K8SPG-613: replace initImage with initContainer (#1117)

* K8SPG-613: replace initImage with initContainer

https://perconadev.atlassian.net/browse/K8SPG-613

* fix unit-tests

* fix unit-test

* fix unit-test

* fix upgrade-consistency test

---------

Co-authored-by: Ege Güneş <[email protected]>

Author: pooknull

build/crd/crunchy/generated/postgres-operator.crunchydata.com_postgresclusters.yaml

@@ -10,7 +10,31 @@ metadata:
 #  - percona.com/delete-backups
 spec:
   crVersion: 2.7.0
-#  initImage: perconalab/percona-postgresql-operator:main
+#  initContainer:
+#    image: perconalab/percona-postgresql-operator:main
+#    resources:
+#      limits:
+#        cpu: 2.0
+#        memory: 4Gi
+#    containerSecurityContext:
+#      fsGroup: 1001
+#      runAsUser: 1001
+#      runAsNonRoot: true
+#      fsGroupChangePolicy: "OnRootMismatch"
+#      runAsGroup: 1001
+#      seLinuxOptions:
+#        type: spc_t
+#        level: s0:c123,c456
+#      seccompProfile:
+#        type: Localhost
+#        localhostProfile: localhost/profile.json
+#      supplementalGroups:
+#      - 1001
+#      sysctls:
+#      - name: net.ipv4.tcp_keepalive_time
+#        value: "600"
+#      - name: net.ipv4.tcp_keepalive_intvl
+#        value: "60"
 #  metadata:
 #    annotations:
 #      example-annotation: value
@@ -324,8 +348,31 @@ spec:
 #      metadata:
 #        labels:
       image: perconalab/percona-postgresql-operator:main-pgbackrest17
-#      initImage: perconalab/percona-postgresql-operator:main
-#
+#      initContainer:
+#        image: perconalab/percona-postgresql-operator:main
+#        resources:
+#          limits:
+#            cpu: 2.0
+#            memory: 4Gi
+#        containerSecurityContext:
+#          fsGroup: 1001
+#          runAsUser: 1001
+#          runAsNonRoot: true
+#          fsGroupChangePolicy: "OnRootMismatch"
+#          runAsGroup: 1001
+#          seLinuxOptions:
+#            type: spc_t
+#            level: s0:c123,c456
+#          seccompProfile:
+#            type: Localhost
+#            localhostProfile: localhost/profile.json
+#          supplementalGroups:
+#          - 1001
+#          sysctls:
+#          - name: net.ipv4.tcp_keepalive_time
+#            value: "600"
+#          - name: net.ipv4.tcp_keepalive_intvl
+#            value: "60"
 #      containers:
 #        pgbackrest:
 #          resources:

build/crd/percona/generated/pgv2.percona.com_perconapgclusters.yaml

@@ -11,4 +11,5 @@ commands:
       get_cr \
         | yq eval '
             .spec.crVersion="2.5.0"' - \
+        | yq eval ".spec.backups.pgbackrest.image=\"${IMAGE_BASE}:main-ppg$PG_VER-pgbackrest\"" - \
         | kubectl -n "${NAMESPACE}" apply -f -

config/crd/bases/pgv2.percona.com_perconapgclusters.yaml

@@ -11,6 +11,7 @@ commands:
       get_cr \
         | yq eval '
             .spec.crVersion="2.7.0"' - \
+        | yq eval ".spec.backups.pgbackrest.image=\"$IMAGE_BACKREST\"" - \
         | kubectl -n "${NAMESPACE}" apply -f -
 
       sleep 10

config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml

@@ -825,19 +825,42 @@ func generateBackupJobSpecIntent(ctx context.Context, postgresCluster *v1beta1.P
 		ImagePullPolicy: postgresCluster.Spec.ImagePullPolicy,
 		Name:            naming.PGBackRestRepoContainerName,
 		SecurityContext: initialize.RestrictedSecurityContext(postgresCluster.CompareVersion("2.5.0") >= 0), // K8SPG-260
-		// K8SPG-613
-		VolumeMounts: []corev1.VolumeMount{
-			{
-				Name:      pNaming.CrunchyBinVolumeName,
-				MountPath: pNaming.CrunchyBinVolumePath,
-			},
-		},
 	}
 
 	if postgresCluster.Spec.Backups.PGBackRest.Jobs != nil {
 		container.Resources = postgresCluster.Spec.Backups.PGBackRest.Jobs.Resources
 	}
 
