diff --git a/CHANGELOG.md b/CHANGELOG.md index a6d58bda5..0e52c6a15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## [master](https://github.com/arangodb/kube-arangodb/tree/master) (N/A) - Split & Unify Lifecycle management functionality +- Drop support for ArangoDB <= 3.5 (versions already EOL) ## [1.2.4](https://github.com/arangodb/kube-arangodb/tree/1.2.4) (2021-10-22) - Replace `beta.kubernetes.io/arch` Pod label with `kubernetes.io/arch` using Silent Rotation diff --git a/README.md b/README.md index d32fdfa72..5c8118bde 100644 --- a/README.md +++ b/README.md @@ -38,32 +38,32 @@ covers individual newer features separately. | Platform | Kubernetes Version | ArangoDB Version | State | Remarks | Provider Remarks | |---------------------|--------------------|------------------|------------|-----------------------|------------------------------------| -| Google GKE | 1.17 | >= 3.5.0 | Production | Don't use micro nodes | | -| Google GKE | 1.18 | >= 3.5.0 | Production | Don't use micro nodes | | -| Google GKE | 1.19 | >= 3.5.0 | Production | Don't use micro nodes | | -| Google GKE | 1.20 | >= 3.5.0 | Production | Don't use micro nodes | | -| Azure AKS | 1.18 | >= 3.5.0 | Production | | | -| Azure AKS | 1.19 | >= 3.5.0 | Production | | | -| Azure AKS | 1.20 | >= 3.5.0 | Production | | | -| Amazon EKS | 1.16 | >= 3.5.0 | Production | | [Amazon EKS](./docs/providers/eks) | -| Amazon EKS | 1.17 | >= 3.5.0 | Production | | [Amazon EKS](./docs/providers/eks) | -| Amazon EKS | 1.18 | >= 3.5.0 | Production | | [Amazon EKS](./docs/providers/eks) | -| Amazon EKS | 1.19 | >= 3.5.0 | Production | | [Amazon EKS](./docs/providers/eks) | -| Amazon EKS | 1.20 | >= 3.5.0 | Production | | [Amazon EKS](./docs/providers/eks) | -| IBM Cloud | 1.17 | >= 3.5.0 | Deprecated | | | -| IBM Cloud | 1.18 | >= 3.5.0 | Production | | | -| IBM Cloud | 1.19 | >= 3.5.0 | Production | | | -| IBM Cloud | 1.20 | >= 3.5.0 | Production | | | -| OpenShift | 3.11 | >= 3.5.0 | Production | | | -| OpenShift | 4.2 | >= 3.5.0 | Production | | | -| BareMetal (kubeadm) | 1.16 | >= 3.5.0 | Production | | | -| BareMetal (kubeadm) | 1.17 | >= 3.5.0 | Production | | | -| BareMetal (kubeadm) | 1.18 | >= 3.5.0 | Production | | | -| BareMetal (kubeadm) | 1.19 | >= 3.5.0 | Production | | | -| BareMetal (kubeadm) | 1.20 | >= 3.5.0 | Production | | | -| BareMetal (kubeadm) | 1.21 | >= 3.5.0 | Production | | | -| Minikube | 1.14+ | >= 3.5.0 | Devel Only | | | -| Other | 1.14+ | >= 3.5.0 | Devel Only | | | +| Google GKE | 1.17 | >= 3.6.0 | Production | Don't use micro nodes | | +| Google GKE | 1.18 | >= 3.6.0 | Production | Don't use micro nodes | | +| Google GKE | 1.19 | >= 3.6.0 | Production | Don't use micro nodes | | +| Google GKE | 1.20 | >= 3.6.0 | Production | Don't use micro nodes | | +| Azure AKS | 1.18 | >= 3.6.0 | Production | | | +| Azure AKS | 1.19 | >= 3.6.0 | Production | | | +| Azure AKS | 1.20 | >= 3.6.0 | Production | | | +| Amazon EKS | 1.16 | >= 3.6.0 | Production | | [Amazon EKS](./docs/providers/eks) | +| Amazon EKS | 1.17 | >= 3.6.0 | Production | | [Amazon EKS](./docs/providers/eks) | +| Amazon EKS | 1.18 | >= 3.6.0 | Production | | [Amazon EKS](./docs/providers/eks) | +| Amazon EKS | 1.19 | >= 3.6.0 | Production | | [Amazon EKS](./docs/providers/eks) | +| Amazon EKS | 1.20 | >= 3.6.0 | Production | | [Amazon EKS](./docs/providers/eks) | +| IBM Cloud | 1.17 | >= 3.6.0 | Deprecated | | | +| IBM Cloud | 1.18 | >= 3.6.0 | Production | | | +| IBM Cloud | 1.19 | >= 3.6.0 | Production | | | +| IBM Cloud | 1.20 | >= 3.6.0 | Production | | | +| OpenShift | 3.11 | >= 3.6.0 | Production | | | +| OpenShift | 4.2 | >= 3.6.0 | Production | | | +| BareMetal (kubeadm) | 1.16 | >= 3.6.0 | Production | | | +| BareMetal (kubeadm) | 1.17 | >= 3.6.0 | Production | | | +| BareMetal (kubeadm) | 1.18 | >= 3.6.0 | Production | | | +| BareMetal (kubeadm) | 1.19 | >= 3.6.0 | Production | | | +| BareMetal (kubeadm) | 1.20 | >= 3.6.0 | Production | | | +| BareMetal (kubeadm) | 1.21 | >= 3.6.0 | Production | | | +| Minikube | 1.14+ | >= 3.6.0 | Devel Only | | | +| Other | 1.14+ | >= 3.6.0 | Devel Only | | | Feature-wise production readiness table: @@ -90,12 +90,12 @@ Feature-wise production readiness table: | Encryption Key Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.encryption-rotation | N/A | | Encryption Key Rotation Support | 1.1.0 | > 3.7.0 | Enterprise | Production | True | --deployment.feature.encryption-rotation | N/A | | Encryption Key Rotation Support | 1.2.0 | > 3.7.0 | Enterprise | NotSupported | False | --deployment.feature.encryption-rotation | N/A | -| Version Check | 1.1.4 | >= 3.6.0 | Community, Enterprise | Alpha | False | --deployment.feature.upgrade-version-check | N/A | -| Operator Maintenance Management Support | 1.0.7 | >= 3.6.0 | Community, Enterprise | Alpha | False | --deployment.feature.maintenance | N/A | -| Operator Maintenance Management Support | 1.2.0 | >= 3.6.0 | Community, Enterprise | Production | True | --deployment.feature.maintenance | N/A | -| Operator Internal Metrics Exporter | 1.1.9 | >= 3.6.0 | Community, Enterprise | Alpha | False | --deployment.feature.metrics-exporter | N/A | -| Operator Internal Metrics Exporter | 1.2.0 | >= 3.6.0 | Community, Enterprise | Production | True | --deployment.feature.metrics-exporter | N/A | -| Operator Internal Metrics Exporter | 1.2.3 | >= 3.6.0 | Community, Enterprise | Production | True | --deployment.feature.metrics-exporter | It is always enabled | +| Version Check | 1.1.4 | >= 3.7.0 | Community, Enterprise | Alpha | False | --deployment.feature.upgrade-version-check | N/A | +| Operator Maintenance Management Support | 1.0.7 | >= 3.7.0 | Community, Enterprise | Alpha | False | --deployment.feature.maintenance | N/A | +| Operator Maintenance Management Support | 1.2.0 | >= 3.7.0 | Community, Enterprise | Production | True | --deployment.feature.maintenance | N/A | +| Operator Internal Metrics Exporter | 1.1.9 | >= 3.7.0 | Community, Enterprise | Alpha | False | --deployment.feature.metrics-exporter | N/A | +| Operator Internal Metrics Exporter | 1.2.0 | >= 3.7.0 | Community, Enterprise | Production | True | --deployment.feature.metrics-exporter | N/A | +| Operator Internal Metrics Exporter | 1.2.3 | >= 3.7.0 | Community, Enterprise | Production | True | --deployment.feature.metrics-exporter | It is always enabled | | Operator Ephemeral Volumes | 1.2.2 | >= 3.7.0 | Community, Enterprise | Alpha | False | --deployment.feature.ephemeral-volumes | N/A | ## Release notes for 0.3.16 diff --git a/pkg/deployment/deployment_suite_test.go b/pkg/deployment/deployment_suite_test.go index 882439257..dd8092ccd 100644 --- a/pkg/deployment/deployment_suite_test.go +++ b/pkg/deployment/deployment_suite_test.go @@ -62,7 +62,7 @@ import ( const ( testNamespace = "default" testDeploymentName = "test" - testVersion = "3.5.2" + testVersion = "3.7.0" testImage = "arangodb/arangodb:" + testVersion testCASecretName = "testCA" testJWTSecretName = "testJWT" diff --git a/pkg/deployment/features/maintenance.go b/pkg/deployment/features/maintenance.go index 3014e5bf1..686b11246 100644 --- a/pkg/deployment/features/maintenance.go +++ b/pkg/deployment/features/maintenance.go @@ -1,7 +1,7 @@ // // DISCLAIMER // -// Copyright 2016-2021 ArangoDB GmbH, Cologne, Germany +// Copyright 2020-2021 ArangoDB GmbH, Cologne, Germany // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package features @@ -29,7 +30,7 @@ func init() { var maintenance = &feature{ name: "maintenance", description: "Database maintenance mode management", - version: "3.5.0", + version: "3.6.0", enterpriseRequired: false, enabledByDefault: true, } diff --git a/pkg/deployment/features/upgrade.go b/pkg/deployment/features/upgrade.go index df5b1c8cc..70b5d2acf 100644 --- a/pkg/deployment/features/upgrade.go +++ b/pkg/deployment/features/upgrade.