Merge branch 'main' into K8SPSMDB-1183_bundle_generation

percona · Jan 3, 2025 · d3a4fa8 · d3a4fa8
2 parents 9f6df70 + 35b325d
commit d3a4fa8
Show file tree

Hide file tree

Showing 277 changed files with 9,792 additions and 2,737 deletions.
diff --git a/.github/linters/go.mod b/.github/linters/go.mod
@@ -1,3 +1,3 @@
 module linters
 
-go 1.13
+go 1.23.4
diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
@@ -30,7 +30,7 @@ jobs:
       - uses: actions/[email protected]
       - uses: actions/setup-go@v5
         with:
-          go-version: '^1.22'
+          go-version: '^1.23'
       - run: go install -v github.com/incu6us/goimports-reviser/v3@latest
       - run: $(go env GOPATH)/bin/goimports-reviser -imports-order "std,general,company,project" -company-prefixes "github.com/percona" ./...
       - uses: reviewdog/action-suggester@v1
@@ -44,7 +44,7 @@ jobs:
       - uses: actions/[email protected]
       - uses: actions/setup-go@v5
         with:
-          go-version: '^1.22'
+          go-version: '^1.23'
       - run: go install mvdan.cc/sh/v3/cmd/shfmt@latest
       - run: $(go env GOPATH)/bin/shfmt -f . | grep -v 'vendor' | xargs $(go env GOPATH)/bin/shfmt -bn -ci -s -w
       - name: suggester / shfmt

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -29,15 +29,14 @@ jobs:
           export DOCKER_SQUASH=0
           export DOCKER_DEFAULT_PLATFORM='linux/arm64'
           ./e2e-tests/build
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/[email protected]
+
+      - name: Run Snyk vulnerability scanner image (linux/arm64)
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+          image: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64'
+          args: --platform=linux/arm64 --severity-threshold=high --exclude-base-image-vulns --file=./build/Dockerfile -fail-on=upgradable
 
       - name: Build an image from Dockerfile (linux/amd64)
         run: |
@@ -47,12 +46,11 @@ jobs:
           export DOCKER_DEFAULT_PLATFORM='linux/amd64'
           ./e2e-tests/build
 
-      - name: Run Trivy vulnerability scanner image (linux/amd64)
-        uses: aquasecurity/[email protected]
+      - name: Run Snyk vulnerability scanner image (linux/amd64)
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+          image: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64'
+          args: --platform=linux/amd64 --severity-threshold=high --exclude-base-image-vulns --file=./build/Dockerfile -fail-on=upgradable
+
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -7,7 +7,7 @@ jobs:
     steps:
       - uses: actions/setup-go@v5
         with:
-          go-version: '^1.22'
+          go-version: '^1.23'
       - uses: actions/[email protected]
-      - name: go test
-        run: go test -v ./...
+      - name: run tests
+        run: make test
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -347,7 +347,7 @@ EOF
                             -v $WORKSPACE/src/github.com/percona/percona-server-mongodb-operator:/go/src/github.com/percona/percona-server-mongodb-operator \
                             -w /go/src/github.com/percona/percona-server-mongodb-operator \
                             -e GOFLAGS='-buildvcs=false' \
-                            golang:1.22 sh -c '
+                            golang:1.23 sh -c '
                                 go install github.com/google/[email protected];
                                 /go/bin/go-licenses csv github.com/percona/percona-server-mongodb-operator/cmd/manager \
                                     | cut -d , -f 3 \
@@ -375,7 +375,7 @@ EOF
                             -v $WORKSPACE/src/github.com/percona/percona-server-mongodb-operator:/go/src/github.com/percona/percona-server-mongodb-operator \
                             -w /go/src/github.com/percona/percona-server-mongodb-operator \
                             -e GOFLAGS='-buildvcs=false' \
-                            golang:1.22 sh -c 'go build -v -o percona-server-mongodb-operator github.com/percona/percona-server-mongodb-operator/cmd/manager'
+                            golang:1.23 sh -c 'go build -v -o percona-server-mongodb-operator github.com/percona/percona-server-mongodb-operator/cmd/manager'
                     "
                 '''
 

diff --git a/Makefile b/Makefile
@@ -6,6 +6,8 @@ VERSION ?= $(shell git rev-parse --abbrev-ref HEAD | $(SED) -e 's^/^-^g; s^[.]^-
 IMAGE ?= $(IMAGE_TAG_BASE):$(VERSION)
 DEPLOYDIR = ./deploy
 