+	// K8SPG-613
+	var initContainers []corev1.Container
+	volumes := []corev1.Volume{}
+	if postgresCluster.CompareVersion("2.7.0") >= 0 {
+		container.VolumeMounts = []corev1.VolumeMount{
+			{
+				Name:      pNaming.CrunchyBinVolumeName,
+				MountPath: pNaming.CrunchyBinVolumePath,
+			},
+		}
+		initContainers = []corev1.Container{
+			k8s.InitContainer(
+				naming.PGBackRestRepoContainerName,
+				initImage,
+				postgresCluster.Spec.ImagePullPolicy,
+				initialize.RestrictedSecurityContext(true),
+				container.Resources,
+				&postgresCluster.Spec.Backups.PGBackRest,
+			),
+		}
+		volumes = []corev1.Volume{
+			{
+				Name: pNaming.CrunchyBinVolumeName,
+				VolumeSource: corev1.VolumeSource{
+					EmptyDir: &corev1.EmptyDirVolumeSource{},
+				},
+			},
+		}
+	}
+
 	jobSpec := &batchv1.JobSpec{
 		Template: corev1.PodTemplateSpec{
 			ObjectMeta: metav1.ObjectMeta{Labels: labels, Annotations: annotations},
@@ -857,24 +880,9 @@ func generateBackupJobSpecIntent(ctx context.Context, postgresCluster *v1beta1.P
 				SecurityContext:    initialize.PodSecurityContext(),
 				ServiceAccountName: serviceAccountName,
 				// K8SPG-613
-				Volumes: []corev1.Volume{
-					{
-						Name: pNaming.CrunchyBinVolumeName,
-						VolumeSource: corev1.VolumeSource{
-							EmptyDir: &corev1.EmptyDirVolumeSource{},
-						},
-					},
-				},
+				Volumes: volumes,
 				// K8SPG-613
-				InitContainers: []corev1.Container{
-					k8s.InitContainer(
-						naming.PGBackRestRepoContainerName,
-						initImage,
-						postgresCluster.Spec.ImagePullPolicy,
-						initialize.RestrictedSecurityContext(postgresCluster.CompareVersion("2.5.0") >= 0),
-						container.Resources,
-					),
-				},
+				InitContainers: initContainers,
 			},
 		},
 	}

deploy/bundle.yaml

@@ -57,16 +57,23 @@ func fakePostgresCluster(clusterName, namespace, clusterUID string,
 			Name:      clusterName,
 			Namespace: namespace,
 			UID:       types.UID(clusterUID),
+			Labels: map[string]string{
+				naming.LabelVersion: "2.7.0",
+			},
 		},
 		Spec: v1beta1.PostgresClusterSpec{
 			Port:            initialize.Int32(5432),
 			Shutdown:        initialize.Bool(false),
 			PostgresVersion: 13,
-			ImagePullSecrets: []corev1.LocalObjectReference{{
-				Name: "myImagePullSecret"},
+			ImagePullSecrets: []corev1.LocalObjectReference{
+				{
+					Name: "myImagePullSecret",
+				},
+			},
+			InitContainer: &v1beta1.InitContainerSpec{
+				Image: "some-init-image",
 			},
-			InitImage: "some-init-image",
-			Image:     "example.com/crunchy-postgres-ha:test",
+			Image: "example.com/crunchy-postgres-ha:test",
 			InstanceSets: []v1beta1.PostgresInstanceSetSpec{{
 				Name: "instance1",
 				DataVolumeClaimSpec: corev1.PersistentVolumeClaimSpec{
@@ -334,6 +341,8 @@ schedulerName: default-scheduler
 securityContext:
   fsGroup: 26
   fsGroupChangePolicy: OnRootMismatch
+serviceAccount: hippocluster-pgbackrest
+serviceAccountName: hippocluster-pgbackrest
 shareProcessNamespace: true
 terminationGracePeriodSeconds: 30
 tolerations:
@@ -2456,7 +2465,7 @@ func TestGenerateBackupJobIntent(t *testing.T) {
 					Name:      "",
 					Namespace: "",
 					Labels: map[string]string{
-						naming.LabelVersion: "2.5.0",
+						naming.LabelVersion: "2.7.0",
 					},
 				},
 			},
@@ -2778,7 +2787,7 @@ func TestGenerateRestoreJobIntent(t *testing.T) {
 		err := r.generateRestoreJobIntent(&v1beta1.PostgresCluster{
 			ObjectMeta: metav1.ObjectMeta{
 				Labels: map[string]string{
-					naming.LabelVersion: "2.5.0",
+					naming.LabelVersion: "2.7.0",
 				},
 			},
 		}, "", "",
@@ -2826,7 +2835,7 @@ func TestGenerateRestoreJobIntent(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "test",
 			Labels: map[string]string{
-				naming.LabelVersion: "2.5.0",
+				naming.LabelVersion: "2.7.0",
 			},
 		},
 		Spec: v1beta1.PostgresClusterSpec{
@@ -2995,7 +3004,7 @@ func TestObserveRestoreEnv(t *testing.T) {
 				Name:      clusterName,
 				Namespace: namespace,
 				Labels: map[string]string{
-					naming.LabelVersion: "2.5.0",
+					naming.LabelVersion: "2.7.0",
 				},
 			},
 		}
@@ -3232,7 +3241,7 @@ func TestPrepareForRestore(t *testing.T) {
 				Name:      clusterName,
 				Namespace: namespace,
 				Labels: map[string]string{
-					naming.LabelVersion: "2.5.0",
+					naming.LabelVersion: "2.7.0",
 				},
 			},
 		}