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package features @@ -29,7 +30,7 @@ func init() { var upgradeVersionCheck Feature = &feature{ name: "upgrade-version-check", description: "Enable initContainer with pre version check", - version: "3.5.0", + version: "3.6.0", enterpriseRequired: false, enabledByDefault: false, } diff --git a/pkg/deployment/pod/builder.go b/pkg/deployment/pod/builder.go index 7e5f774ff..bd5eb5b7e 100644 --- a/pkg/deployment/pod/builder.go +++ b/pkg/deployment/pod/builder.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package pod diff --git a/pkg/deployment/pod/jwt.go b/pkg/deployment/pod/jwt.go index 64007dd65..fab1114ce 100644 --- a/pkg/deployment/pod/jwt.go +++ b/pkg/deployment/pod/jwt.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package pod @@ -45,17 +46,6 @@ func IsAuthenticated(i Input) bool { return i.Deployment.IsAuthenticated() } -func VersionHasJWTSecretKeyfile(v driver.Version) bool { - if v.CompareTo("3.3.22") >= 0 && v.CompareTo("3.4.0") < 0 { - return true - } - if v.CompareTo("3.4.2") >= 0 { - return true - } - - return false -} - func JWTSecretFolder(name string) string { return fmt.Sprintf("%s-jwt-folder", name) } @@ -71,15 +61,6 @@ func JWT() Builder { type jwt struct{} func (e jwt) Envs(i Input) []core.EnvVar { - if !IsAuthenticated(i) { - return nil - } - - if !VersionHasJWTSecretKeyfile(i.Version) { - return []core.EnvVar{k8sutil.CreateEnvSecretKeySelector(constants.EnvArangodJWTSecret, - i.Deployment.Authentication.GetJWTSecretName(), constants.SecretKeyToken)} - } - return nil } @@ -95,11 +76,9 @@ func (e jwt) Args(i Input) k8sutil.OptionPairs { if VersionHasJWTSecretKeyfolder(i.Version, i.Enterprise) { options.Add("--server.jwt-secret-folder", k8sutil.ClusterJWTSecretVolumeMountDir) - } else if VersionHasJWTSecretKeyfile(i.Version) { + } else { keyPath := filepath.Join(k8sutil.ClusterJWTSecretVolumeMountDir, constants.SecretKeyToken) options.Add("--server.jwt-secret-keyfile", keyPath) - } else { - options.Addf("--server.jwt-secret", "$(%s)", constants.EnvArangodJWTSecret) } return options diff --git a/pkg/deployment/pod/sni.go b/pkg/deployment/pod/sni.go index e61892400..9e20e9229 100644 --- a/pkg/deployment/pod/sni.go +++ b/pkg/deployment/pod/sni.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package pod diff --git a/pkg/deployment/pod/tls.go b/pkg/deployment/pod/tls.go index df3e661fd..f55ef38f2 100644 --- a/pkg/deployment/pod/tls.go +++ b/pkg/deployment/pod/tls.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package pod diff --git a/pkg/deployment/pod/upgrade.go b/pkg/deployment/pod/upgrade.go index 59802c030..71ef8c218 100644 --- a/pkg/deployment/pod/upgrade.go +++ b/pkg/deployment/pod/upgrade.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package pod diff --git a/pkg/deployment/pod/upgrade_version_check.go b/pkg/deployment/pod/upgrade_version_check.go index 4894a7824..9afeccd5a 100644 --- a/pkg/deployment/pod/upgrade_version_check.go +++ b/pkg/deployment/pod/upgrade_version_check.