+ENVTEST_K8S_VERSION = 1.31
+
 all: build
 
 help: ## Display this help.
@@ -35,6 +37,9 @@ $(DEPLOYDIR)/cw-bundle.yaml: $(DEPLOYDIR)/crd.yaml $(DEPLOYDIR)/cw-rbac.yaml $(D
 
 manifests: $(DEPLOYDIR)/crd.yaml $(DEPLOYDIR)/bundle.yaml $(DEPLOYDIR)/cw-bundle.yaml ## Put generated manifests to deploy directory
 
+e2e-test:
+	IMAGE=$(IMAGE) ./e2e-tests/$(TEST)/run
+
 ##@ Build
 
 .PHONY: build
@@ -60,6 +65,9 @@ deploy: ## Deploy operator
 undeploy: ## Undeploy operator
 	kubectl delete -f $(DEPLOYDIR)/operator.yaml
 
+test: envtest ## Run tests.
+	DISABLE_TELEMETRY=true KUBEBUILDER_ASSETS="$(shell $(ENVTEST) --arch=amd64 use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out
+
 # go-get-tool will 'go get' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 define go-get-tool
@@ -82,6 +90,14 @@ KUSTOMIZE = $(shell pwd)/bin/kustomize
 kustomize: ## Download kustomize locally if necessary.
 	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/[email protected])
 
+ENVTEST = $(shell pwd)/bin/setup-envtest
+envtest: ## Download envtest-setup locally if necessary.
+	$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
+
+SWAGGER = $(shell pwd)/bin/swagger
+swagger: ## Download swagger locally if necessary.
+	$(call go-get-tool,$(SWAGGER),github.com/go-swagger/go-swagger/cmd/swagger@latest)
+
 # Prepare release
 CERT_MANAGER_VER := $(shell grep -Eo "cert-manager v.*" go.mod|grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
 release: manifests
@@ -112,3 +128,13 @@ after-release: manifests
 		-e "/^  backup:/,/^    image:/{s#image: .*#image: perconalab/percona-server-mongodb-operator:main-backup#}" \
 		-e "s#initImage: .*#initImage: perconalab/percona-server-mongodb-operator:main#g" \
 		-e "/^  pmm:/,/^    image:/{s#image: .*#image: perconalab/pmm-client:dev-latest#}" deploy/cr.yaml
+
+version-service-client: swagger
+	curl https://raw.githubusercontent.com/Percona-Lab/percona-version-service/$(VS_BRANCH)/api/version.swagger.yaml \
+		--output ./version.swagger.yaml
+	rm -rf ./versionserviceclient
+	swagger generate client \
+		-f ./version.swagger.yaml \
+		-c ./versionserviceclient/ \
+		-m ./versionserviceclient/models
+	rm ./version.swagger.yaml
diff --git a/README.md b/README.md
@@ -9,25 +9,22 @@
 ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/percona/percona-server-mongodb-operator)
 [![Go Report Card](https://goreportcard.com/badge/github.com/percona/percona-server-mongodb-operator)](https://goreportcard.com/report/github.com/percona/percona-server-mongodb-operator)
 
-[Percona Operator for MongoDB](https://github.com/percona/percona-server-mongodb-operator) automates the creation, modification, or deletion of items in your Percona Server for MongoDB environment. The Operator contains the necessary Kubernetes settings to maintain a consistent Percona Server for MongoDB instance, be it a replica set or a sharded cluster.
+[Percona Operator for MongoDB](https://github.com/percona/percona-server-mongodb-operator) deploys and manages Percona Server for MongoDB on Kubernetes with ease. Automate deployments, scaling, and day-to-day operations for both replica sets and sharded clusters. Deploy with confidence and focus on your applications, not your database.
 
