Add MSSQL Server TLS config

go.mod

@@ -26,7 +26,7 @@ require (
 	k8s.io/klog/v2 v2.120.1
 	kmodules.xyz/client-go v0.29.14
 	kmodules.xyz/custom-resources v0.29.1
-	kubedb.dev/apimachinery v0.45.1
+	kubedb.dev/apimachinery v0.45.2-0.20240530120824-5e6b27ed36e9
 	sigs.k8s.io/controller-runtime v0.17.4
 	xorm.io/xorm v1.3.6
 )

go.sum

@@ -609,8 +609,8 @@ kmodules.xyz/monitoring-agent-api v0.29.0 h1:gpFl6OZrlMLb/ySMHdREI9EwGtnJ91oZBn9
 kmodules.xyz/monitoring-agent-api v0.29.0/go.mod h1:iNbvaMTgVFOI5q2LJtGK91j4Dmjv4ZRiRdasGmWLKQI=
 kmodules.xyz/offshoot-api v0.29.2 h1:akXmvkNqFz1n9p1STVs9iP7ODYET0S7BhcYCMXEjK4A=
 kmodules.xyz/offshoot-api v0.29.2/go.mod h1:Wv7Xo8wbvznI+8bhaylRFHFjkt30xRDOUOnqV8kOAxM=
-kubedb.dev/apimachinery v0.45.1 h1:J5hzWF5tXeI6uwTwz9Uyi0CJdLB2CCmUvoFMngKRnas=
-kubedb.dev/apimachinery v0.45.1/go.mod h1:mVmsjSF2KmJzFrIx0rZo9KWee/zUcYmw8OqgcuvR2TA=
+kubedb.dev/apimachinery v0.45.2-0.20240530120824-5e6b27ed36e9 h1:uidPG7sU5MT1sgKSgcyhK6H6Slyj+Y1gIqJRavST1UY=
+kubedb.dev/apimachinery v0.45.2-0.20240530120824-5e6b27ed36e9/go.mod h1:LBoGqbBHFeIRLv1KtkkmVxjK/g9CmQETVpwszFp9Ly0=
 kubeops.dev/petset v0.0.5 h1:VVXi39JhjondlbHyZ98z0MLp6VCmiCMinL59K48Y2zA=
 kubeops.dev/petset v0.0.5/go.mod h1:ijtKT1HlAht2vBEZj5LW7C00XEs3B0d1VdCQgd5V4cA=
 lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=

mssql/kubedb_client_builder.go → mssqlserver/kubedb_client_builder.go

@@ -20,9 +20,9 @@ import (
 	"context"
 	"fmt"
 
+	_ "github.com/microsoft/go-mssqldb"
 	api "kubedb.dev/apimachinery/apis/kubedb/v1alpha2"
 
-	_ "github.com/microsoft/go-mssqldb"
 	core "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"xorm.io/xorm"
@@ -119,40 +119,13 @@ func (o *KubeDBClientBuilder) getConnectionString() (string, error) {
 		o.url = o.getURL()
 	}
 
-	// TODO: Add tlsConfig
+	// TLS Configuration
 	tlsConfig := ""
-	//if o.db.Spec.RequireSSL && o.db.Spec.TLS != nil {
-	//	// get client-secret
-	//	var clientSecret core.Secret
-	//	err := o.kc.Get(o.ctx, client.ObjectKey{Namespace: o.db.GetNamespace(), Name: o.db.GetCertSecretName(api.MSSQLClientCert)}, &clientSecret)
-	//	if err != nil {
-	//		return "", err
-	//	}
-	//	cacrt := clientSecret.Data["ca.crt"]
-	//	certPool := x509.NewCertPool()
-	//	certPool.AppendCertsFromPEM(cacrt)
-	//
-	//	crt := clientSecret.Data["tls.crt"]
-	//	key := clientSecret.Data["tls.key"]
-	//	cert, err := tls.X509KeyPair(crt, key)
-	//	if err != nil {
-	//		return "", err
-	//	}
-	//	var clientCert []tls.Certificate
-	//	clientCert = append(clientCert, cert)
-	//
-	//	// tls custom setup
-	//	if o.db.Spec.RequireSSL {
-	//		mssql_driver.RegisterTLSConfig(api.MSSQLTLSConfigCustom, &tls.Config{
-	//			RootCAs:      certPool,
-	//			Certificates: clientCert,
-	//		})
-	//		tlsConfig = fmt.Sprintf("tls=%s", api.MSSQLTLSConfigCustom)
-	//	} else {
-	//		tlsConfig = fmt.Sprintf("tls=%s", api.MSSQLTLSConfigSkipVerify)
-	//	}
-	//}
+	if o.db.Spec.TLS.ClientTLS {
+		tlsConfig = "encrypt=true;TrustServerCertificate=true;"
+	}
 
