Update dependencies (#663)

Signed-off-by: 1gtm <[email protected]>

go.mod

@@ -20,11 +20,11 @@ require (
 	k8s.io/component-base v0.21.1
 	k8s.io/klog/v2 v2.9.0
 	k8s.io/kubectl v0.21.1
-	kmodules.xyz/client-go v0.0.0-20220427165208-36281a681909
+	kmodules.xyz/client-go v0.0.0-20220512223652-dc247aa7f6df
 	kmodules.xyz/custom-resources v0.0.0-20220422215041-237eae1d7ddd
-	kmodules.xyz/monitoring-agent-api v0.0.0-20220319222118-0290ed5b75e1
-	kubedb.dev/apimachinery v0.26.1-0.20220508053725-74c4fc13ef02
-	stash.appscode.dev/apimachinery v0.20.0
+	kmodules.xyz/monitoring-agent-api v0.0.0-20220519191512-5a48a0a1d3f8
+	kubedb.dev/apimachinery v0.26.1-0.20220519193141-3634eb14c9ac
+	stash.appscode.dev/apimachinery v0.20.1
 )
 
 require github.com/josharian/intern v1.0.0 // indirect

go.sum

@@ -266,6 +266,7 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78
 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/gobuffalo/flect v0.2.2/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc=
 github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc=
+github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8=
 github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -1253,8 +1254,9 @@ kmodules.xyz/client-go v0.0.0-20220104114408-2a3a05dbe89f/go.mod h1:xxl1ve1Obe4x
 kmodules.xyz/client-go v0.0.0-20220203031013-1de48437aaf3/go.mod h1:aOwnhdxO0uh54ds1wQYRlKVtYlzLyakaesmMQeupVek=
 kmodules.xyz/client-go v0.0.0-20220215012708-9963581d69a7/go.mod h1:sOq5P3AkZdv6D/skvUPwEG15NDYy5olwBllH/JXfhGI=
 kmodules.xyz/client-go v0.0.0-20220317213815-2a6d5a5784f2/go.mod h1:7pExIHGzUdu8ZGveYvAaXEhS4GdczoOy8z+hq6x6K9A=
-kmodules.xyz/client-go v0.0.0-20220427165208-36281a681909 h1:c/7SJgQbmEzPdziKnx5uC7EtkTmbbyLBz7gQGfVGvSg=
 kmodules.xyz/client-go v0.0.0-20220427165208-36281a681909/go.mod h1:7pExIHGzUdu8ZGveYvAaXEhS4GdczoOy8z+hq6x6K9A=
+kmodules.xyz/client-go v0.0.0-20220512223652-dc247aa7f6df h1:ATThnmUo1tKu7rW0O8iyU0XJCTibXnbVIePLJeIQH0c=
+kmodules.xyz/client-go v0.0.0-20220512223652-dc247aa7f6df/go.mod h1:7pExIHGzUdu8ZGveYvAaXEhS4GdczoOy8z+hq6x6K9A=
 kmodules.xyz/constants v0.0.0-20210218100002-2c304bfda278/go.mod h1:DbiFk1bJ1KEO94t1SlAn7tzc+Zz95rSXgyUKa2nzPmY=
 kmodules.xyz/crd-schema-fuzz v0.0.0-20210618002152-fae23aef5fb4/go.mod h1:IIkUctlfoptoci0BOrsUf8ya+MOG5uaeh1PE4uzaIbA=
 kmodules.xyz/crd-schema-fuzz v0.0.0-20211025154117-6edb24ef11bc/go.mod h1:yLOBJKasPhnCodKSZGFZ6OGFFrp0tq3ALS9rDnYFjkg=
@@ -1263,8 +1265,9 @@ kmodules.xyz/custom-resources v0.0.0-20220314103517-150ada19b198/go.mod h1:cDD2g
 kmodules.xyz/custom-resources v0.0.0-20220317220154-7beb809b1f5e/go.mod h1:OCLmlMhRowPtBPP1bu4xreNLj8/TYu/4lY477+eAzUM=
