fix(main): restore missed options by cozystack use-case (#326)

Author: androndo

api/v1alpha2/cel_validation_test.go

@@ -574,6 +574,87 @@ func TestCEL_HappyPathAccepts(t *testing.T) {
 	}
 }
 
+// TestSchema_OptionsValidation exercises the typed spec.options schema
+// against a real apiserver: the autoCompactionMode enum, the
+// autoCompactionRetention pattern, and the numeric bounds. Not CEL —
+// plain OpenAPI validation — but apiserver-enforced all the same, so
+// envtest is the seam that actually tests the contract.
+func TestSchema_OptionsValidation(t *testing.T) {
+	skipIfNoEnvtest(t)
+	ctx := context.Background()
+
+	quota := int64(10200547328)
+	snapCount := int64(10000)
+
+	// The exact tuning Cozystack's legacy spec.options carried must be
+	// accepted in its typed form.
+	ok := validCluster("opts-cozystack-shape")
+	ok.Spec.Options = &lll.EtcdOptions{
+		QuotaBackendBytes:       &quota,
+		AutoCompactionMode:      lll.AutoCompactionModePeriodic,
+		AutoCompactionRetention: "5m",
+		SnapshotCount:           &snapCount,
+	}
+	if err := k8s.Create(ctx, ok); err != nil {
+		t.Fatalf("apiserver rejected valid options: %v", err)
+	}
+	t.Cleanup(func() { _ = k8s.Delete(ctx, ok) })
+
+	// Bare-integer retention (etcd: hours in periodic mode, revisions in
+	// revision mode) is also valid.
+	okInt := validCluster("opts-int-retention")
+	okInt.Spec.Options = &lll.EtcdOptions{
+		AutoCompactionMode:      lll.AutoCompactionModeRevision,
+		AutoCompactionRetention: "1000",
+	}
+	if err := k8s.Create(ctx, okInt); err != nil {
+		t.Fatalf("apiserver rejected bare-integer retention: %v", err)
+	}
+	t.Cleanup(func() { _ = k8s.Delete(ctx, okInt) })
+
+	rejects := []struct {
+		name string
+		mut  func(*lll.EtcdCluster)
+	}{
+		{
+			name: "bad compaction mode",
+			mut: func(c *lll.EtcdCluster) {
+				c.Spec.Options = &lll.EtcdOptions{AutoCompactionMode: "hourly"}
+			},
+		},
+		{
+			name: "garbage retention",
+			mut: func(c *lll.EtcdCluster) {
+				c.Spec.Options = &lll.EtcdOptions{AutoCompactionRetention: "five-minutes"}
+			},
+		},
+		{
+			name: "negative quota",
+			mut: func(c *lll.EtcdCluster) {
+				q := int64(-1)
+				c.Spec.Options = &lll.EtcdOptions{QuotaBackendBytes: &q}
+			},
+		},
+		{
+			name: "zero snapshot count",
+			mut: func(c *lll.EtcdCluster) {
+				s := int64(0)
+				c.Spec.Options = &lll.EtcdOptions{SnapshotCount: &s}
+			},
+		},
+	}
+	for _, tc := range rejects {
+		t.Run(tc.name, func(t *testing.T) {
+			c := validCluster("opts-" + strings.ReplaceAll(strings.ToLower(tc.name), " ", "-"))
+			tc.mut(c)
+			if err := k8s.Create(ctx, c); err == nil {
+				_ = k8s.Delete(ctx, c)
+				t.Fatalf("apiserver accepted invalid options (%s); expected rejection", tc.name)
+			}
+		})
+	}
+}
+
 // spec.auth.enabled requires spec.tls.client — auth credentials must
 // not cross a plaintext wire. This rule does not reference oldSelf, so it is
 // enforced on CREATE.

api/v1alpha2/etcdcluster_types.go

@@ -238,6 +238,67 @@ type IssuerReference struct {
 	Kind string `json:"kind,omitempty"`
 }
 