+	// The connection string in ADO format: key=value pairs separated by ;. Values may not contain ;, leading and trailing whitespace is ignored.
 	connectionString := fmt.Sprintf("server=%s;user id=%s;password=%s;database=master;%s", o.url, user, pass, tlsConfig)
 	return connectionString, nil
 }

vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go

@@ -31,7 +31,8 @@ const (
 
 	KubeDBOrganization = "kubedb"
 
-	LabelRole = kubedb.GroupName + "/role"
+	LabelRole   = kubedb.GroupName + "/role"
+	LabelPetSet = kubedb.GroupName + "/petset"
 
 	ReplicationModeDetectorContainerName = "replication-mode-detector"
 	DatabasePodPrimary                   = "primary"
@@ -124,10 +125,13 @@ const (
 	ElasticsearchMinHeapSize = 128 * 1024 * 1024
 
 	// =========================== Memcached Constants ============================
+	MemcachedConfigKey              = "memcached.conf" // MemcachedConfigKey is going to create for the customize redis configuration
 	MemcachedDatabasePortName       = "db"
 	MemcachedPrimaryServicePortName = "primary"
 	MemcachedDatabasePort           = 11211
 	MemcachedShardKey               = MemcachedKey + "/shard"
+	MemcachedContainerName          = ResourceSingularMemcached
+	MemcachedConfigVolumePath       = "/etc/memcached/"
 	// =========================== MongoDB Constants ============================
 
 	MongoDBDatabasePortName       = "db"
@@ -339,6 +343,7 @@ const (
 	DatabasePodLeaf         = "Leaf"
 	PetSetTypeAggregator    = "aggregator"
 	PetSetTypeLeaf          = "leaf"
+	PetSetTypeStandalone    = "standalone"
 
 	SinglestoreDatabaseHealth = "singlestore_health"
 	SinglestoreTableHealth    = "singlestore_health_table"
@@ -350,7 +355,7 @@ const (
 	SinglestoreVolumeNameUserInitScript      = "initial-script"
 	SinglestoreVolumeMountPathUserInitScript = "/docker-entrypoint-initdb.d"
 	SinglestoreVolumeNameCustomConfig        = "custom-config"
-	SinglestoreVolumeMountPathCustomConfig   = "/config"
+	SinglestoreVolumeMountPathCustomConfig   = "/etc/memsql/conf.d"
 	SinglestoreVolmeNameInitScript           = "init-scripts"
 	SinglestoreVolumeMountPathInitScript     = "/scripts"
 	SinglestoreVolumeNameData                = "data"
@@ -365,10 +370,7 @@ const (
 	SinglestoreTLSConfigPreferred  = "preferred"
 
 	// =========================== MSSQLServer Constants ============================
-	MSSQLSAUser                  = "sa"
-	MSSQLEndpointCertsSecretName = "endpoint-cert"
-	MSSQLDbmLoginSecretName      = "dbm-login-secret"
-	MSSQLMasterKeySecretName     = "master-key-secret"
+	MSSQLSAUser = "sa"
 
 	AGPrimaryReplicaReadyCondition = "AGPrimaryReplicaReady"
 