 kmodules.xyz/custom-resources v0.0.0-20220422215041-237eae1d7ddd h1:Y5w0ZxHMSPUnzjAlVKXS6+ED/wXlxXyWVYckarkiBBA=
 kmodules.xyz/custom-resources v0.0.0-20220422215041-237eae1d7ddd/go.mod h1:OCLmlMhRowPtBPP1bu4xreNLj8/TYu/4lY477+eAzUM=
-kmodules.xyz/monitoring-agent-api v0.0.0-20220319222118-0290ed5b75e1 h1:V+UN7+86GIrRszwCwWJAPSHq9mfgZR5K1xX7hYRmQRg=
 kmodules.xyz/monitoring-agent-api v0.0.0-20220319222118-0290ed5b75e1/go.mod h1:UewkaANM5lHuURg/WPjuBmsdbfYN2yG0y0L2fxmADw8=
+kmodules.xyz/monitoring-agent-api v0.0.0-20220519191512-5a48a0a1d3f8 h1:19VqNl4srnb9BBaw3d9WGrzcuGSC6pzH/M2BrjCBW1A=
+kmodules.xyz/monitoring-agent-api v0.0.0-20220519191512-5a48a0a1d3f8/go.mod h1:5ihy4/VxICVhjoTZVlDHtG8chavHI6yolcJ4mJQLnJ0=
 kmodules.xyz/objectstore-api v0.0.0-20211207131029-3271069de43e/go.mod h1:IICnDdPFOEeGXdaPVHOGYfdwD1cyh/p1I/TWMkyNTIE=
 kmodules.xyz/objectstore-api v0.0.0-20220317220441-f1d593d0a778 h1:1biCLf6zjBzg9YI9xDjrH6RrKtizpKVB7iuo/5NWOo0=
 kmodules.xyz/objectstore-api v0.0.0-20220317220441-f1d593d0a778/go.mod h1:rJ3QmHvS0CCJAhhdbXh+O2nlEY5gEmgYdpo3vA4nAm4=
@@ -1284,8 +1287,8 @@ kmodules.xyz/resource-metrics v0.0.8/go.mod h1:M7rWuo2qh3BpHhogiEVPnvGY9Xx4Pfygq
 kmodules.xyz/schema-checker v0.2.0/go.mod h1:J1QUIFsqW0h/WNrIGzzy3UopTzg+RmMJXxvAZfmYDb4=
 kmodules.xyz/schema-checker v0.2.1/go.mod h1:1R2s4FH23Rz73DnfT8paWGNeMQpT7ia3KoyF8X4HCGU=
 kmodules.xyz/webhook-runtime v0.0.0-20220317222714-0ddfc9e4c221/go.mod h1:Q+4LHbCHVlkKxpEgaDa/EyZb5p/Bpj767zInBwyyitc=
-kubedb.dev/apimachinery v0.26.1-0.20220508053725-74c4fc13ef02 h1:PnqoNtWm6bBb8AH8vvR3fMR1loR+NTLdFElPKLYqN9A=
-kubedb.dev/apimachinery v0.26.1-0.20220508053725-74c4fc13ef02/go.mod h1:atLQjkN5sVQc7WJJCyxTt0AD8ZODyZYUxudYAQIxL2Y=
+kubedb.dev/apimachinery v0.26.1-0.20220519193141-3634eb14c9ac h1:xdQ7eCssD8CrmofM/8hWgkhP96f21wYvE2dCQikjzvE=
+kubedb.dev/apimachinery v0.26.1-0.20220519193141-3634eb14c9ac/go.mod h1:atLQjkN5sVQc7WJJCyxTt0AD8ZODyZYUxudYAQIxL2Y=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
@@ -1326,5 +1329,5 @@ software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237/go.mod h1:
 software.sslmate.com/src/go-pkcs12 v0.0.0-20200830195227-52f69702a001/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ=
 sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
 stash.appscode.dev/apimachinery v0.18.0/go.mod h1:MDzqJ66A2QZKAHRksfHT5crOD29a0S5Hfuy/D5hHAjw=
-stash.appscode.dev/apimachinery v0.20.0 h1:JxBT94F/bfV6hkc8PxYoNOFiNeXa8YRLBp1hAX2NDz0=
-stash.appscode.dev/apimachinery v0.20.0/go.mod h1:HyYlJ56VT8QgUM7NPCMrRRr/9e+eltUHGtd7GBXUCJo=
+stash.appscode.dev/apimachinery v0.20.1 h1:pWmqoGydibXTbwFGesMdVulxPGE/J3gdSGY/9E6LOh0=
+stash.appscode.dev/apimachinery v0.20.1/go.mod h1:HyYlJ56VT8QgUM7NPCMrRRr/9e+eltUHGtd7GBXUCJo=

