K8SPG-138 fix repo host (#727)

* K8SPG-138 fix repo host

* delete logs

* delete logs

* fix unit  tests

* fix k8s version

* fix PR comments

* fix version

* fix PR error

* fix goimports error

.github/workflows/reviewdog.yml

@@ -10,7 +10,7 @@ jobs:
  go-version: '^1.20'
  - uses: actions/checkout@v4
  - name: golangci-lint
- uses: golangci/golangci-lint-action@v4
+ uses: golangci/golangci-lint-action@v5
  with:
  version: latest
  only-new-issues: true

.golangci.yaml

@@ -77,6 +77,7 @@ linters-settings:
 run:
  build-tags:
  - envtest
- skip-dirs:
+issues:
+ exclude-dirs:
  - pkg/generated
- - hack
+ - hack

Jenkinsfile

@@ -12,7 +12,7 @@ void createCluster(String CLUSTER_SUFFIX) {
  gcloud auth activate-service-account --key-file $CLIENT_SECRET_FILE
  gcloud config set project $GCP_PROJECT
  gcloud container clusters list --filter $CLUSTER_NAME-${CLUSTER_SUFFIX} --zone $region --format='csv[no-heading](name)' | xargs gcloud container clusters delete --zone $region --quiet || true
- gcloud container clusters create --zone $region $CLUSTER_NAME-${CLUSTER_SUFFIX} --cluster-version=1.25 --machine-type=n1-standard-4 --preemptible --disk-size 30 --num-nodes=3 --network=jenkins-vpc --subnetwork=jenkins-${CLUSTER_SUFFIX} --no-enable-autoupgrade --cluster-ipv4-cidr=/21 --labels delete-cluster-after-hours=6 --enable-ip-alias --workload-pool=cloud-dev-112233.svc.id.goog && \
+ gcloud container clusters create --zone $region $CLUSTER_NAME-${CLUSTER_SUFFIX} --cluster-version=1.26 --machine-type=n1-standard-4 --preemptible --disk-size 30 --num-nodes=3 --network=jenkins-vpc --subnetwork=jenkins-${CLUSTER_SUFFIX} --no-enable-autoupgrade --cluster-ipv4-cidr=/21 --labels delete-cluster-after-hours=6 --enable-ip-alias --workload-pool=cloud-dev-112233.svc.id.goog && \
  kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user jenkins@"$GCP_PROJECT".iam.gserviceaccount.com || ret_val=\$?
  if [ \${ret_val} -eq 0 ]; then break; fi
  ret_num=\$((ret_num + 1))

internal/controller/postgrescluster/pgbackrest.go

@@ -24,6 +24,8 @@ import (
  "strings"
  "time"
 
+ gover "github.com/hashicorp/go-version"
+
  "github.com/pkg/errors"
  appsv1 "k8s.io/api/apps/v1"
  batchv1 "k8s.io/api/batch/v1"
@@ -588,8 +590,11 @@ func (r *Reconciler) generateRepoHostIntent(postgresCluster *v1beta1.PostgresClu
  // - https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity
  // - https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
  repo.Spec.Template.Spec.AutomountServiceAccountToken = initialize.Bool(false)
- repo.Spec.Template.Spec.ServiceAccountName = naming.PGBackRestRBAC(postgresCluster).Name
 
+ currVersion, err := gover.NewVersion(postgresCluster.Labels[naming.LabelVersion])
+ if err == nil && currVersion.GreaterThanOrEqual(gover.Must(gover.NewVersion("2.4.0"))) {
+ repo.Spec.Template.Spec.ServiceAccountName = naming.PGBackRestRBAC(postgresCluster).Name
+ }
  // Do not add environment variables describing services in this namespace.
  repo.Spec.Template.Spec.EnableServiceLinks = initialize.Bool(false)
 

internal/controller/postgrescluster/pgbackrest_test.go

@@ -344,8 +344,6 @@ schedulerName: default-scheduler
 securityContext:
  fsGroup: 26
  fsGroupChangePolicy: OnRootMismatch
-serviceAccount: hippocluster-pgbackrest
-serviceAccountName: hippocluster-pgbackrest
 shareProcessNamespace: true
 terminationGracePeriodSeconds: 30
 tolerations:
@@ -2738,7 +2736,7 @@ func TestGenerateRepoHostIntent(t *testing.T) {
  assert.NilError(t, err)
 
  t.Run("ServiceAccount", func(t *testing.T) {
- assert.Equal(t, sts.Spec.Template.Spec.ServiceAccountName, "-pgbackrest")
+ assert.Equal(t, sts.Spec.Template.Spec.ServiceAccountName, "")
  if assert.Check(t, sts.Spec.Template.Spec.AutomountServiceAccountToken != nil) {
  assert.Equal(t, *sts.Spec.Template.Spec.AutomountServiceAccountToken, false)
  }