From ec51811d16905535906a5733db57c8f68b56bc3e Mon Sep 17 00:00:00 2001 From: Houston Putman Date: Fri, 15 Mar 2024 13:43:57 -0400 Subject: [PATCH 01/12] Fix early deletion of PVCs during scale down (#689) --- api/v1beta1/solrcloud_types.go | 4 +- .../crd/bases/solr.apache.org_solrclouds.yaml | 5 +-- controllers/solr_cluster_ops_util.go | 4 +- controllers/solrcloud_controller.go | 17 +++++--- controllers/util/solr_scale_util.go | 4 +- helm/solr-operator/Chart.yaml | 7 ++++ helm/solr-operator/crds/crds.yaml | 5 +-- tests/e2e/resource_utils_test.go | 13 ++++++ tests/e2e/solrcloud_scaling_test.go | 42 +++++++++++++++++++ 9 files changed, 84 insertions(+), 17 deletions(-) diff --git a/api/v1beta1/solrcloud_types.go b/api/v1beta1/solrcloud_types.go index 99dc3f41..c0283370 100644 --- a/api/v1beta1/solrcloud_types.go +++ b/api/v1beta1/solrcloud_types.go @@ -1115,7 +1115,7 @@ type SolrCloudStatus struct { //+listMapKey:=name SolrNodes []SolrNodeStatus `json:"solrNodes"` - // Replicas is the number of desired replicas in the cluster + // Replicas is the number of pods created by the StatefulSet // +kubebuilder:validation:Minimum=0 // +kubebuilder:default=0 Replicas int32 `json:"replicas"` @@ -1123,7 +1123,7 @@ type SolrCloudStatus struct { // PodSelector for SolrCloud pods, required by the HPA PodSelector string `json:"podSelector"` - // ReadyReplicas is the number of ready replicas in the cluster + // ReadyReplicas is the number of ready pods in the cluster // +kubebuilder:validation:Minimum=0 // +kubebuilder:default=0 ReadyReplicas int32 `json:"readyReplicas"` diff --git a/config/crd/bases/solr.apache.org_solrclouds.yaml b/config/crd/bases/solr.apache.org_solrclouds.yaml index ded65039..90c7313e 100644 --- a/config/crd/bases/solr.apache.org_solrclouds.yaml +++ b/config/crd/bases/solr.apache.org_solrclouds.yaml @@ -16674,14 +16674,13 @@ spec: type: string readyReplicas: default: 0 - description: ReadyReplicas is the number of ready replicas in the - cluster + description: ReadyReplicas is the number of ready pods in the cluster format: int32 minimum: 0 type: integer replicas: default: 0 - description: Replicas is the number of desired replicas in the cluster + description: Replicas is the number of pods created by the StatefulSet format: int32 minimum: 0 type: integer diff --git a/controllers/solr_cluster_ops_util.go b/controllers/solr_cluster_ops_util.go index f97011a8..c9f352aa 100644 --- a/controllers/solr_cluster_ops_util.go +++ b/controllers/solr_cluster_ops_util.go @@ -410,8 +410,8 @@ func handleManagedCloudRollingUpdate(ctx context.Context, r *SolrCloudReconciler return } -// cleanupManagedCloudScaleDown does the logic of cleaning-up an incomplete scale down operation. -// This will remove any bad readinessConditions that the scaleDown might have set when trying to scaleDown pods. +// cleanupManagedCloudRollingUpdate does the logic of cleaning-up an incomplete rolling update operation. +// This will remove any bad readinessConditions that the rollingUpdate might have set when trying to restart pods. func cleanupManagedCloudRollingUpdate(ctx context.Context, r *SolrCloudReconciler, podList []corev1.Pod, logger logr.Logger) (err error) { // First though, the scaleDown op might have set some pods to be "unready" before deletion. Undo that. // Before doing anything to the pod, make sure that the pods do not have a stopped readiness condition diff --git a/controllers/solrcloud_controller.go b/controllers/solrcloud_controller.go index 706c066d..5ad2213c 100644 --- a/controllers/solrcloud_controller.go +++ b/controllers/solrcloud_controller.go @@ -428,7 +428,7 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( // Do not reconcile the storage finalizer unless we have PVC Labels that we know the Solr data PVCs are using. // Otherwise it will delete all PVCs possibly if len(statefulSet.Spec.Selector.MatchLabels) > 0 { - if err = r.reconcileStorageFinalizer(ctx, instance, statefulSet.Spec.Selector.MatchLabels, logger); err != nil { + if err = r.reconcileStorageFinalizer(ctx, instance, statefulSet, logger); err != nil { logger.Error(err, "Cannot delete PVCs while garbage collecting after deletion.") updateRequeueAfter(&requeueOrNot, time.Second*15) } @@ -481,6 +481,7 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( err = clearClusterOpLockWithPatch(ctx, r, statefulSet, "clusterOp not supported", logger) } if operationFound { + err = nil if operationComplete { if nextClusterOperation == nil { // Once the operation is complete, finish the cluster operation by deleting the statefulSet annotations @@ -926,9 +927,10 @@ func (r *SolrCloudReconciler) reconcileZk(ctx context.Context, logger logr.Logge // Logic derived from: // - https://book.kubebuilder.io/reference/using-finalizers.html // - https://github.com/pravega/zookeeper-operator/blob/v0.2.9/pkg/controller/zookeepercluster/zookeepercluster_controller.go#L629 -func (r *SolrCloudReconciler) reconcileStorageFinalizer(ctx context.Context, cloud *solrv1beta1.SolrCloud, pvcLabelSelector map[string]string, logger logr.Logger) error { +func (r *SolrCloudReconciler) reconcileStorageFinalizer(ctx context.Context, cloud *solrv1beta1.SolrCloud, statefulSet *appsv1.StatefulSet, logger logr.Logger) error { // If persistentStorage is being used by the cloud, and the reclaim policy is set to "Delete", // then set a finalizer for the storage on the cloud, and delete the PVCs if the solrcloud has been deleted. + pvcLabelSelector := statefulSet.Spec.Selector.MatchLabels if cloud.Spec.StorageOptions.PersistentStorage != nil && cloud.Spec.StorageOptions.PersistentStorage.VolumeReclaimPolicy == solrv1beta1.VolumeReclaimPolicyDelete { if cloud.ObjectMeta.DeletionTimestamp.IsZero() { @@ -940,7 +942,7 @@ func (r *SolrCloudReconciler) reconcileStorageFinalizer(ctx context.Context, clo return err } } - return r.cleanupOrphanPVCs(ctx, cloud, pvcLabelSelector, logger) + return r.cleanupOrphanPVCs(ctx, cloud, statefulSet, pvcLabelSelector, logger) } else if util.ContainsString(cloud.ObjectMeta.Finalizers, util.SolrStorageFinalizer) { // The object is being deleted logger.Info("Deleting PVCs for SolrCloud") @@ -977,17 +979,22 @@ func (r *SolrCloudReconciler) getPVCCount(ctx context.Context, cloud *solrv1beta return pvcCount, nil } -func (r *SolrCloudReconciler) cleanupOrphanPVCs(ctx context.Context, cloud *solrv1beta1.SolrCloud, pvcLabelSelector map[string]string, logger logr.Logger) (err error) { +func (r *SolrCloudReconciler) cleanupOrphanPVCs(ctx context.Context, cloud *solrv1beta1.SolrCloud, statefulSet *appsv1.StatefulSet, pvcLabelSelector map[string]string, logger logr.Logger) (err error) { // this check should make sure we do not delete the PVCs before the STS has scaled down if cloud.Status.ReadyReplicas == cloud.Status.Replicas { pvcList, err := r.getPVCList(ctx, cloud, pvcLabelSelector) if err != nil { return err } + // We only want to delete PVCs if we will not use them in the future, as in the user has asked for less replicas. + // Even if the statefulSet currently has less replicas, we don't want to delete them if we will eventually scale back up. if len(pvcList.Items) > int(*cloud.Spec.Replicas) { for _, pvcItem := range pvcList.Items { // delete only Orphan PVCs - if util.IsPVCOrphan(pvcItem.Name, *cloud.Spec.Replicas) { + // for orphans, we will use the status replicas (which is derived from the statefulSet) + // Don't use the Spec replicas here, because we might be rolling down 1-by-1 and the PVCs for + // soon-to-be-deleted pods should not be deleted until the pod is deleted. + if util.IsPVCOrphan(pvcItem.Name, *statefulSet.Spec.Replicas) { r.deletePVC(ctx, pvcItem, logger) } } diff --git a/controllers/util/solr_scale_util.go b/controllers/util/solr_scale_util.go index 550bd158..3f556af6 100644 --- a/controllers/util/solr_scale_util.go +++ b/controllers/util/solr_scale_util.go @@ -70,7 +70,7 @@ func BalanceReplicasForCluster(ctx context.Context, solrCloud *solr.SolrCloud, s if !balanceComplete && err == nil { logger.Info("Started balancing replicas across cluster.", "requestId", requestId) requestInProgress = true - } else if err == nil { + } else if err != nil { logger.Error(err, "Could not balance replicas across the cluster. Will try again.") } } @@ -88,7 +88,7 @@ func BalanceReplicasForCluster(ctx context.Context, solrCloud *solr.SolrCloud, s // Delete the async request Id if the async