deploy/cr.yaml

@@ -119,7 +119,9 @@ func readDefaultCR(name, namespace string) (*v2.PerconaPGCluster, error) {
 	if cr.Annotations == nil {
 		cr.Annotations = make(map[string]string)
 	}
-	cr.Spec.InitImage = "some-image"
+	cr.Spec.InitContainer = &v1beta1.InitContainerSpec{
+		Image: "some-image",
+	}
 	cr.Annotations[pNaming.AnnotationCustomPatroniVersion] = "4.0.0"
 	cr.Namespace = namespace
 	cr.Status.Postgres.Version = cr.Spec.PostgresVersion

deploy/crd.yaml

@@ -82,7 +82,9 @@ func readDefaultCR(name, namespace string) (*v2.PerconaPGCluster, error) {
 	if cr.Annotations == nil {
 		cr.Annotations = make(map[string]string)
 	}
-	cr.Spec.InitImage = "some-image"
+	cr.Spec.InitContainer = &v1beta1.InitContainerSpec{
+		Image: "some-image",
+	}
 	cr.Annotations[pNaming.AnnotationCustomPatroniVersion] = "4.0.0"
 	cr.Namespace = namespace
 	cr.Status.Postgres.Version = cr.Spec.PostgresVersion

deploy/cw-bundle.yaml

@@ -39,11 +39,19 @@ func GetWatchNamespace() (string, error) {
 	return ns, nil
 }
 
-func InitContainer(component, image string,
+func InitContainer(componentName, image string,
 	pullPolicy corev1.PullPolicy,
 	secCtx *corev1.SecurityContext,
 	resources corev1.ResourceRequirements,
+	component ComponentWithInit,
 ) corev1.Container {
+	if component != nil && component.GetInitContainer() != nil && component.GetInitContainer().Resources != nil {
+		resources = *component.GetInitContainer().Resources
+	}
+	if component != nil && component.GetInitContainer() != nil && component.GetInitContainer().ContainerSecurityContext != nil {
+		secCtx = component.GetInitContainer().ContainerSecurityContext
+	}
+
 	volumeMounts := []corev1.VolumeMount{
 		{
 			Name:      naming.CrunchyBinVolumeName,
@@ -52,7 +60,7 @@ func InitContainer(component, image string,
 	}
 
 	return corev1.Container{
-		Name:                     component + "-init",
+		Name:                     componentName + "-init",
 		Image:                    image,
 		ImagePullPolicy:          pullPolicy,
 		VolumeMounts:             volumeMounts,
@@ -65,15 +73,15 @@ func InitContainer(component, image string,
 }
 
 type ComponentWithInit interface {
-	GetInitImage() string
+	GetInitContainer() *v1beta1.InitContainerSpec
 }
 
 func InitImage(ctx context.Context, cl client.Reader, cluster *v1beta1.PostgresCluster, componentWithInit ComponentWithInit) (string, error) {
-	if componentWithInit != nil && componentWithInit.GetInitImage() != "" {
-		return componentWithInit.GetInitImage(), nil
+	if componentWithInit != nil && componentWithInit.GetInitContainer() != nil && componentWithInit.GetInitContainer().Image != "" {
+		return componentWithInit.GetInitContainer().Image, nil
 	}
-	if cluster != nil && len(cluster.Spec.InitImage) > 0 {
-		return cluster.Spec.InitImage, nil
+	if cluster != nil && cluster.Spec.InitContainer != nil && len(cluster.Spec.InitContainer.Image) > 0 {
+		return cluster.Spec.InitContainer.Image, nil
 	}
 	return operatorImage(ctx, cl)
 }