Get cluster health before an update

[RafalKorepta]

As per #3023 the cluster should
be healthy before starting put node in maintanance mode and after POD is restarted.

Backports Required

• none - not a bug fix
• none - issue does not exist in previous branches
• none - papercut/not impactful enough to backport
• v22.3.x
• v22.2.x
• v22.1.x

UX Changes

Internal update logic is improved to not consider update if cluster is not
reporting healthy status via Admin API.

There is one regression that will be addressed later if someone would like
to turn off mTLS from internal Admin API new logic does not now how to
handle correct client certification.

Release Notes

Improvements

• Updates inside kuberntes environment the Redpanda update will be more
  safe as operator now doesn't consider updates if cluster does not report
  healthy status.

REF

#3023

[alenkacz]

LGTM

[alenkacz]

do you really want to use == and not rather errors.Is?

[RafalKorepta]

Hmm. I implemented the Is function as I was not able to unit test that error. I can check on the side if that would work, but it should work in the first place in direct call.

[alenkacz]

just curious: why this change?

[RafalKorepta]

There is one regression that will be addressed later if someone would like
to turn off mTLS from internal Admin API new logic does not now how to
handle correct client certification.

:(

[alenkacz]

I assume this test now runs with the new feature gate enabled, right?

[RafalKorepta]

Yes as we will sunset 21.11.X soon

[RafalKorepta]

/ci-repeat

[pvsune]

i'm not too familiar with this part of the controller and i am tired from flight 😅 please forgive if this is stupid q, but i thought we implement our own rolling update process. should this check be after that?

[RafalKorepta]

It is inside our rolling update process. The

redpanda/src/go/k8s/pkg/resources/statefulset_update.go

Lines 43 to 59 in 2d775e6

	// runUpdate handles image changes and additional storage in the redpanda cluster
	// CR by removing statefulset with orphans Pods. The stateful set is then recreated
	// and all Pods are restarted accordingly to the ordinal number.
	//
	// The process maintains an Restarting bool status that is set to true once the
	// generated stateful differentiate from the actual state. It is set back to
	// false when all pods are verified.
	//
	// The steps are as follows: 1) check the Restarting status or if the statefulset
	// differentiate from the current stored statefulset definition 2) if true,
	// set the Restarting status to true and remove statefulset with the orphan Pods
	// 3) perform rolling update like removing Pods accordingly to theirs ordinal
	// number 4) requeue until the pod is in ready state 5) prior to a pod update
	// verify the previously updated pod and requeue as necessary. Currently, the
	// verification checks the pod has started listening in its http Admin API port and may be
	// extended.
	func (r *StatefulSetResource) runUpdate(

[pvsune]

afaiu in #3023, at this point the cluster should be in maintenance mode. should we enforce it and add a check here?

[RafalKorepta]

The #3023 in point 1 and 6 is checking the health of the Redpanda cluster.

In our current rolling update we can not easily implement logic described in #3023. That's why before any operation with Pods (single broker) I'm trying to check health of the cluster as it should be a blocker.

[pvsune]

nit: not needed for this PR but admin api client is used everywhere and each resource have it's own implementation (console, cluster, sts). i think we should put this to util or some other way so we DRY

[RafalKorepta]

Yes, but there is problem with commonality. I'm happy to be wrong, but I don't see it yet.

[pvsune]

did initial review, mostly questions