Support externally managed secrets (#681)

Signed-off-by: Tamal Saha <[email protected]>
kubedb · Sep 24, 2022 · 792efd1 · 792efd1
1 parent 7ec2adb
commit 792efd1
Show file tree

Hide file tree

Showing 75 changed files with 1,187 additions and 111 deletions.
diff --git a/go.mod b/go.mod
@@ -22,12 +22,10 @@ require (
 	kmodules.xyz/client-go v0.25.6
 	kmodules.xyz/custom-resources v0.25.0
 	kmodules.xyz/monitoring-agent-api v0.25.0
-	kubedb.dev/apimachinery v0.28.4-0.20220918140426-7263b50309d2
-	stash.appscode.dev/apimachinery v0.22.1-0.20220918134206-55dff33147a0
+	kubedb.dev/apimachinery v0.28.4-0.20220924164625-f5eabfc23811
+	stash.appscode.dev/apimachinery v0.22.1-0.20220924053358-8821fa34c13f
 )
 
-require kmodules.xyz/apiversion v0.2.0 // indirect
-
 require (
 	cloud.google.com/go v0.99.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
@@ -118,6 +116,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.25.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect
 	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 // indirect
+	kmodules.xyz/apiversion v0.2.0 // indirect
 	kmodules.xyz/objectstore-api v0.25.0 // indirect
 	kmodules.xyz/offshoot-api v0.25.0 // indirect
 	kmodules.xyz/prober v0.25.0 // indirect

diff --git a/go.sum b/go.sum
@@ -997,8 +997,8 @@ kmodules.xyz/offshoot-api v0.25.0 h1:Svq9da/+sg5afOjpgo9vx2J/Lu90Mo0aFxkdQmgKnGI
 kmodules.xyz/offshoot-api v0.25.0/go.mod h1:ysEBn7LJuT3+s8ynAQA/OG0BSsJugXa6KGtDLMRjlKo=
 kmodules.xyz/prober v0.25.0 h1:R5uRLHJEvEtEoogj+vaTAob0Btph6+PX5IlS6hPh8PA=
 kmodules.xyz/prober v0.25.0/go.mod h1:z4RTnjaajNQa/vPltsiOnO3xI716I/ziD2ac2Exm+1M=
-kubedb.dev/apimachinery v0.28.4-0.20220918140426-7263b50309d2 h1:ic4TMCl+Yk3H3t5J9blQWyjEiLFTsKwC7pLtLgQ3+Ak=
-kubedb.dev/apimachinery v0.28.4-0.20220918140426-7263b50309d2/go.mod h1:rRH1iTGsGM/1lFii5MqE/7SOd/iQSbeS3YaXhF+s2m8=
+kubedb.dev/apimachinery v0.28.4-0.20220924164625-f5eabfc23811 h1:Xp/vSFvwHclqLrJ+SRXXHCwTxICUv9OdL6WJaD/2gxc=
+kubedb.dev/apimachinery v0.28.4-0.20220924164625-f5eabfc23811/go.mod h1:BNR4wQVfhzoucxS8MNcH0zcpDcYelXwqsevnPBxtIo0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
@@ -1012,5 +1012,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kF
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
-stash.appscode.dev/apimachinery v0.22.1-0.20220918134206-55dff33147a0 h1:GHSuGopU1TXoFnaPLWrXLmwTthd7XWkz0Yj19pLK1qo=
-stash.appscode.dev/apimachinery v0.22.1-0.20220918134206-55dff33147a0/go.mod h1:f1yvcracYbBFRbabEdX3VFhzgXjOLER2QFvyyBNdeik=
+stash.appscode.dev/apimachinery v0.22.1-0.20220924053358-8821fa34c13f h1:N2jMJ6yOvgveZSHzlNpXZCbp8QFPACiqdOKXLcJIV6k=
+stash.appscode.dev/apimachinery v0.22.1-0.20220924053358-8821fa34c13f/go.mod h1:Tb1y/+h1r3+YdBvI5RYIC0tW1b8S+0pIb3iG0X7BOjo=
diff --git a/pkg/describer/elasticsearch.go b/pkg/describer/elasticsearch.go
@@ -86,7 +86,7 @@ func (d *ElasticsearchDescriber) describeElasticsearch(item *api.Elasticsearch,
 
 		showWorkload(d.client, item.Namespace, selector, w)
 
-		secrets := make(map[string]*core.LocalObjectReference)
+		secrets := make(map[string]*api.SecretReference)
 		if item.Spec.AuthSecret != nil {
 			secrets["Auth"] = item.Spec.AuthSecret
 		}

diff --git a/pkg/describer/helper.go b/pkg/describer/helper.go
@@ -242,7 +242,7 @@ func showWorkload(client kubernetes.Interface, namespace string, selector labels
 	}
 }
 
