Deprecate the httpServerMode VerticaDB CR parameter (vertica#515)

The operator used to handle the setup of Vertica's https service. It
would create a config file during installation and a TLS secret to use
for its certificates. It would also have a reconciler that would ensure
the https service was running and would restart it if needed. However,
all of this has been deprecated. The deployment method (vclusterops vs
admintools) will now decide what setup is needed.

The httpServerMode parameter used to control this, but it has been
deprecated and all usage of it in the operator has been removed.

The reconcile function to make sure that the embedded http service is
running has also been removed. With vclusterops deployments, it must
always be running. The health probes are planned to be changed to use an
endpoint from the http service. So, if the service becomes unhealthy,
the pod will be rescheduled. The operator will not need to do anything
on its end to restart it.

The e2e-http-server e2e leg now runs only with vclusterops and has been
renamed to e2e-leg-6.

---------

Signed-off-by: Matt Spilchen <[email protected]>

.github/workflows/e2e-http-server.yml → .github/workflows/e2e-leg-6.yml

@@ -1,4 +1,4 @@
-name: e2e (http-server) tests
+name: e2e (leg-6) tests
 
 on: 
   workflow_call:
@@ -59,12 +59,15 @@ jobs:
         export VERTICA_IMG=${{ inputs.vertica-image }}
         export OPERATOR_IMG=${{ inputs.operator-image }}
         export VLOGGER_IMG=${{ inputs.vlogger-image }}
-        export E2E_TEST_DIRS="tests/e2e-http-server"
+        # Leg 6 is only tested in vclusterops mode. It has tests that depend on
+        # features only available with that deployment method.
+        export VERTICA_DEPLOYMENT_METHOD=vclusterops
+        export E2E_TEST_DIRS="tests/e2e-leg-6"
         mkdir -p $GITHUB_WORKSPACE/../host-path
         scripts/run-k8s-int-tests.sh -m $GITHUB_WORKSPACE/../host-path -s
 
     - uses: actions/upload-artifact@v3
       if: failure()
       with:
-        name: logs-e2e-http-server
+        name: logs-e2e-leg-6-vcluster
         path: ${{ github.workspace }}/int-tests-output/*

.github/workflows/e2e.yml

@@ -46,11 +46,11 @@ on:
         - admintools operator upgrade
         - admintools udx
         - admintools hostpath
-        - admintoold http server
         - vcluster s3
         - vcluster leg 1
         - vcluster leg 2
         - vcluster leg 5
+        - vcluster leg 6
         - vcluster udx
         - vcluster hostpath
       run_security_scan:
@@ -234,14 +234,14 @@ jobs:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
 
-  e2e-http-server:
-    if: ${{ inputs.e2e_test_suites == 'all' || inputs.e2e_test_suites == 'admintools http server' || inputs.e2e_test_suites == '' }}
+  e2e-leg-6-vcluster:
+    if: ${{ ! github.event.pull_request.head.repo.fork  && (inputs.e2e_test_suites == 'all' || inputs.e2e_test_suites == 'vcluster leg 6' || inputs.e2e_test_suites == '')}}
     needs: [build]
-    uses: ./.github/workflows/e2e-http-server.yml
+    uses: ./.github/workflows/e2e-leg-6.yml
     with:
       vlogger-image: ${{ needs.build.outputs.vlogger-image }}
       operator-image: ${{ needs.build.outputs.operator-image }}
-      vertica-image: ${{ needs.build.outputs.minimal-vertica-image }}
+      vertica-image: ${{ needs.build.outputs.v2-vertica-image }}
     secrets:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

api/v1beta1/verticadb_types.go

@@ -320,17 +320,15 @@ type VerticaDBSpec struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:com.tectonic.ui:hidden"
 	// +kubebuilder:default:=""
 	// +kubebuilder:validation:Optional
-	// Control the Vertica's http server.  The http server provides a REST interface
-	// that can be used for management and monitoring of the server.  Valid
-	// values are: Enabled, Disabled, Auto or an empty string.  An empty string
-	// currently defaults to Auto.
-	HTTPServerMode HTTPServerModeType `json:"httpServerMode,omitempty"`
+	// Deprecated: setup of TLS certs for http access is controlled by the
+	// deployment type now.
+	DeprecatedHTTPServerMode HTTPServerModeType `json:"httpServerMode,omitempty"`
 
