Skip to content

LIB-951: Move liberty-gateway-operator to liberty-k8s-controllers#15

Draft
KevinKlaesRackspace2 wants to merge 15 commits into
mainfrom
LIB-951-move-liberty-gateway-operator-to
Draft

LIB-951: Move liberty-gateway-operator to liberty-k8s-controllers#15
KevinKlaesRackspace2 wants to merge 15 commits into
mainfrom
LIB-951-move-liberty-gateway-operator-to

Conversation

@KevinKlaesRackspace2

@KevinKlaesRackspace2 KevinKlaesRackspace2 commented Jul 14, 2026

Copy link
Copy Markdown

Description

Reading directory: /Users/kevi0757/Sites/specs/LIB-951 (using tool: read, max depth: 0, max entries: 1000, excluding: defaults)
✓ Successfully read directory /Users/kevi0757/Sites/specs/LIB-951 (13 entries)

  • Completed in 0.1s

Batch fs_read operation with 2 operations (using tool: read)

↱ Operation 1: Reading file: /Users/kevi0757/Sites/specs/LIB-951/summary-20260710-084145.md, all lines
↱ Operation 2: Reading file: /Users/kevi0757/Sites/specs/LIB-951/.repos, all lines
✓ Successfully read 3992 bytes from /Users/kevi0757/Sites/specs/LIB-951/summary-20260710-084145.md

✓ Successfully read 78 bytes from /Users/kevi0757/Sites/specs/LIB-951/.repos

  • Summary: 2 operations processed, 2 successful, 0 failed
  • Completed in 0.0s

Now I have the full context. Let me also check what's in the .repos — I see there's a percona-server-mongodb-operator repo in there too. The diff shows changes to that repo (the statefulset compare files, the workflows, the renovate.json, version.txt). Let me look at the diff more carefully — the changes span three repos.

PR Description for liberty-k8s-controllers

Based on the spec and summary, here's the PR description:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Migrates the gateway-operator from the standalone liberty-gateway-operator repo into this monorepo, following the established multi-component pattern (alongside mongobench-operator, psmdb-operator, etc.). This consolidates CI/release pipelines and eliminates a single-purpose repo.

What's here

  • cmd/gateway-operator/main.go — Entrypoint using the monorepo conventions: log/slog + JSON handler through logr, pkg/metrics.SetupProvider() for OTEL, pkg/version for build metadata, controller-runtime's built-in metrics server on :8080 and health probes on :8081.
  • internal/gateway/ — Controller, API types, and config package ported from liberty-gateway-operator. The reconciler manages GatewayPortAllocation CRs, allocating ports to pods and creating Gateway API ListenerSet resources.
  • internal/gateway/controller/metrics.go — OTEL instruments via otel.Meter("gateway-operator"). Replaces the old standalone Prometheus HTTP server with instruments registered through the shared provider (exposed by controller-runtime's /metrics endpoint).
  • config/gateway-operator/crd/gatewayportallocation-crd.yaml — CRD manifest.
  • go.mod gains sigs.k8s.io/gateway-api v1.5.0 as the only new dependency.

Design choices reviewers should note

  1. sigs.k8s.io/yaml instead of gopkg.in/yaml.v2 — The config struct tags were changed from yaml: to json: because sigs.k8s.io/yaml deserializes using JSON struct tags. This is functionally equivalent but aligns with monorepo conventions.

  2. Metrics struct lives in internal/gateway/controller/ rather than a separate metrics package. The instruments are only used by the reconciler, so a dedicated package adds indirection without value.

  3. No CI/workflow changes needed — COMPONENTS in the Makefile and auto-release.yaml already include gateway-operator. Tag-driven releases (gateway-operator/vX.Y.Z) work out of the box.

  4. Envtest tests use //go:build envtest — They won't run in make test but will run in the envtest CI matrix. They require gateway-api CRDs from sigs.k8s.io/gateway-api/config/crd/experimental/.

