cluster: fix infinite cluster load balancer configuration secret reconcile

Author: AndrewChubatiuk

docs/CHANGELOG.md

@@ -18,6 +18,7 @@ aliases:
 * FEATURE: [vmoperator](https://docs.victoriametrics.com/operator/): use `operator_bad_objects_total` metric with `object_namespace` and `crd` labels to track invalid objects managed by VMAgent, VMAuth, VMAlert and VMAlertmanager. Old `operator_alertmanager_bad_objects_count` and `operator_vmalert_bad_objects_count` are deprecated and will be removed in next releases.
 
 * BUGFIX: [vmoperator](https://docs.victoriametrics.com/operator/): fixed HPA cleanup logic for all cluster resources, before it was constantly recreated. Bug introduced in [this commit](https://github.com/VictoriaMetrics/operator/commit/983d1678c37497a7d03d2f57821219fd4975deec).
+* BUGFIX: [VMCluster](https://docs.victoriametrics.com/operator/resources/vmcluster/), [VLCluster](https://docs.victoriametrics.com/operator/resources/vlcluster/) and [VTCluster](https://docs.victoriametrics.com/operator/resources/vtcluster/): prevent cluster load balancer from infinite reconcile.
 
 ## [v0.66.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.66.1)
 

internal/controller/operator/factory/vlcluster/vmauth_lb.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"sort"
+	"strings"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -92,26 +93,25 @@ func buildVMauthLBSecret(cr *vmv1.VLCluster) *corev1.Secret {
 	selectURL := fmt.Sprintf("%s://%s.%s:%s",
 		selectProto, cr.PrefixedInternalName(vmv1beta1.ClusterComponentSelect), targetHostSuffix, selectPort)
 
-	lbScrt := &corev1.Secret{
-		ObjectMeta: buildLBConfigSecretMeta(cr),
-		// TODO: add backend auth
-		StringData: map[string]string{"config.yaml": fmt.Sprintf(`
+	lbConfig := fmt.Sprintf(`
 unauthorized_user:
   url_map:
   - src_paths:
     - "/insert/.*"
     - "/internal/insert"
-    url_prefix: "%s"
+    url_prefix: %q
     discover_backend_ips: true
   - src_paths:
     - ".*"
-    url_prefix: "%s"
+    url_prefix: %q
     discover_backend_ips: true
-      `, insertURL,
-			selectURL,
-		)},
+      `, insertURL, selectURL)
+
+	return &corev1.Secret{
+		ObjectMeta: buildLBConfigSecretMeta(cr),
+		// TODO: add backend auth
+		Data: map[string][]byte{"config.yaml": []byte(strings.TrimSpace(lbConfig))},
 	}
-	return lbScrt
 }
 
 func buildVMauthLBDeployment(cr *vmv1.VLCluster) (*appsv1.Deployment, error) {

internal/controller/operator/factory/vmalert/vmalert_test.go

@@ -467,7 +467,7 @@ func TestCreateOrUpdate(t *testing.T) {
 					Name:      "notifier-cfg",
 					Namespace: "default",
 				},
-				StringData: map[string]string{"cfg.yaml": "static: []"},
+				Data: map[string][]byte{"cfg.yaml": []byte("static: []")},
 			},
 			&appsv1.Deployment{
 				ObjectMeta: metav1.ObjectMeta{

internal/controller/operator/factory/vmcluster/vmcluster.go

@@ -1285,24 +1285,27 @@ func buildVMAuthLBSecret(cr *vmv1beta1.VMCluster) *corev1.Secret {
 	if cr.Spec.VMInsert != nil {
 		insertPort = cr.Spec.VMInsert.Port
 	}
-	lbScrt := &corev1.Secret{
-		ObjectMeta: buildLBConfigSecretMeta(cr),
-		StringData: map[string]string{"config.yaml": fmt.Sprintf(`
+
+	insertUrl := fmt.Sprintf("http://srv+%s.%s:%s", cr.PrefixedInternalName(vmv1beta1.ClusterComponentInsert), targetHostSuffix, insertPort)
+	selectUrl := fmt.Sprintf("http://srv+%s.%s:%s", cr.PrefixedInternalName(vmv1beta1.ClusterComponentSelect), targetHostSuffix, selectPort)
+
+	lbConfig := fmt.Sprintf(`
 unauthorized_user:
   url_map:
   - src_paths:
     - "/insert/.*"
-    url_prefix: "http://srv+%s.%s:%s"
+    url_prefix: %q
     discover_backend_ips: true
   - src_paths:
     - "/.*"
-    url_prefix: "http://srv+%s.%s:%s"
+    url_prefix: %q
     discover_backend_ips: true
-      `, cr.PrefixedInternalName(vmv1beta1.ClusterComponentInsert), targetHostSuffix, insertPort,
-			cr.PrefixedInternalName(vmv1beta1.ClusterComponentSelect), targetHostSuffix, selectPort,
-		)},
+      `, insertUrl, selectUrl)
+	return &corev1.Secret{
+		ObjectMeta: buildLBConfigSecretMeta(cr),
+		// TODO: add backend auth
+		Data: map[string][]byte{"config.yaml": []byte(strings.TrimSpace(lbConfig))},
 	}
-	return lbScrt
 }
 
 func buildVMAuthLBDeployment(cr *vmv1beta1.VMCluster) (*appsv1.Deployment, error) {

internal/controller/operator/factory/vtcluster/vmauth_lb.go

@@ -3,6 +3,7 @@ package vtcluster
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -91,26 +92,25 @@ func buildVMauthLBSecret(cr *vmv1.VTCluster) *corev1.Secret {
 	selectURL := fmt.Sprintf("%s://%s.%s:%s",
 		selectProto, cr.PrefixedInternalName(vmv1beta1.ClusterComponentSelect), targetHostSuffix, selectPort)
 
-	lbScrt := &corev1.Secret{
-		ObjectMeta: buildLBConfigSecretMeta(cr),
-		// TODO: add backend auth
-		StringData: map[string]string{"config.yaml": fmt.Sprintf(`
+	lbConfig := fmt.Sprintf(`
 unauthorized_user:
   url_map:
   - src_paths:
     - "/insert/.*"
     - "/internal/insert"
-    url_prefix: "%s"
+    url_prefix: %q
     discover_backend_ips: true
   - src_paths:
     - ".*"
-    url_prefix: "%s"
+    url_prefix: %q
     discover_backend_ips: true
-      `, insertURL,
-			selectURL,
-		)},
+      `, insertURL, selectURL)
+
+	return &corev1.Secret{
+		ObjectMeta: buildLBConfigSecretMeta(cr),
+		// TODO: add backend auth
+		Data: map[string][]byte{"config.yaml": []byte(strings.TrimSpace(lbConfig))},
 	}
-	return lbScrt
 }
 
 func buildVMauthLBDeployment(cr *vmv1.VTCluster) (*appsv1.Deployment, error) {