arangodb
diff --git a/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎chart/kube-arangodb-arm64/templates/debug/role.yaml
Lines changed: 4 additions & 0 deletions b/‎chart/kube-arangodb-arm64/templates/debug/role.yaml
Lines changed: 4 additions & 0 deletions
diff --git a/‎chart/kube-arangodb-enterprise-arm64/templates/debug/role.yaml
Lines changed: 4 additions & 0 deletions b/‎chart/kube-arangodb-enterprise-arm64/templates/debug/role.yaml
Lines changed: 4 additions & 0 deletions
diff --git a/‎chart/kube-arangodb-enterprise/templates/debug/role.yaml
Lines changed: 4 additions & 0 deletions b/‎chart/kube-arangodb-enterprise/templates/debug/role.yaml
Lines changed: 4 additions & 0 deletions
diff --git a/‎chart/kube-arangodb/templates/debug/role.yaml
Lines changed: 4 additions & 0 deletions b/‎chart/kube-arangodb/templates/debug/role.yaml
Lines changed: 4 additions & 0 deletions
diff --git a/‎pkg/apis/scheduler/v1beta1/pod/resources/scheduling.go
Lines changed: 3 additions & 1 deletion b/‎pkg/apis/scheduler/v1beta1/pod/resources/scheduling.go
Lines changed: 3 additions & 1 deletion
diff --git a/‎pkg/crd/apply.go
Lines changed: 17 additions & 4 deletions b/‎pkg/crd/apply.go
Lines changed: 17 additions & 4 deletions
diff --git a/‎pkg/deployment/reconcile/plan_builder_bootstrap.go
Lines changed: 8 additions & 3 deletions b/‎pkg/deployment/reconcile/plan_builder_bootstrap.go
Lines changed: 8 additions & 3 deletions
diff --git a/‎pkg/deployment/reconcile/plan_builder_high.go
Lines changed: 1 addition & 1 deletion b/‎pkg/deployment/reconcile/plan_builder_high.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/util/k8sutil/access/access.go
Lines changed: 3 additions & 2 deletions b/‎pkg/util/k8sutil/access/access.go
Lines changed: 3 additions & 2 deletions
diff --git a/‎pkg/util/k8sutil/inspector/constants/kubernetes_extension_crd_constants.go
Lines changed: 1 addition & 1 deletion b/‎pkg/util/k8sutil/inspector/constants/kubernetes_extension_crd_constants.go
Lines changed: 1 addition & 1 deletion
@@ -17,6 +17,7 @@
 - (Maintenance) Update Envoy to v1.32.5
 - (Maintenance) Generate CRD with Schemas
 - (Feature) DebugPackage Improvements
+- (Feature) Improve Bootstrap time
 
 ## [1.2.47](https://github.com/arangodb/kube-arangodb/tree/1.2.47) (2025-03-28)
 - (Bugfix) Use Profile Annotations
 
@@ -14,9 +14,13 @@ metadata:
         release: {{ .Release.Name }}
 rules:
   - apiGroups:
+# Core
     - ""
     - "apps"
     - "batch"
+# Arango
+    - "analytics.arangodb.com"
+    - "ml.arangodb.com"
     resources: ["*"]
     verbs: ["get", "list"]
   - apiGroups: [""]
 
@@ -14,9 +14,13 @@ metadata:
         release: {{ .Release.Name }}
 rules:
   - apiGroups:
+# Core
     - ""
     - "apps"
     - "batch"
+# Arango
+    - "analytics.arangodb.com"
+    - "ml.arangodb.com"
     resources: ["*"]
     verbs: ["get", "list"]
   - apiGroups: [""]
 
@@ -14,9 +14,13 @@ metadata:
         release: {{ .Release.Name }}
 rules:
   - apiGroups:
+# Core
     - ""
     - "apps"
     - "batch"
+# Arango
+    - "analytics.arangodb.com"
+    - "ml.arangodb.com"
     resources: ["*"]
     verbs: ["get", "list"]
   - apiGroups: [""]
 
@@ -14,9 +14,13 @@ metadata:
         release: {{ .Release.Name }}
 rules:
   - apiGroups:
+# Core
     - ""
     - "apps"
     - "batch"
+# Arango
+    - "analytics.arangodb.com"
+    - "ml.arangodb.com"
     resources: ["*"]
     verbs: ["get", "list"]
   - apiGroups: [""]
 
@@ -64,7 +64,9 @@ func (s *Scheduling) Apply(template *core.PodTemplateSpec) error {
 	} else {
 		template.Spec.NodeSelector = map[string]string{}
 		for k, v := range s.NodeSelector {
-			template.Spec.NodeSelector[k] = v
+			if v != "-" {
+				template.Spec.NodeSelector[k] = v
+			}
 		}
 	}
 
