Skip to content

ROX-13523: add enabled enum to central db spec #3815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
johannes94 merged 12 commits into from
Nov 16, 2022
Merged

ROX-13523: add enabled enum to central db spec #3815

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
cf58919
add enabled enum to central db crd
johannes94 Nov 14, 2022
5089be1
changed kuttl tests
johannes94 Nov 15, 2022
b137bd9
add teststep to test central-db is not provisioned for default db values
johannes94 Nov 15, 2022
69d6834
fix existing unit tests
johannes94 Nov 15, 2022
bebb1d1
add comment to CentralDBEnabledPtr
johannes94 Nov 15, 2022
616d0d7
PR changes
johannes94 Nov 15, 2022
378d87a
fixed type in ClusterDBEnabled description
johannes94 Nov 15, 2022
9865c81
add new line to new kuttle step files
johannes94 Nov 16, 2022
e4bb2f3
PR review changes
johannes94 Nov 16, 2022
33db39f
fix isEnabled json tag
johannes94 Nov 16, 2022
a2b350d
fixed json tag for isEnabled
johannes94 Nov 16, 2022
73daffe
revert change to ExposureLoadBalancer
johannes94 Nov 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 36 additions & 8 deletions operator/apis/platform/v1alpha1/central_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,9 +115,9 @@ type CentralComponentSpec struct {
//+operator-sdk:csv:customresourcedefinitions:type=spec,order=5
Persistence *Persistence `json:"persistence,omitempty"`

// NOTE: Central DB is in technical preview.
// NOTE: Central DB is in Technology Preview.
// Settings for Central DB, which is responsible for data persistence.
//+operator-sdk:csv:customresourcedefinitions:type=spec,order=6,displayName="Central DB Settings (Technical Preview)"
//+operator-sdk:csv:customresourcedefinitions:type=spec,order=6,displayName="Central DB Settings (Technology Preview)"
DB *CentralDBSpec `json:"db,omitempty"`

//+operator-sdk:csv:customresourcedefinitions:type=spec,order=99
Expand Down Expand Up @@ -148,37 +148,65 @@ func (c *CentralComponentSpec) GetAdminPasswordGenerationDisabled() bool {
return pointer.BoolPtrDerefOr(c.AdminPasswordGenerationDisabled, false)
}

// CentralDBEnabled returns a bool if CentralDBSpec is not nil
// CentralDBEnabled returns true if central db should be created
// TODO(ROX-13557): modify the logic to enable Postgres DB by default.
func (c *CentralComponentSpec) CentralDBEnabled() bool {
if c == nil {
if c == nil || c.DB == nil || c.DB.IsEnabled == nil {
return false
}
return c.DB != nil

return *c.DB.IsEnabled == CentralDBEnabledTrue
}

// CentralDBSpec defines settings for the "central db" component.
type CentralDBSpec struct {
// Specify whether central-db is enabled, Default configures central to use rocksdb.
// If IsEnabled the operator will provision the Central DB or use an external DB if a connection string is provided.
//+kubebuilder:validation:Default=Default
//+kubebuilder:default=Default
//+operator-sdk:csv:customresourcedefinitions:type=spec,order=1
IsEnabled *CentralDBEnabled `json:"isEnabled,omitempty"`

// Specify a secret that contains the password in the "password" data item.
// If omitted, the operator will auto-generate a DB password and store it in the "password" item
// in the "central-db-password" secret.
//+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Administrator Password",order=1
//+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Administrator Password",order=2
PasswordSecret *LocalSecretReference `json:"passwordSecret,omitempty"`

// Specify a connection string that corresponds to an existing database. If set, the operator will not manage Central DB.
// When using this option, you must explicitly set a password secret; automatically generating a password will not
// be supported.
//+operator-sdk:csv:customresourcedefinitions:type=spec,order=2
//+operator-sdk:csv:customresourcedefinitions:type=spec,order=3
ConnectionStringOverride *string `json:"connectionString,omitempty"`

// Configures how Central DB should store its persistent data. You can choose between using a persistent
// volume claim (recommended default), and a host path.
//+operator-sdk:csv:customresourcedefinitions:type=spec,order=3
//+operator-sdk:csv:customresourcedefinitions:type=spec,order=4
Persistence *DBPersistence `json:"persistence,omitempty"`

//+operator-sdk:csv:customresourcedefinitions:type=spec,order=99
DeploymentSpec `json:",inline"`
}

