30,9 @@ func (p *Postgres) Name() string { func (p *Postgres) Check(ctx context.Context, reg qv1.QuayRegistry) (qv1.Condition, error) { var zero qv1.Condition - if !qv1.ComponentIsManaged(reg.Spec.Components, qv1.ComponentQuayPostgres) { + if !qv1.ComponentIsManaged(reg.Spec.Components, qv1.ComponentPostgres) { return qv1.Condition{ - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentUnmanaged, Message: "Postgres not managed by the operator", @@ -49,7 +49,7 @@ func (p *Postgres) Check(ctx context.Context, reg qv1.QuayRegistry) (qv1.Conditi if err := p.Client.Get(ctx, nsn, &dep); err != nil { if errors.IsNotFound(err) { return qv1.Condition{ - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not found", @@ -61,7 +61,7 @@ func (p *Postgres) Check(ctx context.Context, reg qv1.QuayRegistry) (qv1.Conditi if !qv1.Owns(reg, &dep) { return qv1.Condition{ - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not owned by QuayRegistry", @@ -70,6 +70,6 @@ func (p *Postgres) Check(ctx context.Context, reg qv1.QuayRegistry) (qv1.Conditi } cond := p.deploy.check(dep) - cond.Type = qv1.ComponentQuayPostgresReady + cond.Type = qv1.ComponentPostgresReady return cond, nil } diff --git a/pkg/cmpstatus/quaypostgres_test.go b/pkg/cmpstatus/quaypostgres_test.go index 1fa734a10..9f568bbaa 100644 --- a/pkg/cmpstatus/quaypostgres_test.go +++ b/pkg/cmpstatus/quaypostgres_test.go @@ -32,14 +32,14 @@ func TestPostgresCheck(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentQuayPostgres, + Kind: qv1.ComponentPostgres, Managed: false, }, }, }, }, cond: qv1.Condition{ - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionTrue, Reason: qv1.ConditionReasonComponentUnmanaged, Message: "Postgres not managed by the operator", @@ -55,14 +55,14 @@ func TestPostgresCheck(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentQuayPostgres, + Kind: qv1.ComponentPostgres, Managed: true, }, }, }, }, cond: qv1.Condition{ - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not found", @@ -78,7 +78,7 @@ func TestPostgresCheck(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentQuayPostgres, + Kind: qv1.ComponentPostgres, Managed: true, }, }, @@ -92,7 +92,7 @@ func TestPostgresCheck(t *testing.T) { }, }, cond: qv1.Condition{ - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Postgres deployment not owned by QuayRegistry", @@ -108,7 +108,7 @@ func TestPostgresCheck(t *testing.T) { Spec: qv1.QuayRegistrySpec{ Components: []qv1.Component{ { - Kind: qv1.ComponentQuayPostgres, + Kind: qv1.ComponentPostgres, Managed: true, }, }, @@ -140,7 +140,7 @@ func TestPostgresCheck(t *testing.T) { }, }, cond: qv1.Condition{ - Type: qv1.ComponentQuayPostgresReady, + Type: qv1.ComponentPostgresReady, Status: metav1.ConditionFalse, Reason: qv1.ConditionReasonComponentNotReady, Message: "Deployment registry-quay-database: something went wrong", diff --git a/pkg/kustomize/kustomize.go b/pkg/kustomize/kustomize.go index b9e848a17..5ef100868 100644 --- a/pkg/kustomize/kustomize.go +++ b/pkg/kustomize/kustomize.go @@ -3,7 +3,6 @@ package kustomize import ( "errors" "fmt" - "os" "path/filepath" "runtime" @@ -55,14 +54,14 @@ func ComponentImageFor(component v1.ComponentKind) (types.Image, error) { v1.ComponentQuay: componentImagePrefix + "QUAY", v1.ComponentClair: componentImagePrefix + "CLAIR", v1.ComponentRedis: componentImagePrefix + "REDIS", - v1.ComponentQuayPostgres: componentImagePrefix + "QUAY_POSTGRES", - v1.ComponentClairPostgres: componentImagePrefix + "CLAIR_POSTGRES", + v1.ComponentPostgres: componentImagePrefix + "POSTGRES", + v1.ComponentClairPostgres: componentImagePrefix + "CLAIRPOSTGRES", } defaultImagesFor := map[v1.ComponentKind]string{ v1.ComponentQuay: "quay.io/projectquay/quay", v1.ComponentClair: "quay.io/projectquay/clair", v1.ComponentRedis: "docker.io/library/redis", - v1.ComponentQuayPostgres: "quay.io/sclorg/postgresql-13-c9s", + v1.ComponentPostgres: "quay.io/sclorg/postgresql-13-c9s", v1.ComponentClairPostgres: "quay.io/sclorg/postgresql-15-c9s", } @@ -102,6 +101,31 @@ func postgresUpgradeImage() (types.Image, error) { return imageOverride, nil } + if len(strings.Split(image, "@")) == 2 { + imageOverride.NewName = strings.Split(image, "@")[0] + imageOverride.Digest = strings.Split(image, "@")[1] + } else if len(strings.Split(image, ":")) == 2 { + imageOverride.NewName = strings.Split(image, ":")[0] + imageOverride.NewTag = strings.Split(image, ":")[1] + } else { + return types.Image{}, fmt.Errorf( + "image override must be reference by tag or digest: %s", image, + ) + } + return imageOverride, nil +} + +func clairpostgresUpgradeImage() (types.Image, error) { + imageOverride := types.Image{ + Name: "quay.io/sclorg/postgresql-13-c9s", + } + + image := os.Getenv("RELATED_IMAGE_COMPONENT_CLAIRPOSTGRES_PREVIOUS") + + if image == "" { + return imageOverride, nil + } + if len(strings.Split(image, "@")) == 2 { imageOverride.NewName = strings.Split(image, "@")[0] imageOverride.Digest = strings.Split(image, "@")[1] @@ -460,7 +484,7 @@ func KustomizationFor( } } - if ctx.NeedsPgUpgrade || ctx.NeedsClairPgUpgrade { + if ctx.NeedsPgUpgrade { pgImage, err := postgresUpgradeImage() if err != nil { return nil, err @@ -468,6 +492,14 @@ func KustomizationFor( images = append(images, pgImage) } + if ctx.NeedsClairPgUpgrade { + clairPgImage, err := clairpostgresUpgradeImage() + if err != nil { + return nil, err + } + images = append(images, clairPgImage) + } + return &types.Kustomization{ TypeMeta: types.TypeMeta{ APIVersion: types.KustomizationVersion, @@ -554,7 +586,7 @@ func Inflate( if dbURI, ok := parsedUserConfig["DB_URI"].(string); ok && len(dbURI) > 0 { dbCfgHasChanged = parsedUserConfig["DB_URI"] != ctx.DbUri ctx.DbUri = dbURI - } else if v1.ComponentIsManaged(quay.Spec.Components, v1.ComponentQuayPostgres) && len(ctx.DbUri) == 0 { + } else if v1.ComponentIsManaged(quay.Spec.Components, v1.ComponentPostgres) && len(ctx.DbUri) == 0 { dbCfgHasChanged = true log.Info("managed `DB_URI` not found in config, generating new one") user := quay.GetName() + "-quay-database" diff --git a/pkg/kustomize/kustomize_test.go b/pkg/kustomize/kustomize_test.go index 2fdff9986..2bbe57200 100644 --- a/pkg/kustomize/kustomize_test.go +++ b/pkg/kustomize/kustomize_test.go @@ -45,6 +45,7 @@ var kustomizationForTests = []struct { {Kind: "postgres", Managed: true}, {Kind: "clair", Managed: true}, {Kind: "redis", Managed: true}, + {Kind: "clairpostgres", Managed: true}, {Kind: "objectstorage", Managed: true}, {Kind: "mirror", Managed: true}, }, @@ -61,6 +62,7 @@ var kustomizationForTests = []struct { "../components/postgres", "../components/clair", "../components/redis", + "../components/clairpostgres", "../components/objectstorage", "../components/mirror", }, @@ -207,14 +209,14 @@ var kustomizationForTests = []struct { &v1.QuayRegistry{ Spec: v1.QuayRegistrySpec{ Components: []v1.Component{ - {Kind: "postgres", Managed: true}, + {Kind: "clairpostgres", Managed: true}, {Kind: "clair", Managed: false}, {Kind: "redis", Managed: true}, }, }, }, quaycontext.QuayRegistryContext{ - NeedsPgUpgrade: true, + NeedsClairPgUpgrade: true, }, &types.Kustomization{ TypeMeta: types.TypeMeta{ @@ -223,15 +225,15 @@ var kustomizationForTests = []struct { }, Components: []string{ "../components/redis", - "../components/postgres", - "../components/pgupgrade", + "../components/clairpostgres", + "../components/clairpgupgrade/base", }, Images: []types.Image{ {Name: "quay.io/projectquay/quay", NewName: "quay", NewTag: "latest"}, {Name: "quay.io/projectquay/clair", NewName: "clair", NewTag: "alpine"}, {Name: "docker.io/library/redis", NewName: "redis", NewTag: "buster"}, - {Name: "quay.io/sclorg/postgresql-13-c9s", NewName: "postgres", NewTag: "latest"}, - {Name: "centos/postgresql-10-centos7", NewName: "postgres_previous", NewTag: "latest"}, + {Name: "quay.io/sclorg/postgresql-15-c9s", NewName: "clairpostgres", NewTag: "latest"}, + {Name: "quay.io/sclorg/postgresql-13-c9s", NewName: "clairpostgres_previous", NewTag: "latest"}, }, SecretGenerator: []types.SecretArgs{}, }, @@ -723,7 +725,7 @@ func TestInflate(t *testing.T) { } assert.Equal(string(managedKeys.Data["SECRET_KEY"]), config["SECRET_KEY"], test.name) - if test.ctx.DbUri == "" && v1.ComponentIsManaged(test.quayRegistry.Spec.Components, v1.ComponentQuayPostgres) { + if test.ctx.DbUri == "" && v1.ComponentIsManaged(test.quayRegistry.Spec.Components, v1.ComponentPostgres) { assert.Greater(len(string(managedKeys.Data["DB_URI"])), 0, test.name) assert.Greater(len(config["DB_URI"].(string)), 0, test.name) } else { diff --git a/pkg/kustomize/secrets.go b/pkg/kustomize/secrets.go index b088b4141..fd5314ce4 100644 --- a/pkg/kustomize/secrets.go +++ b/pkg/kustomize/secrets.go @@ -78,7 +78,7 @@ func FieldGroupFor( } return fieldGroup, nil - case v1.ComponentQuayPostgres: + case v1.ComponentPostgres: fieldGroup, err := database.NewDatabaseFieldGroup(map[string]interface{}{}) if err != nil { return nil, err @@ -236,7 +236,7 @@ func ContainsComponentConfig( case v1.ComponentClair: fields = (&securityscanner.SecurityScannerFieldGroup{}).Fields() - case v1.ComponentQuayPostgres: + case v1.ComponentPostgres: fields = (&database.DatabaseFieldGroup{}).Fields() case v1.ComponentClairPostgres: @@ -309,7 +309,7 @@ func ContainsComponentConfig( // componentConfigFilesFor returns specific config files for managed components of a Quay registry. func componentConfigFilesFor(log logr.Logger, qctx *quaycontext.QuayRegistryContext, component v1.ComponentKind, quay *v1.QuayRegistry, configFiles map[string][]byte) (map[string][]byte, error) { switch component { - case v1.ComponentQuayPostgres: + case v1.ComponentPostgres: dbConfig, ok := configFiles["postgres.config.yaml"] if !ok { return nil, fmt.Errorf("cannot generate managed component config file for `postgres` if `postgres.config.yaml` is missing") diff --git a/pkg/middleware/middleware.go b/pkg/middleware/middleware.go index f9004a9f1..03528f54e 100644 --- a/pkg/middleware/middleware.go +++ b/pkg/middleware/middleware.go @@ -199,9 +199,9 @@ func Process(quay *v1.QuayRegistry, qctx *quaycontext.QuayRegistryContext, obj c var override *resource.Quantity switch quayComponentLabel { case "postgres": - override = v1.GetVolumeSizeOverrideForComponent(quay, v1.ComponentQuayPostgres) + override = v1.GetVolumeSizeOverrideForComponent(quay, v1.ComponentPostgres) case "clair-postgres": - override = v1.GetVolumeSizeOverrideForComponent(quay, v1.ComponentClair) + override = v1.GetVolumeSizeOverrideForComponent(quay, v1.ComponentClairPostgres) } // If override was not provided diff --git a/pkg/middleware/middleware_test.go