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package pod @@ -36,6 +37,10 @@ func UpgradeVersionCheck() Builder { type upgradeVersionCheck struct{} +func (u upgradeVersionCheck) Envs(i Input) []core.EnvVar { + return nil +} + func (u upgradeVersionCheck) Args(i Input) k8sutil.OptionPairs { if features.UpgradeVersionCheck().Enabled() { switch i.Group { @@ -54,10 +59,6 @@ func (u upgradeVersionCheck) Volumes(i Input) ([]core.Volume, []core.VolumeMount return nil, nil } -func (u upgradeVersionCheck) Envs(i Input) []core.EnvVar { - return nil -} - func (u upgradeVersionCheck) Verify(i Input, cachedStatus interfaces.Inspector) error { return nil } diff --git a/pkg/deployment/resources/pod_creator.go b/pkg/deployment/resources/pod_creator.go index 696d9bda5..8d526fca6 100644 --- a/pkg/deployment/resources/pod_creator.go +++ b/pkg/deployment/resources/pod_creator.go @@ -50,7 +50,6 @@ import ( inspectorInterface "github.com/arangodb/kube-arangodb/pkg/util/k8sutil/inspector" "github.com/arangodb/kube-arangodb/pkg/util/k8sutil/interfaces" - "github.com/arangodb/go-driver" "k8s.io/apimachinery/pkg/types" api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" @@ -59,10 +58,6 @@ import ( "github.com/arangodb/kube-arangodb/pkg/util/k8sutil" ) -func versionHasAdvertisedEndpoint(v driver.Version) bool { - return v.CompareTo("3.4.0") >= 0 -} - // createArangodArgsWithUpgrade creates command line arguments for an arangod server upgrade in the given group. func createArangodArgsWithUpgrade(cachedStatus interfaces.Inspector, input pod.Input) ([]string, error) { return createArangodArgs(cachedStatus, input, pod.AutoUpgrade().Args(input)...) @@ -108,8 +103,6 @@ func createArangodArgs(cachedStatus interfaces.Inspector, input pod.Input, addit options.Merge(pod.SNI().Args(input)) - versionHasAdvertisedEndpoint := versionHasAdvertisedEndpoint(input.Version) - endpoint, err := pod.GenerateMemberEndpoint(cachedStatus, input.ApiObject, input.Deployment, input.Group, input.Member) if err != nil { return nil, err @@ -148,7 +141,7 @@ func createArangodArgs(cachedStatus interfaces.Inspector, input pod.Input, addit options.Add("--cluster.my-role", "COORDINATOR") options.Add("--foxx.queues", input.Deployment.Features.GetFoxxQueues()) options.Add("--server.statistics", "true") - if input.Deployment.ExternalAccess.HasAdvertisedEndpoint() && versionHasAdvertisedEndpoint { + if input.Deployment.ExternalAccess.HasAdvertisedEndpoint() { options.Add("--cluster.my-advertised-endpoint", input.Deployment.ExternalAccess.GetAdvertisedEndpoint()) } case api.ServerGroupSingle: @@ -159,7 +152,7 @@ func createArangodArgs(cachedStatus interfaces.Inspector, input pod.Input, addit options.Add("--replication.automatic-failover", "true") options.Add("--cluster.my-address", myTCPURL) options.Add("--cluster.my-role", "SINGLE") - if input.Deployment.ExternalAccess.HasAdvertisedEndpoint() && versionHasAdvertisedEndpoint { + if input.Deployment.ExternalAccess.HasAdvertisedEndpoint() { options.Add("--cluster.my-advertised-endpoint", input.Deployment.ExternalAccess.GetAdvertisedEndpoint()) } } diff --git a/pkg/deployment/resources/pod_creator_agent_args_test.go b/pkg/deployment/resources/pod_creator_agent_args_test.go index e8af0ce45..65dfdf3b9 100644 --- a/pkg/deployment/resources/pod_creator_agent_args_test.go +++ b/pkg/deployment/resources/pod_creator_agent_args_test.go @@ -18,11 +18,13 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Ewout Prangsma +// Author Tomasz Mielech // package resources import ( + "path/filepath" "testing" "github.com/arangodb/kube-arangodb/pkg/deployment/resources/inspector" @@ -37,6 +39,8 @@ import ( api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" "github.com/arangodb/kube-arangodb/pkg/util" + "github.com/arangodb/kube-arangodb/pkg/util/constants" + "github.com/arangodb/kube-arangodb/pkg/util/k8sutil" ) type inspectorMock interface { @@ -89,6 +93,7 @@ func (i inspectorMockStruct) Get(t *testing.T) inspectorInterface.Inspector { // TestCreateArangodArgsAgent tests createArangodArgs for agent. func TestCreateArangodArgsAgent(t *testing.T) { + jwtSecretFile := filepath.Join(k8sutil.ClusterJWTSecretVolumeMountDir, constants.SecretKeyToken) // Default deployment { apiObject := &api.ArangoDeployment{ @@ -138,7 +143,7 @@ func TestCreateArangodArgsAgent(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=false", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -199,7 +204,7 @@ func TestCreateArangodArgsAgent(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=false", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -262,7 +267,7 @@ func TestCreateArangodArgsAgent(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=tcp://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=false", "--server.storage-engine=rocksdb", }, @@ -380,7 +385,7 @@ func TestCreateArangodArgsAgent(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=false", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", diff --git a/pkg/deployment/resources/pod_creator_arangod.go b/pkg/deployment/resources/pod_creator_arangod.go index 2b67002d2..07fda3674 100644 --- a/pkg/deployment/resources/pod_creator_arangod.go +++ b/pkg/deployment/resources/pod_creator_arangod.go @@ -17,7 +17,7 @@ // // Copyright holder is ArangoDB GmbH, Cologne, Germany // -// Author Tomasz Mielech +// Author Tomasz Mielech // package resources @@ -144,10 +144,6 @@ func (a *ArangoDContainer) GetImage() string { func (a *ArangoDContainer) GetEnvs() []core.EnvVar { envs := NewEnvBuilder() - if env := pod.JWT().Envs(a.member.AsInput()); len(env) > 0 { - envs.Add(true, env...) - } - if a.spec.License.HasSecretName() { env := k8sutil.CreateEnvSecretKeySelector(constants.EnvArangoLicenseKey, a.spec.License.GetSecretName(), constants.SecretKeyToken) diff --git a/pkg/deployment/resources/pod_creator_coordinator_args_test.go b/pkg/deployment/resources/pod_creator_coordinator_args_test.go index 1267a001e..258d2ad4d 100644 --- a/pkg/deployment/resources/pod_creator_coordinator_args_test.go +++ b/pkg/deployment/resources/pod_creator_coordinator_args_test.go @@ -18,11 +18,13 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Ewout Prangsma +// Author Tomasz Mielech // package resources import ( + "path/filepath" "testing" "github.com/stretchr/testify/require" @@ -34,10 +36,13 @@ import ( api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" "github.com/arangodb/kube-arangodb/pkg/util" + "github.com/arangodb/kube-arangodb/pkg/util/constants" + "github.com/arangodb/kube-arangodb/pkg/util/k8sutil" ) // TestCreateArangodArgsCoordinator tests createArangodArgs for coordinator. func TestCreateArangodArgsCoordinator(t *testing.T) { + jwtSecretFile := filepath.Join(k8sutil.ClusterJWTSecretVolumeMountDir, constants.SecretKeyToken) // Default deployment { apiObject := &api.ArangoDeployment{ @@ -85,7 +90,7 @@ func TestCreateArangodArgsCoordinator(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -143,7 +148,7 @@ func TestCreateArangodArgsCoordinator(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -261,7 +266,7 @@ func TestCreateArangodArgsCoordinator(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=tcp://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", }, @@ -375,7 +380,7 @@ func TestCreateArangodArgsCoordinator(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=mmfiles", "--ssl.ecdh-curve=", diff --git a/pkg/deployment/resources/pod_creator_dbserver_args_test.go b/pkg/deployment/resources/pod_creator_dbserver_args_test.go index 71580235e..c4bcf0fe7 100644 --- a/pkg/deployment/resources/pod_creator_dbserver_args_test.go +++ b/pkg/deployment/resources/pod_creator_dbserver_args_test.go @@ -18,11 +18,13 