`tls` flag is not included in relation databag

canonical / postgresql-k8s-operator

A Charmed Operator for running PostgreSQL on Kubernetes

https://charmhub.io/postgresql-k8s

Apache License 2.0

10 stars 20 forks source link

`tls` flag is not included in relation databag #698

Closed kelkawi-a closed 6 days ago

kelkawi-a commented 1 month ago

Steps to reproduce

Deploy 1 unit of postgresql-k8s charm, channel 14/stable revision 381
Deploy any requirer charm and relate it to the postgresql-k8s charm.

Expected behavior

The tls flag is included in the relation databag.

Actual behavior

The tls flag is not included in the relation databag.

Versions

Operating system: Ubuntu 22.04.4 LTS

Juju CLI: 3.5.3-ubuntu-amd64

Juju agent: 3.5.3

Charm revision: 381, channel 14/stable

kubectl: Client Version: v1.30.4 Server Version: v1.26.15

syncronize-issues-to-jira[bot] commented 1 month ago

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/DPE-5484.

This message was autogenerated

taurus-forever commented 3 weeks ago

@carlcsaposs-canonical can you please share here your recent learning about Juju K8s-specific behavior. Tnx!

AFAIK: Juju / K8s stops the pod with loosing all the not-yet-saved data in peer data (can be a tls flag here) IF Juju/K8s is stopping the pod (charm stop event fired immediately aborting the current event execution).

It could cause tls flag loose on K8s node drain or other production related activities (maintenance/outage) keeping local patroni configs with tls enables, but without tls flag in peer data.

It also could be a mix with this Juju issue. Example: Production K8s is heavily loaded => pod/workload needs more time to start/deploy => pebble check timeout reached (K8s liveness check triggered) => K8s kills the pod (restart pod) => we have TLS configs generated, but the tls flags are not saved in peed data.

carlcsaposs-canonical commented 3 weeks ago

yes, if kubernetes sends a sigterm, Juju immediately stops execution of the current event (causing the current event to not save data to databag) and causing a stop event to be emitted

lucasgameiroborges commented 3 weeks ago

Hey @taurus-forever and @carlcsaposs-canonical , thanks for raising this related issue!

Even thought the situation you've described can realistically happen (in such case, prob not much we could do on charm's side?), I think here we just aren't setting the tls flag at all 😅 Looks like they faced this issue on CI.

lucasgameiroborges commented 6 days ago

Hi! This issue should have been addressed on #719, please re-open in case you face this issue again. Thank you!