b/pkg/middleware/middleware_test.go index db22698af..d9d60fc27 100644 --- a/pkg/middleware/middleware_test.go +++ b/pkg/middleware/middleware_test.go @@ -183,6 +183,7 @@ var processTests = []struct { {Kind: "route", Managed: true}, {Kind: "tls", Managed: true}, {Kind: "postgres", Managed: true, Overrides: &v1.Override{VolumeSize: parseResourceString("70Gi")}}, + {Kind: "clairpostgres", Managed: true, Overrides: &v1.Override{VolumeSize: parseResourceString("60Gi")}}, {Kind: "clair", Managed: true, Overrides: &v1.Override{VolumeSize: parseResourceString("60Gi")}}, }, }, From fd8ddb6bcd5d46af2a1e75548b71666b39314abd Mon Sep 17 00:00:00 2001 From: Jonathan King Date: Thu, 30 May 2024 13:47:17 -0400 Subject: [PATCH 07/10] statefulset: Use stateful sets for posgres deployments (PROJQUAY-6672) - Swap Postgres and Clair Postgres Deployments to StatefulSets --- .github/workflows/ci.yaml | 9 +-------- Makefile | 4 ++-- ...oyment.patch.yaml => clair-pg.statefulset.patch.yaml} | 2 +- .../components/clairpgupgrade/base/kustomization.yaml | 2 +- kustomize/components/clairpostgres/kustomization.yaml | 4 ++-- ...ostgres.deployment.yaml => postgres.statefulset.yaml} | 6 +++--- kustomize/components/pgupgrade/kustomization.yaml | 2 +- ...loyment.patch.yaml => quay-pg.statefulset.patch.yaml} | 2 +- kustomize/components/postgres/kustomization.yaml | 2 +- ...ostgres.deployment.yaml => postgres.statefulset.yaml} | 6 +++--- pkg/kustomize/kustomize.go | 2 ++ 11 files changed, 18 insertions(+), 23 deletions(-) rename kustomize/components/clairpgupgrade/base/{clair-pg.deployment.patch.yaml => clair-pg.statefulset.patch.yaml} (80%) rename kustomize/components/clairpostgres/{postgres.deployment.yaml => postgres.statefulset.yaml} (95%) rename kustomize/components/pgupgrade/{quay-pg.deployment.patch.yaml => quay-pg.statefulset.patch.yaml} (80%) rename kustomize/components/postgres/{postgres.deployment.yaml => postgres.statefulset.yaml} (96%) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 599395127..c12e8efeb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -43,12 +43,5 @@ jobs: uses: actions/checkout@v3 - name: OS Dependencies run: apt-get update && apt-get install -y tar make gcc - - name: Install Kubebuilder - run: | - os=$(go env GOOS) - arch=$(go env GOARCH) - curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.1/kubebuilder_2.3.1_${os}_${arch}.tar.gz | tar -xz -C /tmp/ - mv /tmp/kubebuilder_2.3.1_${os}_${arch} /usr/local/kubebuilder - export PATH=$PATH:/usr/local/kubebuilder/bin - name: Tests - run: go test -v ./... + run: make test diff --git a/Makefile b/Makefile index c63ef06ae..504a0efcc 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ all: manager # Run tests test: manifests generate fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -v ./... -coverprofile cover.out test-e2e: mkdir -p ./bin @@ -107,7 +107,7 @@ $(CONTROLLER_GEN): $(LOCALBIN) .PHONY: envtest envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. $(ENVTEST): $(LOCALBIN) - test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest + test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20230216140739-c98506dc3b8e # This target called from the prepare-release github action. # CHANNEL - operator channel (eg. stable-3.6, candidate-3.9) diff --git a/kustomize/components/clairpgupgrade/base/clair-pg.deployment.patch.yaml b/kustomize/components/clairpgupgrade/base/clair-pg.statefulset.patch.yaml similarity index 80% rename from kustomize/components/clairpgupgrade/base/clair-pg.deployment.patch.yaml rename to kustomize/components/clairpgupgrade/base/clair-pg.statefulset.patch.yaml index 72c3a0f43..a54e4fb06 100644 --- a/kustomize/components/clairpgupgrade/base/clair-pg.deployment.patch.yaml +++ b/kustomize/components/clairpgupgrade/base/clair-pg.statefulset.patch.