request is successful or failed. // If the request failed, this will cause a retry since the next reconcile won't find the async requestId in Solr. - if asyncState == "completed" || asyncState == "failed" { + if !requestInProgress { if _, err = solr_api.DeleteAsyncRequest(ctx, solrCloud, requestId); err != nil { logger.Error(err, "Could not delete Async request status.", "requestId", requestId) balanceComplete = false diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml index 765525fc..61a8a146 100644 --- a/helm/solr-operator/Chart.yaml +++ b/helm/solr-operator/Chart.yaml @@ -61,6 +61,13 @@ annotations: url: https://github.com/apache/solr-operator/issues/624 - name: Github PR url: https://github.com/apache/solr-operator/pull/648 + - kind: fixed + description: SolrCloud scaling is now safe when using persistent storage with a 'Delete' reclaim policy + links: + - name: Github Issue + url: https://github.com/apache/solr-operator/issues/688 + - name: Github PR + url: https://github.com/apache/solr-operator/pull/689 artifacthub.io/images: | - name: solr-operator image: apache/solr-operator:v0.9.0-prerelease diff --git a/helm/solr-operator/crds/crds.yaml b/helm/solr-operator/crds/crds.yaml index bd311a50..e94093ef 100644 --- a/helm/solr-operator/crds/crds.yaml +++ b/helm/solr-operator/crds/crds.yaml @@ -16923,14 +16923,13 @@ spec: type: string readyReplicas: default: 0 - description: ReadyReplicas is the number of ready replicas in the - cluster + description: ReadyReplicas is the number of ready pods in the cluster format: int32 minimum: 0 type: integer replicas: default: 0 - description: Replicas is the number of desired replicas in the cluster + description: Replicas is the number of pods created by the StatefulSet format: int32 minimum: 0 type: integer diff --git a/tests/e2e/resource_utils_test.go b/tests/e2e/resource_utils_test.go index 7dba1635..a58904cb 100644 --- a/tests/e2e/resource_utils_test.go +++ b/tests/e2e/resource_utils_test.go @@ -320,6 +320,19 @@ func expectNoStatefulSet(ctx context.Context, parentResource client.Object, stat }).Should(MatchError("statefulsets.apps \""+statefulSetName+"\" not found"), "StatefulSet exists when it should not") } +func expectNoPvc(ctx context.Context, parentResource client.Object, pvcName string, additionalOffset ...int) { + EventuallyWithOffset(resolveOffset(additionalOffset), func() error { + return k8sClient.Get(ctx, resourceKey(parentResource, pvcName), &corev1.PersistentVolumeClaim{}) + }).Should(MatchError("persistentvolumeclaims \""+pvcName+"\" not found"), "Pod exists when it should not") +} + +func expectNoPvcNow(ctx context.Context, parentResource client.Object, pvcName string, additionalOffset ...int) { + ExpectWithOffset( + resolveOffset(additionalOffset), + k8sClient.Get(ctx, resourceKey(parentResource, pvcName), &corev1.PersistentVolumeClaim{}), + ).To(MatchError("persistentvolumeclaims \""+pvcName+"\" not found"), "Pod exists when it should not") +} + func expectNoPod(ctx context.Context, parentResource client.Object, podName string, additionalOffset ...int) { EventuallyWithOffset(resolveOffset(additionalOffset), func() error { return k8sClient.Get(ctx, resourceKey(parentResource, podName), &corev1.Pod{}) diff --git a/tests/e2e/solrcloud_scaling_test.go b/tests/e2e/solrcloud_scaling_test.go index 81ab608e..53d36308 100644 --- a/tests/e2e/solrcloud_scaling_test.go +++ b/tests/e2e/solrcloud_scaling_test.go @@ -24,6 +24,8 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" "strings" @@ -138,6 +140,46 @@ var _ = FDescribe("E2E - SolrCloud - Scale Down", func() { }) }) + FContext("with replica migration and deleted persistent data", func() { + + BeforeEach(func() { + solrCloud.Spec.StorageOptions.PersistentStorage = &solrv1beta1.SolrPersistentDataStorageOptions{ + VolumeReclaimPolicy: solrv1beta1.VolumeReclaimPolicyDelete, + PersistentVolumeClaimTemplate: solrv1beta1.PersistentVolumeClaimTemplate{ + ObjectMeta: solrv1beta1.TemplateMeta{}, + Spec: corev1.PersistentVolumeClaimSpec{ + Resources: corev1.ResourceRequirements{ + Requests: map[corev1.ResourceName]resource.Quantity{"storage": resource.MustParse("5Gi")}, + }, + }, + }, + } + }) + + FIt("Scales Down", func(ctx context.Context) { + originalSolrCloud := solrCloud.DeepCopy() + solrCloud.Spec.Replicas = pointer.Int32(1) + By("triggering a scale down via solrCloud replicas") + Expect(k8sClient.Patch(ctx, solrCloud, client.MergeFrom(originalSolrCloud))).To(Succeed(), "Could not patch SolrCloud replicas to initiate scale down") + + By("waiting for the scaleDown of cloud to finish") + expectStatefulSetWithChecksAndTimeout(ctx, solrCloud, solrCloud.StatefulSetName(), time.Minute*2, time.Millisecond*100, func(g Gomega, found *appsv1.StatefulSet) { + clusterOp, err := controllers.GetCurrentClusterOp(found) + g.Expect(err).ToNot(HaveOccurred(), "Error occurred while finding clusterLock for SolrCloud") + g.Expect(clusterOp).To(BeNil(), "No more cluster operations should be running") + g.Expect(found.Spec.Replicas).To(HaveValue(BeEquivalentTo(1)), "StatefulSet should eventually hav 1 pod, after the scale down is complete") + }) + + expectNoPod(ctx, solrCloud, solrCloud.GetSolrPodName(2)) + expectNoPvc(ctx, solrCloud, "data-"+solrCloud.GetSolrPodName(2)) + expectNoPod(ctx, solrCloud, solrCloud.GetSolrPodName(1)) + expectNoPvc(ctx, solrCloud, "data-"+solrCloud.GetSolrPodName(1)) + + queryCollection(ctx, solrCloud, solrCollection1, 0) + queryCollection(ctx, solrCloud, solrCollection2, 0) + }) + }) + FContext("without replica migration", func() { BeforeEach(func() { From 212fe0e2fde5a96060d1aa1be0268d6934608513 Mon Sep 17 00:00:00 2001 From: Houston Putman Date: Mon, 25 Mar 2024 17:07:47 -0500 Subject: [PATCH 02/12] Fix usage of envtest-setup This pins the script version to the minor version of controller-runtime that is used by the code. This fixes an issue with go-versions. --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0cf8ad7f..b708ec96 100644 --- a/Makefile +++ b/Makefile @@ -45,6 +45,7 @@ GO_LICENSES_VERSION=v1.6.0 GINKGO_VERSION = $(shell cat go.mod | grep 'github.com/onsi/ginkgo' | sed 's/.*\(v.*\)$$/\1/g') KIND_VERSION=v0.20.0 YQ_VERSION=v4.33.3 +CONTROLLER_RUNTIME_VERSION = $(shell cat go.mod | grep 'sigs.k8s.io/controller-runtime' | sed 's/.*\(v\(.*\)\.[^.]*\)$$/\2/g') # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION ?= 1.25.0 @@ -375,7 +376,7 @@ SETUP_ENVTEST = $(LOCALBIN)/setup-envtest .PHONY: setup-envtest setup-envtest: $(SETUP_ENVTEST) ## Download setup-envtest locally if necessary. $(SETUP_ENVTEST): $(LOCALBIN) - $(call go-get-tool,$(SETUP_ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest) + $(call go-get-tool,$(SETUP_ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@release-$(CONTROLLER_RUNTIME_VERSION)) # go-get-tool will 'go get' any package $2 and install it to $1. define go-get-tool From e6d7a279a37ec90ac3722c86f9ca1a637d6a272e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 13:33:36 -0400 Subject: [PATCH 03/12] Bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#646) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.57.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1605800e..8e7f3249 100644 --- a/go.mod +++ b/go.mod @@ -137,7 +137,7 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect - google.golang.org/grpc v1.57.0 // indirect + google.golang.org/grpc v1.57.1 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 67479789..f9bc6435 100644 --- a/go.sum +++ b/go.sum @@ -1024,8 +1024,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw= -google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= +google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From b40737d854ce7d1b499a3046cecc2ba796bccd4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 14:15:08 -0400 Subject: [PATCH 04/12] Bump github.com/docker/docker (#696) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.9+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.9) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8e7f3249..f2a94b8a 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/docker/cli v24.0.6+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.6+incompatible // indirect + github.com/docker/docker v24.0.9+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect diff --git a/go.sum b/go.sum index f9bc6435..8fdde9ba 100644 --- a/go.sum +++ b/go.sum @@ -132,8 +132,8 @@ github.com/docker/cli v24.0.6+incompatible h1:fF+XCQCgJjjQNIMjzaSmiKJSCcfcXb3TWT github.com/docker/cli v24.0.6+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.6+incompatible h1:hceabKCtUgDqPu+qm0NgsaXf28Ljf4/pWFL7xjWWDgE= -github.com/docker/docker v24.