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:com.tectonic.ui:hidden"
 	// +kubebuilder:default:=""
 	// +kubebuilder:validation:Optional
-	// A secret that contains the TLS credentials to use for the Vertica HTTP
-	// server.  If this is empty, the operator will create a secret to use and
+	// A secret that contains the TLS credentials to use for the node management
+	// agent. If this is empty, the operator will create a secret to use and
 	// add the name of the generate secret in this field.  When set, the secret
 	// must have the following keys defined:
 	// - tls.key: The private key to be used by the HTTP server
@@ -1090,27 +1088,16 @@ func MakeVDB() *VerticaDB {
 				DepotVolume: PersistentVolume,
 				RequestSize: resource.MustParse("10Gi"),
 			},
-			KSafety:        KSafety1,
-			DBName:         "db",
-			ShardCount:     12,
-			HTTPServerMode: HTTPServerModeDisabled,
+			KSafety:    KSafety1,
+			DBName:     "db",
+			ShardCount: 12,
 			Subclusters: []Subcluster{
 				{Name: "defaultsubcluster", Size: 3, ServiceType: corev1.ServiceTypeClusterIP, IsPrimary: true},
 			},
 		},
 	}
 }
 
-// MakeVDBForHTTP is a helper that constructs a VerticaDB struct with http enabled.
-// This is intended for test purposes.
-func MakeVDBForHTTP(httpServerTLSSecretName string) *VerticaDB {
-	vdb := MakeVDB()
-	vdb.Annotations[VersionAnnotation] = HTTPServerMinVersion
-	vdb.Spec.HTTPServerMode = HTTPServerModeEnabled
-	vdb.Spec.HTTPServerTLSSecret = httpServerTLSSecretName
-	return vdb
-}
-
 // GenSubclusterMap will organize all of the subclusters into a map for quicker lookup
 func (v *VerticaDB) GenSubclusterMap() map[string]*Subcluster {
 	scMap := map[string]*Subcluster{}
@@ -1306,38 +1293,6 @@ func (v *VerticaDB) FindSubclusterStatus(scName string) (SubclusterStatus, bool)
 	return SubclusterStatus{}, false
 }
 
-// IsHTTPServerDisabled explicitly checks if the http server is disabled. If set
-// to auto or enabled, this returns false.
-func (v *VerticaDB) IsHTTPServerDisabled() bool {
-	return v.Spec.HTTPServerMode == HTTPServerModeDisabled
-}
-
-// IsHTTPServerEnabled will return true if the http server is enabled to run for
-// this instance of the vdb.
-func (v *VerticaDB) IsHTTPServerEnabled() bool {
-	if v.IsHTTPServerDisabled() {
-		return false
-	}
-	if v.Spec.HTTPServerMode == HTTPServerModeEnabled {
-		return true
-	}
-	// For auto (or an empty string), we only use the http server if we are on a
-	// vertica version that supports it.
-	inf, ok := v.MakeVersionInfo()
-	// We cannot make any inference about the version, so assume https server
-	// isn't enabled
-	if !ok {
-		return false
-	}
-	return inf.IsEqualOrNewer(HTTPServerAutoMinVersion)
-}
-
-// IsHTTPServerAuto returns true if http server is auto.
-func (v *VerticaDB) IsHTTPServerAuto() bool {
-	return v.Spec.HTTPServerMode == HTTPServerModeAuto ||
-		v.Spec.HTTPServerMode == ""
-}
-
 // IsEON returns true if the instance is an EON database. Officially, all
 // deployments of this CR will result in an EON database. However, as a backdoor
 // for developers, if you set the shardCount to 0, we will create an enterprise

api/v1beta1/verticadb_types_test.go

@@ -55,25 +55,6 @@ var _ = Describe("verticadb_types", func() {
 		Expect(vdb.RequiresTransientSubcluster()).Should(BeTrue())
 	})
 
