Operator upgrade should not cause rolling restart

[burmanm]

What this PR does:
Missing two features: new Condition and the annotation name might require changing. And also some unit tests and not just the e2e test. The RestartTask changes should come in separate PR (and will get its own ticket).

• Adds new reconcile event: annotation changes (and not just generation changes)
• Do not upgrade StatefulSets if Generation hasn't changed
• Modify upgrade_operator to run against 4.1 and verify in the operator upgrade test that the pods are not restarted on operator upgrade without added annotation approval. After the approval, ensure the pods were actually modified and have been restarted. Also, verify the "once" annotation was removed at the end.

Which issue(s) this PR fixes:
Fixes #566

Checklist

• Changes manually tested
• Automated Tests added/updated
• Documentation added/updated
• CHANGELOG.md updated (not required for documentation PRs)
• CLA Signed: DataStax CLA

[olim7t]

Looks great so far. I tested an operator upgrade in a local cluster and everything behaves as expected.
I'll hold off approval for now since it seems things are still in the air regarding the config secret.

[olim7t]

users of config secret should set this variable to "always" to keep their existing behavior

[thought] This feels a bit inconsistent. Whether the config is directly in the CassandraDatacenter or externalized in a secret is just a detail, overall it's the same semantics (as far as I know).

Is there any way that we could detect when a reconcile comes from a config secret change, and treat that the same as a regular CassDC modification?

EDIT -- just saw your comment in ReconciliationContext.UpdateAllowed() which I think goes in that direction so +1 nm I misread that comment

[burmanm]

ReconciliationContext sadly doesn't know where the update came from as we don't pass the reconcile trigger inside the reconciliation process. That information is only available in the controller's process, where it gets Watch events and transforms those to Reconcile objects.

I don't think it's even easily possible to pass that information from there. For config secret we would need check some hashes to compare if it was changed from last time or something equivalent.

[olim7t]

Approving since the config secret issue can't be easily addressed.

Reminder to consider extracting constants for the annotation value, and one more comment below.

[olim7t]

[suggestion] I also think we should pick a better name for this annotation. allow-upgrade is too generic, it doesn't capture the fact that we are only considering the case when the object was not modified.

Maybe something along the lines of allow-changes-on-operator-upgrade?

[burmanm]

I renamed it to cassandra.datastax.com/autoupdate-spec which seemed to be close to what many Kubernetes "known annotations" seem to follow, such as rbac.authorization.kubernetes.io/autoupdate and apf.kubernetes.io/autoupdate-spec, since their behavior is quite close to what we want.

I don't want this to be "upgrade of operator" only annotation, but instead dedicate the same behavior to all StatefulSet updates the operator might make automatically, such as removing user-made changes to the StatefulSets.

[olim7t]

The task looks good, I've verified that it sets the annotation to once on a DC that didn't have it, and completes immediately on a DC that has always.