Replicate medusa bucket secrets to each Cass DC #1202
Conversation
rzvoncek
force-pushed
the
radovan/replicate-bucket-key-secrets
branch
2 times, most recently
from
489af31 to
1175b69
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #1202 +/- ##
==========================================
- Coverage 57.32% 57.28% -0.04%
==========================================
Files 103 103
Lines 10715 10759 +44
==========================================
+ Hits 6142 6163 +21
- Misses 4037 4054 +17
- Partials 536 542 +6
|
| @@ -229,7 +235,7 @@ func mergeStorageProperties( | |||
| configKey := types.NamespacedName{Namespace: namespace, Name: medusaSpec.MedusaConfigurationRef.Name} | |||
| if err := remoteClient.Get(ctx, configKey, storageProperties); err != nil { | |||
| logger.Error(err, fmt.Sprintf("failed to get MedusaConfiguration %s", configKey)) | |||
| return result.Error(err) | |||
| return result.RequeueSoon(r.DefaultDelay) | |||
There was a problem hiding this comment.
question: Why the change? The only difference I can see is the change of delay when reconcile happens (error will do a reconcile also - but with a backoff timer to prevent flooding the server which this doesn't).
There was a problem hiding this comment.
issue: This error handling is still incorrect, in case of error, err should be returned for proper requeue process (especially in this case when it can be Kubernetes API server overload or similar and we don't want to make it worse)
|
issue: I see no changes in the envtests, would you be able to add those as well? That provides so much faster response to changes so it helps other developers more than the e2e tests (which realistically, no one is running on their machine and wait until GHA throws something and they're not as easily debuggable). |
rzvoncek
force-pushed
the
radovan/replicate-bucket-key-secrets
branch
5 times, most recently
from
690dfc1 to
5f7fc60
Compare
|
Addressed the issue. Added env tests and updated e2e tests. |
rzvoncek
force-pushed
the
radovan/replicate-bucket-key-secrets
branch
2 times, most recently
from
b8562e8 to
0c5dab5
Compare
rzvoncek
force-pushed
the
radovan/replicate-bucket-key-secrets
branch
from
0c5dab5 to
604c696
Compare
|
Did another round of improvements. The return error vs. requeue was indeed a problem. All green now (aside from codecov). |
Co-authored-by: Alexander Dejanovski <alex.dejanovski@datastax.com>
|
What this PR does:
This PR adds a bucket secret reconciliation process. If Medusa is configured globally (meaning the cluster's medusa config features a
medusaConfigurationRef, then this process will make sure the bucket key secrets are properly replicated into the namespaces (and clusters) of each of the DCs. It will also alter the k8ssandra cluster to use the copied secret, instead of the original one.This PR does not implement the actual replication, it only makes a copy of the secret and places labels on it. We make a copy so that we can clean up after ourselves (the original secret is user-created and we should not touch it). The labels are then picked up by the secret reconciliation process which actually copies them over.
Which issue(s) this PR fixes:
Fixes #1159.
Checklist