@@ -383,25 +385,35 @@ const (
 	MSSQLDatabasePort                  = 1433
 	MSSQLDatabaseMirroringEndpointPort = 5022
 	MSSQLCoordinatorPort               = 2381
+
 	// environment variables
 	EnvAcceptEula        = "ACCEPT_EULA"
 	EnvMSSQLEnableHADR   = "MSSQL_ENABLE_HADR"
 	EnvMSSQLAgentEnabled = "MSSQL_AGENT_ENABLED"
 	EnvMSSQLSAUsername   = "MSSQL_SA_USERNAME"
 	EnvMSSQLSAPassword   = "MSSQL_SA_PASSWORD"
+
 	// container related
 	MSSQLContainerName            = "mssql"
 	MSSQLCoordinatorContainerName = "mssql-coordinator"
 	MSSQLInitContainerName        = "mssql-init"
+
 	// volume related
-	MSSQLVolumeNameData              = "data"
-	MSSQLVolumeMountPathData         = "/var/opt/mssql"
-	MSSQLVolumeNameInitScript        = "init-scripts"
-	MSSQLVolumeMountPathInitScript   = "/scripts"
-	MSSQLVolumeNameEndpointCert      = "endpoint-cert"
-	MSSQLVolumeMountPathEndpointCert = "/var/opt/mssql/endpoint-cert"
-	MSSQLVolumeNameCerts             = "certs"
-	MSSQLVolumeMountPathCerts        = "/var/opt/mssql/certs"
+	MSSQLVolumeNameData                        = "data"
+	MSSQLVolumeMountPathData                   = "/var/opt/mssql"
+	MSSQLVolumeNameInitScript                  = "init-scripts"
+	MSSQLVolumeMountPathInitScript             = "/scripts"
+	MSSQLVolumeNameEndpointCert                = "endpoint-cert"
+	MSSQLVolumeMountPathEndpointCert           = "/var/opt/mssql/endpoint-cert"
+	MSSQLVolumeNameCerts                       = "certs"
+	MSSQLVolumeMountPathCerts                  = "/var/opt/mssql/certs"
+	MSSQLVolumeNameTLS                         = "tls"
+	MSSQLVolumeMountPathTLS                    = "/var/opt/mssql/tls"
+	MSSQLVolumeNameSecurityCACertificates      = "security-ca-certificates"
+	MSSQLVolumeMountPathSecurityCACertificates = "/var/opt/mssql/security/ca-certificates"
+	MSSQLVolumeNameCACerts                     = "cacerts"
+	MSSQLVolumeMountPathCACerts                = "/etc/ssl/certs"
+
 	// tls related
 	MSSQLInternalTLSCrt = "tls.crt"
 	MSSQLInternalTLSKey = "tls.key"
@@ -581,6 +593,8 @@ const (
 	PgpoolExporterTlsVolumeName        = "exporter-certs"
 	PgpoolExporterTlsVolumeMountPath   = "/tls/certs"
 	PgpoolRootUser                     = "postgres"
+	PgpoolPrimaryServicePortName       = "primary"
+	PgpoolDatabasePortName             = "db"
 	// ========================================== ZooKeeper Constants =================================================//
 
 	KubeDBZooKeeperRoleName         = "kubedb:zookeeper-version-reader"

vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/druid_helpers.go

@@ -30,7 +30,9 @@ import (
 	"github.com/Masterminds/semver/v3"
 	promapi "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	"gomodules.xyz/pointer"
+	core "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
@@ -176,12 +178,44 @@ func (d *Druid) PetSetName(nodeRole DruidNodeRoleType) string {
 	return meta_util.NameWithSuffix(d.OffShootName(), d.DruidNodeRoleString(nodeRole))
 }
 
