Merge branch 'main' into CLOUD-727-bump-go-ver1.23

README.md

@@ -9,25 +9,22 @@
 ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/percona/percona-server-mongodb-operator)
 [![Go Report Card](https://goreportcard.com/badge/github.com/percona/percona-server-mongodb-operator)](https://goreportcard.com/report/github.com/percona/percona-server-mongodb-operator)
 
-[Percona Operator for MongoDB](https://github.com/percona/percona-server-mongodb-operator) automates the creation, modification, or deletion of items in your Percona Server for MongoDB environment. The Operator contains the necessary Kubernetes settings to maintain a consistent Percona Server for MongoDB instance, be it a replica set or a sharded cluster.
+[Percona Operator for MongoDB](https://github.com/percona/percona-server-mongodb-operator) deploys and manages Percona Server for MongoDB on Kubernetes with ease. Automate deployments, scaling, and day-to-day operations for both replica sets and sharded clusters. Deploy with confidence and focus on your applications, not your database.
 
-Based on our best practices for deployment and configuration, Percona Operator for MongoDB contains everything you need to quickly and consistently deploy and scale Percona Server for MongoDB instances into a Kubernetes cluster on-premises or in the cloud. It provides the following features to keep your Percona Server for MongoDB deployment healthy:
+- Automated workflows for simplified management
+- High availability with no single point of failure
+- Easy sharding and scaling
+- Integrated backups and monitoring
+- Automated updates and password rotation
+- Support for private container registries
 
-- Easy deployment with no single point of failure
-- Sharding support
-- Scheduled and manual backups
-- Integrated monitoring with [Percona Monitoring and Management](https://www.percona.com/software/database-tools/percona-monitoring-and-management)
-- Smart update to keep your database software up to date automatically
-- Automated password rotation – use the standard Kubernetes API to enforce password rotation policies for system user
-- Private container image registries
-
-You interact with Percona Operator mostly via the command line tool. If you feel more comfortable with operating the Operator and database clusters via the web interface, there is [Percona Everest](https://docs.percona.com/everest/index.html) - an open-source web-based database provisioning tool available for you. It automates day-to-day database management operations for you, reducing the overall administrative overhead. [Get started with Percona Everest](https://docs.percona.com/everest/quickstart-guide/quick-install.html).
+While the Percona Operator is primarily managed through the command line, you can also use **[Percona Everest](https://docs.percona.com/everest/index.html)** for a web-based user interface. This open-source tool provides a streamlined experience for provisioning and managing your databases, simplifying day-to-day tasks and reducing administrative overhead. Learn more about Percona Everest in the [documentation](https://docs.percona.com/everest/index.html) or jump right in with the [quickstart guide](https://docs.percona.com/everest/quickstart-guide/quick-install.html).
 
 # Architecture
 
 Percona Operators are based on the [Operator SDK](https://github.com/operator-framework/operator-sdk) and leverage Kubernetes primitives to follow best [CNCF](https://www.cncf.io/) practices.
 
- Learn more about [architecture and design decisions](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/architecture.html).
+Learn more about [architecture and design decisions](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/architecture.html).
 
 ## Documentation
 
@@ -53,41 +50,25 @@ kubectl apply --server-side -f https://raw.githubusercontent.com/percona/percona
 kubectl apply -f https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/deploy/cr-minimal.yaml
 ```
 
+# Need help?
+
+
+**Commercial Support**  | **Community Support** |
+:-: | :-: |
+| <br/>Enterprise-grade assistance for your mission-critical MongoDB deployments with the Percona Operator for MongoDB. Get expert guidance for complex tasks like multi-cloud replication, database migration and building platforms.<br/><br/>  | <br/>Connect with our engineers and fellow users for general questions, troubleshooting, and sharing feedback and ideas.<br/><br/>  | 
+| **[Get Percona Support](https://hubs.ly/Q02ZTH830)** | **[Visit our Forum](https://forums.percona.com/c/mongodb/percona-kubernetes-operator-for-mongodb/29)** |
+
 # Contributing
 
 Percona welcomes and encourages community contributions to help improve Percona Kubernetes Operator for Percona Server for MongoDB.
 
 See the [Contribution Guide](CONTRIBUTING.md) and [Building and Testing Guide](e2e-tests/README.md) for more information on how you can contribute.
 
-## Communication
-
-We would love to hear from you! Reach out to us on [Forum](https://forums.percona.com/c/mongodb/percona-kubernetes-operator-for-mongodb/29) with your questions, feedback and ideas
-
-# Join Percona Kubernetes Squad!                                                                           
-```                                                                                     
-                    %                        _____                
-                   %%%                      |  __ \                                          
-                 ###%%%%%%%%%%%%*           | |__) |__ _ __ ___ ___  _ __   __ _             
-                ###  ##%%      %%%%         |  ___/ _ \ '__/ __/ _ \| '_ \ / _` |            
-              ####     ##%       %%%%       | |  |  __/ | | (_| (_) | | | | (_| |            
-             ###        ####      %%%       |_|   \___|_|  \___\___/|_| |_|\__,_|           
-           ,((###         ###     %%%        _      _          _____                       _
-          (((( (###        ####  %%%%       | |   / _ \       / ____|                     | | 
-         (((     ((#         ######         | | _| (_) |___  | (___   __ _ _   _  __ _  __| | 
-       ((((       (((#        ####          | |/ /> _ </ __|  \___ \ / _` | | | |/ _` |/ _` |
-      /((          ,(((        *###         |   <| (_) \__ \  ____) | (_| | |_| | (_| | (_| |
-    ////             (((         ####       |_|\_\\___/|___/ |_____/ \__, |\__,_|\__,_|\__,_|
-   ///                ((((        ####                                  | |                  
- /////////////(((((((((((((((((########                                 |_|   Join @ percona.com/k8s   
-```
-
-You can get early access to new product features, invite-only ”ask me anything” sessions with Percona Kubernetes experts, and monthly swag raffles. Interested? Fill in the form at [percona.com/k8s](https://www.percona.com/k8s).
-
-# Roadmap
+## Roadmap
 
 We have a public roadmap which can be found [here](https://github.com/orgs/percona/projects/10). Please feel free to contribute and propose new features by following the roadmap [guidelines](https://github.com/percona/roadmap).
 
-# Submitting Bug Reports
+## Submitting Bug Reports
 
 If you find a bug in Percona Docker Images or in one of the related projects, please submit a report to that project's [JIRA](https://jira.percona.com/projects/K8SPSMDB/issues/K8SPSMDB-555?filter=allopenissues) issue tracker or [create a GitHub issue](https://docs.github.com/en/issues/tracking-your-work-with-issues/creating-an-issue#creating-an-issue-from-a-repository) in this repository.
 

e2e-tests/balancer/conf/backup-minio.yml

@@ -0,0 +1,9 @@
+apiVersion: psmdb.percona.com/v1
+kind: PerconaServerMongoDBBackup
+metadata:
+  finalizers:
+    - percona.com/delete-backup
+  name: backup-minio
+spec:
+  clusterName: some-name
+  storageName: minio

e2e-tests/balancer/conf/restore.yml

@@ -0,0 +1,7 @@
+apiVersion: psmdb.percona.com/v1
+kind: PerconaServerMongoDBRestore
+metadata:
+  name:
+spec:
+  clusterName: some-name
+  backupName:

e2e-tests/balancer/conf/some-name-rs0.yml

@@ -7,7 +7,17 @@ spec:
   image:
   imagePullPolicy: Always
   backup:
-    enabled: false
+    enabled: true
+    image: perconalab/percona-server-mongodb-operator:1.1.0-backup
+    storages:
+      minio:
+        type: s3
+        s3:
+          credentialsSecret: minio-secret
+          region: us-east-1
+          bucket: operator-testing
+          endpointUrl: http://minio-service:9000/
+          insecureSkipTLSVerify: false
   sharding:
     enabled: true
     configsvrReplSet:

e2e-tests/balancer/run

@@ -1,63 +1,77 @@
 #!/bin/bash
 
 set -o errexit
-set -o xtrace
 
 test_dir=$(realpath "$(dirname "$0")")
 . "${test_dir}/../functions"
 set_debug
 
-check_balancer() {
-	local expected=$1 # should be "full" (running balancer) or "off" (disabled balancer)
+log() {
+	echo "[$(date +%Y-%m-%dT%H:%M:%S%z)]" $*
+}
 
+check_balancer() {
+	local cluster=$1
+	local expected=$2 # should be "true" (enabled) or "false" (disabled)
+	local delay=${3:-"0"}
 	local balancer_running
-	balancer_running=$(run_mongos 'db.adminCommand({balancerStatus: 1}).mode' "clusterAdmin:clusterAdmin123456@$cluster-mongos.$namespace" \
-		| grep -E -v "Percona Server for MongoDB|connecting to:|Implicit session:|versions do not match|Error saving history file:|bye")
 
+	log "sleeping for ${delay} seconds..."
+	sleep ${delay}
+
+	balancer_running=$(run_mongosh 'sh.getBalancerState()' "clusterAdmin:clusterAdmin123456@${cluster}-cfg.${namespace}" \
+		| grep -E -v 'Warning|cfg' | grep -E 'true|false')
+
+	echo -n "checking if balancer status is ${expected}..."
 	if [[ $balancer_running != "$expected" ]]; then
-		echo "Unexpected output from \"db.adminCommand({balancerStatus: 1}).mode\": $balancer_running"
-		echo "Expected $expected"
+		echo
+		log "Unexpected output from \"sh.getBalancerState()\": $balancer_running"
+		log "Expected: $expected"
 		exit 1
 	fi
+	echo "OK"
 }
 
-check_service() {
-	state=$1
-	svc_name=$2
-	if [ $state = "present" ]; then
-		echo -n "check that $svc_name was created"
-		local timeout=0
-		until kubectl_bin get service/$svc_name -o 'jsonpath={.spec.type}' 2>&1 | grep -vq NotFound; do
-			sleep 1
-			timeout=$((timeout + 1))
-			echo -n '.'
-			if [[ ${timeout} -gt 900 ]]; then
-				echo "Waiting timeout has been reached. Service $svc_name is not present. Exiting..."
-				exit 1
-			fi
-		done
-		echo ".OK"
-	elif [ $state = "removed" ]; then
-		echo -n "check that $svc_name was removed"
-		if [[ -z $(kubectl_bin get service/$svc_name -o 'jsonpath={.spec.type}' 2>&1 | grep NotFound) ]]; then
-			echo "$svc_name was not removed."
-			exit 1
-		else
-			echo ".OK"
-		fi
-	else
-		echo "unknown state $state"
-	fi
+check_backup_and_restore() {
+	local cluster=$1
+	local backup_suffix=$2
+	local balancer_end_state=$3
+	local backup_name="backup-minio-${backup_suffix}"
+
+	log "running backup: ${backup_name}"
+	run_backup "minio" "${backup_name}"
+	wait_backup "${backup_name}" "requested"
+
+	log "checking if balancer is disabled"
+	check_balancer ${cluster} "false"
+
+	wait_backup "${backup_name}" "ready"
+
+	log "checking if balancer is ${balancer_end_state} after backup"
+	check_balancer ${cluster} ${balancer_end_state} 10
+
+	log "running restore: restore-${backup_name}"
+	run_restore "${backup_name}"
+	log "checking if balancer status is not changed"
+	check_balancer ${cluster} "${balancer_end_state}" 4
+
+	wait_restore ${backup_name} ${cluster} "ready"
+
+	log "checking if balancer is ${balancer_end_state} after restore"
+	check_balancer ${cluster} ${balancer_end_state} 10
 }
 
 main() {
 	create_infra "$namespace"
 
+	deploy_minio
+	apply_s3_storage_secrets
+
 	desc 'create first PSMDB cluster'
 	cluster="some-name"
 	kubectl_bin apply \
 		-f "$conf_dir/secrets.yml" \
-		-f "$conf_dir/client.yml"
+		-f "$conf_dir/client-70.yml"
 
 	if version_gt "1.19" && [ $EKS -ne 1 ]; then
 		$sed 's/docker/runc/g' "$conf_dir/container-rc.yaml" | kubectl_bin apply -f -
@@ -70,30 +84,22 @@ main() {
 	apply_cluster "$test_dir/conf/$cluster-rs0.yml"
 
 	desc 'check if all 3 Pods started'
-	wait_for_running $cluster-rs0 3
+	wait_for_running $cluster-rs0 3 "false"
 	wait_for_running $cluster-cfg 3 "false"
 	wait_for_running $cluster-mongos 3
-	sleep 20
-	check_balancer "full"
+	check_balancer ${cluster} "true" 10
+
+	check_backup_and_restore ${cluster} "0" "true"
 
 	desc 'disabling balancer'
 	kubectl patch psmdb some-name --type=merge -p '{"spec":{"sharding":{"balancer":{"enabled":false}}}}'
-	sleep 20
-	check_balancer "off"
+	check_balancer ${cluster} "false" 10
+
+	check_backup_and_restore ${cluster} "1" "false"
 
 	desc 'enabling balancer'