 
@@ -68,7 +68,11 @@ func EnsureCRDWithOptions(ctx context.Context, client kclient.Client, opts Ensur
 
 		getAccess := verifyCRDAccess(ctx, client, crdName, access.Get)
 		if !getAccess.Allowed {
-			logger.Str("crd", crdName).Info("Get Operations is not allowed. Continue")
+			logger.
+				Str("crd", crdName).
+				Str("reason", getAccess.Reason).
+				Str("evaluationError", getAccess.EvaluationError).
+				Info("Get Operations is not allowed. Continue")
 			continue
 		}
 
@@ -195,14 +199,20 @@ func tryApplyCRD(ctx context.Context, client kclient.Client, def crds.Definition
 	c, err := crdDefinitions.Get(ctx, crdName, meta.GetOptions{})
 	if err != nil {
 		if !errors.IsNotFound(err) {
-			logger.Err(err).Str("crd", crdName).Warn("Get Operations is not allowed due to error")
+			logger.Err(err).
+				Str("crd", crdName).
+				Warn("Get Operations is not allowed due to error")
 			return err
 		}
 
 		createAccess := verifyCRDAccess(ctx, client, crdName, access.Create)
 
 		if !createAccess.Allowed {
-			logger.Str("crd", crdName).Info("Create Operations is not allowed but CRD is missing. Continue")
+			logger.
+				Str("crd", crdName).
+				Str("reason", createAccess.Reason).
+				Str("evaluationError", createAccess.EvaluationError).
+				Info("Create Operations is not allowed but CRD is missing. Continue")
 			return nil
 		}
 
@@ -219,7 +229,10 @@ func tryApplyCRD(ctx context.Context, client kclient.Client, def crds.Definition
 
 	updateAccess := verifyCRDAccess(ctx, client, crdName, access.Update)
 	if !updateAccess.Allowed {
-		logger.Str("crd", crdName).Info("Update Operations is not allowed. Continue")
+		logger.Str("crd", crdName).
+			Str("reason", updateAccess.Reason).
+			Str("evaluationError", updateAccess.EvaluationError).
+			Info("Update Operations is not allowed. Continue")
 		return nil
 	}
 
 
@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2016-2022 ArangoDB GmbH, Cologne, Germany
+// Copyright 2016-2025 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -39,6 +39,8 @@ func (r *Reconciler) createBootstrapPlan(ctx context.Context, apiObject k8sutil.
 		return nil
 	}
 
+	var plan api.Plan
+
 	for user, secret := range spec.Bootstrap.PasswordSecretNames {
 		if secret.IsNone() {
 			continue
@@ -52,8 +54,11 @@ func (r *Reconciler) createBootstrapPlan(ctx context.Context, apiObject k8sutil.
 			}
 		}
 
-		return api.Plan{actions.NewClusterAction(api.ActionTypeBootstrapSetPassword, "Updating password").AddParam("user", user)}
+		plan = append(plan, actions.NewClusterAction(api.ActionTypeBootstrapSetPassword, "Updating password").AddParam("user", user))
 	}
 
-	return api.Plan{actions.NewClusterAction(api.ActionTypeBootstrapUpdate, "Finalizing bootstrap")}
+	plan = append(plan, r.updateClusterLicense(ctx, apiObject, spec, status, context)...)
+	plan = append(plan, actions.NewClusterAction(api.ActionTypeBootstrapUpdate, "Finalizing bootstrap"))
+
+	return plan
 }
@@ -262,7 +262,7 @@ func (r *Reconciler) updateMemberRotationConditions(apiObject k8sutil.APIObject,
 			}
 			// We need to do graceful rotation
 			if member.Conditions.IsTrue(api.ConditionTypePendingRestart) {
-				return nil, nil
+				return restartMemberConditionAction(group, member.ID, reason), nil
 			}
 
 			switch a := spec.MemberPropagationMode.Get(); a {
 
@@ -144,8 +144,9 @@ func VerifyAccessRequest(ctx context.Context, client kclient.Client, in authoriz
 
 	if err != nil {
 		return authorization.SubjectAccessReviewStatus{
-			Allowed: false,
-			Reason:  fmt.Sprintf("Unable to check access: %s", err.Error()),
+			Allowed:         false,
+			Reason:          fmt.Sprintf("Unable to check access: %s", err.Error()),
+			EvaluationError: err.Error(),
 		}
 	}
 