-func showSecret(client kubernetes.Interface, namespace string, secrets map[string]*core.LocalObjectReference, w describe.PrefixWriter) {
+func showSecret(client kubernetes.Interface, namespace string, secrets map[string]*api.SecretReference, w describe.PrefixWriter) {
 	sc := client.CoreV1().Secrets(namespace)
 
 	for key, sv := range secrets {

diff --git a/pkg/describer/mongodb.go b/pkg/describer/mongodb.go
@@ -86,7 +86,7 @@ func (d *MongoDBDescriber) describeMongoDB(item *api.MongoDB, selector labels.Se
 
 		showWorkload(d.client, item.Namespace, selector, w)
 
-		secrets := make(map[string]*core.LocalObjectReference)
+		secrets := make(map[string]*api.SecretReference)
 		if item.Spec.AuthSecret != nil {
 			secrets["Auth"] = item.Spec.AuthSecret
 		}

diff --git a/pkg/describer/mysql.go b/pkg/describer/mysql.go
@@ -86,7 +86,7 @@ func (d *MySQLDescriber) describeMySQL(item *api.MySQL, selector labels.Selector
 
 		showWorkload(d.client, item.Namespace, selector, w)
 
-		secrets := make(map[string]*core.LocalObjectReference)
+		secrets := make(map[string]*api.SecretReference)
 		if item.Spec.AuthSecret != nil {
 			secrets["Auth"] = item.Spec.AuthSecret
 		}

diff --git a/pkg/describer/postgres.go b/pkg/describer/postgres.go
@@ -86,7 +86,7 @@ func (d *PostgresDescriber) describePostgres(item *api.Postgres, selector labels
 
 		showWorkload(d.client, item.Namespace, selector, w)
 
-		secrets := make(map[string]*core.LocalObjectReference)
+		secrets := make(map[string]*api.SecretReference)
 		if item.Spec.AuthSecret != nil {
 			secrets["Auth"] = item.Spec.AuthSecret
 		}

diff --git a/vendor/kubedb.dev/apimachinery/apis/autoscaling/v1alpha1/elasticsearch_types.go b/vendor/kubedb.dev/apimachinery/apis/autoscaling/v1alpha1/elasticsearch_types.go
@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	opsapi "kubedb.dev/apimachinery/apis/ops/v1alpha1"
+
 	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -60,6 +62,9 @@ type ElasticsearchAutoscaler struct {
 type ElasticsearchAutoscalerSpec struct {
 	DatabaseRef *core.LocalObjectReference `json:"databaseRef"`
 
+	// This field will be used to control the behaviour of ops-manager
+	OpsRequestOptions *ElasticsearchOpsRequestOptions `json:"opsRequestOptions,omitempty"`
+
 	Compute *ElasticsearchComputeAutoscalerSpec `json:"compute,omitempty"`
 	Storage *ElasticsearchStorageAutoscalerSpec `json:"storage,omitempty"`
 }
@@ -86,6 +91,18 @@ type ElasticsearchStorageTopologyAutoscalerSpec struct {
 	Ingest *StorageAutoscalerSpec `json:"ingest,omitempty"`
 }
 
+type ElasticsearchOpsRequestOptions struct {
+	// Specifies the Readiness Criteria
+	ReadinessCriteria *opsapi.ElasticsearchReplicaReadinessCriteria `json:"readinessCriteria,omitempty"`
+
+	// Timeout for each step of the ops request in second. If a step doesn't finish within the specified timeout, the ops request will result in failure.
+	Timeout *metav1.Duration `json:"timeout,omitempty"`
+
+	// ApplyOption is to control the execution of OpsRequest depending on the database state.
+	// +kubebuilder:default="IfReady"
+	Apply opsapi.ApplyOption `json:"apply,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // ElasticsearchAutoscalerList is a list of ElasticsearchAutoscaler objects.
 type ElasticsearchAutoscalerList struct {

diff --git a/vendor/kubedb.dev/apimachinery/apis/autoscaling/v1alpha1/elasticsearch_webhook.go b/vendor/kubedb.dev/apimachinery/apis/autoscaling/v1alpha1/elasticsearch_webhook.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 
 	dbapi "kubedb.dev/apimachinery/apis/kubedb/v1alpha2"
+	opsapi "kubedb.dev/apimachinery/apis/ops/v1alpha1"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
@@ -48,6 +49,8 @@ func (in *ElasticsearchAutoscaler) Default() {
 }
 
 func (in *ElasticsearchAutoscaler) setDefaults() {
+	in.setOpsReqOptsDefaults()
+
 	if in.Spec.Storage != nil {
 		setDefaultStorageValues(in.Spec.Storage.Node)
 		if in.Spec.Storage.Topology != nil {
@@ -66,6 +69,17 @@ func (in *ElasticsearchAutoscaler) setDefaults() {
 	}
 }
 
+func (in *ElasticsearchAutoscaler) setOpsReqOptsDefaults() {
+	if in.Spec.OpsRequestOptions == nil {
+		in.Spec.OpsRequestOptions = &ElasticsearchOpsRequestOptions{}
+	}
+	// Timeout is defaulted to 600s in ops-manager retries.go (to retry 120 times with 5sec pause between each)
+	// OplogMaxLagSeconds & ObjectsCountDiffPercentage are defaults to 0
+	if in.Spec.OpsRequestOptions.Apply == "" {
+		in.Spec.OpsRequestOptions.Apply = opsapi.ApplyOptionIfReady
+	}
+}
+
 // +kubebuilder:webhook:path=/validate-schema-kubedb-com-v1alpha1-elasticsearchautoscaler,mutating=false,failurePolicy=fail,sideEffects=None,groups=schema.kubedb.com,resources=elasticsearchautoscalers,verbs=create;update;delete,versions=v1alpha1,name=velasticsearchautoscaler.kb.io,admissionReviewVersions={v1,v1beta1}
 
 var _ webhook.Validator = &ElasticsearchAutoscaler{}

diff --git a/vendor/kubedb.dev/apimachinery/apis/autoscaling/v1alpha1/mariadb_types.go b/vendor/kubedb.dev/apimachinery/apis/autoscaling/v1alpha1/mariadb_types.go
@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	opsapi "kubedb.dev/apimachinery/apis/ops/v1alpha1"
+
 	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -58,6 +60,9 @@ type MariaDBAutoscaler struct {
 type MariaDBAutoscalerSpec struct {
 	DatabaseRef *core.LocalObjectReference `json:"databaseRef"`
 
+	// This field will be used to control the behaviour of ops-manager
+	OpsRequestOptions *MariaDBOpsRequestOptions `json:"opsRequestOptions,omitempty"`
+
 	Compute *MariaDBComputeAutoscalerSpec `json:"compute,omitempty"`
 	Storage *MariaDBStorageAutoscalerSpec `json:"storage,omitempty"`
 }
@@ -70,6 +75,18 @@ type MariaDBStorageAutoscalerSpec struct {
 	MariaDB *StorageAutoscalerSpec `json:"mariadb,omitempty"`
 }
 
+type MariaDBOpsRequestOptions struct {
+	// Specifies the Readiness Criteria
+	ReadinessCriteria *opsapi.MariaDBReplicaReadinessCriteria `json:"readinessCriteria,omitempty"`
+
+	// Timeout for each step of the ops request in second. If a step doesn't finish within the specified timeout, the ops request will result in failure.
+	Timeout *metav1.Duration `json:"timeout,omitempty"`
+
+	// ApplyOption is to control the execution of OpsRequest depending on the database state.
+	// +kubebuilder:default="IfReady"
+	Apply opsapi.ApplyOption `json:"apply,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // MariaDBAutoscalerList is a list of MariaDBAutoscaler objects.
 type MariaDBAutoscalerList struct {

diff --git a/vendor/kubedb.dev/apimachinery/apis/autoscaling/v1alpha1/mariadb_webhook.go b/vendor/kubedb.dev/apimachinery/apis/autoscaling/v1alpha1/mariadb_webhook.go
@@ -19,6 +19,8 @@ package v1alpha1
 import (
 	"errors"
 
+	opsapi "kubedb.dev/apimachinery/apis/ops/v1alpha1"
+
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -46,6 +48,8 @@ func (in *MariaDBAutoscaler) Default() {
 }
 
 func (in *MariaDBAutoscaler) setDefaults() {
+	in.setOpsReqOptsDefaults()
+
 	if in.Spec.Storage != nil {
 		setDefaultStorageValues(in.Spec.Storage.MariaDB)
 	}
@@ -54,6 +58,17 @@ func (in *MariaDBAutoscaler) setDefaults() {
 	}
 }
 
+func (in *MariaDBAutoscaler) setOpsReqOptsDefaults() {
+	if in.Spec.OpsRequestOptions == nil {
+		in.Spec.OpsRequestOptions = &MariaDBOpsRequestOptions{}
+	}
+	// Timeout is defaulted to 600s in ops-manager retries.go (to retry 120 times with 5sec pause between each)
+	// OplogMaxLagSeconds & ObjectsCountDiffPercentage are defaults to 0
+	if in.Spec.OpsRequestOptions.Apply == "" {
+		in.Spec.OpsRequestOptions.Apply = opsapi.ApplyOptionIfReady
+	}
+}
+
 // +kubebuilder:webhook:path=/validate-schema-kubedb-com-v1alpha1-mariadbautoscaler,mutating=false,failurePolicy=fail,sideEffects=None,groups=schema.kubedb.com,resources=mariadbautoscalers,verbs=create;update;delete,versions=v1alpha1,name=vmariadbautoscaler.kb.io,admissionReviewVersions={v1,v1beta1}
 
 var _ webhook.Validator = &MariaDBAutoscaler{}