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Ewout Prangsma +// Author Tomasz Mielech // package resources import ( + "path/filepath" "testing" "github.com/stretchr/testify/require" @@ -34,10 +36,13 @@ import ( api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" "github.com/arangodb/kube-arangodb/pkg/util" + "github.com/arangodb/kube-arangodb/pkg/util/constants" + "github.com/arangodb/kube-arangodb/pkg/util/k8sutil" ) // TestCreateArangodArgsDBServer tests createArangodArgs for dbserver. func TestCreateArangodArgsDBServer(t *testing.T) { + jwtSecretFile := filepath.Join(k8sutil.ClusterJWTSecretVolumeMountDir, constants.SecretKeyToken) // Default deployment { apiObject := &api.ArangoDeployment{ @@ -85,7 +90,7 @@ func TestCreateArangodArgsDBServer(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -143,7 +148,7 @@ func TestCreateArangodArgsDBServer(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -202,7 +207,7 @@ func TestCreateArangodArgsDBServer(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -262,7 +267,7 @@ func TestCreateArangodArgsDBServer(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=tcp://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", }, @@ -376,7 +381,7 @@ func TestCreateArangodArgsDBServer(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=mmfiles", "--ssl.ecdh-curve=", diff --git a/pkg/deployment/resources/pod_creator_probes.go b/pkg/deployment/resources/pod_creator_probes.go index 336891170..d713978a8 100644 --- a/pkg/deployment/resources/pod_creator_probes.go +++ b/pkg/deployment/resources/pod_creator_probes.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Adam Janikowski +// Author Tomasz Mielech // package resources @@ -289,18 +290,8 @@ func (r *Resources) probeBuilderReadinessCoreSelect() probeBuilder { } func (r *Resources) probeBuilderReadinessCoreOperator(spec api.DeploymentSpec, group api.ServerGroup, version driver.Version) (Probe, error) { - localPath := "/_api/version" - switch spec.GetMode() { - case api.DeploymentModeActiveFailover: - localPath = "/_admin/echo" - } - // /_admin/server/availability is the way to go, it is available since 3.3.9 - if version.CompareTo("3.3.9") >= 0 { - localPath = "/_admin/server/availability" - } - - args, err := r.probeCommand(spec, localPath) + args, err := r.probeCommand(spec, "/_admin/server/availability") if err != nil { return nil, err } @@ -313,16 +304,8 @@ func (r *Resources) probeBuilderReadinessCoreOperator(spec api.DeploymentSpec, g } func (r *Resources) probeBuilderReadinessCore(spec api.DeploymentSpec, group api.ServerGroup, version driver.Version) (Probe, error) { - localPath := "/_api/version" - switch spec.GetMode() { - case api.DeploymentModeActiveFailover: - localPath = "/_admin/echo" - } - // /_admin/server/availability is the way to go, it is available since 3.3.9 - if version.CompareTo("3.3.9") >= 0 { - localPath = "/_admin/server/availability" - } + localPath := "/_admin/server/availability" authorization := "" if spec.IsAuthenticated() { diff --git a/pkg/deployment/resources/pod_creator_single_args_test.go b/pkg/deployment/resources/pod_creator_single_args_test.go index b3f5c9274..779ce2475 100644 --- a/pkg/deployment/resources/pod_creator_single_args_test.go +++ b/pkg/deployment/resources/pod_creator_single_args_test.go @@ -18,11 +18,13 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Ewout Prangsma +// Author Tomasz Mielech // package resources import ( + "path/filepath" "testing" "github.com/stretchr/testify/require" @@ -33,11 +35,14 @@ import ( api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" "github.com/arangodb/kube-arangodb/pkg/util" + "github.com/arangodb/kube-arangodb/pkg/util/constants" + "github.com/arangodb/kube-arangodb/pkg/util/k8sutil" "github.com/stretchr/testify/assert" ) // TestCreateArangodArgsSingle