-func (d *Druid) PodLabels(extraLebels ...map[string]string) map[string]string {
-	return d.offShootLabels(meta_util.OverwriteKeys(d.OffShootSelectors(), extraLebels...), d.Spec.PodTemplate.Labels)
+func (d *Druid) PodLabels(nodeType DruidNodeRoleType, extraLabels ...map[string]string) map[string]string {
+	nodeSpec, dataNodeSpec := d.GetNodeSpec(nodeType)
+	var labels map[string]string
+	if nodeSpec != nil {
+		labels = nodeSpec.PodTemplate.Labels
+	} else {
+		labels = dataNodeSpec.PodTemplate.Labels
+	}
+	return d.offShootLabels(meta_util.OverwriteKeys(d.OffShootSelectors(), extraLabels...), labels)
 }
 
-func (d *Druid) PodControllerLabels(extraLabels ...map[string]string) map[string]string {
-	return d.offShootLabels(meta_util.OverwriteKeys(d.OffShootSelectors(), extraLabels...), d.Spec.PodTemplate.Controller.Labels)
+func (d *Druid) PodControllerLabels(nodeType DruidNodeRoleType, extraLabels ...map[string]string) map[string]string {
+	nodeSpec, dataNodeSpec := d.GetNodeSpec(nodeType)
+	var labels map[string]string
+	if nodeSpec != nil {
+		labels = nodeSpec.PodTemplate.Controller.Labels
+	} else {
+		labels = dataNodeSpec.PodTemplate.Controller.Labels
+	}
+	return d.offShootLabels(meta_util.OverwriteKeys(d.OffShootSelectors(), extraLabels...), labels)
+}
+
+func (d *Druid) GetNodeSpec(nodeType DruidNodeRoleType) (*DruidNode, *DruidDataNode) {
+	if nodeType == DruidNodeRoleCoordinators {
+		return d.Spec.Topology.Coordinators, nil
+	} else if nodeType == DruidNodeRoleOverlords {
+		return d.Spec.Topology.Overlords, nil
+	} else if nodeType == DruidNodeRoleMiddleManagers {
+		return nil, d.Spec.Topology.MiddleManagers
+	} else if nodeType == DruidNodeRoleHistoricals {
+		return nil, d.Spec.Topology.Historicals
+	} else if nodeType == DruidNodeRoleBrokers {
+		return d.Spec.Topology.Brokers, nil
+	} else if nodeType == DruidNodeRoleRouters {
+		return d.Spec.Topology.Routers, nil
+	}
+
+	panic("Node role name does not match any known types")
 }
 
 func (d *Druid) ServiceAccountName() string {
@@ -339,10 +373,6 @@ func (d *Druid) SetDefaults() {
 		d.Spec.TerminationPolicy = TerminationPolicyDelete
 	}
 
-	if d.Spec.StorageType == "" {
-		d.Spec.StorageType = StorageTypeDurable
-	}
-
 	if d.Spec.DisableSecurity == nil {
 		d.Spec.DisableSecurity = pointer.BoolP(false)
 	}
@@ -371,6 +401,9 @@ func (d *Druid) SetDefaults() {
 	}
 
