Merge d7f4efa into 1c3a588

pkg/cluster/cluster.go

@@ -891,6 +891,17 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error {
 			updateFailed = true
 		}
 	}
+	//Add monitoring user if required
+	if newSpec.Spec.Monitoring != nil {
+		flg := cpov1.UserFlags{constants.RoleFlagLogin}
+		if newSpec.Spec.Users != nil {
+			newSpec.Spec.Users[monitorUsername] = flg
+		} else {
+			users := make(map[string]cpov1.UserFlags)
+			newSpec.Spec.Users = users
+			newSpec.Spec.Users[monitorUsername] = flg
+		}
+	}
 
 	// Users
 	func() {
@@ -899,7 +910,6 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error {
 			reflect.DeepEqual(oldSpec.Spec.PreparedDatabases, newSpec.Spec.PreparedDatabases)
 		sameRotatedUsers := reflect.DeepEqual(oldSpec.Spec.UsersWithSecretRotation, newSpec.Spec.UsersWithSecretRotation) &&
 			reflect.DeepEqual(oldSpec.Spec.UsersWithInPlaceSecretRotation, newSpec.Spec.UsersWithInPlaceSecretRotation)
-
 		// connection pooler needs one system user created who is initialized in initUsers
 		// only when disabled in oldSpec and enabled in newSpec
 		needPoolerUser := c.needConnectionPoolerUser(&oldSpec.Spec, &newSpec.Spec)
@@ -941,6 +951,7 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error {
 	//sync monitoring container
 	if !reflect.DeepEqual(oldSpec.Spec.Monitoring, newSpec.Spec.Monitoring) {
 		syncStatefulSet = true
+		c.syncMonitoringSecret(oldSpec, newSpec)
 	}
 
 	// Statefulset

pkg/cluster/sync.go

@@ -143,6 +143,11 @@ func (c *Cluster) Sync(newSpec *cpov1.Postgresql) error {
 		return fmt.Errorf("could not sync connection pooler: %v", err)
 	}
 
+	// sync monitoring
+	if err = c.syncMonitoringSecret(&oldSpec, newSpec); err != nil {
+		return fmt.Errorf("could not sync monitoring: %v", err)
+	}
+
 	if len(c.Spec.Streams) > 0 {
 		c.logger.Debug("syncing streams")
 		if err = c.syncStreams(); err != nil {
@@ -1022,17 +1027,6 @@ func (c *Cluster) syncRoles() (err error) {
 	deletedUsers := map[string]string{}
 	newUsers = make(map[string]spec.PgUser)
 
-	if c.Spec.Monitoring != nil {
-		flg := cpov1.UserFlags{constants.RoleFlagLogin}
-		if c.Spec.Users != nil {
-			c.Spec.Users[monitorUsername] = flg
-		} else {
-			users := make(map[string]cpov1.UserFlags)
-			c.Spec.Users = users
-			c.Spec.Users[monitorUsername] = flg
-		}
-	}
-
 	// create list of database roles to query
 	for _, u := range c.pgUsers {
 		pgRole := u.Name
@@ -1466,7 +1460,8 @@ func (c *Cluster) createMonitoringSecret() error {
 		},
 		Type: v1.SecretTypeOpaque,
 		Data: map[string][]byte{
-			"key": []byte(fmt.Sprintf("%x", generatedKey)),
+			"username": []byte(c.getMonitoringSecretName()),
+			"password": []byte(fmt.Sprintf("%x", generatedKey)),
 		},
 	}
 	secret, err := c.KubeClient.Secrets(generatedSecret.Namespace).Create(context.TODO(), &generatedSecret, metav1.CreateOptions{})
@@ -1481,3 +1476,49 @@ func (c *Cluster) createMonitoringSecret() error {
 
 	return nil
 }
+
+// delete monitoring secret
+func (c *Cluster) deleteMonitoringSecret() (err error) {
+	// Repeat the same for the secret object
+	secretName := c.getMonitoringSecretName()
+
+	secret, err := c.KubeClient.
+		Secrets(c.Namespace).
+		Get(context.TODO(), secretName, metav1.GetOptions{})
+
+	if err != nil {
+		c.logger.Debugf("could not get monitoring secret %s: %v", secretName, err)
+	} else {
+		if err = c.deleteSecret(secret.UID, *secret); err != nil {
+			return fmt.Errorf("could not delete monitoring secret: %v", err)
+		}
+	}
+	return nil
+}
+
+// Sync monitoring
+// In case of monitoring is added/deleted, we need to
+// 1. Update sts to in/exclude the exporter contianer
+// 2. Add/Delete the respective user
+// 3. Add/Delete the respective secret
+// Point 1 and 2 are taken care in Update func, so we only need to take care
+// Point 3 here.
+func (c *Cluster) syncMonitoringSecret(oldSpec, newSpec *cpov1.Postgresql) error {
+	c.logger.Info("syncing Monitoring secret")
+	c.setProcessName("syncing Monitoring secret")
+
+	if newSpec.Spec.Monitoring != nil && oldSpec.Spec.Monitoring == nil {
+		// Create monitoring secret
+		if err := c.createMonitoringSecret(); err != nil {
+			return fmt.Errorf("could not create the monitoring secret: %v", err)
+		}
+		c.logger.Info("monitoring secret was successfully created")
+	} else if newSpec.Spec.Monitoring == nil && oldSpec.Spec.Monitoring != nil {
+		// Delete the monitoring secret
+		if err := c.deleteMonitoringSecret(); err != nil {
+			return fmt.Errorf("could not delete the monitoring secret: %v", err)
+		}
+		c.logger.Info("monitoring secret was successfully deleted")
+	}
+	return nil
+}