// CentralDBEnabled is a type for values of spec.central.db.enabled.
//+kubebuilder:validation:Enum=Default;Enabled
type CentralDBEnabled string

const (
// CentralDBEnabledDefault configures the central to use rocksdb
// TODO(ROX-13557): in 3.74.0 this should say that Default enables PostgreSQL.
CentralDBEnabledDefault CentralDBEnabled = "Default"
// CentralDBEnabledTrue configures the central to use a PostgreSQL database (Technology Preview)
CentralDBEnabledTrue CentralDBEnabled = "Enabled"
)

// CentralDBEnabledPtr return a pointer for the given CentralDBEnabled value
func CentralDBEnabledPtr(c CentralDBEnabled) *CentralDBEnabled {
ptr := new(CentralDBEnabled)
*ptr = c
return ptr
}

// GetPasswordSecret provides a way to retrieve the admin password that is safe to use on a nil receiver object.
func (c *CentralDBSpec) GetPasswordSecret() *LocalSecretReference {
if c == nil {
Expand Down
5 changes: 5 additions & 0 deletions operator/apis/platform/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 11 additions & 1 deletion operator/bundle/manifests/platform.stackrox.io_centrals.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 7 additions & 2 deletions operator/bundle/manifests/rhacs-operator.clusterserviceversion.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 11 additions & 1 deletion operator/config/crd/bases/platform.stackrox.io_centrals.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ spec:
- name
type: object
db:
description: 'NOTE: Central DB is in technical preview. Settings
description: 'NOTE: Central DB is in Technology Preview. Settings
for Central DB, which is responsible for data persistence.'
properties:
connectionString:
Expand All @@ -70,6 +70,16 @@ spec:
set a password secret; automatically generating a password
will not be supported.
type: string
isEnabled:
default: Default
description: Specify whether central-db is enabled, Default
configures central to use rocksdb. If IsEnabled the operator
will provision the Central DB or use an external DB if a
connection string is provided.
enum:
- Default
- Enabled
type: string
nodeSelector:
additionalProperties:
type: string
Expand Down
41 changes: 23 additions & 18 deletions operator/config/manifests/bases/rhacs-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,11 @@ spec:
password and store it in the "password" item in the "central-htpasswd" secret.
displayName: Administrator Password
path: central.adminPasswordSecret
- description: Specify a secret that contains the password in the "password"
data item. If omitted, the operator will auto-generate a DB password and
store it in the "password" item in the "central-db-password" secret.
displayName: Administrator Password
path: central.db.passwordSecret
- description: Specify whether central-db is enabled, Default configures central
to use rocksdb. If IsEnabled the operator will provision the Central DB
or use an external DB if a connection string is provided.
displayName: Is Enabled
path: central.db.isEnabled
- description: Uses a Kubernetes persistent volume claim (PVC) to manage the
storage location of persistent data. Recommended for most users.
displayName: Persistent volume claim
Expand Down Expand Up @@ -114,12 +114,11 @@ spec:
settings in this section will have no effect.
displayName: Scanner Component
path: scanner.scannerComponent
- description: Specify a connection string that corresponds to an existing database.
If set, the operator will not manage Central DB. When using this option,
you must explicitly set a password secret; automatically generating a password
will not be supported.
displayName: Connection String Override
path: central.db.connectionString
- description: Specify a secret that contains the password in the "password"
data item. If omitted, the operator will auto-generate a DB password and
store it in the "password" item in the "central-db-password" secret.
displayName: Administrator Password
path: central.db.passwordSecret
- description: The size of the persistent volume when created through the claim.
If a claim was automatically created, this can be used after the initial
deployment to resize (grow) the volume (only supported by some storage class
Expand Down Expand Up @@ -175,11 +174,12 @@ spec:
be configured to match this value.
displayName: Default Replicas
path: scanner.analyzer.scaling.replicas
- description: Configures how Central DB should store its persistent data. You
can choose between using a persistent volume claim (recommended default),
and a host path.
displayName: Persistence
path: central.db.persistence
- description: Specify a connection string that corresponds to an existing database.
If set, the operator will not manage Central DB. When using this option,
you must explicitly set a password secret; automatically generating a password
will not be supported.
displayName: Connection String Override
path: central.db.connectionString
- description: The name of the storage class to use for the PVC. If your cluster
is not configured with a default storage class, you must select a value
here.
Expand Down Expand Up @@ -226,6 +226,11 @@ spec:
path: scanner.db
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:.scannerComponent:Enabled
- description: Configures how Central DB should store its persistent data. You
can choose between using a persistent volume claim (recommended default),
and a host path.
displayName: Persistence
path: central.db.persistence
- description: Configures monitoring endpoint for Central. The monitoring endpoint
allows other services to collect metrics from Central, provided in Prometheus
compatible format.
Expand Down Expand Up @@ -254,9 +259,9 @@ spec:
path: imagePullSecrets
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- description: 'NOTE: Central DB is in technical preview. Settings for Central
- description: 'NOTE: Central DB is in Technology Preview. Settings for Central
DB, which is responsible for data persistence.'
displayName: Central DB Settings (Technical Preview)
displayName: Central DB Settings (Technology Preview)
path: central.db
- description: Customizations to apply on all Central Services components.
displayName: Customizations
Expand Down
5 changes: 4 additions & 1 deletion operator/pkg/central/extensions/reconcile_central_db_password_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,13 +70,14 @@ func TestReconcileDBPassword(t *testing.T) {

