DBAAS-1193: workaround to the ack-rds-controller v0.1.1 upgrade issue with ARO

Author: xieshenzh

api/v1beta1/webhook_suite_test.go

@@ -116,7 +116,6 @@ var _ = BeforeSuite(func() {
 		ClientDisableCacheFor: []client.Object{
 			&operatorframework.ClusterServiceVersion{},
 			&corev1.Secret{},
-			&corev1.ConfigMap{},
 		},
 	})
 	Expect(err).NotTo(HaveOccurred())

bundle/manifests/dbaas-operator.clusterserviceversion.yaml

@@ -415,14 +415,6 @@ spec:
     spec:
       clusterPermissions:
       - rules:
-        - apiGroups:
-          - ""
-          resources:
-          - configmaps
-          - secrets
-          verbs:
-          - create
-          - get
         - apiGroups:
           - ""
           resources:
@@ -607,6 +599,7 @@ spec:
           verbs:
           - delete
           - get
+          - list
           - update
         - apiGroups:
           - operators.coreos.com

config/rbac/role.yaml

@@ -6,14 +6,6 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - secrets
-  verbs:
-  - create
-  - get
 - apiGroups:
   - ""
   resources:
@@ -198,6 +190,7 @@ rules:
   verbs:
   - delete
   - get
+  - list
   - update
 - apiGroups:
   - operators.coreos.com

controllers/dbaasplatform_controller.go

@@ -37,8 +37,6 @@ import (
 	"github.com/operator-framework/api/pkg/operators/v1alpha1"
 
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
-	appsv1 "k8s.io/api/apps/v1"
-	v1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
@@ -88,7 +86,7 @@ type DBaaSPlatformReconciler struct {
 //+kubebuilder:rbac:groups=dbaas.redhat.com,resources=*/finalizers,verbs=update
 //+kubebuilder:rbac:groups=operators.coreos.com,resources=catalogsources;operatorgroups,verbs=get;list;create;update;watch
 //+kubebuilder:rbac:groups=operators.coreos.com,resources=subscriptions,verbs=get;list;create;update;watch;delete
-//+kubebuilder:rbac:groups=operators.coreos.com,resources=clusterserviceversions,verbs=get;update;delete
+//+kubebuilder:rbac:groups=operators.coreos.com,resources=clusterserviceversions,verbs=get;update;delete;list
 //+kubebuilder:rbac:groups=operators.coreos.com,resources=clusterserviceversions/finalizers,verbs=update
 //+kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;statefulsets,verbs=get;list;create;update;watch;delete
 //+kubebuilder:rbac:groups=core,resources=services,verbs=get;list;create;update;watch;delete
@@ -100,7 +98,6 @@ type DBaaSPlatformReconciler struct {
 //+kubebuilder:rbac:groups=config.openshift.io,resources=consoles,verbs=get;list;watch
 //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch
 //+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;delete
-//+kubebuilder:rbac:groups="",resources=secrets;configmaps,verbs=get;create
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -133,11 +130,6 @@ func (r *DBaaSPlatformReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		logger.Error(err, "Error related to conversion webhook setup")
 	}
 
-	// temporary fix for ack-rds-controller v0.1.3 upgrade issue
-	if err = r.fixRDSControllerUpgrade(ctx); err != nil {
-		logger.Error(err, "Error related to ack-rds-controller v0.1.3 upgrade")
-	}
-
 	if cr.DeletionTimestamp != nil {
 		event = metrics.LabelEventValueDelete
 	} else {
@@ -433,82 +425,38 @@ func (r *DBaaSPlatformReconciler) fixConversionWebhooks(ctx context.Context) err
 
 // Temporary solution to the rds-controller upgrade issue, will revert in the next release
 func (r *DBaaSPlatformReconciler) prepareRDSController(ctx context.Context, cli k8sclient.Client) error {
-	secret := &v1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "ack-rds-user-secrets", //#nosec G101
-			Namespace: r.DBaaSReconciler.InstallNamespace,
-		},
+	subscriptionList := &v1alpha1.SubscriptionList{}
+	if err := cli.List(ctx, subscriptionList, k8sclient.InNamespace(r.InstallNamespace)); err != nil {
+		return err
 	}
-	if err := cli.Get(ctx, k8sclient.ObjectKeyFromObject(secret), secret); err != nil {
-		if apierrors.IsNotFound(err) {
-			secret.Data = map[string][]byte{
-				"AWS_ACCESS_KEY_ID":     []byte("dummy"),
-				"AWS_SECRET_ACCESS_KEY": []byte("dummy"), //#nosec G101
-			}
-			if err := cli.Create(ctx, secret); err != nil {
+	for _, subscription := range subscriptionList.Items {
+		if subscription.Spec != nil && subscription.Spec.Package == "ack-rds-controller" {
+			if err := cli.Delete(ctx, &subscription); err != nil {
 				return err
 			}
-		} else {
-			return err
 		}
 	}
 
-	cm := &v1.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "ack-rds-user-config",
-			Namespace: r.DBaaSReconciler.InstallNamespace,
-		},
+	csvList := &v1alpha1.ClusterServiceVersionList{}
+	if err := cli.List(ctx, csvList, k8sclient.InNamespace(r.InstallNamespace)); err != nil {
+		return err
 	}
-	if err := cli.Get(ctx, k8sclient.ObjectKeyFromObject(cm), cm); err != nil {
-		if apierrors.IsNotFound(err) {
-			cm.Data = map[string]string{
-				"AWS_REGION":                     "dummy",
-				"AWS_ENDPOINT_URL":               "",
-				"ACK_ENABLE_DEVELOPMENT_LOGGING": "false",
-				"ACK_WATCH_NAMESPACE":            "",
-				"ACK_LOG_LEVEL":                  "info",
-				"ACK_RESOURCE_TAGS":              "rhoda",
+	for _, csv := range csvList.Items {
+		instanceCRD := false
+		clusterCRD := false
+		for _, crd := range csv.Spec.CustomResourceDefinitions.Owned {
+			if crd.Name == "dbinstances.rds.services.k8s.aws" && crd.Kind == "DBInstance" {
+				instanceCRD = true
+			} else if crd.Name == "dbclusters.rds.services.k8s.aws" && crd.Kind == "DBCluster" {
+				clusterCRD = true
 			}
-			if err := cli.Create(ctx, cm); err != nil {
+		}
+		if instanceCRD && clusterCRD {
+			if err := cli.Delete(ctx, &csv); err != nil {
 				return err
 			}
-		} else {
-			return err
 		}
 	}
 
 	return nil
 }
-
-// Temporary solution to the rds-controller v0.1.3 upgrade issue
-func (r *DBaaSPlatformReconciler) fixRDSControllerUpgrade(ctx context.Context) error {
-	csv := &v1alpha1.ClusterServiceVersion{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "ack-rds-controller.v0.1.3",
-			Namespace: r.DBaaSReconciler.InstallNamespace,
-		},
-	}
-	if err := r.Client.Get(ctx, k8sclient.ObjectKeyFromObject(csv), csv); err != nil {
-		if apierrors.IsNotFound(err) {
-			return nil
-		}
-		return err
-	}
-
-	if csv.Status.Phase == v1alpha1.CSVPhaseFailed && csv.Status.Reason == v1alpha1.CSVReasonComponentFailed &&
-		csv.Status.Message == "install strategy failed: Deployment.apps \"ack-rds-controller\" is invalid: spec.selector: "+
-			"Invalid value: v1.LabelSelector{MatchLabels:map[string]string{\"app.kubernetes.io/name\":\"ack-rds-controller\"}, "+
-			"MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable" {
-		ackDeployment := &appsv1.Deployment{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "ack-rds-controller",
-				Namespace: r.DBaaSReconciler.InstallNamespace,
-			},
-		}
-		if err := r.Client.Delete(ctx, ackDeployment); err != nil {
-			return err
-		}
-		log.FromContext(ctx).Info("Applied fix to the failed RDS controller v0.1.3 installation")
-	}
-	return nil
-}

controllers/dbaasplatform_controller_test.go

@@ -4,15 +4,10 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 
-	appsv1 "k8s.io/api/apps/v1"
-	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	dbaasv1beta1 "github.com/RHEcosystemAppEng/dbaas-operator/api/v1beta1"
-	"github.com/operator-framework/api/pkg/operators/v1alpha1"
 )
 
 var _ = Describe("DBaaSPlatform controller", func() {
@@ -48,149 +43,4 @@ var _ = Describe("DBaaSPlatform controller", func() {
 			Expect(cr.Status.Conditions[0].Type).To(Equal(dbaasv1beta1.DBaaSPlatformReadyType))
 		})
 	})
-
-	Describe("install dummy secret and configmap for rds-controller upgrade", func() {
-		It("should find the dummy secret and configmap after installation", func() {
-			Eventually(func() bool {
-				secret := &v1.Secret{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "ack-rds-user-secrets", //#nosec G101
-						Namespace: testNamespace,
-					},
-				}
-				err := dRec.Get(ctx, client.ObjectKeyFromObject(secret), secret)
-				if err != nil {
-					return false
-				}
-				return true
-			}, timeout).Should(BeTrue())
-
-			Eventually(func() bool {
-				cm := &v1.ConfigMap{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "ack-rds-user-config",
-						Namespace: testNamespace,
-					},
-				}
-				err := dRec.Get(ctx, client.ObjectKeyFromObject(cm), cm)
-				if err != nil {
-					return false
-				}
-				return true
-			}, timeout).Should(BeTrue())
-		})
-	})
-
-	Describe("delete deployment for rds-controller v0.1.3 upgrade", func() {
-		csv := &v1alpha1.ClusterServiceVersion{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "ack-rds-controller.v0.1.3",
-				Namespace: testNamespace,
-			},
-			Spec: v1alpha1.ClusterServiceVersionSpec{
-				DisplayName: "AWS Controllers for Kubernetes - Amazon RDS",
-				InstallStrategy: v1alpha1.NamedInstallStrategy{
-					StrategyName: "deployment",
-					StrategySpec: v1alpha1.StrategyDetailsDeployment{
-						DeploymentSpecs: []v1alpha1.StrategyDeploymentSpec{
-							{
-								Name: "ack-rds-controller",
-								Spec: appsv1.DeploymentSpec{
-									Replicas: pointer.Int32(1),
-									Selector: &metav1.LabelSelector{
-										MatchLabels: map[string]string{
-											"app.kubernetes.io/name": "ack-rds-controller",
-										},
-									},
-									Template: v1.PodTemplateSpec{
-										ObjectMeta: metav1.ObjectMeta{
-											Labels: map[string]string{
-												"app.kubernetes.io/name": "ack-rds-controller",
-											},
-										},
-										Spec: v1.PodSpec{
-											Containers: []v1.Container{
-												{
-													Name:            "controller",
-													Image:           "quay.io/ecosystem-appeng/busybox",
-													ImagePullPolicy: v1.PullIfNotPresent,
-													Command:         []string{"sh", "-c", "echo The app is running! && sleep 3600"},
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}
-		BeforeEach(assertResourceCreation(csv))
-		AfterEach(assertResourceDeletion(csv))
-
-		rdsDeployment := &appsv1.Deployment{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "ack-rds-controller",
-				Namespace: testNamespace,
-			},
-			Spec: appsv1.DeploymentSpec{
-				Replicas: pointer.Int32(1),
-				Selector: &metav1.LabelSelector{
-					MatchLabels: map[string]string{
-						"name": "ack-rds-controller",
-					},
-				},
-				Template: v1.PodTemplateSpec{
-					ObjectMeta: metav1.ObjectMeta{
-						Labels: map[string]string{
-							"name": "ack-rds-controller",
-						},
-					},
-					Spec: v1.PodSpec{
-						Containers: []v1.Container{
-							{
-								Name:            "ack-rds-controller",
-								Image:           "quay.io/ecosystem-appeng/busybox",
-								ImagePullPolicy: v1.PullIfNotPresent,
-								Command:         []string{"sh", "-c", "echo The app is running! && sleep 3600"},
-							},
-						},
-					},
-				},
-			},
-		}
-		BeforeEach(assertResourceCreation(rdsDeployment))
-		AfterEach(assertResourceDeletionIfNotExists(rdsDeployment))
-
-		It("should delete the deployment for the csv error", func() {
-			By("making the csv in failed status")
-			Eventually(func() bool {
-				if err := dRec.Get(ctx, client.ObjectKeyFromObject(csv), csv); err != nil {
-					return false
-				}
-
-				csv.Status.Phase = v1alpha1.CSVPhaseFailed
-				csv.Status.Reason = v1alpha1.CSVReasonComponentFailed
-				csv.Status.Message = "install strategy failed: Deployment.apps \"ack-rds-controller\" is invalid: spec.selector: " +
-					"Invalid value: v1.LabelSelector{MatchLabels:map[string]string{\"app.kubernetes.io/name\":\"ack-rds-controller\"}, " +
-					"MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable"
-
-				if err := dRec.Status().Update(ctx, csv); err != nil {
-					return false
-				}
-				return true
-			}, timeout).Should(BeTrue())
-
-			By("checking if the deployment is deleted")
-			Eventually(func() bool {
-				if err := dRec.Get(ctx, client.ObjectKeyFromObject(rdsDeployment), rdsDeployment); err != nil {
-					if errors.IsNotFound(err) {
-						return true
-					}
-				}
-				return false
-			}, timeout).Should(BeTrue())
-		})
-	})
 })