persist default superuser secret name, add version check method

Previously we only set the default superuser secret name in memory and did not persist it. The version check patches that I implemented caused a problem with that. The setting is lost after the first patch is applied. It makes more sense to just persist the default.
k8ssandra · Jan 11, 2022 · c4c8b1c · c4c8b1c
1 parent bfd9f49
commit c4c8b1c
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 41 deletions.
diff --git a/Makefile b/Makefile
@@ -219,14 +219,15 @@ multi-deploy:
 	kubectl -n $(NS) apply -f test/testdata/samples/k8ssandra-multi-kind.yaml
 
 cleanup:
-	kind delete cluster --name k8ssandra-0
-	kind delete cluster --name k8ssandra-1
+	for ((i = 0; i < $(NUM_CLUSTERS); ++i)); do \
+		kind delete cluster --name k8ssandra-$$i; \
+	done
 
 create-kind-cluster:
 	scripts/setup-kind-multicluster.sh --clusters 1 --kind-worker-nodes 4
 
 create-kind-multicluster:
-	scripts/setup-kind-multicluster.sh --clusters 2 --kind-worker-nodes 4
+	scripts/setup-kind-multicluster.sh --clusters $(NUM_CLUSTERS) --kind-worker-nodes 4
 
 kind-load-image-multi:
 	for ((i = 0; i < $(NUM_CLUSTERS); ++i)); do \

diff --git a/controllers/k8ssandra/reaper.go b/controllers/k8ssandra/reaper.go
@@ -31,7 +31,6 @@ import (
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"time"
 )
 
 func (r *K8ssandraClusterReconciler) reconcileReaperSchema(
@@ -47,18 +46,9 @@ func (r *K8ssandraClusterReconciler) reconcileReaperSchema(
 
 	logger.Info("Reconciling Reaper schema")
 
-	kcCopy := kc.DeepCopy()
-	patch := client.MergeFromWithOptions(kc.DeepCopy(), client.MergeFromWithOptimisticLock{})
-	if err := r.ClientCache.GetLocalClient().Patch(ctx, kc, patch); err != nil {
-		if errors.IsConflict(err) {
-			return result.RequeueSoon(1 * time.Second)
-		}
-		logger.Error(err, "version check failed")
-		return result.Error(err)
+	if recResult := r.versionCheck(ctx, kc); recResult.Completed() {
+		return recResult
 	}
-	// Need to copy the status here as in-memory status updates can be lost by results
-	// returned from the api server.
-	kc.Status = kcCopy.Status
 
 	managementApiFacade, err := r.ManagementApi.NewManagementApiFacade(ctx, dc, remoteClient, logger)
 	if err != nil {

diff --git a/controllers/k8ssandra/replication.go b/controllers/k8ssandra/replication.go
@@ -65,18 +65,9 @@ func (r *K8ssandraClusterReconciler) updateReplicationOfSystemKeyspaces(
 	remoteClient client.Client,
 	logger logr.Logger) result.ReconcileResult {
 
-	kcCopy := kc.DeepCopy()
-	patch := client.MergeFromWithOptions(kc.DeepCopy(), client.MergeFromWithOptimisticLock{})
-	if err := r.ClientCache.GetLocalClient().Patch(ctx, kc, patch); err != nil {
-		if errors.IsConflict(err) {
-			return result.RequeueSoon(1 * time.Second)
-		}
-		logger.Error(err, "version check failed")
-		return result.Error(err)
+	if recResult := r.versionCheck(ctx, kc); recResult.Completed() {
+		return recResult
 	}
-	// Need to copy the status here as in-memory status updates can be lost by results
-	// returned from the api server.
-	kc.Status = kcCopy.Status
 
 	managementApiFacade, err := r.ManagementApi.NewManagementApiFacade(ctx, dc, remoteClient, logger)
 	if err != nil {
@@ -270,3 +261,19 @@ func getKeyspaceReplication(mgmtApi cassandra.ManagementApiFacade, ks string) (m
 
