diff --git a/controllers/postgres_controller.go b/controllers/postgres_controller.go index 2e72a6be..4c39c379 100644 --- a/controllers/postgres_controller.go +++ b/controllers/postgres_controller.go @@ -8,9 +8,7 @@ package controllers import ( "context" - "encoding/json" "fmt" - "net/url" "github.com/go-logr/logr" zalando "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1" @@ -144,10 +142,9 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c log.Info("finalizer added") } - // Check if zalando dependencies are installed. If not, install them. - if err := r.ensureZalandoDependencies(ctx, instance); err != nil { - r.recorder.Eventf(instance, "Warning", "Error", "failed to install operator: %v", err) - return ctrl.Result{}, fmt.Errorf("error while ensuring Zalando dependencies: %w", err) + if err := r.CreateOrUpdateOperator(ctx, instance); err != nil { + r.recorder.Eventf(instance, "Warning", "Error", "failed to install or update operator: %v", err) + return ctrl.Result{}, fmt.Errorf("failed to install or update operator: %w", err) } if err := r.createOrUpdateZalandoPostgresql(ctx, instance, log); err != nil { @@ -250,119 +247,6 @@ func (r *PostgresReconciler) deleteUserPasswordsSecret(ctx context.Context, inst return nil } -// ensureZalandoDependencies makes sure Zalando resources are installed in the service-cluster. -func (r *PostgresReconciler) ensureZalandoDependencies(ctx context.Context, p *pg.Postgres) error { - namespace := p.ToPeripheralResourceNamespace() - isInstalled, err := r.IsOperatorInstalled(ctx, namespace) - if err != nil { - return fmt.Errorf("error while querying if zalando dependencies are installed: %w", err) - } - - if !isInstalled { - if err := r.InstallOrUpdateOperator(ctx, namespace); err != nil { - return fmt.Errorf("error while installing zalando dependencies: %w", err) - } - } - - if err := r.updatePodEnvironmentConfigMap(ctx, p); err != nil { - return fmt.Errorf("error while updating backup config: %w", err) - } - - return nil -} - -func (r *PostgresReconciler) updatePodEnvironmentConfigMap(ctx context.Context, p *pg.Postgres) error { - log := r.Log.WithValues("postgres", p.UID) - if p.Spec.BackupSecretRef == "" { - log.Info("No configured backupSecretRef found, skipping configuration of postgres backup") - return nil - } - - // fetch secret - backupSecret := &v1.Secret{} - backupNamespace := types.NamespacedName{ - Name: p.Spec.BackupSecretRef, - Namespace: p.Namespace, - } - if err := r.CtrlClient.Get(ctx, backupNamespace, backupSecret); err != nil { - return fmt.Errorf("error while getting the backup secret from control plane cluster: %w", err) - } - - backupConfigJSON, ok := backupSecret.Data[pg.BackupConfigKey] - if !ok { - return fmt.Errorf("no backupConfig stored in the secret") - } - var backupConfig pg.BackupConfig - err := json.Unmarshal(backupConfigJSON, &backupConfig) - if err != nil { - return fmt.Errorf("unable to unmarshal backupconfig:%w", err) - } - - s3url, err := url.Parse(backupConfig.S3Endpoint) - if err != nil { - return fmt.Errorf("error while parsing the s3 endpoint url in the backup secret: %w", err) - } - // use the s3 endpoint as provided - awsEndpoint := s3url.String() - // modify the scheme to 'https+path' - s3url.Scheme = "https+path" - // use the modified s3 endpoint - walES3Endpoint := s3url.String() - // region - region := backupConfig.S3Region - - // use the rest as provided in the secret - bucketName := backupConfig.S3BucketName - awsAccessKeyID := backupConfig.S3AccessKey - awsSecretAccessKey := backupConfig.S3SecretKey - backupSchedule := backupConfig.Schedule - backupNumToRetain := backupConfig.Retention - - // s3 server side encryption SSE is enabled if the key is given - // TODO our s3 needs a small change to make this work - walgDisableSSE := "true" - walgSSE := "" - if backupConfig.S3EncryptionKey != nil { - walgDisableSSE = "false" - walgSSE = *backupConfig.S3EncryptionKey - } - - // create updated content for pod environment configmap - data := map[string]string{ - "USE_WALG_BACKUP": "true", - "USE_WALG_RESTORE": "true", - "WALE_S3_PREFIX": "s3://" + bucketName + "/$(SCOPE)", - "WALG_S3_PREFIX": "s3://" + bucketName + "/$(SCOPE)", - "CLONE_WALG_S3_PREFIX": "s3://" + bucketName + "/$(CLONE_SCOPE)", - "WALE_BACKUP_THRESHOLD_PERCENTAGE": "100", - "AWS_ENDPOINT": awsEndpoint, - "WALE_S3_ENDPOINT": walES3Endpoint, // same as above, but slightly modified - "AWS_ACCESS_KEY_ID": awsAccessKeyID, - "AWS_SECRET_ACCESS_KEY": awsSecretAccessKey, - "AWS_S3_FORCE_PATH_STYLE": "true", - "AWS_REGION": region, // now we can use AWS S3 - "WALG_DISABLE_S3_SSE": walgDisableSSE, // disable server side encryption if key is nil - "WALG_S3_SSE": walgSSE, // server side encryption key - "BACKUP_SCHEDULE": backupSchedule, - "BACKUP_NUM_TO_RETAIN": backupNumToRetain, - } - - cm := &v1.ConfigMap{} - ns := types.NamespacedName{ - Name: operatormanager.PodEnvCMName, - Namespace: p.ToPeripheralResourceNamespace(), - } - if err := r.SvcClient.Get(ctx, ns, cm); err != nil { - return fmt.Errorf("error while getting the pod environment configmap from service cluster: %w", err) - } - cm.Data = data - if err := r.SvcClient.Update(ctx, cm); err != nil { - return fmt.Errorf("error while updating the pod environment configmap in service cluster: %w", err) - } - - return nil -} - func (r *PostgresReconciler) isManagedByUs(obj *pg.Postgres) bool { if obj.Spec.PartitionID != r.PartitionID { return false diff --git a/controllers/postgres_controller_test.go b/controllers/postgres_controller_test.go index 955dc9fb..2ee53b9c 100644 --- a/controllers/postgres_controller_test.go +++ b/controllers/postgres_controller_test.go @@ -8,12 +8,12 @@ package controllers import ( pg "github.com/fi-ts/postgreslet/api/v1" + "github.com/fi-ts/postgreslet/pkg/operatormanager" firewall "github.com/metal-stack/firewall-controller/api/v1" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" zalando "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1" core "k8s.io/api/core/v1" - corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" ) @@ -45,6 +45,15 @@ var _ = Describe("postgres controller", func() { }, timeout, interval).Should(BeTrue()) }) + It("should create pod-environment-configmap in service-cluster", func() { + Eventually(func() bool { + return svcClusterClient.Get(newCtx(), types.NamespacedName{ + Namespace: instance.ToPeripheralResourceNamespace(), + Name: operatormanager.PodEnvCMName, + }, &core.ConfigMap{}) == nil + }, timeout, interval).Should(BeTrue()) + }) + It("should create zalando postgresql in service-cluster", func() { z := &zalando.Postgresql{} Eventually(func() bool { @@ -59,7 +68,7 @@ var _ = Describe("postgres controller", func() { return svcClusterClient.Get(newCtx(), types.NamespacedName{ Namespace: instance.ToPeripheralResourceNamespace(), Name: instance.ToSvcLBName(), - }, &corev1.Service{}) == nil + }, &core.Service{}) == nil }, timeout, interval).Should(BeTrue()) }) @@ -77,7 +86,7 @@ var _ = Describe("postgres controller", func() { return ctrlClusterClient.Get(newCtx(), types.NamespacedName{ Namespace: instance.Namespace, Name: instance.ToUserPasswordsSecretName(), - }, &corev1.Secret{}) == nil + }, &core.Secret{}) == nil }, timeout, interval).Should(BeTrue()) }) }) @@ -98,7 +107,7 @@ var _ = Describe("postgres controller", func() { return svcClusterClient.Get(newCtx(), types.NamespacedName{ Namespace: instance.ToPeripheralResourceNamespace(), Name: instance.ToSvcLBName(), - }, &corev1.Service{}) == nil + }, &core.Service{}) == nil }, timeout, interval).ShouldNot(BeTrue()) }) @@ -114,7 +123,7 @@ var _ = Describe("postgres controller", func() { return ctrlClusterClient.Get(newCtx(), types.NamespacedName{ Namespace: instance.Namespace, Name: instance.ToUserPasswordsSecretName(), - }, &corev1.Secret{}) == nil + }, &core.Secret{}) == nil }, timeout, interval).ShouldNot(BeTrue()) }) }) diff --git a/controllers/suite_test.go b/controllers/suite_test.go index 6a0896e2..6d57e783 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -109,6 +109,7 @@ var _ = BeforeSuite(func(done Done) { // Todo: OperatorManager should be a reconciler opMgr, err := operatormanager.New( + ctrlClusterMgr.GetClient(), svcClusterCfg, filepath.Join(externalYAMLDir, "svc-postgres-operator.yaml"), scheme, @@ -142,8 +143,11 @@ var _ = BeforeSuite(func(done Done) { svcClusterClient = svcClusterMgr.GetClient() Expect(svcClusterClient).ToNot(BeNil()) - createNamespace(svcClusterClient, "firewall") - createPostgresTestInstance() + // Available in production, but not here + createNamespace(ctrlClusterClient, "metal-extension-cloud") + createNamespace(svcClusterClient, firewall.ClusterwideNetworkPolicyNamespace) + + createPostgresTestInstance(createBackupSecret()) createConfigMapSidecarConfig() createCredentialSecrets() }, 1000) @@ -158,6 +162,17 @@ var _ = AfterSuite(func() { Expect(err).ToNot(HaveOccurred()) }) +func createBackupSecret() *core.Secret { + backupSecret := &core.Secret{} + bytes, err := os.ReadFile(filepath.Join(externalYAMLDirTest, "secret-backup.yaml")) + Expect(err).ToNot(HaveOccurred()) + Expect(yaml.Unmarshal(bytes, backupSecret)).Should(Succeed()) + + Expect(ctrlClusterClient.Create(newCtx(), backupSecret)).Should(Succeed()) + + return backupSecret +} + func createCredentialSecrets() { defer GinkgoRecover() @@ -201,14 +216,15 @@ func createNamespace(client client.Client, ns string) { Expect(client.Create(newCtx(), nsObj)).Should(Succeed()) } -func createPostgresTestInstance() { +func createPostgresTestInstance(backupSecret *core.Secret) { defer GinkgoRecover() + // Parse the test instance bytes, err := os.ReadFile(filepath.Join("..", "config", "samples", "complete.yaml")) Expect(err).ToNot(HaveOccurred()) Expect(yaml.Unmarshal(bytes, instance)).Should(Succeed()) - createNamespace(ctrlClusterClient, instance.Namespace) + instance.Spec.BackupSecretRef = backupSecret.Name Expect(ctrlClusterClient.Create(newCtx(), instance)).Should(Succeed()) } diff --git a/external/test/secret-backup.yaml b/external/test/secret-backup.yaml new file mode 100644 index 00000000..0f7dccf8 --- /dev/null +++ b/external/test/secret-backup.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + config: eyJpZCI6IjgxZWEyMzMxLTliMTQtNDUyMi05MjgzLTdkOGQwYmM2YjExNSIsIm5hbWUiOiJuYmctcHJvZC10ZXN0IiwicHJvamVjdCI6ImI2MjFlYjk5LTQ4ODgtNDkxMS05M2ZjLTk1ODU0ZmMwMzBlOCIsInRlbmFudCI6ImZpdHMiLCJjcmVhdGVkQnkiOiJcdTAwM2NpemUwMDBcdTAwM2VbYWNoaW0uYWRtaW5AZi1pLXRzLmRlXSIsInJldGVudGlvbiI6IjQiLCJzY2hlZHVsZSI6IjMwIDAwICogKiAqIiwiczNlbmRwb2ludCI6Imh0dHBzOi8vczMucHJvZC0wMy1uYmctdzgxMDEuZml0cy5jbG91ZCIsInMzYnVja2V0bmFtZSI6ImJhY2t1cC0xMjM0NTY3OCIsInMzcmVnaW9uIjoiZHVtbXkiLCJzM2FjY2Vzc2tleSI6IjRJMjUyOFA4UkcwOThYU1NDUEJNIiwiczNzZWNyZXRrZXkiOiJJSXBCOHBjU2tLVVF2MVhadmN6RU1XM0VrbERhUmU1N0FpM2FGdllCIn0= +kind: Secret +metadata: + labels: + postgres.database.fits.cloud/is-backup: "true" + postgres.database.fits.cloud/project-id: b621eb99-4888-4911-93fc-95854fc030e8 + postgres.database.fits.cloud/tenant: fits + name: 81ea2331-9b14-4522-9283-7d8d0bc6b115 + namespace: metal-extension-cloud +type: Opaque diff --git a/main.go b/main.go index f818af75..be944bba 100644 --- a/main.go +++ b/main.go @@ -119,7 +119,7 @@ func main() { os.Exit(1) } - opMgr, err := operatormanager.New(svcClusterConf, "external/svc-postgres-operator.yaml", scheme, ctrl.Log.WithName("OperatorManager"), pspName) + opMgr, err := operatormanager.New(ctrlPlaneClusterMgr.GetClient(), svcClusterConf, "external/svc-postgres-operator.yaml", scheme, ctrl.Log.WithName("OperatorManager"), pspName) if err != nil { setupLog.Error(err, "unable to create `OperatorManager`") os.Exit(1) @@ -154,7 +154,7 @@ func main() { ctx := context.Background() // update all existing operators to the current version - if err := opMgr.UpdateAllOperators(ctx); err != nil { + if err := opMgr.UpdateAllZalandoOperators(ctx); err != nil { setupLog.Error(err, "error updating the postgres operators") } diff --git a/pkg/operatormanager/operatormanager.go b/pkg/operatormanager/operatormanager.go index 3b5329bf..095e0556 100644 --- a/pkg/operatormanager/operatormanager.go +++ b/pkg/operatormanager/operatormanager.go @@ -9,9 +9,11 @@ package operatormanager import ( "context" "encoding/base64" + "encoding/json" errs "errors" "fmt" "io/ioutil" + "net/url" "strconv" "strings" @@ -58,6 +60,7 @@ var operatorPodMatchingLabels = client.MatchingLabels{operatorPodLabelName: oper // OperatorManager manages the operator type OperatorManager struct { + CtrlClient client.Client client.Client runtime.Decoder list *corev1.List @@ -68,7 +71,7 @@ type OperatorManager struct { } // New creates a new `OperatorManager` -func New(conf *rest.Config, fileName string, scheme *runtime.Scheme, log logr.Logger, pspName string) (*OperatorManager, error) { +func New(ctrlClient client.Client, conf *rest.Config, fileName string, scheme *runtime.Scheme, log logr.Logger, pspName string) (*OperatorManager, error) { // Use no-cache client to avoid waiting for cashing. client, err := client.New(conf, client.Options{ Scheme: scheme, @@ -92,6 +95,7 @@ func New(conf *rest.Config, fileName string, scheme *runtime.Scheme, log logr.Lo log.Info("new `OperatorManager` created") return &OperatorManager{ MetadataAccessor: meta.NewAccessor(), + CtrlClient: ctrlClient, Client: client, Decoder: deserializer, list: list, @@ -101,15 +105,17 @@ func New(conf *rest.Config, fileName string, scheme *runtime.Scheme, log logr.Lo }, nil } -// InstallOrUpdateOperator installs or updates the operator Stored in `OperatorManager` -func (m *OperatorManager) InstallOrUpdateOperator(ctx context.Context, namespace string) error { +// CreateOrUpdateOperator installs or updates the operator Stored in `OperatorManager` +func (m *OperatorManager) CreateOrUpdateOperator(ctx context.Context, instance *pg.Postgres) error { + namespace := instance.ToPeripheralResourceNamespace() + // Make sure the namespace exists. if err := m.createNamespace(ctx, namespace); err != nil { return fmt.Errorf("error while ensuring the existence of namespace %v: %w", namespace, err) } // Add our (initially empty) custom pod environment configmap - if err := m.createPodEnvironmentConfigMap(ctx, namespace); err != nil { + if err := m.createOrUpdatePodEnvironmentConfigMap(ctx, instance); err != nil { return fmt.Errorf("error while creating pod environment configmap %v: %w", namespace, err) } @@ -118,23 +124,11 @@ func (m *OperatorManager) InstallOrUpdateOperator(ctx context.Context, namespace return fmt.Errorf("error while creating sidecars config %v: %w", namespace, err) } - // Decode each YAML to `client.Object`, add the namespace to it and install it. - for _, item := range m.list.Items { - obj, _, err := m.Decoder.Decode(item.Raw, nil, nil) - if err != nil { - return fmt.Errorf("error while converting yaml to `client.Object`: %w", err) - } - - cltObject, ok := obj.(client.Object) - if !ok { - return fmt.Errorf("unable to cast into client.Object") - } - if err := m.createNewClientObject(ctx, cltObject, namespace); err != nil { - return fmt.Errorf("error while creating the `client.Object`: %w", err) - } + if err := m.createOrUpdateZalandoOperator(ctx, namespace); err != nil { + return fmt.Errorf("failed to create or update zalando operator: %w", err) } + m.log.Info("zalando operator installed or updated") - m.log.Info("operator installed") return nil } @@ -251,8 +245,8 @@ func (m *OperatorManager) UninstallOperator(ctx context.Context, namespace strin return nil } -// createNewClientObject adds namespace to obj and creates or patches it -func (m *OperatorManager) createNewClientObject(ctx context.Context, obj client.Object, namespace string) error { +// createOrUpdateNewClientObject adds namespace to obj and creates or updates it +func (m *OperatorManager) createOrUpdateNewClientObject(ctx context.Context, obj client.Object, namespace string) error { // remove any unwanted annotations, uids etc. Remember, these objects come straight from the YAML. if err := m.ensureCleanMetadata(obj); err != nil { return fmt.Errorf("error while ensuring the metadata of the `client.Object` is clean: %w", err) @@ -433,31 +427,37 @@ func (m *OperatorManager) createNamespace(ctx context.Context, namespace string) return nil } -// createPodEnvironmentConfigMap creates a new ConfigMap with additional environment variables for the pods -func (m *OperatorManager) createPodEnvironmentConfigMap(ctx context.Context, namespace string) error { - ns := types.NamespacedName{ +// createOrUpdatePodEnvironmentConfigMap creates a new ConfigMap with additional environment variables for the pods +func (m *OperatorManager) createOrUpdatePodEnvironmentConfigMap(ctx context.Context, instance *pg.Postgres) error { + namespace := instance.ToPeripheralResourceNamespace() + objKey := types.NamespacedName{ Namespace: namespace, Name: PodEnvCMName, } - if err := m.Get(ctx, ns, &v1.ConfigMap{}); err == nil { - // configmap already exists, nothing to do here - // we will update the configmap with the correct S3 config in the postgres controller - m.log.Info("Pod Environment ConfigMap already exists") - return nil - } + if err := m.Get(ctx, objKey, &v1.ConfigMap{}); err != nil { + if !errors.IsNotFound(err) { + return fmt.Errorf("failed to fetch configmap %v: %w", objKey, err) + } + cm := &v1.ConfigMap{} + if err := m.SetName(cm, PodEnvCMName); err != nil { + return fmt.Errorf("error while setting the name of the new Pod Environment ConfigMap to %v: %w", namespace, err) + } + if err := m.SetNamespace(cm, namespace); err != nil { + return fmt.Errorf("error while setting the namespace of the new Pod Environment ConfigMap to %v: %w", namespace, err) + } - cm := &v1.ConfigMap{} - if err := m.SetName(cm, PodEnvCMName); err != nil { - return fmt.Errorf("error while setting the name of the new Pod Environment ConfigMap to %v: %w", namespace, err) - } - if err := m.SetNamespace(cm, namespace); err != nil { - return fmt.Errorf("error while setting the namespace of the new Pod Environment ConfigMap to %v: %w", namespace, err) + if err := m.Create(ctx, cm); err != nil { + return fmt.Errorf("error while creating the new Pod Environment ConfigMap: %w", err) + } + m.log.Info("new Pod Environment ConfigMap created") + + return nil } - if err := m.Create(ctx, cm); err != nil { - return fmt.Errorf("error while creating the new Pod Environment ConfigMap: %w", err) + if err := m.updatePodEnvironmentConfigMap(ctx, instance); err != nil { + return fmt.Errorf("error while updating pod environment configmap: %w", err) } - m.log.Info("new Pod Environment ConfigMap created") + m.log.Info("Pod Environment ConfigMap updated") return nil } @@ -609,6 +609,27 @@ func (m *OperatorManager) createOrUpdateExporterSidecarService(ctx context.Conte return nil } +// createOrUpdateZalandoOperator creates or updates only zalando's original operator +func (m *OperatorManager) createOrUpdateZalandoOperator(ctx context.Context, namespace string) error { + // Decode each YAML to `client.Object`, add the namespace to it and install it. + for _, item := range m.list.Items { + obj, _, err := m.Decoder.Decode(item.Raw, nil, nil) + if err != nil { + return fmt.Errorf("error while converting yaml to `client.Object`: %w", err) + } + + cltObject, ok := obj.(client.Object) + if !ok { + return fmt.Errorf("unable to cast into client.Object") + } + if err := m.createOrUpdateNewClientObject(ctx, cltObject, namespace); err != nil { + return fmt.Errorf("error while creating the `client.Object`: %w", err) + } + } + + return nil +} + func (m *OperatorManager) deletePodEnvironmentConfigMap(ctx context.Context, namespace string) error { cm := &v1.ConfigMap{} if err := m.SetName(cm, PodEnvCMName); err != nil { @@ -658,8 +679,100 @@ func (m *OperatorManager) toObjectKey(obj runtime.Object, namespace string) (cli }, nil } -// UpdateAllOperators Updates the manifests of all postgres operators managed by the postgreslet -func (m *OperatorManager) UpdateAllOperators(ctx context.Context) error { +func (m *OperatorManager) updatePodEnvironmentConfigMap(ctx context.Context, p *pg.Postgres) error { + log := m.log.WithValues("postgres", p.UID) + if p.Spec.BackupSecretRef == "" { + log.Info("No configured backupSecretRef found, skipping configuration of postgres backup") + return nil + } + + // fetch secret + backupSecret := &v1.Secret{} + backupNamespace := types.NamespacedName{ + Name: p.Spec.BackupSecretRef, + Namespace: p.Namespace, + } + if err := m.CtrlClient.Get(ctx, backupNamespace, backupSecret); err != nil { + return fmt.Errorf("error while getting the backup secret from control plane cluster: %w", err) + } + + backupConfigJSON, ok := backupSecret.Data[pg.BackupConfigKey] + if !ok { + return fmt.Errorf("no backupConfig stored in the secret") + } + var backupConfig pg.BackupConfig + err := json.Unmarshal(backupConfigJSON, &backupConfig) + if err != nil { + return fmt.Errorf("unable to unmarshal backupconfig:%w", err) + } + + s3url, err := url.Parse(backupConfig.S3Endpoint) + if err != nil { + return fmt.Errorf("error while parsing the s3 endpoint url in the backup secret: %w", err) + } + // use the s3 endpoint as provided + awsEndpoint := s3url.String() + // modify the scheme to 'https+path' + s3url.Scheme = "https+path" + // use the modified s3 endpoint + walES3Endpoint := s3url.String() + // region + region := backupConfig.S3Region + + // use the rest as provided in the secret + bucketName := backupConfig.S3BucketName + awsAccessKeyID := backupConfig.S3AccessKey + awsSecretAccessKey := backupConfig.S3SecretKey + backupSchedule := backupConfig.Schedule + backupNumToRetain := backupConfig.Retention + + // s3 server side encryption SSE is enabled if the key is given + // TODO our s3 needs a small change to make this work + walgDisableSSE := "true" + walgSSE := "" + if backupConfig.S3EncryptionKey != nil { + walgDisableSSE = "false" + walgSSE = *backupConfig.S3EncryptionKey + } + + // create updated content for pod environment configmap + data := map[string]string{ + "USE_WALG_BACKUP": "true", + "USE_WALG_RESTORE": "true", + "WALE_S3_PREFIX": "s3://" + bucketName + "/$(SCOPE)", + "WALG_S3_PREFIX": "s3://" + bucketName + "/$(SCOPE)", + "CLONE_WALG_S3_PREFIX": "s3://" + bucketName + "/$(CLONE_SCOPE)", + "WALE_BACKUP_THRESHOLD_PERCENTAGE": "100", + "AWS_ENDPOINT": awsEndpoint, + "WALE_S3_ENDPOINT": walES3Endpoint, // same as above, but slightly modified + "AWS_ACCESS_KEY_ID": awsAccessKeyID, + "AWS_SECRET_ACCESS_KEY": awsSecretAccessKey, + "AWS_S3_FORCE_PATH_STYLE": "true", + "AWS_REGION": region, // now we can use AWS S3 + "WALG_DISABLE_S3_SSE": walgDisableSSE, // disable server side encryption if key is nil + "WALG_S3_SSE": walgSSE, // server side encryption key + "BACKUP_SCHEDULE": backupSchedule, + "BACKUP_NUM_TO_RETAIN": backupNumToRetain, + } + + cm := &v1.ConfigMap{} + ns := types.NamespacedName{ + Name: PodEnvCMName, + Namespace: p.ToPeripheralResourceNamespace(), + } + if err := m.Client.Get(ctx, ns, cm); err != nil { + return fmt.Errorf("error while getting the pod environment configmap from service cluster: %w", err) + } + cm.Data = data + if err := m.Client.Update(ctx, cm); err != nil { + return fmt.Errorf("error while updating the pod environment configmap in service cluster: %w", err) + } + + return nil +} + +// UpdateAllZalandoOperators Updates the manifests of all postgres operators managed by the postgreslet +func (m *OperatorManager) UpdateAllZalandoOperators(ctx context.Context) error { // fetch all operators (running or otherwise) m.log.Info("Fetching all managed namespaces") matchingLabels := client.MatchingLabels{ @@ -675,7 +788,7 @@ func (m *OperatorManager) UpdateAllOperators(ctx context.Context) error { // update each namespace for _, ns := range nsList.Items { m.log.Info("Updating postgres operator installation", "namespace", ns.Name) - if err := m.InstallOrUpdateOperator(ctx, ns.Name); err != nil { + if err := m.createOrUpdateZalandoOperator(ctx, ns.Name); err != nil { return err } }