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: clair-postgres spec: diff --git a/kustomize/components/clairpgupgrade/base/kustomization.yaml b/kustomize/components/clairpgupgrade/base/kustomization.yaml index d4fe25137..b8f8a0727 100644 --- a/kustomize/components/clairpgupgrade/base/kustomization.yaml +++ b/kustomize/components/clairpgupgrade/base/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ./clair-pg-old.persistentvolumeclaim.yaml - ./clair-pg-old.deployment.yaml patchesStrategicMerge: - - ./clair-pg.deployment.patch.yaml + - ./clair-pg.statefulset.patch.yaml diff --git a/kustomize/components/clairpostgres/kustomization.yaml b/kustomize/components/clairpostgres/kustomization.yaml index 9384155ab..5a9e7a820 100644 --- a/kustomize/components/clairpostgres/kustomization.yaml +++ b/kustomize/components/clairpostgres/kustomization.yaml @@ -1,9 +1,9 @@ # Clair component adds Clair v4 security scanner and its database. apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -resources: +resources: - ./postgres.serviceaccount.yaml - ./postgres.persistentvolumeclaim.yaml - - ./postgres.deployment.yaml + - ./postgres.statefulset.yaml - ./postgres.service.yaml - ./clair-postgres-conf-sample.configmap.yaml diff --git a/kustomize/components/clairpostgres/postgres.deployment.yaml b/kustomize/components/clairpostgres/postgres.statefulset.yaml similarity index 95% rename from kustomize/components/clairpostgres/postgres.deployment.yaml rename to kustomize/components/clairpostgres/postgres.statefulset.yaml index e31c093c4..3ae30696a 100644 --- a/kustomize/components/clairpostgres/postgres.deployment.yaml +++ b/kustomize/components/clairpostgres/postgres.statefulset.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: clair-postgres labels: @@ -7,9 +7,8 @@ metadata: annotations: quay-component: clair-postgres spec: + serviceName: clair-postgres replicas: 1 - strategy: - type: Recreate selector: matchLabels: quay-component: clair-postgres @@ -57,3 +56,4 @@ spec: requests: cpu: 500m memory: 2Gi + volumeClaimTemplates: [] diff --git a/kustomize/components/pgupgrade/kustomization.yaml b/kustomize/components/pgupgrade/kustomization.yaml index d8c2d2a68..946499c78 100644 --- a/kustomize/components/pgupgrade/kustomization.yaml +++ b/kustomize/components/pgupgrade/kustomization.yaml @@ -7,4 +7,4 @@ resources: - ./quay-pg-old.deployment.yaml patchesStrategicMerge: - ./quay.deployment.patch.yaml - - ./quay-pg.deployment.patch.yaml + - ./quay-pg.statefulset.patch.yaml diff --git a/kustomize/components/pgupgrade/quay-pg.deployment.patch.yaml b/kustomize/components/pgupgrade/quay-pg.statefulset.patch.yaml similarity index 80% rename from kustomize/components/pgupgrade/quay-pg.deployment.patch.yaml rename to kustomize/components/pgupgrade/quay-pg.statefulset.patch.yaml index bfcae5312..2ff6bd9c0 100644 --- a/kustomize/components/pgupgrade/quay-pg.deployment.patch.yaml +++ b/kustomize/components/pgupgrade/quay-pg.statefulset.patch.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: quay-database spec: diff --git a/kustomize/components/postgres/kustomization.yaml b/kustomize/components/postgres/kustomization.yaml index 205c3e3aa..772c89302 100644 --- a/kustomize/components/postgres/kustomization.yaml +++ b/kustomize/components/postgres/kustomization.yaml @@ -4,7 +4,7 @@ kind: Component resources: - ./postgres.serviceaccount.yaml - ./postgres.persistentvolumeclaim.yaml - - ./postgres.deployment.yaml + - ./postgres.statefulset.yaml - ./postgres.service.yaml - ./postgres-conf-sample.configmap.yaml secretGenerator: diff --git a/kustomize/components/postgres/postgres.deployment.yaml b/kustomize/components/postgres/postgres.statefulset.yaml similarity index 96% rename from kustomize/components/postgres/postgres.deployment.yaml rename to kustomize/components/postgres/postgres.statefulset.yaml index 6f18ad244..b76cf2130 100644 --- a/kustomize/components/postgres/postgres.deployment.yaml +++ b/kustomize/components/postgres/postgres.statefulset.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: quay-database labels: @@ -7,9 +7,8 @@ metadata: annotations: quay-component: postgres spec: + serviceName: quay-database replicas: 1 - strategy: - type: Recreate selector: matchLabels: quay-component: postgres @@ -76,3 +75,4 @@ spec: requests: cpu: 500m memory: 2Gi + volumeClaimTemplates: [] diff --git a/pkg/kustomize/kustomize.go b/pkg/kustomize/kustomize.go index 5ef100868..3d172dcd0 100644 --- a/pkg/kustomize/kustomize.go +++ b/pkg/kustomize/kustomize.go @@ -221,6 +221,8 @@ func ModelFor(gvk schema.GroupVersionKind) client.Object { return &prometheusv1.ServiceMonitor{} case schema.GroupVersionKind{Group: "monitoring.coreos.com", Version: "v1", Kind: "PrometheusRule"}.String(): return &prometheusv1.PrometheusRule{} + case schema.GroupVersionKind{Group: "apps", Version: "v1", Kind: "StatefulSet"}.String(): + return &apps.StatefulSet{} default: panic(fmt.Sprintf("Missing model for GVK %s", gvk.String())) } From 39f7ddc2a36935d1bc9a82286a429966e11c773e Mon Sep 17 00:00:00 2001 From: Shubhra Deshpande Date: Tue, 15 Oct 2024 22:54:51 -0400 Subject: [PATCH 08/10] statefulset: updating controller to read from a statefulset --- controllers/quay/features.go | 70 ++++++++++++++++----- controllers/quay/quayregistry_controller.go | 2 +- 2 files changed, 56 insertions(+), 16 deletions(-) diff --git a/controllers/quay/features.go b/controllers/quay/features.go index b8511b6f9..3bcf777a2 100644 --- a/controllers/quay/features.go +++ b/controllers/quay/features.go @@ -410,8 +410,8 @@ func (r *QuayRegistryReconciler) checkNeedsPostgresUpgradeForComponent( ctx context.Context, qctx *quaycontext.QuayRegistryContext, quay *v1.QuayRegistry, component v1.ComponentKind, ) error { componentInfo := map[v1.ComponentKind]struct { - deploymentSuffix string - upgradeField *bool + resourceSuffix string + upgradeField *bool }{ v1.ComponentClairPostgres: {"clair-postgres", &qctx.NeedsClairPgUpgrade}, v1.ComponentPostgres: {"quay-database", &qctx.NeedsPgUpgrade}, @@ -422,23 +422,63 @@ func (r *QuayRegistryReconciler) checkNeedsPostgresUpgradeForComponent( return fmt.Errorf("invalid component kind: %s", component) } - deploymentName := fmt.Sprintf("%s-%s", quay.GetName(), info.deploymentSuffix) + resourceName := fmt.Sprintf("%s-%s", quay.GetName(), info.resourceSuffix) r.Log.Info(fmt.Sprintf("getting %s version", component)) - postgresDeployment := &appsv1.Deployment{} - if err := r.Client.Get( - ctx, - types.NamespacedName{ - Name: deploymentName, - Namespace: quay.GetNamespace(), - }, - postgresDeployment, - ); err != nil { - r.Log.Info(fmt.Sprintf("%s deployment not found, skipping", component)) - return nil + var deployedImageName string + + if component == v1.ComponentClairPostgres { + statefulSet := &appsv1.StatefulSet{} + err := r.Client.Get( + ctx, + types.NamespacedName{ + Name: resourceName, + Namespace: quay.GetNamespace(), + }, + statefulSet, + ) + if err != nil { + if !errors.IsNotFound(err) { + return err + } + // NOTE: Check for Deployment to support migration from Deployment to StatefulSet. + // This ensures compatibility with both old and new setups during the upgrade process. + deployment := &appsv1.Deployment{} + err = r.Client.Get( + ctx, + types.NamespacedName{ + Name: resourceName, + Namespace: quay.GetNamespace(), + }, + deployment, + ) + if err != nil { + if errors.IsNotFound(err) { + r.Log.Info(fmt.Sprintf("%s statefulset and deployment not found, skipping", component)) + return nil + } + return err + } + deployedImageName = deployment.Spec.Template.Spec.Containers[0].Image + } else { + deployedImageName = statefulSet.Spec.Template.Spec.Containers[0].Image + } + } else { + deployment := &appsv1.Deployment{} + if err := r.Client.Get( + ctx, + types.NamespacedName{ + Name: resourceName, + Namespace: quay.GetNamespace(), + }, + deployment, + ); err != nil { + r.Log.Info(fmt.Sprintf("%s deployment not found, skipping", component)) + return nil + } + deployedImageName = deployment.Spec.Template.Spec.Containers[0].Image } - deployedImageName := postgresDeployment.Spec.Template.Spec.Containers[0].Image r.Log.Info(fmt.Sprintf("%s deployment found", component), "image", deployedImageName) expectedImage, err := kustomize.ComponentImageFor(component) diff --git a/controllers/quay/quayregistry_controller.go b/controllers/quay/quayregistry_controller.go index 75fadd2a8..03a09a4d6 100644 --- a/controllers/quay/quayregistry_controller.go +++ b/controllers/quay/quayregistry_controller.go @@ -548,7 +548,7 @@ func (r *QuayRegistryReconciler) Reconcile(ctx context.Context, req ctrl.Request v1.ConditionTypeRolloutBlocked, metav1.ConditionTrue, v1.ConditionReasonPostgresUpgradeFailed, - fmt.Sprintf("error checking for pg upgrade: %s", err), + fmt.Sprintf("error checking for clair pg upgrade: %s", err), ) } } From dae241c6b43fcc949119593c68f2337b09d6c50c Mon Sep 17 00:00:00 2001 From: Shubhra Deshpande Date: Wed, 16 Oct 2024 16:21:00 -0400 Subject: [PATCH 09/10] statefulset: removing dangling resources from old postgres deployments --- controllers/quay/quayregistry_controller.go | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/controllers/quay/quayregistry_controller.go b/controllers/quay/quayregistry_controller.go index 03a09a4d6..26d24979b 100644 --- a/controllers/quay/quayregistry_controller.go +++ b/controllers/quay/quayregistry_controller.go @@ -246,12 +246,16 @@ func (r *QuayRegistryReconciler) checkPostgresUpgradeStatus( if job.Status.Succeeded == 1 { log.Info(fmt.Sprintf("%s upgrade complete", jobName)) var oldPostgresDeploymentName string + var postgresDeploymentName string if jobName == clairPostgresUpgradeJobName { oldPostgresDeploymentName = fmt.Sprintf("%s-%s", quay.GetName(), "clair-postgres-old") + postgresDeploymentName = fmt.Sprintf("%s-%s", quay.GetName(), "clair-postgres") } else { oldPostgresDeploymentName = fmt.Sprintf("%s-%s", quay.GetName(), "quay-database-old") + postgresDeploymentName = fmt.Sprintf("%s-%s", quay.GetName(), "quay-database") } oldPostgresDeployment := &appsv1.Deployment{} + postgresDeployment := &appsv1.Deployment{} if err := r.Client.Get( ctx, types.NamespacedName{ @@ -263,7 +267,20 @@ func (r *QuayRegistryReconciler) checkPostgresUpgradeStatus( r.Log.Info(fmt.Sprintf("%s deployment not found, skipping", oldPostgresDeploymentName)) continue } - + if err := r.Client.Get( + ctx, + types.NamespacedName{ + Name: postgresDeploymentName, + Namespace: quay.GetNamespace(), + }, + postgresDeployment, + ); err != nil { + r.Log.Info(fmt.Sprintf("%s deployment not found, skipping", postgresDeploymentName)) + continue + } + if err := r.Client.Delete(ctx, postgresDeployment); err != nil { + r.Log.Error(err, fmt.Sprintf("%s deployment could not be deleted", postgresDeploymentName)) + } // Remove owner reference obj, err := v1.RemoveOwnerReference(quay, oldPostgresDeployment) if err != nil { From 83038f4dc56be34d2dc62374d0428741cd075139 Mon Sep 17 00:00:00 2001 From: Shubhra Deshpande Date: Wed, 16 Oct 2024 17:11:43 -0400 Subject: [PATCH 10/10] statefulset: reverted statefulset changes for quay postgres --- kustomize/components/pgupgrade/kustomization.yaml | 2 +- ...statefulset.patch.yaml => quay-pg.deployment.patch.yaml} | 2 +- kustomize/components/postgres/kustomization.yaml | 2 +- .../{postgres.statefulset.yaml => postgres.deployment.yaml} | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) rename kustomize/components/pgupgrade/{quay-pg.statefulset.patch.yaml => quay-pg.deployment.patch.yaml} (80%) rename kustomize/components/postgres/{postgres.statefulset.yaml => postgres.deployment.yaml} (96%) diff --git a/kustomize/components/pgupgrade/kustomization.yaml b/kustomize/components/pgupgrade/kustomization.yaml index 946499c78..d8c2d2a68 100644 --- a/kustomize/components/pgupgrade/kustomization.yaml +++ b/kustomize/components/pgupgrade/kustomization.yaml @@ -7,4 +7,4 @@ resources: - ./quay-pg-old.deployment.yaml patchesStrategicMerge: - ./quay.deployment.patch.yaml - - ./quay-pg.statefulset.patch.yaml + - ./quay-pg.deployment.patch.yaml diff --git a/kustomize/components/pgupgrade/quay-pg.statefulset.patch.yaml b/kustomize/components/pgupgrade/quay-pg.deployment.patch.yaml similarity index 80% rename from kustomize/components/pgupgrade/quay-pg.statefulset.patch.yaml rename to kustomize/components/pgupgrade/quay-pg.deployment.patch.yaml index 2ff6bd9c0..bfcae5312 100644 --- a/kustomize/components/pgupgrade/quay-pg.statefulset.patch.yaml +++ b/kustomize/components/pgupgrade/quay-pg.deployment.patch.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: quay-database spec: diff --git a/kustomize/components/postgres/kustomization.yaml b/kustomize/components/postgres/kustomization.yaml index 772c89302..205c3e3aa 100644 --- a/kustomize/components/postgres/kustomization.yaml +++ b/kustomize/components/postgres/kustomization.yaml @@ -4,7 +4,7 @@ kind: Component resources: - ./postgres.serviceaccount.yaml - ./postgres.persistentvolumeclaim.yaml - - ./postgres.statefulset.yaml + - ./postgres.deployment.yaml - ./postgres.service.yaml - ./postgres-conf-sample.configmap.yaml secretGenerator: diff --git a/kustomize/components/postgres/postgres.statefulset.yaml b/kustomize/components/postgres/postgres.deployment.yaml similarity index 96% rename from kustomize/components/postgres/postgres.statefulset.yaml rename to kustomize/components/postgres/postgres.deployment.yaml index b76cf2130..6f18ad244 100644 --- a/kustomize/components/postgres/postgres.statefulset.yaml +++ b/kustomize/components/postgres/postgres.deployment.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: quay-database labels: @@ -7,8 +7,9 @@ metadata: annotations: quay-component: postgres spec: - serviceName: quay-database replicas: 1 + strategy: + type: Recreate selector: matchLabels: quay-component: postgres @@ -75,4 +76,3 @@ spec: requests: cpu: 500m memory: 2Gi - volumeClaimTemplates: []