 	return replication, nil
 }
+
+func (r *K8ssandraClusterReconciler) versionCheck(ctx context.Context, kc *api.K8ssandraCluster) result.ReconcileResult {
+	kcCopy := kc.DeepCopy()
+	patch := client.MergeFromWithOptions(kc.DeepCopy(), client.MergeFromWithOptimisticLock{})
+	if err := r.ClientCache.GetLocalClient().Patch(ctx, kc, patch); err != nil {
+		if errors.IsConflict(err) {
+			return result.RequeueSoon(1 * time.Second)
+		}
+		return result.Error(fmt.Errorf("k8ssandracluster version check failed: %v", err))
+	}
+	// Need to copy the status here as in-memory status updates can be lost by results
+	// returned from the api server.
+	kc.Status = kcCopy.Status
+
+	return result.Continue()
+}
diff --git a/controllers/k8ssandra/secrets.go b/controllers/k8ssandra/secrets.go
@@ -2,12 +2,16 @@ package k8ssandra
 
 import (
 	"context"
+	"fmt"
 	"github.com/go-logr/logr"
 	api "github.com/k8ssandra/k8ssandra-operator/apis/k8ssandra/v1alpha1"
 	"github.com/k8ssandra/k8ssandra-operator/pkg/reaper"
 	"github.com/k8ssandra/k8ssandra-operator/pkg/result"
 	"github.com/k8ssandra/k8ssandra-operator/pkg/secret"
 	"github.com/k8ssandra/k8ssandra-operator/pkg/utils"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
 )
 
 func (r *K8ssandraClusterReconciler) reconcileSuperuserSecret(ctx context.Context, kc *api.K8ssandraCluster, logger logr.Logger) result.ReconcileResult {
@@ -18,9 +22,15 @@ func (r *K8ssandraClusterReconciler) reconcileSuperuserSecret(ctx context.Contex
 	// Finally, creating the superuser secret when auth is disabled does not do any harm: no credentials will be
 	// required to connect to Cassandra nodes by CQL nor JMX.
 	if kc.Spec.Cassandra.SuperuserSecretRef.Name == "" {
-		// Note that we do not persist this change because doing so would prevent us from
-		// differentiating between a default secret by the operator vs one provided by the
-		// client that happens to have the same name as the default name.
+		patch := client.MergeFromWithOptions(kc.DeepCopy(), client.MergeFromWithOptimisticLock{})
+		kc.Spec.Cassandra.SuperuserSecretRef.Name = secret.DefaultSuperuserSecretName(kc.Spec.Cassandra.Cluster)
+		if err := r.Patch(ctx, kc, patch); err != nil {
+			if errors.IsConflict(err) {
+				return result.RequeueSoon(1 * time.Second)
+			}
+			return result.Error(fmt.Errorf("failed to set default superuser secret name: %v", err))
+		}
+
 		kc.Spec.Cassandra.SuperuserSecretRef.Name = secret.DefaultSuperuserSecretName(kc.Spec.Cassandra.Cluster)
 		logger.Info("Setting default superuser secret", "SuperuserSecretName", kc.Spec.Cassandra.SuperuserSecretRef.Name)
 	}

diff --git a/controllers/k8ssandra/stargate.go b/controllers/k8ssandra/stargate.go
@@ -16,7 +16,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"time"
 )
 
 func (r *K8ssandraClusterReconciler) reconcileStargate(
@@ -167,18 +166,9 @@ func (r *K8ssandraClusterReconciler) reconcileStargateAuthSchema(
 		return result.Continue()
 	}
 
-	kcCopy := kc.DeepCopy()
-	patch := client.MergeFromWithOptions(kc.DeepCopy(), client.MergeFromWithOptimisticLock{})
-	if err := r.ClientCache.GetLocalClient().Patch(ctx, kc, patch); err != nil {
-		if errors.IsConflict(err) {
-			return result.RequeueSoon(1 * time.Second)
-		}
-		logger.Error(err, "version check failed")
-		return result.Error(err)
+	if recResult := r.versionCheck(ctx, kc); recResult.Completed() {
+		return recResult
 	}
-	// Need to copy the status here as in-memory status updates can be lost by results
-	// returned from the api server.
-	kc.Status = kcCopy.Status
 
 	managementApi, err := r.ManagementApi.NewManagementApiFacade(ctx, dc, remoteClient, logger)
 	if err != nil {