specWithAutogenPassword := v1alpha1.CentralSpec{
Central: &v1alpha1.CentralComponentSpec{
DB: &v1alpha1.CentralDBSpec{},
DB: &v1alpha1.CentralDBSpec{IsEnabled: v1alpha1.CentralDBEnabledPtr(v1alpha1.CentralDBEnabledTrue)},
},
}

specWithUserSpecifiedPassword := v1alpha1.CentralSpec{
Central: &v1alpha1.CentralComponentSpec{
DB: &v1alpha1.CentralDBSpec{
IsEnabled: v1alpha1.CentralDBEnabledPtr(v1alpha1.CentralDBEnabledTrue),
PasswordSecret: &v1alpha1.LocalSecretReference{
Name: customPWSecretName,
},
Expand All @@ -87,6 +88,7 @@ func TestReconcileDBPassword(t *testing.T) {
specWithCanonicalAsUserSpecifiedPassword := v1alpha1.CentralSpec{
Central: &v1alpha1.CentralComponentSpec{
DB: &v1alpha1.CentralDBSpec{
IsEnabled: v1alpha1.CentralDBEnabledPtr(v1alpha1.CentralDBEnabledTrue),
PasswordSecret: &v1alpha1.LocalSecretReference{
Name: canonicalCentralDBPasswordSecretName,
},
Expand Down Expand Up @@ -214,6 +216,7 @@ func TestReconcileDBPassword(t *testing.T) {
Spec: v1alpha1.CentralSpec{
Central: &v1alpha1.CentralComponentSpec{
DB: &v1alpha1.CentralDBSpec{
IsEnabled: v1alpha1.CentralDBEnabledPtr(v1alpha1.CentralDBEnabledTrue),
ConnectionStringOverride: pointers.String("foo"),
},
},
Expand Down
3 changes: 2 additions & 1 deletion operator/pkg/central/extensions/reconcile_pvc_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ func TestReconcilePVCExtension(t *testing.T) {
removedCentral := makeCentral(nil)
emptyNotDeletedCentral := makeCentral(nil)
emptyNotDeletedCentralWithDB := makeCentral(nil)
emptyNotDeletedCentralWithDB.Spec.Central.DB = &platform.CentralDBSpec{}
emptyNotDeletedCentralWithDB.Spec.Central.DB = &platform.CentralDBSpec{IsEnabled: platform.CentralDBEnabledPtr(platform.CentralDBEnabledTrue)}

deleteHostPathCentral := makeCentral(&platform.Persistence{HostPath: makeHostPathSpec("/tmp/path")})

Expand Down Expand Up @@ -125,6 +125,7 @@ func TestReconcilePVCExtension(t *testing.T) {

changedPVCConfigCentralDB := makeCentral(nil)
changedPVCConfigCentralDB.Spec.Central.DB = &platform.CentralDBSpec{
IsEnabled: platform.CentralDBEnabledPtr(platform.CentralDBEnabledTrue),
Persistence: &platform.DBPersistence{
PersistentVolumeClaim: &platform.DBPersistentVolumeClaim{
Size: pointer.StringPtr("500Gi"),
Expand Down
10 changes: 10 additions & 0 deletions operator/tests/central/basic/74-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: stackrox-db
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
10 changes: 10 additions & 0 deletions operator/tests/central/basic/74-central-with-db-defaults.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: platform.stackrox.io/v1alpha1
kind: Central
metadata:
name: stackrox-central-services
spec:
central:
db:
persistence:
persistentVolumeClaim:
claimName: central-db
9 changes: 9 additions & 0 deletions operator/tests/central/basic/74-errors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: central-db
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: central-db
1 change: 1 addition & 0 deletions operator/tests/central/basic/75-enable-central-db-external.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ metadata:
spec:
central:
db:
isEnabled: "Enabled"
connectionString: "foobar"
passwordSecret:
name: my-central-db-password
1 change: 1 addition & 0 deletions operator/tests/central/basic/76-switch-central-db-to-internal.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@ metadata:
spec:
central:
db:
isEnabled: "Enabled"
connectionString: null
passwordSecret: null