-	It("should say that the httpServer is not enabled if value is blank", func() {
-		vdb := MakeVDB()
-		vdb.Spec.HTTPServerMode = ""
-		Expect(vdb.IsHTTPServerEnabled()).Should(BeFalse())
-		vdb.Spec.HTTPServerMode = HTTPServerModeEnabled
-		Expect(vdb.IsHTTPServerEnabled()).Should(BeTrue())
-	})
-
-	It("should enable httpServer if auto is set and vertica version is new enough", func() {
-		vdb := MakeVDB()
-		vdb.Spec.HTTPServerMode = HTTPServerModeAuto
-		vdb.ObjectMeta.Annotations[VersionAnnotation] = "v11.0.2"
-		Expect(vdb.IsHTTPServerEnabled()).Should(BeFalse())
-		vdb.ObjectMeta.Annotations[VersionAnnotation] = HTTPServerMinVersion
-		Expect(vdb.IsHTTPServerEnabled()).Should(BeFalse())
-		vdb.ObjectMeta.Annotations[VersionAnnotation] = HTTPServerAutoMinVersion
-		Expect(vdb.IsHTTPServerEnabled()).Should(BeTrue())
-	})
-
 	It("should return the first primary subcluster", func() {
 		vdb := MakeVDB()
 		vdb.Spec.Subclusters = []Subcluster{

api/v1beta1/verticadb_webhook.go

@@ -255,7 +255,6 @@ func (v *VerticaDB) validateImmutableFields(old runtime.Object) field.ErrorList
 	allErrs = v.checkImmutableLocalPathChange(oldObj, allErrs)
 	allErrs = v.checkImmutableShardCount(oldObj, allErrs)
 	allErrs = v.checkImmutableS3ServerSideEncryption(oldObj, allErrs)
-	allErrs = v.checkImmutableHTTPServerMode(oldObj, allErrs)
 	allErrs = v.checkImmutableDepotVolume(oldObj, allErrs)
 	return allErrs
 }
@@ -285,7 +284,6 @@ func (v *VerticaDB) validateVerticaDBSpec() field.ErrorList {
 	allErrs = v.validateRequeueTimes(allErrs)
 	allErrs = v.validateEncryptSpreadComm(allErrs)
 	allErrs = v.validateLocalStorage(allErrs)
-	allErrs = v.validateHTTPServerMode(allErrs)
 	allErrs = v.hasValidShardCount(allErrs)
 	allErrs = v.hasValidProbeOverrides(allErrs)
 	if len(allErrs) == 0 {
@@ -910,21 +908,6 @@ func (v *VerticaDB) validateDepotVolume(allErrs field.ErrorList) field.ErrorList
 	return allErrs
 }
 
-func (v *VerticaDB) validateHTTPServerMode(allErrs field.ErrorList) field.ErrorList {
-	if v.Spec.HTTPServerMode == "" ||
-		v.Spec.HTTPServerMode == HTTPServerModeEnabled ||
-		v.Spec.HTTPServerMode == HTTPServerModeDisabled ||
-		v.Spec.HTTPServerMode == HTTPServerModeAuto {
-		return allErrs
-	}
-
-	err := field.Invalid(field.NewPath("spec").Child("httpServerMode"),
-		v.Spec.HTTPServerMode,
-		fmt.Sprintf("Valid values are: %s, %s, %s or an empty string",
-			HTTPServerModeAuto, HTTPServerModeEnabled, HTTPServerModeDisabled))
-	return append(allErrs, err)
-}
-
 func (v *VerticaDB) hasValidShardCount(allErrs field.ErrorList) field.ErrorList {
 	if v.Spec.ShardCount > 0 {
 		return allErrs
@@ -1082,23 +1065,6 @@ func (v *VerticaDB) checkImmutableS3ServerSideEncryption(oldObj *VerticaDB, allE
 	return allErrs
 }
 
-// checkImmutableHTTPServerMode will make sure httpServerMode does not changed in any
-// inappropriate way like Enabled -> Disabled, Auto -> Disabled, Enabled -> Auto.
-func (v *VerticaDB) checkImmutableHTTPServerMode(oldObj *VerticaDB, allErrs field.ErrorList) field.ErrorList {
-	isTransitionAutoToDisabled := oldObj.IsHTTPServerAuto() && v.IsHTTPServerDisabled()
-	if v.Spec.HTTPServerMode != oldObj.Spec.HTTPServerMode {
-		if oldObj.Spec.HTTPServerMode == HTTPServerModeEnabled ||
-			isTransitionAutoToDisabled {
-			err := field.Invalid(field.NewPath("spec").Child("httpServerMode"),
-				v.Spec.HTTPServerMode,
-				fmt.Sprintf("transition from '%s' to '%s' not allowed",
-					oldObj.Spec.HTTPServerMode, v.Spec.HTTPServerMode))
-			allErrs = append(allErrs, err)
-		}
-	}
-	return allErrs
-}
-
 // checkImmutableDepotVolume will make sure local.depotVolume
 // does not change after the db has been initialized.
 func (v *VerticaDB) checkImmutableDepotVolume(oldObj *VerticaDB, allErrs field.ErrorList) field.ErrorList {

api/v1beta1/verticadb_webhook_test.go

@@ -679,41 +679,6 @@ var _ = Describe("verticadb_webhook", func() {
 		validateSpecValuesHaveErr(vdb, false)
 	})
 