Follow-up

The standalone liberty-gateway-operator repo can be archived after the first successful deployment from the new image path (ghcr.io/objectrocket/liberty/controllers/gateway-operator). Production rsetinput semver pins will need updating after devlab verification.

CHANGE DESCRIPTION

Problem:
Short explanation of the problem.

Cause:
Short explanation of the root cause of the issue if applicable.

Solution:
Short explanation of the solution we are providing with this PR.

CHECKLIST

Jira

  • LIB-951
  • Is the Jira ticket created and referenced properly?
  • Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
  • Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

  • Is an E2E test/test case added for the new feature/change?
  • Are unit tests added where appropriate?
  • Are OpenShift compare files changed for E2E tests (compare/*-oc.yml)?

Config/Logging/Testability

  • Are all needed new/changed options added to default YAML files?
  • Are all needed new/changed options added to the Helm Chart?
  • Did we add proper logging messages for operator actions?
  • Did we ensure compatibility with the previous version or cluster upgrade process?
  • Does the change support oldest and newest supported MongoDB version?
  • Does the change support oldest and newest supported Kubernetes version?

KevinKlaesRackspace2 and others added 15 commits January 15, 2026 12:22
Add relaxPermChecks and encryption enabling flags to ps-entry
* Fix keyfile permissions

* Remove extra debug line

* Update build/ps-entry.sh

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LIB-623: Add Renovate dependency management
The --relaxPermChecks flag is a Percona Server for MongoDB specific option
that does not exist in MongoDB Community Edition. Our Docker images use
MongoDB Community packages (mongodb-org-*), so this flag causes mongod to
fail at startup with 'unrecognised option' error.

This was the root cause of build failures in the Braze zone: both cfg
(config server) and rs-0 (shard) pods entered CrashLoopBackOff because
mongod rejected the unrecognized --relaxPermChecks flag.

Changes:
- Remove --relaxPermChecks from containerArgs() in container.go
- Remove --relaxPermChecks from mongos args in mongos.go
- Update mongos_test.go to assert flag is NOT present
- Update all e2e test comparison YAML files (257 files)
- Update all reconcile-statefulset testdata YAML files (9 files)

The defense-in-depth stripping in build/ps-entry.sh is preserved for
backwards compatibility with any future edge cases.
…aze-zone

LIB-980: Build failures in Braze zone
Add auto-version-bump.yaml that bumps pkg/version/version.txt based on
PR labels (bump:patch, bump:minor, bump:major). Implements subversioned
format X.Y.Z-N where bump:patch increments the -N suffix.

Add label-check.yaml that blocks merge when a PR with code changes
lacks a version label or skip-release label.

Both workflows use path filters scoped to operator code directories:
pkg/, cmd/, build/, config/, deploy/.
Remove workflows not applicable to our fork:
- scan.yml: builds to upstream Percona Docker Hub registry
- stale.yml: community PR management
- labeler.yml: community fork detection
- renovate.yaml: redundant with existing dependabot.yml

Remove associated config files:
- .github/labeler.yml: labeler workflow config
- .github/pr-badge.yml: upstream PR badge config
- Add github.com/objectrocket to goimports-reviser company prefixes
  alongside github.com/percona
- Remove release-* branch conditionals from manifests check since we
  only use the main branch. Always generate with VERSION=main.
Update pkg/version/version.txt to 1.22.0-1 as starting point for our
subversioned bumps. The -N suffix distinguishes our builds from
upstream Percona releases that use the same base version.

Update pkg/version/version.go:
- Version() now strips the -N suffix and returns base semver (1.22.0)
  for CRVersion feature-gating comparisons (hashicorp/go-version
  treats hyphens as prerelease identifiers)
- Add FullVersion() that returns the complete version string including
  subversion suffix, used for image tagging and CRD labels

Update version_test.go to use FullVersion() for CRD label validation.

Update CRD patches and generated deploy manifests to reflect v1.22.0-1.
…-workflows-and-clean

LIB-982: Implement versioning workflows and clean up GitHub Actions in operator fork
@KevinKlaesRackspace2

Copy link
Copy Markdown
Author

Related PRs for LIB-951

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants