Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix dependency issue when using encrypted PVCs for VSHNPostgreSQL #236

Merged
merged 1 commit into from
Sep 27, 2024
Merged

Fix dependency issue when using encrypted PVCs for VSHNPostgreSQL #236

merged 1 commit into from
Sep 27, 2024

Conversation

TheBigLee
Copy link
Member

@TheBigLee TheBigLee commented Sep 26, 2024
edited
Loading

Summary

There was a dependency loop that prevented the creation of VSHNPostgreSQL instances that use encrypted PVCs:

  • The SGCluster object can't be created before the luks secret for the PVC is generated
  • The luks secret can't be created without getting the instance count of the cluster object

This has been resolved by relying on the instance count from the composite and also waiting for the luks secrets to be present before attempting to access the sgcluster object to be able to override the storageClass for the PVCs

Checklist

  • Categorize the PR by setting a good title and adding one of the labels:
    bug, enhancement, documentation, change, breaking, dependency
    as they show up in the changelog
  • Update tests.

@TheBigLee TheBigLee added bug Something isn't working patch labels Sep 26, 2024
@TheBigLee TheBigLee requested review from a team, Kidswiss, wejdross and zugao and removed request for a team September 26, 2024 14:13
@vshnbot vshnbot mentioned this pull request Sep 26, 2024
Merged
3 tasks
@TheBigLee
Fix dependency issue when using encrypted PVCs for VSHNPostgreSQL
2d6b9df 
There was a dependency loop that prevented the creation of
VSHNPostgreSQL instances that use encrypted PVCs:
* The SGCluster object can't be created before the luks secret for the
PVC is generated
* The luks secret can't be created without getting the instance count of
the cluster object

This has been resolved by relying on the instance count from the
composite and also waiting for the luks secrets to be present before
attempting to access the sgcluster object to be able to override the
storageClass for the PVCs

Signed-off-by: Nicolas Bigler <nicolas.bigler@vshn.ch>
@TheBigLee TheBigLee force-pushed the fix/psql_encrypted_disk branch from 154b83d to 2d6b9df Compare September 26, 2024 14:48
wejdross
wejdross approved these changes Sep 26, 2024
View reviewed changes
Copy link
Member

@wejdross wejdross left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please test it in LAB with:

  • fresh installation
  • test behavior of already working instance with encryption enabled (if we have any)

Kidswiss
Kidswiss approved these changes Sep 27, 2024
View reviewed changes
Copy link
Contributor

@Kidswiss Kidswiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, if it was tested on the lab.

pkg/comp-functions/runtime/function_mgr.go Show resolved Hide resolved
@TheBigLee TheBigLee merged commit 9785f4b into master Sep 27, 2024
8 checks passed
@TheBigLee TheBigLee deleted the fix/psql_encrypted_disk branch September 27, 2024 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wejdross wejdross wejdross approved these changes

@Kidswiss Kidswiss Kidswiss approved these changes

@zugao zugao Awaiting requested review from zugao zugao was automatically assigned from vshn/schedar

Assignees
No one assigned
Labels
bug Something isn't working patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TheBigLee @Kidswiss @wejdross