You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Harden CredentialRotation against stale CRs and partial retries
- Self-heal per-namespace user/my.cnf Secrets during active rotation by
re-applying pending passwords in Rotated/Discarding/Discarded phases.
Fall back to current passwords during the brief Discarded→Completed
window where pending keys have been promoted.
- Treat CR Get errors strictly: only NotFound/NoMatch are "no active
rotation"; transient errors abort reconciliation instead of falling
back to current passwords.
- Refuse to adopt or act on a stale CredentialRotation (ownerRef UID
does not match the live cluster). Apply this consistently in the
CredentialRotation reconciler, ClusterManager, MySQLClusterReconciler,
and the kubectl-moco CLI.
- Validate CR delete: forbid mid-rotation deletes, but always allow
garbage collection (owner NotFound, owner Terminating, stale UID).
- Make DISCARD OLD PASSWORD per-user idempotent via HasDualPassword,
matching the existing RETAIN behavior; required because MySQL rejects
DISCARD when no retained password remains.
- Reject discard while replicas=0 in handleStartDiscard and emit a
RotationBlocked Warning Event when handleRotatingPhase is stalled by
replicas=0.
- Update the design doc to match the implementation (MySQLClusterReconciler
code, DISCARD idempotency, stale-CR handling, MySQLCluster deletion,
validation webhook).
- Add unit and envtest coverage for the new paths.
Signed-off-by: shunki-fujita <shunki-fujita@cybozu.co.jp>
0 commit comments