+// AutoCompactionMode selects etcd's auto-compaction interpretation of
+// the retention value: "periodic" treats it as a time duration,
+// "revision" as a revision-count delta.
+//
+// +kubebuilder:validation:Enum=periodic;revision
+type AutoCompactionMode string
+
+const (
+	// AutoCompactionModePeriodic compacts by time window (--auto-compaction-mode=periodic).
+	AutoCompactionModePeriodic AutoCompactionMode = "periodic"
+	// AutoCompactionModeRevision compacts by revision delta (--auto-compaction-mode=revision).
+	AutoCompactionModeRevision AutoCompactionMode = "revision"
+)
+
+// EtcdOptions carries the etcd server tuning flags the operator passes to
+// each member's `etcd` command line. Deliberately a closed, typed set — the
+// legacy aenix operator exposed a free-form `spec.options` map[string]string,
+// which let users inject arbitrary (and operator-conflicting) flags; this
+// port types exactly the keys Cozystack's etcd package actually used. New
+// flags land here as new typed fields, not as an escape hatch.
+//
+// Like spec.resources, options are latched through status.observed and take
+// effect on newly-created members (scale-up, replacement) only; the operator
+// does not roll existing Pods to apply a tuning change in place. Delete one
+// Pod at a time to re-template members, or recreate the cluster.
+type EtcdOptions struct {
+	// QuotaBackendBytes sets --quota-backend-bytes: the backend database
+	// size limit in bytes before the member raises the cluster-wide
+	// NOSPACE alarm. 0 or absent means etcd's built-in default (2GiB).
+	// etcd's documented practical maximum is 8GiB.
+	// +kubebuilder:validation:Minimum=0
+	// +optional
+	QuotaBackendBytes *int64 `json:"quotaBackendBytes,omitempty"`
+
+	// AutoCompactionMode sets --auto-compaction-mode: how
+	// AutoCompactionRetention is interpreted, "periodic" (time-based)
+	// or "revision" (revision-count-based). Absent means etcd's default
+	// ("periodic" — though compaction only activates when a retention
+	// is set).
+	// +optional
+	AutoCompactionMode AutoCompactionMode `json:"autoCompactionMode,omitempty"`
+
+	// AutoCompactionRetention sets --auto-compaction-retention. In
+	// periodic mode a duration ("5m", "1h"; a bare integer means hours);
+	// in revision mode a revision count. Absent or "0" disables
+	// auto-compaction. The pattern admits what etcd itself parses: a
+	// bare non-negative integer or a Go duration.
+	// +kubebuilder:validation:Pattern=`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$|^[0-9]+$`
+	// +optional
+	AutoCompactionRetention string `json:"autoCompactionRetention,omitempty"`
+
+	// SnapshotCount sets --snapshot-count: the number of committed
+	// raft entries to retain in memory before triggering an internal
+	// raft snapshot (this is unrelated to EtcdSnapshot backups). Absent
+	// means etcd's built-in default. Lower values trade replay speed on
+	// restart for a smaller memory footprint.
+	// +kubebuilder:validation:Minimum=1
+	// +optional
+	SnapshotCount *int64 `json:"snapshotCount,omitempty"`
+}
+
 // Condition types for EtcdCluster.
 const (
 	// ClusterAvailable indicates the cluster has a healthy quorum.
@@ -486,6 +547,17 @@ type EtcdClusterSpec struct {
 	// the operator does not roll existing Pods to apply a change in place.
 	// +optional
 	TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
+
+	// Options carries etcd server tuning flags (backend quota,
+	// auto-compaction, raft snapshot count) passed to each member's
+	// command line. A closed typed set — see EtcdOptions for why there
+	// is deliberately no free-form flag map.
+	//
+	// Updates take effect on newly-created members (scale-up,
+	// replacement); the operator does not roll existing Pods to apply a
+	// tuning change in place.
+	// +optional
+	Options *EtcdOptions `json:"options,omitempty"`
 }
 
 // AdditionalMetadata is a set of labels and annotations the operator merges
@@ -545,6 +617,13 @@ type ObservedClusterSpec struct {
 	// objects created once the current target is reached.
 	// +optional
 	AdditionalMetadata *AdditionalMetadata `json:"additionalMetadata,omitempty"`
+
+	// Options is the locked target etcd tuning flags for member Pods.
+	// Latched with the rest of the target spec so a mid-flight tuning
+	// edit only applies to members created once the current target is
+	// reached.
+	// +optional
+	Options *EtcdOptions `json:"options,omitempty"`
 }
 
 // EtcdClusterStatus defines the observed state of an etcd cluster.

api/v1alpha2/etcdmember_types.go

@@ -98,6 +98,13 @@ type EtcdMemberSpec struct {
 	// +optional
 	TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
 
+	// Options mirrors EtcdCluster.spec.options at the time this member
+	// was created. The member controller renders the set fields as etcd
+	// command-line flags at Pod-build time; existing members are not
+	// re-templated when the cluster spec changes.
+	// +optional
+	Options *EtcdOptions `json:"options,omitempty"`
+
 	// Bootstrap indicates this member is part of the initial cluster formation.
 	// When true the member starts with --initial-cluster-state=new.
 	// +optional

api/v1alpha2/zz_generated.deepcopy.go

@@ -1166,6 +1166,57 @@ spec:
                       rule: '!has(self.source.pvc) || (has(self.source.pvc.subPath)
                         && size(self.source.pvc.subPath) > 0)'
                 type: object
+              options:
+                description: |-
+                  Options carries etcd server tuning flags (backend quota,
+                  auto-compaction, raft snapshot count) passed to each member's
+                  command line. A closed typed set — see EtcdOptions for why there
+                  is deliberately no free-form flag map.
+
+                  Updates take effect on newly-created members (scale-up,
+                  replacement); the operator does not roll existing Pods to apply a
+                  tuning change in place.
+                properties:
+                  autoCompactionMode:
+                    description: |-
+                      AutoCompactionMode sets --auto-compaction-mode: how
+                      AutoCompactionRetention is interpreted, "periodic" (time-based)
+                      or "revision" (revision-count-based). Absent means etcd's default
+                      ("periodic" — though compaction only activates when a retention
+                      is set).
+                    enum:
+                    - periodic
+                    - revision
+                    type: string
+                  autoCompactionRetention:
+                    description: |-
+                      AutoCompactionRetention sets --auto-compaction-retention. In
+                      periodic mode a duration ("5m", "1h"; a bare integer means hours);
+                      in revision mode a revision count. Absent or "0" disables
+                      auto-compaction. The pattern admits what etcd itself parses: a
+                      bare non-negative integer or a Go duration.
+                    pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$|^[0-9]+$
+                    type: string
+                  quotaBackendBytes:
+                    description: |-
+                      QuotaBackendBytes sets --quota-backend-bytes: the backend database
+                      size limit in bytes before the member raises the cluster-wide
+                      NOSPACE alarm. 0 or absent means etcd's built-in default (2GiB).
+                      etcd's documented practical maximum is 8GiB.
+                    format: int64
+                    minimum: 0
+                    type: integer
+                  snapshotCount:
+                    description: |-
+                      SnapshotCount sets --snapshot-count: the number of committed
+                      raft entries to retain in memory before triggering an internal
+                      raft snapshot (this is unrelated to EtcdSnapshot backups). Absent
+                      means etcd's built-in default. Lower values trade replay speed on
+                      restart for a smaller memory footprint.
+                    format: int64
+                    minimum: 1
+                    type: integer
+                type: object
               progressDeadlineSeconds:
                 default: 600
                 description: |-
@@ -2805,6 +2856,53 @@ spec:
                             x-kubernetes-list-type: atomic
                         type: object
                     type: object
+                  options:
+                    description: |-
+                      Options is the locked target etcd tuning flags for member Pods.
+                      Latched with the rest of the target spec so a mid-flight tuning
+                      edit only applies to members created once the current target is
+                      reached.
+                    properties:
+                      autoCompactionMode:
+                        description: |-
+                          AutoCompactionMode sets --auto-compaction-mode: how
+                          AutoCompactionRetention is interpreted, "periodic" (time-based)
+                          or "revision" (revision-count-based). Absent means etcd's default
+                          ("periodic" — though compaction only activates when a retention
+                          is set).
+                        enum:
+                        - periodic
+                        - revision
+                        type: string
+                      autoCompactionRetention:
+                        description: |-
+                          AutoCompactionRetention sets --auto-compaction-retention. In
+                          periodic mode a duration ("5m", "1h"; a bare integer means hours);
+                          in revision mode a revision count. Absent or "0" disables
+                          auto-compaction. The pattern admits what etcd itself parses: a
+                          bare non-negative integer or a Go duration.
+                        pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$|^[0-9]+$
+                        type: string
+                      quotaBackendBytes:
+                        description: |-
+                          QuotaBackendBytes sets --quota-backend-bytes: the backend database
+                          size limit in bytes before the member raises the cluster-wide
+                          NOSPACE alarm. 0 or absent means etcd's built-in default (2GiB).
+                          etcd's documented practical maximum is 8GiB.
+                        format: int64
+                        minimum: 0
+                        type: integer
+                      snapshotCount:
+                        description: |-
+                          SnapshotCount sets --snapshot-count: the number of committed
+                          raft entries to retain in memory before triggering an internal
+                          raft snapshot (this is unrelated to EtcdSnapshot backups). Absent
+                          means etcd's built-in default. Lower values trade replay speed on
+                          restart for a smaller memory footprint.
+                        format: int64
+                        minimum: 1
+                        type: integer
+                    type: object
                   replicas:
                     description: Replicas is the locked target replica count.
                     format: int32