 
@@ -28,7 +28,7 @@ import (
 // CustomResourceDefinition
 const (
 	CustomResourceDefinitionGroup     = "apiextensions.k8s.io"
-	CustomResourceDefinitionResource  = "customresourcesdefinition"
+	CustomResourceDefinitionResource  = "customresourcedefinitions"
 	CustomResourceDefinitionKind      = "CustomResourceDefinition"
 	CustomResourceDefinitionVersionV1 = "v1"
 )
Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,9 @@ func (s Scheduling) Apply(template core.PodTemplateSpec) error {`
`64`	`64`	`} else {`
`65`	`65`	`template.Spec.NodeSelector = map[string]string{}`
`66`	`66`	`for k, v := range s.NodeSelector {`
`67`		`- template.Spec.NodeSelector[k] = v`
	`67`	`+ if v != "-" {`
	`68`	`+ template.Spec.NodeSelector[k] = v`
	`69`	`+ }`
`68`	`70`	`}`
`69`	`71`	`}`
`70`	`72`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`//`
`2`	`2`	`// DISCLAIMER`
`3`	`3`	`//`
`4`		`-// Copyright 2016-2022 ArangoDB GmbH, Cologne, Germany`
	`4`	`+// Copyright 2016-2025 ArangoDB GmbH, Cologne, Germany`
`5`	`5`	`//`
`6`	`6`	`// Licensed under the Apache License, Version 2.0 (the "License");`
`7`	`7`	`// you may not use this file except in compliance with the License.`
`@@ -39,6 +39,8 @@ func (r *Reconciler) createBootstrapPlan(ctx context.Context, apiObject k8sutil.`
`39`	`39`	`return nil`
`40`	`40`	`}`
`41`	`41`
	`42`	`+ var plan api.Plan`
	`43`	`+`
`42`	`44`	`for user, secret := range spec.Bootstrap.PasswordSecretNames {`
`43`	`45`	`if secret.IsNone() {`
`44`	`46`	`continue`
`@@ -52,8 +54,11 @@ func (r *Reconciler) createBootstrapPlan(ctx context.Context, apiObject k8sutil.`
`52`	`54`	`}`
`53`	`55`	`}`
`54`	`56`
`55`		`- return api.Plan{actions.NewClusterAction(api.ActionTypeBootstrapSetPassword, "Updating password").AddParam("user", user)}`
	`57`	`+ plan = append(plan, actions.NewClusterAction(api.ActionTypeBootstrapSetPassword, "Updating password").AddParam("user", user))`
`56`	`58`	`}`
`57`	`59`
`58`		`- return api.Plan{actions.NewClusterAction(api.ActionTypeBootstrapUpdate, "Finalizing bootstrap")}`
	`60`	`+ plan = append(plan, r.updateClusterLicense(ctx, apiObject, spec, status, context)...)`
	`61`	`+ plan = append(plan, actions.NewClusterAction(api.ActionTypeBootstrapUpdate, "Finalizing bootstrap"))`
	`62`	`+`
	`63`	`+ return plan`
`59`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -262,7 +262,7 @@ func (r *Reconciler) updateMemberRotationConditions(apiObject k8sutil.APIObject,`
`262`	`262`	`}`
`263`	`263`	`// We need to do graceful rotation`
`264`	`264`	`if member.Conditions.IsTrue(api.ConditionTypePendingRestart) {`
`265`		`- return nil, nil`
	`265`	`+ return restartMemberConditionAction(group, member.ID, reason), nil`
`266`	`266`	`}`
`267`	`267`
`268`	`268`	`switch a := spec.MemberPropagationMode.Get(); a {`
Original file line number	Diff line number	Diff line change
`@@ -144,8 +144,9 @@ func VerifyAccessRequest(ctx context.Context, client kclient.Client, in authoriz`
`144`	`144`
`145`	`145`	`if err != nil {`
`146`	`146`	`return authorization.SubjectAccessReviewStatus{`
`147`		`- Allowed: false,`
`148`		`- Reason: fmt.Sprintf("Unable to check access: %s", err.Error()),`
	`147`	`+ Allowed: false,`
	`148`	`+ Reason: fmt.Sprintf("Unable to check access: %s", err.Error()),`
	`149`	`+ EvaluationError: err.Error(),`
`149`	`150`	`}`
`150`	`151`	`}`
`151`	`152`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ import (`
`28`	`28`	`// CustomResourceDefinition`
`29`	`29`	`const (`
`30`	`30`	`CustomResourceDefinitionGroup = "apiextensions.k8s.io"`
`31`		`- CustomResourceDefinitionResource = "customresourcesdefinition"`
	`31`	`+ CustomResourceDefinitionResource = "customresourcedefinitions"`
`32`	`32`	`CustomResourceDefinitionKind = "CustomResourceDefinition"`
`33`	`33`	`CustomResourceDefinitionVersionV1 = "v1"`
`34`	`34`	`)`