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= +github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= From 84916e2624aef3f3e3e25e9e0c1cc9b58053eed5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:40:37 -0400 Subject: [PATCH 05/12] Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#695) * Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] * Make prepare --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Houston Putman --- dependency_licenses.csv | 2 +- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dependency_licenses.csv b/dependency_licenses.csv index 1446817c..fc0a1782 100644 --- a/dependency_licenses.csv +++ b/dependency_licenses.csv @@ -44,7 +44,7 @@ golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.13.0:LICENSE,BSD-3 golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.13.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.3.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.31.0/LICENSE,BSD-3-Clause +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT diff --git a/go.mod b/go.mod index f2a94b8a..c7227888 100644 --- a/go.mod +++ b/go.mod @@ -138,7 +138,7 @@ require ( google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect google.golang.org/grpc v1.57.1 // indirect - google.golang.org/protobuf v1.31.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 8fdde9ba..3122e206 100644 --- a/go.sum +++ b/go.sum @@ -1038,8 +1038,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 2358d54eb1a314b9068c7cf7b8097c0c8792e45e Mon Sep 17 00:00:00 2001 From: Houston Putman Date: Tue, 26 Mar 2024 16:16:55 -0400 Subject: [PATCH 06/12] Do not return metrics for liveness probe (#694) Fixes #693 --- controllers/util/prometheus_exporter_util.go | 5 +++-- helm/solr-operator/Chart.yaml | 9 ++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/controllers/util/prometheus_exporter_util.go b/controllers/util/prometheus_exporter_util.go index 00a8233d..fd8f9a2e 100644 --- a/controllers/util/prometheus_exporter_util.go +++ b/controllers/util/prometheus_exporter_util.go @@ -207,8 +207,9 @@ func GenerateSolrPrometheusExporterDeployment(solrPrometheusExporter *solr.SolrP defaultProbeHandler := corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Scheme: corev1.URISchemeHTTP, - Path: "/metrics", - Port: intstr.FromInt(SolrMetricsPort), + // TODO: When 9.0 is the minimum supported version, this can be "/-/healthy" + Path: "/metrics?names[]=", + Port: intstr.FromInt(SolrMetricsPort), }, } diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml index 61a8a146..83adf370 100644 --- a/helm/solr-operator/Chart.yaml +++ b/helm/solr-operator/Chart.yaml @@ -62,12 +62,19 @@ annotations: - name: Github PR url: https://github.com/apache/solr-operator/pull/648 - kind: fixed - description: SolrCloud scaling is now safe when using persistent storage with a 'Delete' reclaim policy + description: SolrCloud scaling is now safe when using persistent storage with a 'Delete' reclaim policy links: - name: Github Issue url: https://github.com/apache/solr-operator/issues/688 - name: Github PR url: https://github.com/apache/solr-operator/pull/689 + - kind: fixed + description: SolrPrometheusExporter no longer fails liveness probes when the SolrCloud is too large + links: + - name: Github Issue + url: https://github.com/apache/solr-operator/issues/693 + - name: Github PR + url: https://github.com/apache/solr-operator/pull/694 artifacthub.io/images: | - name: solr-operator image: apache/solr-operator:v0.9.0-prerelease From 6837ad2fb326fca48ef69774ef49cfe18dcca58d Mon Sep 17 00:00:00 2001 From: Dan Niles <56271899+dan-niles@users.noreply.github.com> Date: Wed, 27 Mar 2024 01:56:20 +0530 Subject: [PATCH 07/12] Update default security.json in solr-cloud-crd.md to include permission for /admin/info/system path (#680) --- docs/solr-cloud/solr-cloud-crd.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/solr-cloud/solr-cloud-crd.md b/docs/solr-cloud/solr-cloud-crd.md index 8c8874e1..c1053cd1 100644 --- a/docs/solr-cloud/solr-cloud-crd.md +++ b/docs/solr-cloud/solr-cloud-crd.md @@ -1000,6 +1000,12 @@ Take a moment to review these authorization rules so that you're aware of the ro "name": "k8s-probe-0", "role": null, "collection": null, + "path": "/admin/info/system" + }, + { + "name": "k8s-probe-1", + "role": null, + "collection": null, "path": "/admin/info/health" }, { @@ -1057,7 +1063,7 @@ A few aspects of the default `security.json` configuration warrant a closer look "name": "k8s-probe-0", "role": null, "collection": null, - "path": "/admin/info/health" + "path": "/admin/info/system" } ``` In this case, the `"role":null` indicates this endpoint allows anonymous access by unknown users. @@ -1153,6 +1159,7 @@ _Note: be sure to use a stronger password for real deployments_ Users need to ensure their `security.json` contains the user supplied in the `basicAuthSecret` has read access to the following endpoints: ``` +/admin/info/system /admin/info/health /admin/collections /admin/metrics From 4d74362ca655bbd6715a199c566debee76afffc2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 20:44:25 +0000 Subject: [PATCH 08/12] Bump github.com/containerd/containerd from 1.7.6 to 1.7.11 (#670) --- go.mod | 14 +++++++++----- go.sum | 27 +++++++++++++++++---------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index c7227888..300c0192 100644 --- a/go.mod +++ b/go.mod @@ -30,12 +30,13 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.11.0 // indirect + github.com/Microsoft/hcsshim v0.11.4 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.6 // indirect + github.com/containerd/containerd v1.7.11 // indirect + github.com/containerd/log v0.1.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/docker/cli v24.0.6+incompatible // indirect @@ -50,6 +51,7 @@ require ( github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.15.0 // indirect + github.com/felixge/httpsnoop v1.0.3 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.0.5 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -121,8 +123,10 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/otel v1.15.0 // indirect - go.opentelemetry.io/otel/trace v1.15.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect + go.opentelemetry.io/otel v1.19.0 // indirect + go.opentelemetry.io/otel/metric v1.19.0 // indirect + go.opentelemetry.io/otel/trace v1.19.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.25.0 // indirect @@ -137,7 +141,7 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect - google.golang.org/grpc v1.57.1 // indirect + google.golang.org/grpc v1.58.3 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 3122e206..c660d83d 100644 --- a/go.sum +++ b/go.sum @@ -60,8 +60,8 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM= -github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM= +github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= +github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA= @@ -104,9 +104,11 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= -github.com/containerd/containerd v1.7.6 h1:oNAVsnhPoy4BTPQivLgTzI9Oleml9l/+eYIDYXRCYo8= -github.com/containerd/containerd v1.7.6/go.mod h1:SY6lrkkuJT40BVNO37tlYTSnKJnP5AXBc0fhx0q+TJ4= +github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= +github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -165,6 +167,7 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= +github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= @@ -630,10 +633,14 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opentelemetry.io/otel v1.15.0 h1:NIl24d4eiLJPM0vKn4HjLYM+UZf6gSfi9Z+NmCxkWbk= -go.opentelemetry.io/otel v1.15.0/go.mod h1:qfwLEbWhLPk5gyWrne4XnF0lC8wtywbuJbgfAE3zbek= -go.opentelemetry.io/otel/trace v1.15.0 h1:5Fwje4O2ooOxkfyqI/kJwxWotggDLix4BSAvpE1wlpo= -go.opentelemetry.io/otel/trace v1.15.0/go.mod h1:CUsmE2Ht1CRkvE8OsMESvraoZrrcgD1J2W8GV1ev0Y4= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q= +go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= +go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= +go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= +go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= +go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= +go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -1024,8 +1031,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= -google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= +google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From b019cf2440738dd4a4b2be9684ee6a1ff6bf261f Mon Sep 17 00:00:00 2001 From: Jason Gerlowski Date: Tue, 2 Apr 2024 12:46:59 -0400 Subject: [PATCH 09/12] SOLR-17216: Cleanup command-based Solr probe output (#698) Removes some extraneous output from liveness/readiness/startup probes that use the 'bin/solr auth' command. --- controllers/solrcloud_controller_basic_auth_test.go | 4 ++-- controllers/util/solr_security_util.go | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/controllers/solrcloud_controller_basic_auth_test.go b/controllers/solrcloud_controller_basic_auth_test.go index a91846f2..00182005 100644 --- a/controllers/solrcloud_controller_basic_auth_test.go +++ b/controllers/solrcloud_controller_basic_auth_test.go @@ -289,10 +289,10 @@ func expectBasicAuthConfigOnPodTemplateWithGomega(g Gomega, solrCloud *solrv1bet g.Expect(basicAuthSecretVolMount.MountPath).To(Equal("/etc/secrets/"+secretName), "Wrong path used to mount Basic Auth volume") expLivenessProbeCmd := fmt.Sprintf("JAVA_TOOL_OPTIONS=\"-Dbasicauth=$(cat /etc/secrets/%s-solrcloud-basic-auth/username):$(cat /etc/secrets/%s-solrcloud-basic-auth/password) -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory\" "+ - "solr api -get \"http://${SOLR_HOST}:8983%s\"", + "solr api -get \"http://${SOLR_HOST}:8983%s\" 2>&1 | grep -v JAVA_TOOL_OPTIONS", solrCloud.Name, solrCloud.Name, expLivenessProbePath) expReadinessProbeCmd := fmt.Sprintf("JAVA_TOOL_OPTIONS=\"-Dbasicauth=$(cat /etc/secrets/%s-solrcloud-basic-auth/username):$(cat /etc/secrets/%s-solrcloud-basic-auth/password) -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory\" "+ - "solr api -get \"http://${SOLR_HOST}:8983%s\"", + "solr api -get \"http://${SOLR_HOST}:8983%s\" 2>&1 | grep -v JAVA_TOOL_OPTIONS", solrCloud.Name, solrCloud.Name, expReadinessProbePath) g.Expect(mainContainer.LivenessProbe).To(Not(BeNil()), "main container should have a liveness probe defined") diff --git a/controllers/util/solr_security_util.go b/controllers/util/solr_security_util.go index 51caa313..d67dfe15 100644 --- a/controllers/util/solr_security_util.go +++ b/controllers/util/solr_security_util.go @@ -496,13 +496,16 @@ func useSecureProbe(solrCloud *solr.SolrCloud, probe *corev1.Probe, mountPath st // Future work - SOLR_TOOL_OPTIONS is only in 9.4.0, use JAVA_TOOL_OPTIONS until that is the minimum supported version var javaToolOptionsStr string + var javaToolOptionsOutputFilter string if len(javaToolOptions) > 0 { javaToolOptionsStr = fmt.Sprintf("JAVA_TOOL_OPTIONS=%q ", strings.Join(javaToolOptions, " ")) + javaToolOptionsOutputFilter = " 2>&1 | grep -v JAVA_TOOL_OPTIONS" } else { javaToolOptionsStr = "" + javaToolOptionsOutputFilter = "" } - probeCommand := fmt.Sprintf("%ssolr api -get \"%s://${SOLR_HOST}:%d%s\"", javaToolOptionsStr, solrCloud.UrlScheme(false), probe.HTTPGet.Port.IntVal, probe.HTTPGet.Path) + probeCommand := fmt.Sprintf("%ssolr api -get \"%s://${SOLR_HOST}:%d%s\"%s", javaToolOptionsStr, solrCloud.UrlScheme(false), probe.HTTPGet.Port.IntVal, probe.HTTPGet.Path, javaToolOptionsOutputFilter) probeCommand = regexp.MustCompile(`\s+`).ReplaceAllString(strings.TrimSpace(probeCommand), " ") // use an Exec instead of an HTTP GET From 4adad59b63cf66e7d3c1eb9cedc4ac25c5f10f07 Mon Sep 17 00:00:00 2001 From: Jason Gerlowski Date: Tue, 2 Apr 2024 12:23:38 -0400 Subject: [PATCH 10/12] Add 'changes' entry to' operator Chart.yaml --- helm/solr-operator/Chart.