-Based on our best practices for deployment and configuration, Percona Operator for MongoDB contains everything you need to quickly and consistently deploy and scale Percona Server for MongoDB instances into a Kubernetes cluster on-premises or in the cloud. It provides the following features to keep your Percona Server for MongoDB deployment healthy:
+- Automated workflows for simplified management
+- High availability with no single point of failure
+- Easy sharding and scaling
+- Integrated backups and monitoring
+- Automated updates and password rotation
+- Support for private container registries
 
-- Easy deployment with no single point of failure
-- Sharding support
-- Scheduled and manual backups
-- Integrated monitoring with [Percona Monitoring and Management](https://www.percona.com/software/database-tools/percona-monitoring-and-management)
-- Smart update to keep your database software up to date automatically
-- Automated password rotation – use the standard Kubernetes API to enforce password rotation policies for system user
-- Private container image registries
-
-You interact with Percona Operator mostly via the command line tool. If you feel more comfortable with operating the Operator and database clusters via the web interface, there is [Percona Everest](https://docs.percona.com/everest/index.html) - an open-source web-based database provisioning tool available for you. It automates day-to-day database management operations for you, reducing the overall administrative overhead. [Get started with Percona Everest](https://docs.percona.com/everest/quickstart-guide/quick-install.html).
+While the Percona Operator is primarily managed through the command line, you can also use **[Percona Everest](https://docs.percona.com/everest/index.html)** for a web-based user interface. This open-source tool provides a streamlined experience for provisioning and managing your databases, simplifying day-to-day tasks and reducing administrative overhead. Learn more about Percona Everest in the [documentation](https://docs.percona.com/everest/index.html) or jump right in with the [quickstart guide](https://docs.percona.com/everest/quickstart-guide/quick-install.html).
 
 # Architecture
 
 Percona Operators are based on the [Operator SDK](https://github.com/operator-framework/operator-sdk) and leverage Kubernetes primitives to follow best [CNCF](https://www.cncf.io/) practices.
 
- Learn more about [architecture and design decisions](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/architecture.html).
+Learn more about [architecture and design decisions](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/architecture.html).
 