tests createArangodArgs for single server. func TestCreateArangodArgsSingle(t *testing.T) { + jwtSecretFile := filepath.Join(k8sutil.ClusterJWTSecretVolumeMountDir, constants.SecretKeyToken) // Default deployment { apiObject := &api.ArangoDeployment{ @@ -69,7 +74,7 @@ func TestCreateArangodArgsSingle(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -111,7 +116,7 @@ func TestCreateArangodArgsSingle(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -155,7 +160,7 @@ func TestCreateArangodArgsSingle(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=tcp://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", }, @@ -195,7 +200,7 @@ func TestCreateArangodArgsSingle(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=mmfiles", "--ssl.ecdh-curve=", @@ -278,7 +283,7 @@ func TestCreateArangodArgsSingle(t *testing.T) { "--log.output=+", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", @@ -338,7 +343,7 @@ func TestCreateArangodArgsSingle(t *testing.T) { "--replication.automatic-failover=true", "--server.authentication=true", "--server.endpoint=ssl://[::]:8529", - "--server.jwt-secret=$(ARANGOD_JWT_SECRET)", + "--server.jwt-secret-keyfile=" + jwtSecretFile, "--server.statistics=true", "--server.storage-engine=rocksdb", "--ssl.ecdh-curve=", diff --git a/pkg/deployment/resources/pod_termination.go b/pkg/deployment/resources/pod_termination.go index 46ddfc1b0..c8a5f2609 100644 --- a/pkg/deployment/resources/pod_termination.go +++ b/pkg/deployment/resources/pod_termination.go @@ -141,16 +141,6 @@ func (r *Resources) prepareDBServerPodTermination(ctx context.Context, log zerol return nil } - resignJobAvailable := false - currentVersion := memberStatus.ArangoVersion - if currentVersion != "" { - if currentVersion.CompareTo("3.4.7") > 0 && currentVersion.CompareTo("3.5") < 0 { - resignJobAvailable = true - } else if currentVersion.CompareTo("3.5.0") > 0 { - resignJobAvailable = true - } - } - // Check node the pod is scheduled on dbserverDataWillBeGone := false if nodes, ok := r.context.GetCachedStatus().GetNodes(); ok { @@ -158,7 +148,7 @@ func (r *Resources) prepareDBServerPodTermination(ctx context.Context, log zerol if !ok { log.Warn().Msg("Node not found") } else if node.Spec.Unschedulable { - if !r.context.GetSpec().IsNetworkAttachedVolumes() || !resignJobAvailable { + if !r.context.GetSpec().IsNetworkAttachedVolumes() { dbserverDataWillBeGone = true } } @@ -181,12 +171,6 @@ func (r *Resources) prepareDBServerPodTermination(ctx context.Context, log zerol dbserverDataWillBeGone = true } - // Is this a simple pod restart? - if !dbserverDataWillBeGone && !resignJobAvailable { - log.Debug().Msg("Pod is just being restarted, safe to remove dbserver pod") - return nil - } - // Inspect cleaned out state ctxChild, cancel = context.WithTimeout(ctx, arangod.GetRequestTimeout()) defer cancel() diff --git a/pkg/util/constants/constants.go b/pkg/util/constants/constants.go index bcfde85fb..82ad8abc7 100644 --- a/pkg/util/constants/constants.go +++ b/pkg/util/constants/constants.go @@ -18,6 +18,7 @@ // Copyright holder is ArangoDB GmbH, Cologne, Germany // // Author Ewout Prangsma +// Author Tomasz Mielech // package constants @@ -30,7 +31,6 @@ const ( EnvOperatorPodIP = "MY_POD_IP" EnvArangoLicenseKey = "ARANGO_LICENSE_KEY" // Contains the License Key for the Docker Image - EnvArangodJWTSecret = "ARANGOD_JWT_SECRET" // Contains JWT secret for the ArangoDB cluster EnvArangoSyncMonitoringToken = "ARANGOSYNC_MONITORING_TOKEN" // Constains monitoring token for ArangoSync servers SecretEncryptionKey = "key" // Key in a Secret.Data used to store an 32-byte encryption key