vendor/kmodules.xyz/client-go/core/v1/kubernetes.go

@@ -71,10 +71,6 @@ func EnsureContainerDeleted(containers []core.Container, name string) []core.Con
 func UpsertContainer(containers []core.Container, upsert core.Container) []core.Container {
 	for i, container := range containers {
 		if container.Name == upsert.Name {
-			// can't be updated. So, keep existing values. usually not set in upsert.
-			upsert.TerminationMessagePath = container.TerminationMessagePath
-			upsert.TerminationMessagePolicy = container.TerminationMessagePolicy
-
 			err := mergo.Merge(&container, upsert, mergo.WithOverride)
 			if err != nil {
 				panic(err)

vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/constants.go

@@ -96,10 +96,10 @@ var (
 	DashboardsDefaultResources = core.ResourceRequirements{
 		Requests: core.ResourceList{
 			core.ResourceCPU:    resource.MustParse(".100"),
-			core.ResourceMemory: resource.MustParse("512Mi"),
+			core.ResourceMemory: resource.MustParse("1Gi"),
 		},
 		Limits: core.ResourceList{
-			core.ResourceMemory: resource.MustParse("512Mi"),
+			core.ResourceMemory: resource.MustParse("1Gi"),
 		},
 	}
 )

vendor/kubedb.dev/apimachinery/apis/dashboard/v1alpha1/types.go

@@ -75,13 +75,16 @@ const (
 	StatsServiceAlias   ServiceAlias = "stats"
 )
 
-// +kubebuilder:validation:Enum=green;yellow;red
+// +kubebuilder:validation:Enum=green;yellow;red;available;degraded;unavailable
 type DashboardServerState string
 
 const (
-	StateGreen  DashboardServerState = "green"
-	StateYellow DashboardServerState = "yellow"
-	StateRed    DashboardServerState = "red"
+	StateGreen       DashboardServerState = "green"
+	StateYellow      DashboardServerState = "yellow"
+	StateRed         DashboardServerState = "red"
+	StateAvailable   DashboardServerState = "available"
+	StateDegraded    DashboardServerState = "degraded"
+	StateUnavailable DashboardServerState = "unavailable"
 )
 
 // +kubebuilder:validation:Enum=dashboard-custom-config;dashboard-temp-config;dashboard-config;kibana-server;database-client

vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go

@@ -200,6 +200,7 @@ const (
 	MySQLTLSConfigPreferred  = "preferred"
 
 	MySQLRouterContainerName           = "mysql-router"
+	MySQLCoordinatorContainerName      = "mysql-coordinator"
 	MySQLRouterInitScriptDirectoryName = "init-scripts"
 	MySQLRouterInitScriptDirectoryPath = "/scripts"
 	MySQLRouterConfigDirectoryName     = "router-config-secret"
@@ -259,6 +260,9 @@ const (
 	PostgresCoordinatorClientPort     = 2379
 	PostgresCoordinatorClientPortName = "coordinatclient"
 
+	RaftMetricsExporterPort     = 23790
+	RaftMetricsExporterPortName = "raft-metrics"
+
 	PostgresRunScriptMountPath  = "/run_scripts"
 	PostgresRunScriptVolumeName = "scripts"
 
@@ -286,6 +290,13 @@ const (
 	ProxySQLAdminPortName          = "admin"
 	ProxySQLDataMountPath          = "/var/lib/proxysql"
 	ProxySQLCustomConfigMountPath  = "/etc/custom-config"
+
+	ProxySQLBackendSSLMountPath  = "/var/lib/certs"
+	ProxySQLFrontendSSLMountPath = "/var/lib/frontend"
+	ProxySQLClusterAdmin         = "cluster"
+	ProxySQLClusterPasswordField = "cluster_password"
+	ProxySQLTLSConfigCustom      = "custom"
+	ProxySQLTLSConfigSkipVerify  = "skip-verify"
 	// =========================== Redis Constants ============================
 	RedisConfigKey = "redis.conf" // RedisConfigKey is going to create for the customize redis configuration
 	// DefaultConfigKey is going to create for the default redis configuration
@@ -345,20 +356,26 @@ const (
 	DatabasePaused = "Paused"
 	// used for Databases that are halted
 	DatabaseHalted = "Halted"
+	// used for pausing health check of a Database
+	DatabaseHealthCheckPaused = "HealthCheckPaused"
+	// used for Databases whose internal user credentials are synced
+	InternalUsersSynced = "InternalUsersSynced"
 
