Skip to content

Commit 98a2ee2

Browse files
committed
Merge remote-tracking branch 'upstream/main' into feat/gcs-workload-identity
2 parents cf45047 + faa8943 commit 98a2ee2

81 files changed

Lines changed: 3839 additions & 475 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/dependabot.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,4 +73,9 @@ updates:
7373
interval: weekly
7474
day: "monday"
7575
time: "01:00"
76+
groups:
77+
k8s-ecosystem:
78+
patterns:
79+
- "k8s.io/*"
80+
- "sigs.k8s.io/*"
7681

.github/workflows/reviewdog.yml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ jobs:
77
name: runner / suggester / golangci-lint
88
runs-on: ubuntu-latest
99
steps:
10-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
10+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
1111
- name: golangci-lint
1212
uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9
1313
with:
@@ -19,7 +19,7 @@ jobs:
1919
name: runner / suggester / gofmt
2020
runs-on: ubuntu-latest
2121
steps:
22-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
22+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
2323
- run: gofmt -w -s $(find . -not -path "*/vendor/*" -name "*.go")
2424
- uses: reviewdog/action-suggester@aa38384ceb608d00f84b4690cacc83a5aba307ff # v1.24.0
2525
with:
@@ -29,7 +29,7 @@ jobs:
2929
name: runner / suggester / goimports-reviser
3030
runs-on: ubuntu-latest
3131
steps:
32-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
32+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
3333
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
3434
with:
3535
go-version: '^1.26'
@@ -43,7 +43,7 @@ jobs:
4343
name: runner / suggester / shfmt
4444
runs-on: ubuntu-latest
4545
steps:
46-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
46+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
4747
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
4848
with:
4949
go-version: '^1.26'
@@ -59,7 +59,7 @@ jobs:
5959
name: runner / shellcheck
6060
runs-on: ubuntu-latest
6161
steps:
62-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
62+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
6363
- uses: reviewdog/action-shellcheck@4c07458293ac342d477251099501a718ae5ef86e # v1
6464
with:
6565
github_token: ${{ secrets.github_token }}
@@ -70,7 +70,7 @@ jobs:
7070
name: runner / misspell
7171
runs-on: ubuntu-latest
7272
steps:
73-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
73+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
7474
- uses: reviewdog/action-misspell@d6429416b12b09b4e2768307d53bef58d172e962 # v1
7575
with:
7676
github_token: ${{ secrets.github_token }}
@@ -82,7 +82,7 @@ jobs:
8282
name: runner / alex
8383
runs-on: ubuntu-latest
8484
steps:
85-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
85+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
8686
- uses: reviewdog/action-alex@b6673b547eeb6d430c87ef02dc3524bdf34e324d # v1
8787
with:
8888
github_token: ${{ secrets.github_token }}
@@ -94,7 +94,7 @@ jobs:
9494
name: runner / manifests
9595
runs-on: ubuntu-latest
9696
steps:
97-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
97+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
9898
- name: check on release branch
9999
if: ${{ contains(github.base_ref, 'release-') }}
100100
run: |
@@ -110,7 +110,7 @@ jobs:
110110
name: e2e-tests release_versions image availability
111111
runs-on: ubuntu-latest
112112
steps:
113-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
113+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
114114
with:
115115
fetch-depth: 0
116116
- name: Check if e2e-tests/release_versions changed

.github/workflows/scan.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
runs-on: ubuntu-latest
1717
steps:
1818
- name: Checkout code
19-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
19+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
2020

2121
- name: Set up QEMU
2222
uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4

.github/workflows/test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ jobs:
88
name: Test
99
runs-on: ubuntu-latest
1010
steps:
11-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
11+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
1212
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
1313
with:
1414
go-version-file: go.mod

build/logcollector/entrypoint.sh

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,19 @@ set -e
33

44
export PATH="$PATH:/opt/fluent-bit/bin"
55

6-
LOGROTATE_SCHEDULE="${LOGROTATE_SCHEDULE:-0 0 0 * * *}"
6+
LOGROTATE_SCHEDULE="${LOGROTATE_SCHEDULE:-0 0 * * *}"
7+
8+
run_cron() {
9+
local schedule="$1"
10+
local cmd="$2"
11+
12+
if [ -f /usr/bin/supercronic ]; then
13+
printf '%s %s\n' "$schedule" "$cmd" > /tmp/crontab
14+
exec supercronic /tmp/crontab
15+
else
16+
exec go-cron "$schedule" sh -c "$cmd"
17+
fi
18+
}
719

820
is_logrotate_config_invalid() {
921
local config_file="$1"
@@ -26,6 +38,14 @@ run_logrotate() {
2638
local logrotate_additional_conf_files=()
2739
local conf_d_dir="/opt/percona/logcollector/logrotate/conf.d"
2840

