From aecd13c023b94170e7cd08fa5c36f7e5dcfb8338 Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Thu, 30 Mar 2023 09:55:54 +0200
Subject: [PATCH 1/4] fix: Add automatic CSI registration path migration 23.1
 -> 23.4

---
 CHANGELOG.md                                  | 10 +++++----
 .../secret-operator/templates/daemonset.yaml  | 21 +++++++++++++++++++
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 50581218..6a042df3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,16 +12,18 @@ All notable changes to this project will be documented in this file.
 ### Changed
 
 - Shortened the registration socket path for Microk8s compatibility ([#231]).
-  - After upgrading you will need to
-    `rmdir /var/lib/kubelet/plugins_registry/secrets.stackable.tech-reg.sock` manually.
-    This applies to *all* users, not just Microk8s.
 - Made kubeletDir configurable ([#232]).
   - Microk8s users will need to `--set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet`.
 
+### Fixed
+
+- Add automatic CSI registration path migration 23.1 -> 23.4 ([#258]).
+
 [#99]: https://github.com/stackabletech/secret-operator/pull/99
 [#231]: https://github.com/stackabletech/secret-operator/pull/231
 [#232]: https://github.com/stackabletech/secret-operator/pull/232
 [#252]: https://github.com/stackabletech/secret-operator/pull/252
+[#258]: https://github.com/stackabletech/secret-operator/pull/258
 
 ## [23.1.0] - 2023-01-23
 
@@ -74,7 +76,7 @@ All notable changes to this project will be documented in this file.
 
 - `autoTls` CA generation now requires opt-in ([#77]).
   - The default `tls` `SecretClass` now has this opt-in by default.
-  
+
 ### Removed
 
 - `k8sSearch` backend's option `secretLabels` has been removed ([#123]).
diff --git a/deploy/helm/secret-operator/templates/daemonset.yaml b/deploy/helm/secret-operator/templates/daemonset.yaml
index 2465774f..d354e731 100644
--- a/deploy/helm/secret-operator/templates/daemonset.yaml
+++ b/deploy/helm/secret-operator/templates/daemonset.yaml
@@ -74,6 +74,27 @@ spec:
               mountPath: /registration
             - name: csi
               mountPath: /csi
+      initContainers:
+        # https://github.com/stackabletech/secret-operator/issues/251
+        # In https://github.com/stackabletech/secret-operator/pull/231 we introduced a breaking change by shortening the CSI registration path
+        # This resulted in the following error "node_register.go:43] file exists in socketPath /registration/secrets.stackable.tech-reg.sock but it's not a socket.: &{name:secrets.stackable.tech-reg.sock size:4096 mode:2147484141 modTime:{wall:984732078ext:63815759330 loc:0xf864a0} sys:{Dev:64769 Ino:43688551 Nlink:2 Mode:16877 Uid:0 Gid:0 X__pad0:0 Rdev:0 Size:4096 Blksize:4096 Blocks:8 Atim:{Sec:1680162505 Nsec:36073186} Mtim:{Sec:1680162530 Nsec:984732078} Ctim:{Sec:1680162530 Nsec:984732078} X__unused:[0 0 0]}}"
+        # This init container removes the "old" directory, so that a unix socket with the same path can be created instead
+        # TODO: Should be removed in a release after 23.4
+        - name: migrate-longer-csi-registration-path
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - /bin/bash
+            - -x
+            - -c
+            - |
+              ls -la /registration
+              echo "Removing old (long) CSI registration path"
+              if [ -d "/registration/secrets.stackable.tech-reg.sock" ]; then rmdir /registration/secrets.stackable.tech-reg.sock; fi
+              ls -la /registration
+          volumeMounts:
+            - name: registration-sock
+              mountPath: /registration
       volumes:
         - name: registration-sock
           hostPath:

From 99769d471662cf8349666fec662f5714a3b69e6f Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Thu, 30 Mar 2023 10:15:00 +0200
Subject: [PATCH 2/4] changelog

---
 CHANGELOG.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6a042df3..f9bccfd4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,14 +11,12 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
-- Shortened the registration socket path for Microk8s compatibility ([#231]).
+- Shortened the registration socket path for Microk8s compatibility ([#231], [#258]).
+  - The old CSI registration path will be automatically migrated during upgrade
+  - You might need to manually remove `/var/lib/kubelet/plugins_registry/secrets.stackable.tech-reg.sock` when downgrading
 - Made kubeletDir configurable ([#232]).
   - Microk8s users will need to `--set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet`.
 
-### Fixed
-
-- Add automatic CSI registration path migration 23.1 -> 23.4 ([#258]).
-
 [#99]: https://github.com/stackabletech/secret-operator/pull/99
 [#231]: https://github.com/stackabletech/secret-operator/pull/231
 [#232]: https://github.com/stackabletech/secret-operator/pull/232

From 5bf0ae438aae670ac3a811ec83e697c48a68a09f Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Thu, 30 Mar 2023 10:33:09 +0200
Subject: [PATCH 3/4] Update CHANGELOG.md

Co-authored-by: Natalie <teo@nullable.se>
---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f9bccfd4..0f82459c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,8 +11,8 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
-- Shortened the registration socket path for Microk8s compatibility ([#231], [#258]).
-  - The old CSI registration path will be automatically migrated during upgrade
+- Shortened the registration socket path for Microk8s compatibility ([#231]).
+  - The old CSI registration path will be automatically migrated during upgrade ([#258]).
   - You might need to manually remove `/var/lib/kubelet/plugins_registry/secrets.stackable.tech-reg.sock` when downgrading
 - Made kubeletDir configurable ([#232]).
   - Microk8s users will need to `--set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet`.

From 7476ac62626df8072f0d9595a64da7a350d765af Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Thu, 30 Mar 2023 10:38:15 +0200
Subject: [PATCH 4/4] Update
 deploy/helm/secret-operator/templates/daemonset.yaml

Co-authored-by: Natalie <teo@nullable.se>
---
 deploy/helm/secret-operator/templates/daemonset.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/deploy/helm/secret-operator/templates/daemonset.yaml b/deploy/helm/secret-operator/templates/daemonset.yaml
index d354e731..aa683180 100644
--- a/deploy/helm/secret-operator/templates/daemonset.yaml
+++ b/deploy/helm/secret-operator/templates/daemonset.yaml
@@ -85,6 +85,8 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command:
             - /bin/bash
+            - -euo
+            - pipefail
             - -x
             - -c
             - |