 	if d.Spec.Topology != nil {
+		if d.Spec.Topology.Coordinators == nil {
+			d.Spec.Topology.Coordinators = &DruidNode{}
+		}
 		if d.Spec.Topology.Coordinators != nil {
 			if d.Spec.Topology.Coordinators.Replicas == nil {
 				d.Spec.Topology.Coordinators.Replicas = pointer.Int32P(1)
@@ -383,6 +416,7 @@ func (d *Druid) SetDefaults() {
 				d.setDefaultContainerResourceLimits(&d.Spec.Topology.Coordinators.PodTemplate, DruidNodeRoleCoordinators)
 			}
 		}
+
 		if d.Spec.Topology.Overlords != nil {
 			if d.Spec.Topology.Overlords.Replicas == nil {
 				d.Spec.Topology.Overlords.Replicas = pointer.Int32P(1)
@@ -395,10 +429,20 @@ func (d *Druid) SetDefaults() {
 				d.setDefaultContainerResourceLimits(&d.Spec.Topology.Overlords.PodTemplate, DruidNodeRoleOverlords)
 			}
 		}
+
+		if d.Spec.Topology.MiddleManagers == nil {
+			d.Spec.Topology.MiddleManagers = &DruidDataNode{}
+		}
 		if d.Spec.Topology.MiddleManagers != nil {
 			if d.Spec.Topology.MiddleManagers.Replicas == nil {
 				d.Spec.Topology.MiddleManagers.Replicas = pointer.Int32P(1)
 			}
+			if d.Spec.Topology.MiddleManagers.StorageType == "" {
+				d.Spec.Topology.MiddleManagers.StorageType = StorageTypeDurable
+			}
+			if d.Spec.Topology.MiddleManagers.Storage == nil && d.Spec.Topology.MiddleManagers.StorageType == StorageTypeDurable {
+				d.Spec.Topology.MiddleManagers.Storage = d.getDefaultPVC()
+			}
 			if version.Major() > 25 {
 				if d.Spec.Topology.MiddleManagers.PodTemplate.Spec.SecurityContext == nil {
 					d.Spec.Topology.MiddleManagers.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{FSGroup: druidVersion.Spec.SecurityContext.RunAsUser}
@@ -407,10 +451,20 @@ func (d *Druid) SetDefaults() {
 				d.setDefaultContainerResourceLimits(&d.Spec.Topology.MiddleManagers.PodTemplate, DruidNodeRoleMiddleManagers)
 			}
 		}
+
+		if d.Spec.Topology.Historicals == nil {
+			d.Spec.Topology.Historicals = &DruidDataNode{}
+		}
 		if d.Spec.Topology.Historicals != nil {
 			if d.Spec.Topology.Historicals.Replicas == nil {
 				d.Spec.Topology.Historicals.Replicas = pointer.Int32P(1)
 			}
+			if d.Spec.Topology.Historicals.StorageType == "" {
+				d.Spec.Topology.Historicals.StorageType = StorageTypeDurable
+			}
+			if d.Spec.Topology.Historicals.Storage == nil && d.Spec.Topology.Historicals.StorageType == StorageTypeDurable {
+				d.Spec.Topology.Historicals.Storage = d.getDefaultPVC()
+			}
 			if version.Major() > 25 {
 				if d.Spec.Topology.Historicals.PodTemplate.Spec.SecurityContext == nil {
 					d.Spec.Topology.Historicals.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{FSGroup: druidVersion.Spec.SecurityContext.RunAsUser}
@@ -419,6 +473,10 @@ func (d *Druid) SetDefaults() {
 				d.setDefaultContainerResourceLimits(&d.Spec.Topology.Historicals.PodTemplate, DruidNodeRoleHistoricals)
 			}
 		}
+
+		if d.Spec.Topology.Brokers == nil {
+			d.Spec.Topology.Brokers = &DruidNode{}
+		}
 		if d.Spec.Topology.Brokers != nil {
 			if d.Spec.Topology.Brokers.Replicas == nil {
 				d.Spec.Topology.Brokers.Replicas = pointer.Int32P(1)
@@ -432,6 +490,7 @@ func (d *Druid) SetDefaults() {
 
 			}
 		}
+
 		if d.Spec.Topology.Routers != nil {
 			if d.Spec.Topology.Routers.Replicas == nil {
 				d.Spec.Topology.Routers.Replicas = pointer.Int32P(1)
@@ -461,6 +520,16 @@ func (d *Druid) SetDefaults() {
 	}
 }
 
+func (d *Druid) getDefaultPVC() *core.PersistentVolumeClaimSpec {
+	return &core.PersistentVolumeClaimSpec{
+		Resources: core.VolumeResourceRequirements{
+			Requests: core.ResourceList{
+				core.ResourceStorage: resource.MustParse("1Gi"),
+			},
+		},
+	}
+}
+
 func (d *Druid) setDefaultContainerSecurityContext(druidVersion *catalog.DruidVersion, podTemplate *ofst.PodTemplateSpec) {
 	container := coreutil.GetContainerByName(podTemplate.Spec.Containers, DruidContainerName)
 	if container == nil {