 	// Condition reasons
-	DataRestoreStartedByExternalInitializer = "DataRestoreStartedByExternalInitializer"
-	DatabaseSuccessfullyRestored            = "SuccessfullyDataRestored"
-	FailedToRestoreData                     = "FailedToRestoreData"
-	AllReplicasAreReady                     = "AllReplicasReady"
-	SomeReplicasAreNotReady                 = "SomeReplicasNotReady"
-	DatabaseAcceptingConnectionRequest      = "DatabaseAcceptingConnectionRequest"
-	DatabaseNotAcceptingConnectionRequest   = "DatabaseNotAcceptingConnectionRequest"
-	ReadinessCheckSucceeded                 = "ReadinessCheckSucceeded"
-	ReadinessCheckFailed                    = "ReadinessCheckFailed"
-	DatabaseProvisioningStartedSuccessfully = "DatabaseProvisioningStartedSuccessfully"
-	DatabaseSuccessfullyProvisioned         = "DatabaseSuccessfullyProvisioned"
-	DatabaseHaltedSuccessfully              = "DatabaseHaltedSuccessfully"
+	DataRestoreStartedByExternalInitializer    = "DataRestoreStartedByExternalInitializer"
+	DatabaseSuccessfullyRestored               = "SuccessfullyDataRestored"
+	FailedToRestoreData                        = "FailedToRestoreData"
+	AllReplicasAreReady                        = "AllReplicasReady"
+	SomeReplicasAreNotReady                    = "SomeReplicasNotReady"
+	DatabaseAcceptingConnectionRequest         = "DatabaseAcceptingConnectionRequest"
+	DatabaseNotAcceptingConnectionRequest      = "DatabaseNotAcceptingConnectionRequest"
+	ReadinessCheckSucceeded                    = "ReadinessCheckSucceeded"
+	ReadinessCheckFailed                       = "ReadinessCheckFailed"
+	DatabaseProvisioningStartedSuccessfully    = "DatabaseProvisioningStartedSuccessfully"
+	DatabaseSuccessfullyProvisioned            = "DatabaseSuccessfullyProvisioned"
+	DatabaseHaltedSuccessfully                 = "DatabaseHaltedSuccessfully"
+	InternalUsersCredentialSyncFailed          = "InternalUsersCredentialsSyncFailed"
+	InternalUsersCredentialsSyncedSuccessfully = "InternalUsersCredentialsSyncedSuccessfully"
 )
 
 // Resource kind related constants

vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go

@@ -27,6 +27,7 @@ import (
 	"kubedb.dev/apimachinery/apis/kubedb"
 	"kubedb.dev/apimachinery/crds"
 
+	"github.com/Masterminds/semver/v3"
 	"gomodules.xyz/pointer"
 	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -595,7 +596,53 @@ func (e *Elasticsearch) setDefaultInternalUsersAndRoleMappings(esVersion *catalo
 		return
 	}
 
-	// The internalUsers feature only works with searchGuard, openSearch, and openDistro
+	version, err := semver.NewVersion(esVersion.Spec.Version)
+	if err != nil {
+		return
+	}
+	// set missing internal users for Xpack,
+	// internal users are supported for version>=7.8.x
+	if esVersion.Spec.AuthPlugin == catalog.ElasticsearchAuthPluginXpack &&
+		(version.Major() >= 8 || (version.Major() == 7 && version.Minor() >= 8)) {
+		inUsers := e.Spec.InternalUsers
+		// If not set, create empty map
+		if inUsers == nil {
+			inUsers = make(map[string]ElasticsearchUserSpec)
+		}
+
+		// "elastic" user
+		if userSpec, exists := inUsers[string(ElasticsearchInternalUserElastic)]; !exists {
+			inUsers[string(ElasticsearchInternalUserElastic)] = ElasticsearchUserSpec{
+				BackendRoles: []string{"superuser"},
+			}
+		} else {
+			// upsert "superuser" role, if missing
+			// elastic user must have the superuser role
+			userSpec.BackendRoles = upsertStringSlice(userSpec.BackendRoles, "superuser")
+			inUsers[string(ElasticsearchInternalUserElastic)] = userSpec
+		}
+
+		// "Kibana_system", "logstash_system", "beats_system", "apm_system", "remote_monitoring_user" user
+		setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserKibanaSystem), ElasticsearchUserSpec{
+			BackendRoles: []string{"kibana_system"},
+		})
+		setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserBeatsSystem), ElasticsearchUserSpec{
+			BackendRoles: []string{"beats_system"},
+		})
+		setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserApmSystem), ElasticsearchUserSpec{
+			BackendRoles: []string{"apm_system"},
+		})
+		setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserRemoteMonitoringUser), ElasticsearchUserSpec{
+			BackendRoles: []string{"remote_monitoring_collector", "remote_monitoring_agent"},
+		})
+		setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserLogstashSystem), ElasticsearchUserSpec{
+			BackendRoles: []string{"logstash_system"},
+		})
+
+		e.Spec.InternalUsers = inUsers
+	}
+
+	// set missing internal users and roles for OpenDistro, SearchGuard & OpenSearch
 	if esVersion.Spec.AuthPlugin == catalog.ElasticsearchAuthPluginOpenDistro ||
 		esVersion.Spec.AuthPlugin == catalog.ElasticsearchAuthPluginSearchGuard ||
 		esVersion.Spec.AuthPlugin == catalog.ElasticsearchAuthPluginOpenSearch {
@@ -630,26 +677,6 @@ func (e *Elasticsearch) setDefaultInternalUsersAndRoleMappings(esVersion *catalo
 			setMissingElasticsearchUser(inUsers, string(ElasticsearchInternalUserMetricsExporter), ElasticsearchUserSpec{})
 		}
 