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml index 83adf370..fca9878c 100644 --- a/helm/solr-operator/Chart.yaml +++ b/helm/solr-operator/Chart.yaml @@ -75,6 +75,13 @@ annotations: url: https://github.com/apache/solr-operator/issues/693 - name: Github PR url: https://github.com/apache/solr-operator/pull/694 + - kind: security + description: Command-based Solr probes no longer echoes 'JAVA_TOOL_OPTIONS' values in Kubernetes events. + links: + - name: JIRA Issue + url: https://issues.apache.org/jira/browse/SOLR-17216 + - name: Github PR + url: https://github.com/apache/solr-operator/pull/698 artifacthub.io/images: | - name: solr-operator image: apache/solr-operator:v0.9.0-prerelease From 5fec11f8ef181a58b1f72123b44ae6532c49b62d Mon Sep 17 00:00:00 2001 From: Steffen Moldenhauer <54577793+smoldenhauer-ish@users.noreply.github.com> Date: Tue, 2 Apr 2024 23:00:58 +0200 Subject: [PATCH 11/12] Avoid reset of security.json if get fails (#659) (#660) --- controllers/solrcloud_controller_basic_auth_test.go | 3 ++- controllers/util/solr_security_util.go | 2 +- helm/solr-operator/Chart.yaml | 6 ++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/controllers/solrcloud_controller_basic_auth_test.go b/controllers/solrcloud_controller_basic_auth_test.go index 00182005..cd3fbf5f 100644 --- a/controllers/solrcloud_controller_basic_auth_test.go +++ b/controllers/solrcloud_controller_basic_auth_test.go @@ -20,6 +20,7 @@ package controllers import ( "context" "fmt" + solrv1beta1 "github.com/apache/solr-operator/api/v1beta1" "github.com/apache/solr-operator/controllers/util" . "github.com/onsi/ginkgo/v2" @@ -350,7 +351,7 @@ func expectBasicAuthConfigOnPodTemplateWithGomega(g Gomega, solrCloud *solrv1bet func expectPutSecurityJsonInZkCmd(g Gomega, expInitContainer *corev1.Container) { g.Expect(expInitContainer).To(Not(BeNil()), "Didn't find the setup-zk InitContainer in the sts!") - expCmd := "ZK_SECURITY_JSON=$(/opt/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost ${ZK_HOST} -cmd get /security.json); " + + expCmd := "ZK_SECURITY_JSON=$(/opt/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost ${ZK_HOST} -cmd get /security.json || echo 'failed-to-get-security.json'); " + "if [ ${#ZK_SECURITY_JSON} -lt 3 ]; then " + "echo $SECURITY_JSON > /tmp/security.json; " + "/opt/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost ${ZK_HOST} -cmd putfile /security.json /tmp/security.json; echo \"put security.json in ZK\"; fi" diff --git a/controllers/util/solr_security_util.go b/controllers/util/solr_security_util.go index d67dfe15..97f7e602 100644 --- a/controllers/util/solr_security_util.go +++ b/controllers/util/solr_security_util.go @@ -238,7 +238,7 @@ func addHostHeaderToProbe(httpGet *corev1.HTTPGetAction, host string) { func cmdToPutSecurityJsonInZk() string { scriptsDir := "/opt/solr/server/scripts/cloud-scripts" - cmd := " ZK_SECURITY_JSON=$(%s/zkcli.sh -zkhost ${ZK_HOST} -cmd get /security.json); " + cmd := " ZK_SECURITY_JSON=$(%s/zkcli.sh -zkhost ${ZK_HOST} -cmd get /security.json || echo 'failed-to-get-security.json'); " cmd += "if [ ${#ZK_SECURITY_JSON} -lt 3 ]; then echo $SECURITY_JSON > /tmp/security.json; %s/zkcli.sh -zkhost ${ZK_HOST} -cmd putfile /security.json /tmp/security.json; echo \"put security.json in ZK\"; fi" return fmt.Sprintf(cmd, scriptsDir, scriptsDir) } diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml index fca9878c..67a73363 100644 --- a/helm/solr-operator/Chart.yaml +++ b/helm/solr-operator/Chart.yaml @@ -62,6 +62,12 @@ annotations: - name: Github PR url: https://github.com/apache/solr-operator/pull/648 - kind: fixed + description: Avoid reset of security.json if get request fails + links: + - name: Github Issue + url: https://github.com/apache/solr-operator/issues/659 + - name: Github PR + url: https://github.com/apache/solr-operator/pull/660 description: SolrCloud scaling is now safe when using persistent storage with a 'Delete' reclaim policy links: - name: Github Issue From 938a7dacb463116784799edf81f93bf744a60755 Mon Sep 17 00:00:00 2001 From: Houston Putman Date: Tue, 2 Apr 2024 16:02:31 -0500 Subject: [PATCH 12/12] Fix changelog entry --- helm/solr-operator/Chart.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml index 67a73363..fd2b6da4 100644 --- a/helm/solr-operator/Chart.yaml +++ b/helm/solr-operator/Chart.yaml @@ -68,6 +68,7 @@ annotations: url: https://github.com/apache/solr-operator/issues/659 - name: Github PR url: https://github.com/apache/solr-operator/pull/660 + - kind: fixed description: SolrCloud scaling is now safe when using persistent storage with a 'Delete' reclaim policy links: - name: Github Issue