From ae0d03862bb593200b4af678a63dbc9e9bfe715b Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Tue, 21 Jul 2020 16:15:48 +0000 Subject: [PATCH 1/8] Pod Security Context --- CHANGELOG.md | 4 ++ chart/kube-arangodb/README.md | 9 ++++ chart/kube-arangodb/templates/deployment.yaml | 1 + chart/kube-arangodb/templates/scope.yaml | 5 ++ chart/kube-arangodb/values.yaml | 2 + go.mod | 27 +++++----- go.sum | 54 ++++++++++--------- main.go | 8 +++ pkg/apis/deployment/v1/server_group_spec.go | 19 +++++++ .../deployment/v1/zz_generated.deepcopy.go | 10 ++++ pkg/deployment/images.go | 4 ++ pkg/deployment/resources/pod_creator.go | 4 ++ .../resources/pod_creator_arangod.go | 6 +++ pkg/deployment/resources/pod_creator_sync.go | 4 ++ pkg/operator/operator.go | 22 ++++++++ pkg/util/k8sutil/interfaces/pod_creator.go | 6 +++ 16 files changed, 148 insertions(+), 37 deletions(-) create mode 100644 chart/kube-arangodb/templates/scope.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index f8e7b271e..7ef9cf5a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ - Allow to customize Security Context in pods - Remove dead Coordinators in Cluster mode - Add AutoRecovery flag to recover cluster in case of deadlock +- Add Operator Single +- Improve SecurityContext settings +- Update k8s dependency to 1.15 +- Add Scope parameter to Operator ## [1.0.3](https://github.com/arangodb/kube-arangodb/tree/1.0.3) (2020-05-25) - Prevent deletion of not known PVC's diff --git a/chart/kube-arangodb/README.md b/chart/kube-arangodb/README.md index 97024c379..2f5d1a802 100644 --- a/chart/kube-arangodb/README.md +++ b/chart/kube-arangodb/README.md @@ -67,6 +67,15 @@ List of the Image Pull Secrets for Operator images. Default: `[]string` +### `operator.scope` + +Scope on which Operator should work. + +Default: `legacy` + +Supported modes: +- `legacy` - mode with limited cluster scope access + ### `operator.service.type` Type of the Operator service. diff --git a/chart/kube-arangodb/templates/deployment.yaml b/chart/kube-arangodb/templates/deployment.yaml index 5bc61ab01..807f96c11 100644 --- a/chart/kube-arangodb/templates/deployment.yaml +++ b/chart/kube-arangodb/templates/deployment.yaml @@ -72,6 +72,7 @@ spec: imagePullPolicy: {{ .Values.operator.imagePullPolicy }} image: {{ .Values.operator.image }} args: + - --scope={{ .Values.operator.scope }} {{- if .Values.operator.features.deployment }} - --operator.deployment {{- end -}} diff --git a/chart/kube-arangodb/templates/scope.yaml b/chart/kube-arangodb/templates/scope.yaml new file mode 100644 index 000000000..5c4ae92d9 --- /dev/null +++ b/chart/kube-arangodb/templates/scope.yaml @@ -0,0 +1,5 @@ +{{- if eq .Values.operator.scope "legacy" -}} +# Scope "legacy" selected +{{- else -}} +{{ fail (printf "Operator Scope %s is not supported!" .Values.operator.scope) }} +{{- end -}} \ No newline at end of file diff --git a/chart/kube-arangodb/values.yaml b/chart/kube-arangodb/values.yaml index 2e809bff4..efb3c8449 100644 --- a/chart/kube-arangodb/values.yaml +++ b/chart/kube-arangodb/values.yaml @@ -5,6 +5,8 @@ operator: imagePullPolicy: IfNotPresent imagePullSecrets: [] + scope: legacy + args: [] service: diff --git a/go.mod b/go.mod index dc01c19c2..c082b58da 100644 --- a/go.mod +++ b/go.mod @@ -8,15 +8,20 @@ replace ( github.com/stretchr/testify => github.com/stretchr/testify v1.5.1 github.com/ugorji/go => github.com/ugorji/go v0.0.0-20181209151446-772ced7fd4c2 - k8s.io/api => k8s.io/api v0.15.9 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.15.9 - k8s.io/apimachinery => k8s.io/apimachinery v0.15.9 - k8s.io/client-go => k8s.io/client-go v0.15.9 + k8s.io/api => k8s.io/api v0.15.11 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.15.11 + k8s.io/apimachinery => k8s.io/apimachinery v0.15.11 + k8s.io/apiserver => k8s.io/apiserver v0.15.11 + k8s.io/client-go => k8s.io/client-go v0.15.11 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.15.11 