-	It("should verify httpServerMode is valid", func() {
-		vdb := MakeVDB()
-		vdb.Spec.HTTPServerMode = "bad-server-mode"
-		validateSpecValuesHaveErr(vdb, true)
-		vdb.Spec.HTTPServerMode = ""
-		validateSpecValuesHaveErr(vdb, false)
-		vdb.Spec.HTTPServerMode = HTTPServerModeDisabled
-		validateSpecValuesHaveErr(vdb, false)
-		vdb.Spec.HTTPServerMode = HTTPServerModeEnabled
-		validateSpecValuesHaveErr(vdb, false)
-	})
-
-	It("should not allow invalid http server transitions", func() {
-		// Enabled -> Disabled
-		validateHTTPServerModeTransition(HTTPServerModeEnabled, HTTPServerModeDisabled, true)
-		// Enabled -> Auto
-		validateHTTPServerModeTransition(HTTPServerModeEnabled, HTTPServerModeAuto, true)
-		// Enabled -> ""
-		validateHTTPServerModeTransition(HTTPServerModeEnabled, "", true)
-		// Auto -> Disabled
-		validateHTTPServerModeTransition(HTTPServerModeAuto, HTTPServerModeDisabled, true)
-		// "" -> Disabled
-		validateHTTPServerModeTransition("", HTTPServerModeDisabled, true)
-		// Auto -> Enabled
-		validateHTTPServerModeTransition(HTTPServerModeAuto, HTTPServerModeEnabled, false)
-		// "" -> Enabled
-		validateHTTPServerModeTransition("", HTTPServerModeEnabled, false)
-		// Disabled -> Enabled
-		validateHTTPServerModeTransition(HTTPServerModeDisabled, HTTPServerModeEnabled, false)
-		// Disabled -> Auto
-		validateHTTPServerModeTransition(HTTPServerModeDisabled, HTTPServerModeAuto, false)
-		// Disabled -> ""
-		validateHTTPServerModeTransition(HTTPServerModeDisabled, "", false)
-	})
-
 	It("should verify range for verticaHTTPNodePort", func() {
 		vdb := MakeVDB()
 		vdb.Spec.Subclusters[0].ServiceType = v1.ServiceTypeNodePort
@@ -788,14 +753,6 @@ func validateImmutableFields(vdbUpdate *VerticaDB, expectError bool) {
 	checkErrorsForImmutableFields(vdb, vdbUpdate, expectError)
 }
 
-func validateHTTPServerModeTransition(from, to HTTPServerModeType, expectError bool) {
-	vdbOrig := MakeVDB()
-	vdbUpdate := MakeVDB()
-	vdbOrig.Spec.HTTPServerMode = from
-	vdbUpdate.Spec.HTTPServerMode = to
-	checkErrorsForImmutableFields(vdbOrig, vdbUpdate, expectError)
-}
-
 func checkErrorsForImmutableFields(vdbOrig, vdbUpdate *VerticaDB, expectError bool) {
 	allErrs := vdbUpdate.validateImmutableFields(vdbOrig)
 	if expectError {

changes/unreleased/Deprecated-20230921-165723.yaml

@@ -0,0 +1,5 @@
+kind: Deprecated
+body: Deprecate the httpServerMode parameter in the VerticaDB CR
+time: 2023-09-21T16:57:23.87985825-03:00
+custom:
+  Issue: "515"

kuttl-test.yaml

@@ -27,11 +27,11 @@ testDirs:
   - tests/e2e-leg-4
   - tests/e2e-leg-4-failed
   - tests/e2e-leg-5
+  - tests/e2e-leg-6
   - tests/e2e-udx
   - tests/e2e-udx-failed
   - tests/e2e-server-upgrade
   - tests/e2e-operator-upgrade-overlays
-  - tests/e2e-http-server
 parallel: 2
 timeout: 600
 commands: