Skip to content

Commit f92373b

Browse files
authored
Merge branch 'main' into dependabot/go_modules/go.mongodb.org/mongo-driver-1.17.7
2 parents ca60b0b + ed0939b commit f92373b

File tree

6 files changed

+59
-49
lines changed

6 files changed

+59
-49
lines changed

Jenkinsfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ void createCluster(String CLUSTER_SUFFIX) {
1616
--preemptible \
1717
--zone=${region} \
1818
--machine-type='n1-standard-4' \
19-
--cluster-version='1.31' \
19+
--cluster-version='1.32' \
2020
--num-nodes=3 \
2121
--labels='delete-cluster-after-hours=6' \
2222
--disk-size=30 \

e2e-tests/demand-backup-physical-minio-native-tls/compare/statefulset_some-name-rs0_restore-oc.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ kind: StatefulSet
33
metadata:
44
annotations:
55
percona.com/restore-in-progress: "true"
6-
generation: 9
6+
generation: 3
77
labels:
88
app.kubernetes.io/component: mongod
99
app.kubernetes.io/instance: some-name
@@ -267,7 +267,7 @@ spec:
267267
items:
268268
- key: ca.crt
269269
path: ca-1.crt
270-
name: minio2-ca-bundle
270+
name: secondary-minio-ca-bundle
271271
- emptyDir: {}
272272
name: ca-bundle
273273
- name: pbm-config

e2e-tests/demand-backup-physical-minio-native-tls/compare/statefulset_some-name-rs0_restore.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ kind: StatefulSet
33
metadata:
44
annotations:
55
percona.com/restore-in-progress: "true"
6-
generation: 9
6+
generation: 3
77
labels:
88
app.kubernetes.io/component: mongod
99
app.kubernetes.io/instance: some-name
@@ -269,7 +269,7 @@ spec:
269269
items:
270270
- key: ca.crt
271271
path: ca-1.crt
272-
name: minio2-ca-bundle
272+
name: secondary-minio-ca-bundle
273273
- emptyDir: {}
274274
name: ca-bundle
275275
- name: pbm-config

e2e-tests/demand-backup-physical-minio-native-tls/conf/minio2-secret.yml renamed to e2e-tests/demand-backup-physical-minio-native-tls/conf/secondary-minio-secret.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
apiVersion: v1
22
kind: Secret
33
metadata:
4-
name: minio2-secret
4+
name: secondary-minio-secret
55
type: Opaque
66
data:
77
AWS_ACCESS_KEY_ID: c29tZS1hY2Nlc3Mta2V5
8-
AWS_SECRET_ACCESS_KEY: c29tZS1zZWNyZXQta2V5
8+
AWS_SECRET_ACCESS_KEY: c29tZS1zZWNyZXQta2V5

e2e-tests/demand-backup-physical-minio-native-tls/run

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ desc 'Deploy first MinIO with TLS'
7171
deploy_minio minio-tls
7272
apply_s3_storage_secrets
7373

74-
kubectl_bin apply -f "${test_dir}/conf/minio2-secret.yml"
74+
kubectl_bin apply -f "${test_dir}/conf/secondary-minio-secret.yml"
7575

7676
###############################################################################
7777
# Phase 1: Single CA bundle test
@@ -107,67 +107,67 @@ cert_count=$(kubectl_bin exec ${cluster}-rs0-0 -n ${namespace} -c backup-agent -
107107
# Phase 2: Second MinIO
108108
###############################################################################
109109

110-
desc 'Generate certificate for second MinIO'
110+
desc 'Generate certificate for secondary MinIO'
111111

112112
kubectl_bin apply -f - <<EOF
113113
apiVersion: cert-manager.io/v1
114114
kind: Certificate
115115
metadata:
116-
name: minio2-cert
116+
name: secondary-minio-cert
117117
namespace: ${namespace}
118118
spec:
119-
secretName: minio2-tls-temp
119+
secretName: secondary-minio-tls-temp
120120
issuerRef:
121121
name: selfsigned-issuer
122122
kind: Issuer
123-
commonName: minio2-service
123+
commonName: secondary-minio-service
124124
dnsNames:
125-
- minio2-service
126-
- minio2-service.${namespace}
127-
- minio2-service.${namespace}.svc
128-
- minio2-service.${namespace}.svc.cluster.local
125+
- secondary-minio-service
126+
- secondary-minio-service.${namespace}
127+
- secondary-minio-service.${namespace}.svc
128+
- secondary-minio-service.${namespace}.svc.cluster.local
129129
usages:
130130
- digital signature
131131
- key encipherment
132132
- server auth
133133
EOF
134134

135-
kubectl_bin wait --for=condition=Ready certificate/minio2-cert \
135+
kubectl_bin wait --for=condition=Ready certificate/secondary-minio-cert \
136136
-n ${namespace} --timeout=120s
137137

138-
kubectl_bin get secret minio2-tls-temp -n ${namespace} \
139-
-o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/minio2-cert.pem
138+
kubectl_bin get secret secondary-minio-tls-temp -n ${namespace} \
139+
-o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/secondary-minio-cert.pem
140140