41+
# Ensure logrotate can run with current UID
42+
if [[ $EUID != 1001 ]]; then
43+
# logrotate requires UID in /etc/passwd
44+
sed -e "s^x:1001:^x:$EUID:^" /etc/passwd >/tmp/passwd
45+
cat /tmp/passwd >/etc/passwd
46+
rm -rf /tmp/passwd
47+
fi
48+
2949
# Check if mongodb.conf exists and validate it
3050
if [ -f "$conf_d_dir/mongodb.conf" ]; then
3151
logrotate_conf_file="$conf_d_dir/mongodb.conf"
@@ -49,21 +69,14 @@ run_logrotate() {
4969
fi
5070
done
5171
fi
52-
# Ensure logrotate can run with current UID
53-
if [[ $EUID != 1001 ]]; then
54-
# logrotate requires UID in /etc/passwd
55-
sed -e "s^x:1001:^x:$EUID:^" /etc/passwd >/tmp/passwd
56-
cat /tmp/passwd >/etc/passwd
57-
rm -rf /tmp/passwd
58-
fi
5972

6073
local logrotate_cmd="logrotate -s \"$logrotate_status_file\" \"$logrotate_conf_file\""
6174
for additional_conf in "${logrotate_additional_conf_files[@]}"; do
6275
logrotate_cmd="$logrotate_cmd \"$additional_conf\""
6376
done
6477

6578
set -o xtrace
66-
exec go-cron "$LOGROTATE_SCHEDULE" sh -c "$logrotate_cmd"
79+
run_cron "$LOGROTATE_SCHEDULE" "$logrotate_cmd"
6780
}
6881

6982
run_fluentbit() {

build/ps-entry.sh

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -245,11 +245,26 @@ _dbPath() {
245245
echo "$dbPath"
246246
}
247247

248+
# generate_pem_files concatenates the TLS key and cert into the .pem files
249+
generate_pem_files() {
250+
MONGO_SSL_DIR=${MONGO_SSL_DIR:-/etc/mongodb-ssl}
251+
if [ -f "${MONGO_SSL_DIR}/tls.key" ] && [ -f "${MONGO_SSL_DIR}/tls.crt" ]; then
252+
cat "${MONGO_SSL_DIR}/tls.key" "${MONGO_SSL_DIR}/tls.crt" >/tmp/tls.pem
253+
fi
254+
MONGO_SSL_INTERNAL_DIR=${MONGO_SSL_INTERNAL_DIR:-/etc/mongodb-ssl-internal}
255+
if [ -f "${MONGO_SSL_INTERNAL_DIR}/tls.key" ] && [ -f "${MONGO_SSL_INTERNAL_DIR}/tls.crt" ]; then
256+
cat "${MONGO_SSL_INTERNAL_DIR}/tls.key" "${MONGO_SSL_INTERNAL_DIR}/tls.crt" >/tmp/tls-internal.pem
257+
fi
258+
}
259+
248260
is_manual_recovery() {
249261
recovery_file='/data/db/sleep-forever'
250262
if [ -f "${recovery_file}" ]; then
251263
echo "The $recovery_file file is detected, node is going to infinity loop"
252264
echo "If you want to exit from infinity loop you need to remove $recovery_file file"
265+
# Generate the .pem files so a user who execs into the container during
266+
# sleep-forever mode can start mongod manually without recreating them.
267+
generate_pem_files
253268
while [ -f "${recovery_file}" ]; do
254269
sleep 1
255270
done
@@ -440,16 +455,17 @@ if [[ $originalArgOne == mongo* ]]; then
440455
if [ -f "${MONGO_SSL_DIR}/ca.crt" ]; then
441456
CA="${MONGO_SSL_DIR}/ca.crt"
442457
fi
458+
459+
generate_pem_files
460+
461+
MONGO_SSL_INTERNAL_DIR=${MONGO_SSL_INTERNAL_DIR:-/etc/mongodb-ssl-internal}
443462
if [ -f "${MONGO_SSL_DIR}/tls.key" ] && [ -f "${MONGO_SSL_DIR}/tls.crt" ]; then
444-
cat "${MONGO_SSL_DIR}/tls.key" "${MONGO_SSL_DIR}/tls.crt" >/tmp/tls.pem
445463
_mongod_hack_ensure_arg_val --sslPEMKeyFile /tmp/tls.pem "${mongodHackedArgs[@]}"
446464
if [ -f "${CA}" ]; then
447465
_mongod_hack_ensure_arg_val --sslCAFile "${CA}" "${mongodHackedArgs[@]}"
448466
fi
449467
fi
450-
MONGO_SSL_INTERNAL_DIR=${MONGO_SSL_INTERNAL_DIR:-/etc/mongodb-ssl-internal}
451468
if [ -f "${MONGO_SSL_INTERNAL_DIR}/tls.key" ] && [ -f "${MONGO_SSL_INTERNAL_DIR}/tls.crt" ]; then
452-
cat "${MONGO_SSL_INTERNAL_DIR}/tls.key" "${MONGO_SSL_INTERNAL_DIR}/tls.crt" >/tmp/tls-internal.pem
453469
_mongod_hack_ensure_arg_val --sslClusterFile /tmp/tls-internal.pem "${mongodHackedArgs[@]}"
454470
if [ -f "${MONGO_SSL_INTERNAL_DIR}/ca.crt" ]; then
455471
_mongod_hack_ensure_arg_val --sslClusterCAFile "${MONGO_SSL_INTERNAL_DIR}/ca.crt" "${mongodHackedArgs[@]}"

