fix: do not recreate the pods on online upgrade

controllers/cluster_upgrade.go

@@ -613,7 +613,8 @@ func checkPodSpecIsOutdated(
 	}
 	envConfig := specs.CreatePodEnvConfig(*cluster, status.Pod.Name)
 	gracePeriod := int64(cluster.GetMaxStopDelay())
-	targetPodSpec := specs.CreateClusterPodSpec(status.Pod.Name, *cluster, envConfig, gracePeriod)
+	targetPodSpec := specs.CreateClusterPodSpec(status.Pod.Name, *cluster, envConfig, gracePeriod,
+		instance.GetStatusSchemeFromPod(status.Pod) == "https")
 
 	// the bootstrap init-container could change image after an operator upgrade.
 	// If in-place upgrades of the instance manager are enabled, we don't need rollout.

pkg/specs/pods.go

@@ -159,14 +159,15 @@ func CreateClusterPodSpec(
 	cluster apiv1.Cluster,
 	envConfig EnvConfig,
 	gracePeriod int64,
+	enableHTTPS bool,
 ) corev1.PodSpec {
 	return corev1.PodSpec{
 		Hostname: podName,
 		InitContainers: []corev1.Container{
 			createBootstrapContainer(cluster),
 		},
 		SchedulerName: cluster.Spec.SchedulerName,
-		Containers:    createPostgresContainers(cluster, envConfig),
+		Containers:    createPostgresContainers(cluster, envConfig, enableHTTPS),
 		Volumes:       createPostgresVolumes(&cluster, podName),
 		SecurityContext: CreatePodSecurityContext(
 			cluster.GetSeccompProfile(),
@@ -183,7 +184,7 @@ func CreateClusterPodSpec(
 
 // createPostgresContainers create the PostgreSQL containers that are
 // used for every instance
-func createPostgresContainers(cluster apiv1.Cluster, envConfig EnvConfig) []corev1.Container {
+func createPostgresContainers(cluster apiv1.Cluster, envConfig EnvConfig, enableHTTPS bool) []corev1.Container {
 	containers := []corev1.Container{
 		{
 			Name:            PostgresContainerName,
@@ -198,9 +199,8 @@ func createPostgresContainers(cluster apiv1.Cluster, envConfig EnvConfig) []core
 				TimeoutSeconds:   5,
 				ProbeHandler: corev1.ProbeHandler{
 					HTTPGet: &corev1.HTTPGetAction{
-						Scheme: corev1.URISchemeHTTPS,
-						Path:   url.PathHealth,
-						Port:   intstr.FromInt32(int32(url.StatusPort)),
+						Path: url.PathHealth,
+						Port: intstr.FromInt32(int32(url.StatusPort)),
 					},
 				},
 			},
@@ -209,9 +209,8 @@ func createPostgresContainers(cluster apiv1.Cluster, envConfig EnvConfig) []core
 				PeriodSeconds:  ReadinessProbePeriod,
 				ProbeHandler: corev1.ProbeHandler{
 					HTTPGet: &corev1.HTTPGetAction{
-						Scheme: corev1.URISchemeHTTPS,
-						Path:   url.PathReady,
-						Port:   intstr.FromInt32(int32(url.StatusPort)),
+						Path: url.PathReady,
+						Port: intstr.FromInt32(int32(url.StatusPort)),
 					},
 				},
 			},
@@ -220,17 +219,15 @@ func createPostgresContainers(cluster apiv1.Cluster, envConfig EnvConfig) []core
 				TimeoutSeconds: 5,
 				ProbeHandler: corev1.ProbeHandler{
 					HTTPGet: &corev1.HTTPGetAction{
-						Scheme: corev1.URISchemeHTTPS,
-						Path:   url.PathHealth,
-						Port:   intstr.FromInt32(int32(url.StatusPort)),
+						Path: url.PathHealth,
+						Port: intstr.FromInt32(int32(url.StatusPort)),
 					},
 				},
 			},
 			Command: []string{
 				"/controller/manager",
 				"instance",
 				"run",
-				"--tls-status",
 			},
 			Resources: cluster.Spec.Resources,
 			Ports: []corev1.ContainerPort{
@@ -254,6 +251,13 @@ func createPostgresContainers(cluster apiv1.Cluster, envConfig EnvConfig) []core
 		},
 	}
 
+	if enableHTTPS {
+		containers[0].StartupProbe.ProbeHandler.HTTPGet.Scheme = corev1.URISchemeHTTPS
+		containers[0].LivenessProbe.ProbeHandler.HTTPGet.Scheme = corev1.URISchemeHTTPS
+		containers[0].ReadinessProbe.ProbeHandler.HTTPGet.Scheme = corev1.URISchemeHTTPS
+		containers[0].Command = append(containers[0].Command, "--tls-status")
+	}
+
 	addManagerLoggingOptions(cluster, &containers[0])
 
 	return containers
@@ -385,7 +389,7 @@ func PodWithExistingStorage(cluster apiv1.Cluster, nodeSerial int) *corev1.Pod {
 
 	envConfig := CreatePodEnvConfig(cluster, podName)
 
-	podSpec := CreateClusterPodSpec(podName, cluster, envConfig, gracePeriod)
+	podSpec := CreateClusterPodSpec(podName, cluster, envConfig, gracePeriod, true)
 
 	pod := &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{