141-
kubectl_bin get secret minio2-tls-temp -n ${namespace} \
142-
-o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/minio2-key.pem
141+
kubectl_bin get secret secondary-minio-tls-temp -n ${namespace} \
142+
-o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/secondary-minio-key.pem
143143

144-
kubectl_bin create secret generic minio2-tls -n ${namespace} \
145-
--from-file=public.crt=/tmp/minio2-cert.pem \
146-
--from-file=private.key=/tmp/minio2-key.pem
144+
kubectl_bin create secret generic secondary-minio-tls -n ${namespace} \
145+
--from-file=public.crt=/tmp/secondary-minio-cert.pem \
146+
--from-file=private.key=/tmp/secondary-minio-key.pem
147147

148-
kubectl_bin create secret generic minio2-ca-bundle -n ${namespace} \
149-
--from-file=ca.crt=/tmp/minio2-cert.pem
148+
kubectl_bin create secret generic secondary-minio-ca-bundle -n ${namespace} \
149+
--from-file=ca.crt=/tmp/secondary-minio-cert.pem
150150

151-
deploy_minio "minio2-tls" "minio2-service"
151+
deploy_minio "secondary-minio-tls" "secondary-minio-service"
152152

153-
desc "Add second storage"
153+
desc "Add second storage (secondary)"
154154

155155
kubectl_bin patch psmdb ${cluster} -n ${namespace} --type=merge -p '
156156
{
157157
"spec": {
158158
"backup": {
159159
"storages": {
160-
"minio2": {
160+
"secondary": {
161161
"type": "minio",
162162
"minio": {
163-
"credentialsSecret": "minio2-secret",
163+
"credentialsSecret": "secondary-minio-secret",
164164
"region": "us-east-1",
165165
"bucket": "operator-testing",
166-
"endpointUrl": "https://minio2-service:9000",
166+
"endpointUrl": "https://secondary-minio-service:9000",
167167
"secure": true,
168168
"insecureSkipTLSVerify": false,
169169
"caBundle": {
170-
"name": "minio2-ca-bundle",
170+
"name": "secondary-minio-ca-bundle",
171171
"key": "ca.crt"
172172
}
173173
}
@@ -212,7 +212,7 @@ run_restore ${backup_name_single}
212212
run_recovery_check ${backup_name_single} "" "" "true"
213213

214214
rm -f /tmp/minio-cert.pem /tmp/minio-key.pem
215-
rm -f /tmp/minio2-cert.pem /tmp/minio2-key.pem
215+
rm -f /tmp/secondary-minio-cert.pem /tmp/secondary-minio-key.pem
216216

217217
destroy "${namespace}"
218218

pkg/psmdb/statefulset.go

Lines changed: 26 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"context"
55
"fmt"
66
"path"
7+
"sort"
78
"strconv"
89
"strings"
910

@@ -719,34 +720,43 @@ func PodTopologySpreadConstraints(cr *api.PerconaServerMongoDB, tscs []corev1.To
719720
}
720721

721722
func collectStorageCABundles(cr *api.PerconaServerMongoDB) []api.SecretKeySelector {
722-
723723
if cr.Spec.Backup.Storages == nil {
724724
return nil
725725
}
726726

727727
seen := map[string]struct{}{}
728728
var out []api.SecretKeySelector
729729

730-
for _, storage := range cr.Spec.Backup.Storages {
730+
// Sort storage names to ensure deterministic ordering
731+
// This prevents StatefulSet generation increment due to random map iteration
732+
storageNames := make([]string, 0, len(cr.Spec.Backup.Storages))
733+
for name := range cr.Spec.Backup.Storages {
734+
storageNames = append(storageNames, name)
735+
}
736+
sort.Strings(storageNames)
737+
738+
for _, name := range storageNames {
739+
storage := cr.Spec.Backup.Storages[name]
740+
731741
if storage.Type != api.BackupStorageMinio {
732742
continue
733743
}
734-
if storage.Minio.CABundle != nil &&
735-
storage.Minio.CABundle.Name != "" {
736744

737-
key := storage.Minio.CABundle.Key
738-
if key == "" {
739-
key = "ca.crt"
740-
}
745+
if storage.Minio.CABundle == nil || storage.Minio.CABundle.Name == "" {
746+
continue
747+
}
748+
key := storage.Minio.CABundle.Key
749+
if key == "" {
750+
key = "ca.crt"
751+
}
741752

742-
k := storage.Minio.CABundle.Name + "/" + key
743-
if _, ok := seen[k]; !ok {
744-
out = append(out, api.SecretKeySelector{
745-
Name: storage.Minio.CABundle.Name,
746-
Key: key,
747-
})
748-
seen[k] = struct{}{}
749-
}
753+
k := storage.Minio.CABundle.Name + "/" + key
754+
if _, ok := seen[k]; !ok {
755+
out = append(out, api.SecretKeySelector{
756+
Name: storage.Minio.CABundle.Name,
757+
Key: key,
758+
})
759+
seen[k] = struct{}{}
750760
}
751761
}
752762

0 commit comments

Comments
 (0)