Merge branch 'main' into K8SPG-837

Author: hors

.github/workflows/reviewdog.yml

@@ -5,7 +5,7 @@ jobs:
     name: runner / suggester / golangci-lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version: '^1.25.1'
       - uses: actions/checkout@v5
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version: '^1.25.1'
       - run: go install -v github.com/incu6us/goimports-reviser/v3@latest
@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version: '^1.25.1'
       - run: go install mvdan.cc/sh/v3/cmd/shfmt@latest

.github/workflows/test.yml

@@ -8,7 +8,7 @@ jobs:
       - name: Clone the code
         uses: actions/checkout@v5
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: '^1.25.1'
       - uses: actions/checkout@v5

cmd/postgres-operator/main.go

@@ -163,6 +163,15 @@ func addControllersToManager(ctx context.Context, mgr manager.Manager) error {
 		return errors.New("missing controller in manager")
 	}
 
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&v2.PerconaPGCluster{},
+		v2.IndexFieldEnvFromSecrets,
+		v2.EnvFromSecretsIndexerFunc,
+	); err != nil {
+		return err
+	}
+
 	externalEvents := make(chan event.GenericEvent)
 	stopChan := make(chan event.DeleteEvent)
 

percona/controller/pgcluster/controller.go

@@ -106,6 +106,7 @@ func (r *PGClusterReconciler) SetupWithManager(mgr manager.Manager) error {
 		For(&v2.PerconaPGCluster{}).
 		Owns(&v1beta1.PostgresCluster{}).
 		WatchesRawSource(source.Kind(mgr.GetCache(), &corev1.Service{}, r.watchServices())).
+		Watches(&corev1.Secret{}, r.watchEnvFromSecrets()).
 		WatchesRawSource(source.Kind(mgr.GetCache(), &corev1.Secret{}, r.watchSecrets())).
 		WatchesRawSource(source.Kind(mgr.GetCache(), &batchv1.Job{}, r.watchBackupJobs())).
 		WatchesRawSource(source.Kind(mgr.GetCache(), &v2.PerconaPGBackup{}, r.watchPGBackups())).
@@ -165,6 +166,33 @@ func (r *PGClusterReconciler) watchPGBackups() handler.TypedFuncs[*v2.PerconaPGB
 	}
 }
 
+func (r *PGClusterReconciler) watchEnvFromSecrets() handler.TypedEventHandler[client.Object, reconcile.Request] {
+	return handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request {
+		log := logf.FromContext(ctx).WithName("watchEnvFromSecrets")
+
+		secret, ok := obj.(*corev1.Secret)
+		if !ok {
+			return nil
+		}
+
+		var clusters v2.PerconaPGClusterList
+		if err := r.Client.List(ctx, &clusters, client.MatchingFields{
+			v2.IndexFieldEnvFromSecrets: secret.Name,
+		}, client.InNamespace(secret.Namespace)); err != nil {
+			log.Error(err, "Failed to list clusters by env from secrets index failed", "key", client.ObjectKeyFromObject(secret).String())
+			return nil
+		}
+
+		reqs := make([]reconcile.Request, 0, len(clusters.Items))
+		for _, cr := range clusters.Items {
+			reqs = append(reqs, reconcile.Request{
+				NamespacedName: client.ObjectKeyFromObject(&cr),
+			})
+		}
+		return reqs
+	})
+}
+
 func (r *PGClusterReconciler) watchSecrets() handler.TypedFuncs[*corev1.Secret, reconcile.Request] {
 	return handler.TypedFuncs[*corev1.Secret, reconcile.Request]{
 		UpdateFunc: func(ctx context.Context, e event.TypedUpdateEvent[*corev1.Secret], q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
@@ -281,7 +309,7 @@ func (r *PGClusterReconciler) Reconcile(ctx context.Context, request reconcile.R
 		return reconcile.Result{}, errors.Wrap(err, "failed to handle monitor user password change")
 	}
 
-	if err := r.handleEnvFromSecrets(ctx, cr); err != nil {
+	if err := r.reconcileEnvFromSecrets(ctx, cr); err != nil {
 		return reconcile.Result{}, errors.Wrap(err, "failed to handle envFrom secrets")
 	}
 
@@ -721,7 +749,7 @@ func (r *PGClusterReconciler) reconcilePMM(ctx context.Context, cr *v2.PerconaPG
 	return nil
 }
 
-func (r *PGClusterReconciler) handleEnvFromSecrets(ctx context.Context, cr *v2.PerconaPGCluster) error {
+func (r *PGClusterReconciler) reconcileEnvFromSecrets(ctx context.Context, cr *v2.PerconaPGCluster) error {
 	m := make(map[*[]corev1.EnvFromSource]*v1beta1.Metadata)
 
 	for i := 0; i < len(cr.Spec.InstanceSets); i++ {
@@ -759,7 +787,7 @@ func (r *PGClusterReconciler) handleEnvFromSecrets(ctx context.Context, cr *v2.P
 			metadata.Annotations = make(map[string]string)
 		}
 