 	kubectl patch psmdb some-name --type=merge -p '{"spec":{"sharding":{"balancer":{"enabled":true}}}}'
-	sleep 20
-	check_balancer "full"
-
-	# Add check that servicePerPod creates 3 services for the running cluster
-	desc 'enabling servicePerPod for mongos'
-	kubectl patch psmdb some-name --type=merge -p '{"spec":{"sharding":{"mongos":{"expose":{"servicePerPod":true}}}}}'
-	wait_for_running $cluster-mongos 3
-	check_service present $cluster-mongos-0
-	check_service present $cluster-mongos-1
-	check_service present $cluster-mongos-2
-	check_service removed $cluster-mongos
+	check_balancer ${cluster} "true" 10
 
 	destroy "$namespace"
 }

e2e-tests/conf/client-70.yml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: psmdb-client
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: psmdb-client
+  template:
+    metadata:
+      labels:
+        name: psmdb-client
+    spec:
+      terminationGracePeriodSeconds: 10
+      containers:
+        - name: psmdb-client
+          image: percona/percona-server-mongodb:7.0
+          imagePullPolicy: Always
+          command:
+          - sleep
+          args:
+          - "100500"

e2e-tests/custom-replset-name/conf/some-name.yml

@@ -3,7 +3,7 @@ kind: PerconaServerMongoDB
 metadata:
   name: some-name
 spec:
-  crVersion: 1.16.0
+  crVersion: 1.18.0
   backup:
     enabled: true
     image: percona/percona-backup-mongodb:2.0.4

e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg-oc.yml

@@ -141,13 +141,13 @@ spec:
             - name: PBM_AGENT_MONGODB_USERNAME
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_USER
+                  key: MONGODB_BACKUP_USER_ESCAPED
                   name: internal-some-name-users
                   optional: false
             - name: PBM_AGENT_MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_PASSWORD
+                  key: MONGODB_BACKUP_PASSWORD_ESCAPED
                   name: internal-some-name-users
                   optional: false
             - name: PBM_MONGODB_REPLSET

e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg.yml

@@ -142,13 +142,13 @@ spec:
             - name: PBM_AGENT_MONGODB_USERNAME
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_USER
+                  key: MONGODB_BACKUP_USER_ESCAPED
                   name: internal-some-name-users
                   optional: false
             - name: PBM_AGENT_MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_PASSWORD
+                  key: MONGODB_BACKUP_PASSWORD_ESCAPED
                   name: internal-some-name-users
                   optional: false
             - name: PBM_MONGODB_REPLSET

e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0-oc.yml

@@ -148,13 +148,13 @@ spec:
             - name: PBM_AGENT_MONGODB_USERNAME
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_USER
+                  key: MONGODB_BACKUP_USER_ESCAPED
                   name: internal-some-name-users
                   optional: false
             - name: PBM_AGENT_MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_PASSWORD
+                  key: MONGODB_BACKUP_PASSWORD_ESCAPED
                   name: internal-some-name-users
                   optional: false
             - name: PBM_MONGODB_REPLSET

e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0.yml

@@ -149,13 +149,13 @@ spec:
             - name: PBM_AGENT_MONGODB_USERNAME
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_USER
+                  key: MONGODB_BACKUP_USER_ESCAPED
                   name: internal-some-name-users
                   optional: false
             - name: PBM_AGENT_MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_PASSWORD
+                  key: MONGODB_BACKUP_PASSWORD_ESCAPED
                   name: internal-some-name-users
                   optional: false
             - name: PBM_MONGODB_REPLSET

e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg-oc.yml

@@ -147,13 +147,13 @@ spec:
             - name: PBM_AGENT_MONGODB_USERNAME
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_USER
+                  key: MONGODB_BACKUP_USER_ESCAPED
                   name: internal-my-cluster-name-users
                   optional: false
             - name: PBM_AGENT_MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  key: MONGODB_BACKUP_PASSWORD
+                  key: MONGODB_BACKUP_PASSWORD_ESCAPED
                   name: internal-my-cluster-name-users
                   optional: false
             - name: PBM_MONGODB_REPLSET