feat: (Dont) support PodDisruptionBudgets

Cargo.toml

@@ -20,7 +20,7 @@ semver = "1.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 snafu = "0.7"
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.46.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.52.0" }
 strum = { version = "0.25", features = ["derive"] }
 tokio = { version = "1.29", features = ["full"] }
 tracing = "0.1"

deploy/helm/opa-operator/crds/crds.yaml

@@ -970,6 +970,8 @@ spec:
                                           type: string
                                         type: object
                                     type: object
+                                  restartPolicy:
+                                    type: string
                                   securityContext:
                                     properties:
                                       allowPrivilegeEscalation:
@@ -1497,6 +1499,8 @@ spec:
                                           type: string
                                         type: object
                                     type: object
+                                  restartPolicy:
+                                    type: string
                                   securityContext:
                                     properties:
                                       allowPrivilegeEscalation:
@@ -2030,6 +2034,8 @@ spec:
                                           type: string
                                         type: object
                                     type: object
+                                  restartPolicy:
+                                    type: string
                                   securityContext:
                                     properties:
                                       allowPrivilegeEscalation:
@@ -3037,6 +3043,10 @@ spec:
                               type: array
                           type: object
                       type: object
+                    roleConfig:
+                      default: {}
+                      description: This is a product-agnostic RoleConfig, with nothing in it. It is used e.g. by products that have nothing configurable at role level.
+                      type: object
                     roleGroups:
                       additionalProperties:
                         properties:
@@ -3898,6 +3908,8 @@ spec:
                                                 type: string
                                               type: object
                                           type: object
+                                        restartPolicy:
+                                          type: string
                                         securityContext:
                                           properties:
                                             allowPrivilegeEscalation:
@@ -4425,6 +4437,8 @@ spec:
                                                 type: string
                                               type: object
                                           type: object
+                                        restartPolicy:
+                                          type: string
                                         securityContext:
                                           properties:
                                             allowPrivilegeEscalation:
@@ -4958,6 +4972,8 @@ spec:
                                                 type: string
                                               type: object
                                           type: object
+                                        restartPolicy:
+                                          type: string
                                         securityContext:
                                           properties:
                                             allowPrivilegeEscalation:

docs/modules/opa/pages/usage-guide/cluster-operations.adoc → docs/modules/opa/pages/usage-guide/operations/cluster-operations.adoc

@@ -1,3 +1,3 @@
 = Cluster Operation
 
-OPA installations can be configured with different cluster operations like pausing reconciliation or stopping the cluster. See xref:concepts:cluster_operations.adoc[cluster operations] for more details.
+OPA installations can be configured with different cluster operations like pausing reconciliation or stopping the cluster. See xref:concepts:operations/cluster_operations.adoc[cluster operations] for more details.

docs/modules/opa/pages/usage-guide/operations/graceful-shutdown.adoc

@@ -0,0 +1,7 @@
+= Graceful shutdown
+
+Graceful shutdown of OPA nodes is either not supported by the product itself
+or we have not implemented it yet.
+
+Outstanding implementation work for the graceful shutdowns of all products where this functionality is relevant is tracked in
+https://github.com/stackabletech/issues/issues/357

docs/modules/opa/pages/usage-guide/operations/index.adoc

@@ -0,0 +1,6 @@
+
+= Operations
+
+This section of the documentation is intended for the operations teams that maintain a Stackable Data Platform installation.
+
+Please read the xref:concepts:operations/index.adoc[Concepts page on Operations] that contains the necessary details to operate the platform in a production environment.

docs/modules/opa/pages/usage-guide/operations/pod-disruptions.adoc

@@ -0,0 +1,5 @@
+= Allowed Pod disruptions
+
+For OPA clusters we don't deploy any PodDisruptionBudgets (PDBs), as there is one instance per Kubernetes node running.
+When a Kubernetes node gets drained to gracefully shut it down, the OPA Pod get's evicted - there is no point in blocking the eviction.
+In case the OPA Pod terminated before the products depending on OPA (e.g. Trino coordinator) on the same node, the products can still use the OPA Service, as it will route to OPA Pods running on other Kubernetes nodes.

docs/modules/opa/partials/nav.adoc

@@ -3,13 +3,17 @@
 ** xref:opa:getting_started/first_steps.adoc[]
 * Concepts
 ** xref:opa:discovery.adoc[]
+* xref:opa:configuration.adoc[]
+* xref:opa:implementation-notes.adoc[]
 * xref:opa:usage-guide/index.adoc[]
-** xref:opa:usage-guide/cluster-operations.adoc[]
 ** xref:opa:usage-guide/listenerclass.adoc[]
 ** xref:opa:usage-guide/policies.adoc[]
 ** xref:opa:usage-guide/resources.adoc[]
 ** xref:opa:usage-guide/logging.adoc[]
 ** xref:opa:usage-guide/monitoring.adoc[]
 ** xref:opa:usage-guide/configuration-environment-overrides.adoc[]
-* xref:opa:configuration.adoc[]
-* xref:opa:implementation-notes.adoc[]
+** xref:hdfs:usage-guide/operations/index.adoc[]
+*** xref:hdfs:usage-guide/operations/cluster-operations.adoc[]
+// *** xref:hdfs:usage-guide/operations/pod-placement.adoc[] Missing
+*** xref:hdfs:usage-guide/operations/pod-disruptions.adoc[]
+*** xref:hdfs:usage-guide/operations/graceful-shutdown.adoc[]

rust/crd/src/lib.rs

@@ -15,7 +15,7 @@ use stackable_operator::{
     product_config_utils::{ConfigError, Configuration},
     product_logging::{self, spec::Logging},
     role_utils::Role,
-    role_utils::{RoleGroup, RoleGroupRef},
+    role_utils::{EmptyRoleConfig, RoleGroup, RoleGroupRef},
     schemars::{self, JsonSchema},
     status::condition::{ClusterCondition, HasStatusCondition},
 };
@@ -65,7 +65,7 @@ pub struct OpaSpec {
     #[serde(default)]
     pub cluster_operation: ClusterOperation,
     /// OPA server configuration.
-    pub servers: Role<OpaConfigFragment>,
+    pub servers: Role<OpaConfigFragment, EmptyRoleConfig>,
     /// The OPA image to use
     pub image: ProductImage,
 }
@@ -245,7 +245,7 @@ pub enum OpaRole {
 
 impl OpaCluster {
     /// Returns a reference to the role.
-    pub fn role(&self, role_variant: &OpaRole) -> &Role<OpaConfigFragment> {
+    pub fn role(&self, role_variant: &OpaRole) -> &Role<OpaConfigFragment, EmptyRoleConfig> {
         match role_variant {
             OpaRole::Server => &self.spec.servers,
         }