fix: [DENA-580] fix cockroachdb manifests

[MarcinGinszt]

Original manifests:

• had mixed names cockroachdb-ca-issuer and ca-issuer (cockroachdb-ca-issuer is correct name of issuer)
• Certificates for backup job did not work
• didn't had the proxy service name in certificate DNS
• had mixed way of passing db url
• had patchestStrategicMerge

[linear]

DENA-580 Move cockroachdb-manifests to shared-kustomize-bases

[catalin-ilea]

Wondering if we can move these patches(including the ones for the stateful set) inside the base.

[catalin-ilea]

I don't want to be a pain but how about getting rid of certificates-patch.yaml and do these path overrides directly on the resource(Job, StatefulSet)

[MarcinGinszt]

That's really good idea, I don't know why I didn't thought about that :)
Applied

[github-actions]

Post kustomize build diff:

diff --git a/root-manifests/cockroachdb/example/cert-manager/manifests.yaml b/built-manifests/cockroachdb/example/cert-manager/manifests.yaml
index b5e249b..4577d55 100644
--- a/root-manifests/cockroachdb/example/cert-manager/manifests.yaml
+++ b/built-manifests/cockroachdb/example/cert-manager/manifests.yaml
@@ -181,18 +181,9 @@ spec:
       terminationGracePeriodSeconds: 60
       volumes:
       - name: client-certs
-        projected:
+        secret:
           defaultMode: 256
-          sources:
-          - secret:
-              items:
-              - key: ca.crt
-                path: ca.crt
-              - key: tls.crt
-                path: client.root.crt
-              - key: tls.key
-                path: client.root.key
-              name: cockroachdb.client.root
+          secretName: cockroachdb.client.root
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -292,22 +283,13 @@ spec:
       shareProcessNamespace: true
       terminationGracePeriodSeconds: 60
       volumes:
-      - name: certs
-        projected:
-          defaultMode: 256
-          sources:
-          - secret:
-              items:
-              - key: ca.crt
-                path: ca.crt
-              - key: tls.crt
-                path: node.crt
-              - key: tls.key
-                path: node.key
-              name: cockroachdb.node
       - name: datadir
         persistentVolumeClaim:
           claimName: datadir
+      - name: certs
+        secret:
+          defaultMode: 256
+          secretName: cockroachdb.node
   updateStrategy:
     type: RollingUpdate
   volumeClaimTemplates:
@@ -426,18 +408,9 @@ spec:
       restartPolicy: OnFailure
       volumes:
       - name: client-certs
-        projected:
+        secret:
           defaultMode: 256
-          sources:
-          - secret:
-              items:
-              - key: ca.crt
-                path: ca.crt
-              - key: tls.crt
-                path: client.root.crt
-              - key: tls.key
-                path: client.root.key
-              name: cockroachdb.client.root
+          secretName: cockroachdb.client.root
   ttlSecondsAfterFinished: 600
 ---
 apiVersion: cert-manager.io/v1
@@ -483,7 +456,7 @@ spec:
   - cockroachdb-2.cockroachdb.<your namespace here>.svc.cluster.local
   issuerRef:
     kind: Issuer
-    name: ca-issuer
+    name: cockroachdb-ca-issuer
   secretName: cockroachdb.node
   usages:
   - server auth
diff --git a/root-manifests/cockroachdb/manifests-cert-manager/manifests.yaml b/built-manifests/cockroachdb/manifests-cert-manager/manifests.yaml
index 9d9031b..4d1ba3e 100644
--- a/root-manifests/cockroachdb/manifests-cert-manager/manifests.yaml
+++ b/built-manifests/cockroachdb/manifests-cert-manager/manifests.yaml
@@ -14,6 +14,7 @@ data:
         exit 1
     fi
 
+    # todo: wait for the cockroachdb cluster to be ready
     SQL_CMD="/cockroach/cockroach sql" > /dev/null
 
     $SQL_CMD << EOF
@@ -157,9 +158,18 @@ spec:
       terminationGracePeriodSeconds: 60
       volumes:
       - name: client-certs
-        secret:
+        projected:
           defaultMode: 256
-          secretName: cockroachdb.client.root
+          sources:
+          - secret:
+              items:
+              - key: ca.crt
+                path: ca.crt
+              - key: tls.crt
+                path: client.root.crt
+              - key: tls.key
+                path: client.root.key
+              name: cockroachdb.client.root
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -260,9 +270,18 @@ spec:
         persistentVolumeClaim:
           claimName: datadir
       - name: certs
-        secret:
+        projected:
           defaultMode: 256
-          secretName: cockroachdb.node
+          sources:
+          - secret:
+              items:
+              - key: ca.crt
+                path: ca.crt
+              - key: tls.crt
+                path: node.crt
+              - key: tls.key
+                path: node.key
+              name: cockroachdb.node
   updateStrategy:
     type: RollingUpdate
   volumeClaimTemplates:
@@ -340,8 +359,19 @@ spec:
           readOnly: true
       restartPolicy: OnFailure
       volumes:
-      - emptyDir: {}
-        name: client-certs
+      - name: client-certs
+        projected:
+          defaultMode: 256
+          sources:
+          - secret:
+              items:
+              - key: ca.crt
+                path: ca.crt
+              - key: tls.crt
+                path: client.root.crt
+              - key: tls.key
+                path: client.root.key
+              name: cockroachdb.client.root
       - configMap:
           name: cockroachdb-scripts
         name: cockroachdb-scripts
@@ -360,11 +390,14 @@ spec:
       - command:
         - /bin/bash
         - -c
-        - /cockroach/cockroach init --certs-dir=/cockroach/cockroach-certs --host=$(COCKROACH_INIT_HOST)
-          --port=26357 2>&1 | grep 'initialized'
+        - /cockroach/cockroach init --certs-dir=/cockroach/cockroach-certs --port=26357
+          2>&1 | grep 'initialized'
         env:
-        - name: COCKROACH_INIT_HOST
-          value: cockroachdb-0.cockroachdb
+        - name: COCKROACH_HOST
+          valueFrom:
+            configMapKeyRef:
+              key: cockroach.host
+              name: cockroach
         image: cockroachdb/cockroach:v23.2.2
         imagePullPolicy: IfNotPresent
         name: cluster-init
@@ -381,9 +414,18 @@ spec:
       restartPolicy: OnFailure
       volumes:
       - name: client-certs
-        secret:
+        projected:
           defaultMode: 256
-          secretName: cockroachdb.client.root
+          sources:
+          - secret:
+              items:
+              - key: ca.crt
+                path: ca.crt
+              - key: tls.crt
+                path: client.root.crt
+              - key: tls.key
+                path: client.root.key
+              name: cockroachdb.client.root
   ttlSecondsAfterFinished: 600
 ---
 apiVersion: cert-manager.io/v1
@@ -394,7 +436,7 @@ spec:
   commonName: root
   issuerRef:
     kind: Issuer
-    name: ca-issuer
+    name: cockroachdb-ca-issuer
   secretName: cockroachdb.client.root
   usages:
   - client auth
@@ -426,6 +468,7 @@ spec:
   - cockroachdb-0.cockroachdb
   - cockroachdb-1.cockroachdb
   - cockroachdb-2.cockroachdb
+  - cockroachdb-proxy
   issuerRef:
     kind: Issuer
     name: cockroachdb-ca-issuer

=============================================
k8s objects: 0 to add, 0 to destroy
12 changed hunks