 ## Documentation
 
@@ -53,41 +50,25 @@ kubectl apply --server-side -f https://raw.githubusercontent.com/percona/percona
 kubectl apply -f https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/deploy/cr-minimal.yaml
 ```
 
+# Need help?
+
+
+**Commercial Support**  | **Community Support** |
+:-: | :-: |
+| <br/>Enterprise-grade assistance for your mission-critical MongoDB deployments with the Percona Operator for MongoDB. Get expert guidance for complex tasks like multi-cloud replication, database migration and building platforms.<br/><br/>  | <br/>Connect with our engineers and fellow users for general questions, troubleshooting, and sharing feedback and ideas.<br/><br/>  | 
+| **[Get Percona Support](https://hubs.ly/Q02ZTH830)** | **[Visit our Forum](https://forums.percona.com/c/mongodb/percona-kubernetes-operator-for-mongodb/29)** |
+
 # Contributing
 
 Percona welcomes and encourages community contributions to help improve Percona Kubernetes Operator for Percona Server for MongoDB.
 
 See the [Contribution Guide](CONTRIBUTING.md) and [Building and Testing Guide](e2e-tests/README.md) for more information on how you can contribute.
 
-## Communication
-
-We would love to hear from you! Reach out to us on [Forum](https://forums.percona.com/c/mongodb/percona-kubernetes-operator-for-mongodb/29) with your questions, feedback and ideas
-
-# Join Percona Kubernetes Squad!                                                                           
-```                                                                                     
-                    %                        _____                
-                   %%%                      |  __ \                                          
-                 ###%%%%%%%%%%%%*           | |__) |__ _ __ ___ ___  _ __   __ _             
-                ###  ##%%      %%%%         |  ___/ _ \ '__/ __/ _ \| '_ \ / _` |            
-              ####     ##%       %%%%       | |  |  __/ | | (_| (_) | | | | (_| |            
-             ###        ####      %%%       |_|   \___|_|  \___\___/|_| |_|\__,_|           
-           ,((###         ###     %%%        _      _          _____                       _
-          (((( (###        ####  %%%%       | |   / _ \       / ____|                     | | 
-         (((     ((#         ######         | | _| (_) |___  | (___   __ _ _   _  __ _  __| | 
-       ((((       (((#        ####          | |/ /> _ </ __|  \___ \ / _` | | | |/ _` |/ _` |
-      /((          ,(((        *###         |   <| (_) \__ \  ____) | (_| | |_| | (_| | (_| |
-    ////             (((         ####       |_|\_\\___/|___/ |_____/ \__, |\__,_|\__,_|\__,_|
-   ///                ((((        ####                                  | |                  
- /////////////(((((((((((((((((########                                 |_|   Join @ percona.com/k8s   
-```
-
-You can get early access to new product features, invite-only ”ask me anything” sessions with Percona Kubernetes experts, and monthly swag raffles. Interested? Fill in the form at [percona.com/k8s](https://www.percona.com/k8s).
-
-# Roadmap
+## Roadmap
 
-We have an experimental public roadmap which can be found [here](https://github.com/percona/roadmap/projects/1). Please feel free to contribute and propose new features by following the roadmap [guidelines](https://github.com/percona/roadmap).
+We have a public roadmap which can be found [here](https://github.com/orgs/percona/projects/10). Please feel free to contribute and propose new features by following the roadmap [guidelines](https://github.com/percona/roadmap).
 
-# Submitting Bug Reports
+## Submitting Bug Reports
 
 If you find a bug in Percona Docker Images or in one of the related projects, please submit a report to that project's [JIRA](https://jira.percona.com/projects/K8SPSMDB/issues/K8SPSMDB-555?filter=allopenissues) issue tracker or [create a GitHub issue](https://docs.github.com/en/issues/tracking-your-work-with-issues/creating-an-issue#creating-an-issue-from-a-repository) in this repository.
 

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM} golang:1.22 AS go_builder
+FROM --platform=${BUILDPLATFORM} golang:1.23 AS go_builder
 WORKDIR /go/src/github.com/percona/percona-server-mongodb-operator
 
 COPY go.mod go.sum ./

diff --git a/build/ps-entry.sh b/build/ps-entry.sh
@@ -1,6 +1,5 @@
 #!/bin/bash
 set -Eeuo pipefail
-set -o xtrace
 
 if [ "${1:0:1}" = '-' ]; then
 	set -- mongod "$@"
@@ -421,13 +420,10 @@ if [[ $originalArgOne == mongo* ]]; then
 		tlsMode="preferTLS"
 	fi
 
-	# don't add --tlsMode if TLS is disabled
-	if clusterAuthMode="$(_mongod_hack_get_arg_val --clusterAuthMode "${mongodHackedArgs[@]}")"; then
-		if [[ ${clusterAuthMode} != "keyFile" ]]; then
-			_mongod_hack_ensure_arg_val --tlsMode "${tlsMode}" "${mongodHackedArgs[@]}"
-		else
-			_mongod_hack_ensure_no_arg --sslAllowInvalidCertificates "${mongodHackedArgs[@]}"
-		fi
+	_mongod_hack_ensure_arg_val --tlsMode "${tlsMode}" "${mongodHackedArgs[@]}"
+
+	if [[ ${tlsMode} == "disabled" ]]; then
+		_mongod_hack_ensure_no_arg --sslAllowInvalidCertificates "${mongodHackedArgs[@]}"
 	fi
 
 	if [[ ${tlsMode} != "disabled" ]]; then

diff --git a/config/crd/bases/psmdb.percona.com_perconaservermongodbbackups.yaml b/config/crd/bases/psmdb.percona.com_perconaservermongodbbackups.yaml
@@ -95,6 +95,13 @@ spec:
                 type: string
               error:
                 type: string
+              filesystem:
+                properties:
+                  path:
+                    type: string
+                required:
+                - path
+                type: object
               lastTransition:
                 format: date-time
                 type: string

diff --git a/config/crd/bases/psmdb.percona.com_perconaservermongodbrestores.yaml b/config/crd/bases/psmdb.percona.com_perconaservermongodbrestores.yaml
@@ -65,6 +65,13 @@ spec:
                     type: string
                   error:
                     type: string
+                  filesystem:
+                    properties:
+                      path:
+                        type: string
+                    required:
+                    - path
+                    type: object
                   lastTransition:
                     format: date-time
                     type: string