cmd/manager/main.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,14 @@ import (
1616
volumesnapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
1717
uzap "go.uber.org/zap"
1818
"go.uber.org/zap/zapcore"
19+
corev1 "k8s.io/api/core/v1"
1920
k8sruntime "k8s.io/apimachinery/pkg/runtime"
2021
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
2122
"k8s.io/client-go/discovery"
2223
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
2324
ctrl "sigs.k8s.io/controller-runtime"
2425
"sigs.k8s.io/controller-runtime/pkg/cache"
26+
"sigs.k8s.io/controller-runtime/pkg/client"
2527
"sigs.k8s.io/controller-runtime/pkg/healthz"
2628
"sigs.k8s.io/controller-runtime/pkg/log/zap"
2729
metricsServer "sigs.k8s.io/controller-runtime/pkg/metrics/server"
@@ -104,6 +106,12 @@ func main() {
104106
WebhookServer: webhook.NewServer(webhook.Options{
105107
Port: 9443,
106108
}),
109+
Client: client.Options{
110+
Scheme: scheme,
111+
Cache: &client.CacheOptions{
112+
DisableFor: []client.Object{&corev1.Node{}},
113+
},
114+
},
107115
}
108116

109117
options.Controller.GroupKindConcurrency = map[string]int{

config/crd/bases/psmdb.percona.com_perconaservermongodbrestores.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -262,9 +262,19 @@ spec:
262262
items:
263263
type: string
264264
type: array
265+
nsFrom:
266+
type: string
267+
nsTo:
268+
type: string
265269
withUsersAndRoles:
266270
type: boolean
267271
type: object
272+
x-kubernetes-validations:
273+
- message: nsFrom and nsTo need to be set together
274+
rule: (!has(self.nsFrom) && !has(self.nsTo)) || (has(self.nsFrom)
275+
&& has(self.nsTo))
276+
- message: nsFrom and nsTo can't be the same
277+
rule: (!has(self.nsFrom) && !has(self.nsTo)) || self.nsFrom != self.nsTo
268278
storageName:
269279
type: string
270280
type: object

config/crd/bases/psmdb.percona.com_perconaservermongodbs.yaml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -986,6 +986,12 @@ spec:
986986
type: string
987987
mongosParams:
988988
type: string
989+
querySource:
990+
default: profiler
991+
enum:
992+
- profiler
993+
- mongolog
994+
type: string
989995
resources:
990996
properties:
991997
claims:
@@ -3963,6 +3969,18 @@ spec:
39633969
type: boolean
39643970
exposeType:
39653971
type: string
3972+
externalDNS:
3973+
properties:
3974+
domain:
3975+
type: string
3976+
prefix:
3977+
type: string
3978+
ttl:
3979+
minimum: 0
3980+
type: integer
3981+
required:
3982+
- domain
3983+
type: object
39663984
externalTrafficPolicy:
39673985
type: string
39683986
internalTrafficPolicy:
@@ -14797,6 +14815,18 @@ spec:
1479714815
type: boolean
1479814816
exposeType:
1479914817
type: string
14818+
externalDNS:
14819+
properties:
14820+
domain:
14821+
type: string
14822+
prefix:
14823+
type: string
14824+
ttl:
14825+
minimum: 0
14826+
type: integer
14827+
required:
14828+
- domain
14829+
type: object
1480014830
externalTrafficPolicy:
1480114831
type: string
1480214832
internalTrafficPolicy:
@@ -23245,6 +23275,18 @@ spec:
2324523275
type: object
2324623276
exposeType:
2324723277
type: string
23278+
externalDNS:
23279+
properties:
23280+
domain:
23281+
type: string
23282+
prefix:
23283+
type: string
23284+
ttl:
23285+
minimum: 0
23286+
type: integer
23287+
required:
23288+
- domain
23289+
type: object
2324823290
externalTrafficPolicy:
2324923291
type: string
2325023292
internalTrafficPolicy:
@@ -25429,6 +25471,12 @@ spec:
2542925471
properties:
2543025472
allowInvalidCertificates:
2543125473
type: boolean
25474+
certManagementPolicy:
25475+
default: auto
25476+
enum:
25477+
- auto
25478+
- userProvidedOnly
25479+
type: string
2543225480
certValidityDuration:
2543325481
type: string
2543425482
issuerConf:

0 commit comments

Comments
 (0)