-		// Set missing user secret names
-		for username, userSpec := range inUsers {
-			// For admin user, spec.authSecret.Name must have high precedence over default field
-			if username == string(ElasticsearchInternalUserAdmin) {
-				if e.Spec.AuthSecret != nil && e.Spec.AuthSecret.Name != "" {
-					userSpec.SecretName = e.Spec.AuthSecret.Name
-				} else {
-					if userSpec.SecretName == "" {
-						userSpec.SecretName = e.DefaultUserCredSecretName(username)
-					}
-					e.Spec.AuthSecret = &core.LocalObjectReference{
-						Name: userSpec.SecretName,
-					}
-				}
-			} else if userSpec.SecretName == "" {
-				userSpec.SecretName = e.DefaultUserCredSecretName(username)
-			}
-			inUsers[username] = userSpec
-		}
-
 		// If monitoring is enabled,
 		// The "metric_exporter" user needs to have "readall_monitor" role mapped to itself.
 		if e.Spec.Monitor != nil {
@@ -691,6 +718,28 @@ func (e *Elasticsearch) setDefaultInternalUsersAndRoleMappings(esVersion *catalo
 		}
 		e.Spec.InternalUsers = inUsers
 	}
+
+	inUsers := e.Spec.InternalUsers
+	// Set missing user secret names
+	for username, userSpec := range inUsers {
+		// For admin user, spec.authSecret.Name must have high precedence over default field
+		if username == string(ElasticsearchInternalUserAdmin) || username == string(ElasticsearchInternalUserElastic) {
+			if e.Spec.AuthSecret != nil && e.Spec.AuthSecret.Name != "" {
+				userSpec.SecretName = e.Spec.AuthSecret.Name
+			} else {
+				if userSpec.SecretName == "" {
+					userSpec.SecretName = e.DefaultUserCredSecretName(username)
+				}
+				e.Spec.AuthSecret = &core.LocalObjectReference{
+					Name: userSpec.SecretName,
+				}
+			}
+		} else if userSpec.SecretName == "" {
+			userSpec.SecretName = e.DefaultUserCredSecretName(username)
+		}
+		inUsers[username] = userSpec
+	}
+	e.Spec.InternalUsers = inUsers
 }
 
 // set default tls configuration (ie. alias, secretName)
@@ -752,11 +801,14 @@ func (e *Elasticsearch) SetTLSDefaults(esVersion *catalog.ElasticsearchVersion)
 
 		// archiver
 		tlsConfig.Certificates = kmapi.SetMissingSpecForCertificate(tlsConfig.Certificates, kmapi.CertificateSpec{
-			Alias:      string(ElasticsearchArchiverCert),
-			SecretName: e.CertificateName(ElasticsearchArchiverCert),
+			Alias:      string(ElasticsearchClientCert),
+			SecretName: e.CertificateName(ElasticsearchClientCert),
 		})
 	}
 
+	// remove archiverCert from old spec if exists
+	tlsConfig.Certificates = kmapi.RemoveCertificate(tlsConfig.Certificates, string(ElasticsearchArchiverCert))
+
 	for id := range tlsConfig.Certificates {
 		// Force overwrite the private key encoding type to PKCS#8
 		tlsConfig.Certificates[id].PrivateKey = &kmapi.CertificatePrivateKey{