-		// If the currentHash is the same  is the on the STS, restart will not  happen
+		// If the currentHash is the same on the STS, restart will not happen
 		metadata.Annotations[pNaming.AnnotationEnvVarsSecretHash] = getSecretHash(secrets...)
 	}
 

percona/controller/pgcluster/secret.go

@@ -6,27 +6,20 @@ import (
 	"fmt"
 
 	corev1 "k8s.io/api/core/v1"
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	"github.com/percona/percona-postgresql-operator/internal/logging"
 	v2 "github.com/percona/percona-postgresql-operator/pkg/apis/pgv2.percona.com/v2"
 )
 
 func getEnvFromSecrets(ctx context.Context, cl client.Client, cr *v2.PerconaPGCluster, envFromSource []corev1.EnvFromSource) ([]corev1.Secret, error) {
-	log := logging.FromContext(ctx)
 	var secrets []corev1.Secret
 	for _, source := range envFromSource {
 		var secret corev1.Secret
 		if err := cl.Get(ctx, types.NamespacedName{
 			Name:      source.SecretRef.Name,
 			Namespace: cr.Namespace,
 		}, &secret); err != nil {
-			if k8serrors.IsNotFound(err) {
-				log.V(1).Info(fmt.Sprintf("Secret %s not found", secret.Name))
-				continue
-			}
 			return nil, err
 		}
 		secrets = append(secrets, secret)

percona/watcher/wal.go

@@ -162,6 +162,7 @@ func getLatestBackup(ctx context.Context, cli client.Client, cr *pgv2.PerconaPGC
 	return latest, nil
 }
 
+// GetLatestCommitTimestamp gets the timestamp of the latest commit.
 func GetLatestCommitTimestamp(ctx context.Context, cli client.Client, execCli *clientcmd.Client, cr *pgv2.PerconaPGCluster, backup *pgv2.PerconaPGBackup) (*metav1.Time, error) {
 	log := logging.FromContext(ctx)
 

percona/watcher/wal_test.go

@@ -2,6 +2,7 @@ package watcher
 
 import (
 	"context"
+	"errors"
 	"testing"
 	"time"
 
@@ -310,3 +311,49 @@ func TestGetLatestBackup(t *testing.T) {
 		})
 	}
 }
+
+func TestGetLatestCommitTimestamp(t *testing.T) {
+	ctx := context.Background()
+
+	tests := map[string]struct {
+		pods        []client.Object
+		backup      *pgv2.PerconaPGBackup
+		cluster     *pgv2.PerconaPGCluster
+		expectedErr error
+	}{
+		"primary pod not found due to invalid patroni version": {
+			pods: []client.Object{},
+			backup: &pgv2.PerconaPGBackup{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "backup1",
+					Namespace: "test-ns",
+				},
+				Spec: pgv2.PerconaPGBackupSpec{
+					PGCluster: "test-cluster",
+					RepoName:  "repo1",
+				},
+			},
+			cluster: &pgv2.PerconaPGCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-cluster",
+					Namespace: "test-ns",
+				},
+				Status: pgv2.PerconaPGClusterStatus{
+					Patroni: pgv2.Patroni{
+						Version: "error",
+					},
+				},
+			},
+			expectedErr: errors.New("failed to get patroni version: Malformed version: error: primary pod not found"),
+		},
+	}
+	for name, tt := range tests {
+		t.Run(name, func(t *testing.T) {
+			c := testutils.BuildFakeClient(tt.pods...)
+
+			_, err := GetLatestCommitTimestamp(ctx, c, nil, tt.cluster, tt.backup)
+
+			assert.EqualError(t, err, tt.expectedErr.Error())
+		})
+	}
+}

pkg/apis/pgv2.percona.com/v2/perconapgcluster_types.go

@@ -8,6 +8,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	"github.com/percona/percona-postgresql-operator/internal/config"
@@ -1080,3 +1081,49 @@ const (
 func (pgc PerconaPGCluster) UserMonitoring() string {
 	return pgc.Name + "-" + naming.RolePostgresUser + "-" + UserMonitoring
 }
+
+func (cr *PerconaPGCluster) EnvFromSecrets() []string {
+	secrets := []string{}
+
+	for i := 0; i < len(cr.Spec.InstanceSets); i++ {
+		set := &cr.Spec.InstanceSets[i]
+		if len(set.EnvFrom) == 0 {
+			continue
+		}
+		for _, envFrom := range set.EnvFrom {
+			if envFrom.SecretRef == nil {
+				continue
+			}
+			secrets = append(secrets, envFrom.SecretRef.Name)
+		}
+	}
+
+	if len(cr.Spec.Proxy.PGBouncer.EnvFrom) > 0 {
+		for _, envFrom := range cr.Spec.Proxy.PGBouncer.EnvFrom {
+			if envFrom.SecretRef == nil {
+				continue
+			}
+			secrets = append(secrets, envFrom.SecretRef.Name)
+		}
+	}
+
+	if len(cr.Spec.Backups.PGBackRest.EnvFrom) > 0 {
+		for _, envFrom := range cr.Spec.Backups.PGBackRest.EnvFrom {
+			if envFrom.SecretRef == nil {
+				continue
+			}
+			secrets = append(secrets, envFrom.SecretRef.Name)
+		}
+	}
+	return secrets
+}
+
+const IndexFieldEnvFromSecrets = "pgCluster.envFromSecrets" //nolint:gosec
+
+var EnvFromSecretsIndexerFunc client.IndexerFunc = func(obj client.Object) []string {
+	cr, ok := obj.(*PerconaPGCluster)
+	if !ok {
+		return nil
+	}
+	return cr.EnvFromSecrets()
+}