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.15.11 k8s.io/code-generator => ./deps/k8s.io/code-generator + k8s.io/component-base => k8s.io/component-base v0.15.11 + k8s.io/kubernetes => k8s.io/kubernetes v1.15.11 + k8s.io/metrics => k8s.io/metrics v0.15.11 ) require ( - github.com/aktau/github-release v0.8.1 // indirect github.com/arangodb-helper/go-certificates v0.0.0-20180821055445-9fca24fc2680 github.com/arangodb/arangosync-client v0.6.3 github.com/arangodb/go-driver v0.0.0-20191002124627-11b6bfc64f67 @@ -30,13 +35,10 @@ require ( github.com/ghodss/yaml v1.0.0 github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3 // indirect github.com/gin-gonic/gin v1.3.0 - github.com/github-release/github-release v0.8.1 // indirect - github.com/google/addlicense v0.0.0-20200422172452-68a83edd47bc // indirect - github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1 // indirect + github.com/google/addlicense v0.0.0-20200622132530-df58acafd6d5 // indirect github.com/jessevdk/go-assets v0.0.0-20160921144138-4f4301a06e15 github.com/jessevdk/go-assets-builder v0.0.0-20130903091706-b8483521738f github.com/julienschmidt/httprouter v1.3.0 - github.com/kevinburke/rest v0.0.0-20200429221318-0d2892b400f8 // indirect github.com/magiconair/properties v1.8.0 github.com/mattn/go-isatty v0.0.12 // indirect github.com/pkg/errors v0.8.1 @@ -46,11 +48,10 @@ require ( github.com/spf13/cobra v0.0.5 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.5.1 - github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect github.com/ugorji/go/codec v0.0.0-20181209151446-772ced7fd4c2 // indirect - github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 // indirect - golang.org/x/net v0.0.0-20200226121028-0de0cce0169b - golang.org/x/sys v0.0.0-20200116001909-b77594299b42 + golang.org/x/net v0.0.0-20200625001655-4c5254603344 + golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd + golang.org/x/tools v0.0.0-20200721154406-b8e13e1a4d3b // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/go-playground/validator.v8 v8.18.2 // indirect k8s.io/api v0.17.3 diff --git a/go.sum b/go.sum index d81e185ad..378c99d3d 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,6 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/aktau/github-release v0.8.1 h1:kboIvXbZmnc1RLApihyCnSxxFL19bjBPMVgQU5Dw8rM= -github.com/aktau/github-release v0.8.1/go.mod h1:cPkP83iRnV8pAJyQlQ4vjLJoC+JE+aT5sOrYz3sTsX0= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -175,8 +173,6 @@ github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3 h1:t8FVkw33L+wilf2 github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s= github.com/gin-gonic/gin v1.3.0 h1:kCmZyPklC0gVdL728E6Aj20uYBJV93nj/TkwBTKhFbs= github.com/gin-gonic/gin v1.3.0/go.mod h1:7cKuhb5qV2ggCFctp2fJQ+ErvciLZrIeoOSOm6mUr7Y= -github.com/github-release/github-release v0.8.1 h1:FgSRfoHEu9VwiU5l+3oTa1+lhTJIeLlbCp0OUKR3EMI= -github.com/github-release/github-release v0.8.1/go.mod h1:CcaWgA5VoBGz94mOHYIXavqUA8kADNZxU+5/oDQxF6o= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/go-bindata/go-bindata v3.1.2+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo= @@ -258,8 +254,8 @@ github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/addlicense v0.0.0-20200422172452-68a83edd47bc h1:CHWlqgYPu3FMUOyAno2lVDyI9wmexZEuV6/nDvsvETc= -github.com/google/addlicense v0.0.0-20200422172452-68a83edd47bc/go.mod h1:EMjYTRimagHs1FwlIqKyX3wAM0u3rA+McvlIIWmSamA= +github.com/google/addlicense v0.0.0-20200622132530-df58acafd6d5 h1:m6Z1Cm53o4VecQFxKCnvULGfIT0Igo3MX131i+00IIo= +github.com/google/addlicense v0.0.0-20200622132530-df58acafd6d5/go.mod h1:EMjYTRimagHs1FwlIqKyX3wAM0u3rA+McvlIIWmSamA= github.com/google/btree v0.0.0-20160524151835-7d79101e329e/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -347,8 +343,6 @@ github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1 h1:KUDFlmBg2buRWNzIcwLlKvfcnujcHQRQ1As1LoaCLAM= -github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb v1.7.7/go.mod h1:qZna6X/4elxqT3yI9iZYdZrWWdeFOOprn86kgg4+IzY= @@ -379,8 +373,6 @@ github.com/julienschmidt/httprouter v1.2.0 h1:TDTW5Yz1mjftljbcKqRcrYhd4XeOoI98t+ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kevinburke/rest v0.0.0-20200429221318-0d2892b400f8 h1:KpuDJTaTPQAyWqETt70dHX3pMz65/XYTAZymrKKNvh8= -github.com/kevinburke/rest v0.0.0-20200429221318-0d2892b400f8/go.mod h1:pD+iEcdAGVXld5foVN4e24zb/6fnb60tgZPZ3P/3T/I= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= @@ -594,19 +586,16 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/thanos-io/thanos v0.10.1/go.mod h1:usT/TxtJQ7DzinTt+G9kinDQmRS5sxwu0unVKZ9vdcw= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 h1:nrZ3ySNYwJbSpD6ce9duiP+QkD3JuLCcWkdaehUS/3Y= -github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80/go.mod h1:iFyPdL66DjUD96XmzVL3ZntbzcflLnznH0fr99w5VqE= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/uber/jaeger-client-go v2.20.1+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v0.0.0-20181209151446-772ced7fd4c2 h1:EICbibRW4JNKMcY+LsWmuwob+CRS1BmdRdjphAm9mH4= github.com/ugorji/go/codec v0.0.0-20181209151446-772ced7fd4c2/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 h1:txplJASvd6b/hrE0s/Ixfpp2cuwH9IO9oZBAN9iYa4A= -github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2/go.mod h1:DGCIhurYgnLz8J9ga1fMV/fbLDyUvTyrWXVWUIyJon4= github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v0.0.0-20180616005107-d6fb6747feb6/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.elastic.co/apm v1.5.0/go.mod h1:OdB9sPtM6Vt7oz3VXt7+KR96i9li74qrxBGHTQygFvk= go.elastic.co/apm/module/apmhttp v1.5.0/go.mod h1:1FbmNuyD3ddauwzgVwFB0fqY6KbZt3JkV187tGCYYhY= @@ -638,8 +627,11 @@ golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f h1:R423Cnkcp5JABoeemiGEPl golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708 h1:pXVtWnwHkrWD9ru3sDxY/qFK/bfc0egRovX91EjWjf4= golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -660,6 +652,8 @@ golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -692,6 +686,8 @@ golang.org/x/net v0.0.0-20191112182307-2180aed22343 h1:00ohfJ4K98s3m6BGUoBd8nyfp golang.org/x/net v0.0.0-20191112182307-2180aed22343/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a h1:tImsplftrFpALCYumobsd0K86vlAs/eXGFms2txfJfA= @@ -706,6 +702,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEha golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 h1:qwRHBd0NqMbJxfbotnDhm2ByMI1Shq4Y6oRJo21SGJA= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -740,6 +738,8 @@ golang.org/x/sys v0.0.0-20191113165036-4c7a9d0fe056 h1:dHtDnRWQtSx0Hjq9kvKFpBh9u golang.org/x/sys v0.0.0-20191113165036-4c7a9d0fe056/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42 h1:vEOn+mP2zCOVzKckCZy6YsCtDblrpj/w7B9nxGNELpg= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -787,7 +787,13 @@ golang.org/x/tools v0.0.0-20191111182352-50fa39b762bc/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2 h1:EtTFh6h4SAKemS+CURDMTDIANuduG5zKEXShyy18bGA= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200721154406-b8e13e1a4d3b h1:wiBdDAmMA4PLzWO5RSlR0NFHiIQ4/hE2DduJkGME9yc= +golang.org/x/tools v0.0.0-20200721154406-b8e13e1a4d3b/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= @@ -880,16 +886,16 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -k8s.io/api v0.15.9 h1:cCJD4WRNDrUWhputmpfvCnvpFFXJ68x8ycVqOBN7lHw= -k8s.io/api v0.15.9/go.mod h1:k1xN2kcg4y3Yn8leWHxx5KW/tfWls8cd7L/0H/bzLdM= -k8s.io/apiextensions-apiserver v0.15.9 h1:zJyXLfQQhZDezEaYe/gmQ2HNsGcEhFmtNEksC57Eqao= -k8s.io/apiextensions-apiserver v0.15.9/go.mod h1:jJi8eQd4S/6rpUU307RIXiDGb2xC3CATmy/9KlQvCVQ= -k8s.io/apimachinery v0.15.9 h1:vdgC+8MiWwgFVsUkmlkTpp4Dkpk9GY+aidLK31kXjeg= -k8s.io/apimachinery v0.15.9/go.mod h1:Xc10RHc1U+F/e9GCloJ8QAeCGevSVP5xhOhqlE+e1kM= -k8s.io/apiserver v0.15.9/go.mod h1:g742elJFGDyiWHZw+cevbi60ttuzM55d911lq0x5rsQ= -k8s.io/client-go v0.15.9 h1:PzeaA1blWxqTSJSzC9O9awEn60BqlYSVuBo1OdbHvZY= -k8s.io/client-go v0.15.9/go.mod h1:5EsswhUDX/8AtuZlqgcnwC/QY++960gbBM2IyQ5t4nA= -k8s.io/component-base v0.15.9/go.mod h1:NDTZgQiOthUkOnjJ/Ht5yGfZt60y91a6X23fAMtqOL4= +k8s.io/api v0.15.11 h1:aw1gBdi7fq5LODyqKtJLE+2Gg5arV0UZp684GyB+6Ak= +k8s.io/api v0.15.11/go.mod h1:DI3kWWWBG0byhZ4druNYQvleDRhbocPrm+Glq4xVpkM= +k8s.io/apiextensions-apiserver v0.15.11 h1:6kO1/eliC1YE+PFbsl6h88pxCzigzK529w76BRoNbRw= +k8s.io/apiextensions-apiserver v0.15.11/go.mod h1:mJKYIjlxzXEScMcfpBmEZAXexA2mCV38fPdOtc5OxXI= +k8s.io/apimachinery v0.15.11 h1:CMtikEzqbN2dgCHcn1fAAJ4INE8DgIuzN8EC60nUHjM= +k8s.io/apimachinery v0.15.11/go.mod h1:ZRw+v83FjgEqlzqaBkxL3XB21MSLYdzjsY9Bgxclhdw= +k8s.io/apiserver v0.15.11/go.mod h1:pRBDgJr9dyhYzakLUfHvF2DyqBLcJxW050shl7+16xI= +k8s.io/client-go v0.15.11 h1:yujXordVnH33fhe1bddPnFWsGfl0Gq6FyZ335TC3qk4= +k8s.io/client-go v0.15.11/go.mod h1:gkprEfouvgHvzeCvwwz2T8MTlfNuZn8vluW8orojRKI= +k8s.io/component-base v0.15.11/go.mod h1:q44k+bE3tsItrrHCkgMouvdUUdAPOfzWCvGnGyX+Na0= k8s.io/gengo v0.0.0-20190116091435-f8a0810f38af/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= diff --git a/main.go b/main.go index 95b6cfafb..b49aee9e9 100644 --- a/main.go +++ b/main.go @@ -109,6 +109,7 @@ var ( alpineImage, metricsExporterImage, arangoImage string singleMode bool + scope string } chaosOptions struct { allowed bool @@ -138,6 +139,7 @@ func init() { f.StringVar(&operatorOptions.arangoImage, "operator.arango-image", ArangoImageEnv.GetOrDefault(defaultArangoImage), "Docker image used for arango by default") f.BoolVar(&chaosOptions.allowed, "chaos.allowed", false, "Set to allow chaos in deployments. Only activated when allowed and enabled in deployment") f.BoolVar(&operatorOptions.singleMode, "mode.single", false, "Enable single mode in Operator. WARNING: There should be only one replica of Operator, otherwise Operator can take unexpected actions") + f.StringVar(&operatorOptions.scope, "scope", operator.DefaultScope.String(), "Define scope on which Operator works. Legacy - pre 1.1.0 scope with limited cluster access") features.Init(&cmdMain) } @@ -292,6 +294,11 @@ func newOperatorConfigAndDeps(id, namespace, name string) (operator.Config, oper } eventRecorder := createRecorder(cliLog, kubecli, name, namespace) + scope, ok := operator.AsScope(operatorOptions.scope) + if !ok { + return operator.Config{}, operator.Dependencies{}, maskAny(fmt.Errorf("Scope %s is not known by Operator", operatorOptions.scope)) + } + cfg := operator.Config{ ID: id, Namespace: namespace, @@ -307,6 +314,7 @@ func newOperatorConfigAndDeps(id, namespace, name string) (operator.Config, oper MetricsExporterImage: operatorOptions.metricsExporterImage, ArangoImage: operatorOptions.arangoImage, SingleMode: operatorOptions.singleMode, + Scope: scope, } deps := operator.Dependencies{ LogService: logService, diff --git a/pkg/apis/deployment/v1/server_group_spec.go b/pkg/apis/deployment/v1/server_group_spec.go index 1fbfe12df..4dc67ce53 100644 --- a/pkg/apis/deployment/v1/server_group_spec.go +++ b/pkg/apis/deployment/v1/server_group_spec.go @@ -107,6 +107,9 @@ type ServerGroupSpecSecurityContext struct { RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"` RunAsUser *int64 `json:"runAsUser,omitempty"` RunAsGroup *int64 `json:"runAsGroup,omitempty"` + + SupplementalGroups []int64 `json:"supplementalGroups,omitempty"` + FSGroup *int64 `json:"fsGroup,omitempty"` } // GetDropAllCapabilities returns flag if capabilities should be dropped @@ -137,6 +140,22 @@ func (s *ServerGroupSpecSecurityContext) GetAddCapabilities() []core.Capability return s.AddCapabilities } +// NewSecurityContext creates new pod security context +func (s *ServerGroupSpecSecurityContext) NewPodSecurityContext() *core.PodSecurityContext { + if s == nil { + return nil + } + + if s.FSGroup == nil && len(s.SupplementalGroups) == 0 { + return nil + } + + return &core.PodSecurityContext{ + SupplementalGroups: s.SupplementalGroups, + FSGroup: s.FSGroup, + } +} + // NewSecurityContext creates new security context func (s *ServerGroupSpecSecurityContext) NewSecurityContext() *core.SecurityContext { r := &core.SecurityContext{} diff --git a/pkg/apis/deployment/v1/zz_generated.deepcopy.go b/pkg/apis/deployment/v1/zz_generated.deepcopy.go index e9824550a..ea5616af6 100644 --- a/pkg/apis/deployment/v1/zz_generated.deepcopy.go +++ b/pkg/apis/deployment/v1/zz_generated.deepcopy.go @@ -1269,6 +1269,16 @@ func (in *ServerGroupSpecSecurityContext) DeepCopyInto(out *ServerGroupSpecSecur *out = new(int64) **out = **in } + if in.SupplementalGroups != nil { + in, out := &in.SupplementalGroups, &out.SupplementalGroups + *out = make([]int64, len(*in)) + copy(*out, *in) + } + if in.FSGroup != nil { + in, out := &in.FSGroup, &out.FSGroup + *out = new(int64) + **out = **in + } return } diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go index 5b084db93..76f98eab3 100644 --- a/pkg/deployment/images.go +++ b/pkg/deployment/images.go @@ -393,3 +393,7 @@ func (i *ImageUpdatePod) GetNodeAffinity() *core.NodeAffinity { func (i *ImageUpdatePod) Validate(cachedStatus inspector.Inspector) error { return nil } + +func (i *ImageUpdatePod) ApplyPodSpec(spec *core.PodSpec) error { + return nil +} diff --git a/pkg/deployment/resources/pod_creator.go b/pkg/deployment/resources/pod_creator.go index 869f94da5..7fb298393 100644 --- a/pkg/deployment/resources/pod_creator.go +++ b/pkg/deployment/resources/pod_creator.go @@ -532,6 +532,10 @@ func RenderArangoPod(deployment k8sutil.APIObject, role, id, podName string, p.Spec.Containers = append(p.Spec.Containers, c) podCreator.GetSidecars(&p) + if err := podCreator.ApplyPodSpec(&p.Spec); err != nil { + return nil, err + } + // Add affinity p.Spec.Affinity = &core.Affinity{ NodeAffinity: podCreator.GetNodeAffinity(), diff --git a/pkg/deployment/resources/pod_creator_arangod.go b/pkg/deployment/resources/pod_creator_arangod.go index 893146a4b..4694e20be 100644 --- a/pkg/deployment/resources/pod_creator_arangod.go +++ b/pkg/deployment/resources/pod_creator_arangod.go @@ -460,3 +460,9 @@ func (m *MemberArangoDPod) createMetricsExporterSidecar() *core.Container { return &c } + +func (m *MemberArangoDPod) ApplyPodSpec(p *core.PodSpec) error { + p.SecurityContext = m.groupSpec.SecurityContext.NewPodSecurityContext() + + return nil +} diff --git a/pkg/deployment/resources/pod_creator_sync.go b/pkg/deployment/resources/pod_creator_sync.go index 0ec3075d7..931e29e77 100644 --- a/pkg/deployment/resources/pod_creator_sync.go +++ b/pkg/deployment/resources/pod_creator_sync.go @@ -305,3 +305,7 @@ func (m *MemberSyncPod) Init(pod *core.Pod) { func (m *MemberSyncPod) Validate(cachedStatus inspector.Inspector) error { return nil } + +func (m *MemberSyncPod) ApplyPodSpec(spec *core.PodSpec) error { + return nil +} diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 33f7c4679..27c4175e7 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -61,6 +61,27 @@ const ( initRetryWaitTime = 30 * time.Second ) +func AsScope(s string) (Scope, bool) { + switch s { + case LegacyScope.String(): + return LegacyScope, true + } + + return "", false +} + +type Scope string + +func (s Scope) String() string { + return string(s) +} + +const ( + LegacyScope Scope = "legacy" + + DefaultScope = LegacyScope +) + type Event struct { Type kwatch.EventType Deployment *deplapi.ArangoDeployment @@ -93,6 +114,7 @@ type Config struct { EnableBackup bool AllowChaos bool SingleMode bool + Scope Scope } type Dependencies struct { diff --git a/pkg/util/k8sutil/interfaces/pod_creator.go b/pkg/util/k8sutil/interfaces/pod_creator.go index 581b084f2..15851a0fe 100644 --- a/pkg/util/k8sutil/interfaces/pod_creator.go +++ b/pkg/util/k8sutil/interfaces/pod_creator.go @@ -27,6 +27,10 @@ import ( core "k8s.io/api/core/v1" ) +type PodModifier interface { + ApplyPodSpec(spec *core.PodSpec) error +} + type PodCreator interface { Init(*core.Pod) GetName() string @@ -45,6 +49,8 @@ type PodCreator interface { GetImagePullSecrets() []string IsDeploymentMode() bool Validate(cachedStatus inspector.Inspector) error + + PodModifier } type ContainerCreator interface { From 9b004a0efbe657bc95da162ed31ca207c020cecd Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Tue, 21 Jul 2020 16:19:14 +0000 Subject: [PATCH 2/8] Fix README --- CHANGELOG.md | 2 +- chart/kube-arangodb/README.md | 2 +- chart/kube-arangodb/templates/deployment.yaml | 5 +++++ chart/kube-arangodb/templates/scope.yaml | 5 ----- 4 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 chart/kube-arangodb/templates/scope.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ef9cf5a3..f928a2056 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ - Add AutoRecovery flag to recover cluster in case of deadlock - Add Operator Single - Improve SecurityContext settings -- Update k8s dependency to 1.15 +- Update k8s dependency to 1.15.11 - Add Scope parameter to Operator ## [1.0.3](https://github.com/arangodb/kube-arangodb/tree/1.0.3) (2020-05-25) diff --git a/chart/kube-arangodb/README.md b/chart/kube-arangodb/README.md index 2f5d1a802..c1623b423 100644 --- a/chart/kube-arangodb/README.md +++ b/chart/kube-arangodb/README.md @@ -69,7 +69,7 @@ Default: `[]string` ### `operator.scope` -Scope on which Operator should work. +Scope on which Operator will be configured. Default: `legacy` diff --git a/chart/kube-arangodb/templates/deployment.yaml b/chart/kube-arangodb/templates/deployment.yaml index 807f96c11..fab261d38 100644 --- a/chart/kube-arangodb/templates/deployment.yaml +++ b/chart/kube-arangodb/templates/deployment.yaml @@ -1,3 +1,8 @@ +{{- if eq .Values.operator.scope "legacy" -}} +# Scope "legacy" selected +{{ else -}} +{{ fail (printf "Operator Scope %s is not supported!" .Values.operator.scope) }} +{{- end -}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/chart/kube-arangodb/templates/scope.yaml b/chart/kube-arangodb/templates/scope.yaml deleted file mode 100644 index 5c4ae92d9..000000000 --- a/chart/kube-arangodb/templates/scope.yaml +++ /dev/null @@ -1,5 +0,0 @@ -{{- if eq .Values.operator.scope "legacy" -}} -# Scope "legacy" selected -{{- else -}} -{{ fail (printf "Operator Scope %s is not supported!" .Values.operator.scope) }} -{{- end -}} \ No newline at end of file From 98bbac99e68ef253fc414c1a222e4a3220624348 Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Wed, 22 Jul 2020 06:48:48 +0000 Subject: [PATCH 3/8] Update README --- CHANGELOG.md | 2 +- README.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f928a2056..91e5d075b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ - Allow to customize Security Context in pods - Remove dead Coordinators in Cluster mode - Add AutoRecovery flag to recover cluster in case of deadlock -- Add Operator Single +- Add Operator Single mode - Improve SecurityContext settings - Update k8s dependency to 1.15.11 - Add Scope parameter to Operator diff --git a/README.md b/README.md index 5b51c1c05..f7f82f3a1 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ Feature-wise production readiness table: | Volume Claim Templates | 0.3.11 | new - alpha | | | Prometheus Metrics export | 0.3.11 | new - alpha | needs Prometheus | | User sidecar containers | 0.3.11 | new - alpha | | +| Operator Single Mode | 1.0.4 | production ready | | ## Release notes for 0.3.16 From 876e9efc1e50810c2adeee86d2767ba617805f62 Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Wed, 22 Jul 2020 07:07:33 +0000 Subject: [PATCH 4/8] Update README --- README.md | 67 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index f7f82f3a1..df619ae23 100644 --- a/README.md +++ b/README.md @@ -31,34 +31,51 @@ state and over time move to full "production readiness". The following table has the general readiness state, the table below covers individual newer features separately. -| Platform | Kubernetes Version | ArangoDB Version | ArangoDB Operator Version | State | Remarks | Provider Remarks | -|---------------------|--------------------|------------------|---------------------------|-------------|-----------------------|------------------------------------| -| Google GKE | 1.14 | >= 3.3.13 | | Production | Don't use micro nodes | | -| Google GKE | 1.15 | >= 3.3.13 | | Production | Don't use micro nodes | | -| Azure AKS | 1.14 | >= 3.3.13 | | Production | | | -| Azure AKS | 1.15 | >= 3.3.13 | | Production | | | -| Amazon EKS | 1.14 | >= 3.3.13 | | Production | | [Amazon EKS](./docs/providers/eks) | -| IBM Cloud | 1.14 | >= 3.4.6.1 | >= 0.3.11 | Production | | | -| OpenShift | 3.11 | >= 3.3.13 | | Production | | | -| OpenShift | 4.2 | >= 3.3.13 | | In Progress | | | -| BareMetal (kubeadm) | 1.14 | >= 3.3.13 | | Production | | | -| Minikube | 1.14 | >= 3.3.13 | | Devel Only | | | -| Other | 1.14 | >= 3.3.13 | | Devel Only | | | +| Platform | Kubernetes Version | ArangoDB Version | ArangoDB Operator Version | State | Remarks | Provider Remarks | +|---------------------|--------------------|------------------|---------------------------|--------------------------|-----------------------|------------------------------------| +| Google GKE | 1.14 | >= 3.3.13 | | Production (Deprecating) | Don't use micro nodes | | +| Google GKE | 1.15 | >= 3.3.13 | | Production (Deprecating) | Don't use micro nodes | | +| Google GKE | 1.16 | >= 3.3.13 | | Production | Don't use micro nodes | | +| Google GKE | 1.17 | >= 3.3.13 | | Production | Don't use micro nodes | | +| Azure AKS | 1.14 | >= 3.3.13 | | Production (Deprecating) | | | +| Azure AKS | 1.15 | >= 3.3.13 | | Production (Deprecating) | | | +| Azure AKS | 1.16 | >= 3.3.13 | | Production | | | +| Azure AKS | 1.17 | >= 3.3.13 | | Production | | | +| Amazon EKS | 1.14 | >= 3.3.13 | | Production (Deprecating) | | [Amazon EKS](./docs/providers/eks) | +| Amazon EKS | 1.15 | >= 3.3.13 | | Production (Deprecating) | | [Amazon EKS](./docs/providers/eks) | +| Amazon EKS | 1.16 | >= 3.3.13 | | Production | | [Amazon EKS](./docs/providers/eks) | +| Amazon EKS | 1.17 | >= 3.3.13 | | Production | | [Amazon EKS](./docs/providers/eks) | +| IBM Cloud | 1.14 | >= 3.4.6.1 | >= 0.3.11 | Production | | | +| OpenShift | 3.11 | >= 3.3.13 | | Production | | | +| OpenShift | 4.2 | >= 3.3.13 | | In Progress | | | +| BareMetal (kubeadm) | 1.14 | >= 3.3.13 | | Production (Deprecating) | | | +| BareMetal (kubeadm) | 1.15 | >= 3.3.13 | | Production (Deprecating) | | | +| BareMetal (kubeadm) | 1.16 | >= 3.3.13 | | Production | | | +| BareMetal (kubeadm) | 1.17 | >= 3.3.13 | | Production | | | +| Minikube | 1.14+ | >= 3.3.13 | | Devel Only | | | +| Other | 1.14+ | >= 3.3.13 | | Devel Only | | | Feature-wise production readiness table: -| Feature | ArangoDB K8s Operator Version | Production Readiness | Remarks | -|------------------------------|---------------------------------------|---------------------------|-------------------| -| Pod Disruption Budgets | 0.3.10 | new - alpha | | -| | 0.3.11 | beta | | -| Volume Resizing | 0.3.10 | new - beta | | -| | 0.3.11 | beta | | -| Disabling of liveness probes | 0.3.10 | new - beta | | -| | 0.3.11 | production ready | | -| Volume Claim Templates | 0.3.11 | new - alpha | | -| Prometheus Metrics export | 0.3.11 | new - alpha | needs Prometheus | -| User sidecar containers | 0.3.11 | new - alpha | | -| Operator Single Mode | 1.0.4 | production ready | | +| Feature | Operator Version | ArangoDB Version | ArangoDB Edition | State | Enabled | Flag | Remarks | +|---------------------------------|------------------|------------------|-----------------------|------------|---------|------------------------------------------|--------------------------------------------------------------------------| +| Pod Disruption Budgets | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A | +| Pod Disruption Budgets | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A | +| Volume Resizing | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A | +| Volume Resizing | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A | +| Disabling of liveness probes | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A | +| Disabling of liveness probes | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A | +| Volume Claim Templates | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | N/A | +| Volume Claim Templates | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | N/A | +| Prometheus Metrics Exporter | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | Prometheus required | +| Prometheus Metrics Exporter | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | Prometheus required | +| Sidecar Containers | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | N/A | +| Sidecar Containers | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | N/A | +| Operator Single Mode | 1.0.4 | Any | Community, Enterprise | Production | False | --mode.single | Only 1 instance of Operator allowed in namespace when feature is enabled | +| TLS SNI Support | 1.0.3 | >= 3.7.0 | Enterprise | Production | False | --deployment.feature.tls-sni | N/A | +| TLS Runtime Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.tls-rotation | N/A | +| JWT Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.jwt-rotation | N/A | +| Encryption Key Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.encryption-rotation | N/A | ## Release notes for 0.3.16 From 7d0a3ec9c14a232223edb5b8e6d7d56c7889d4fe Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Wed, 22 Jul 2020 07:09:15 +0000 Subject: [PATCH 5/8] Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index df619ae23..b5e369cc0 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ Feature-wise production readiness table: | Sidecar Containers | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | N/A | | Sidecar Containers | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | N/A | | Operator Single Mode | 1.0.4 | Any | Community, Enterprise | Production | False | --mode.single | Only 1 instance of Operator allowed in namespace when feature is enabled | -| TLS SNI Support | 1.0.3 | >= 3.7.0 | Enterprise | Production | False | --deployment.feature.tls-sni | N/A | +| TLS SNI Support | 1.0.3 | >= 3.7.0 | Enterprise | Production | True | --deployment.feature.tls-sni | N/A | | TLS Runtime Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.tls-rotation | N/A | | JWT Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.jwt-rotation | N/A | | Encryption Key Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.encryption-rotation | N/A | From ae2205c255babe4b5790a334995e4fa63fdf5cc5 Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Wed, 22 Jul 2020 07:19:15 +0000 Subject: [PATCH 6/8] Update README --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index b5e369cc0..1281070ec 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,9 @@ state for individual new features, since we expect that new features will first be released with an "alpha" or "beta" readiness state and over time move to full "production readiness". +Operator will supports versions supported on providers and maintained by Kubernetes. +Once version is not supported anymore it will go into "Deprecating" state and will be marked as deprecated on Minor release. + The following table has the general readiness state, the table below covers individual newer features separately. From 7d61adc8eb7619226a10c38a0fa93dafbbdac2c1 Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Wed, 22 Jul 2020 08:09:45 +0000 Subject: [PATCH 7/8] Finalize --- Makefile | 11 ++++- go.mod | 2 +- go.sum | 6 +-- .../resources/pod_creator_probes.go | 40 +++++++++++++++---- tests/operator_upgrade_test.go | 2 +- 5 files changed, 46 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index 09d43e3b0..cc8b2ad49 100644 --- a/Makefile +++ b/Makefile @@ -226,7 +226,7 @@ endif .PHONY: update-vendor update-vendor: @rm -Rf $(VENDORDIR)/k8s.io/code-generator - @git clone --branch kubernetes-1.14.1 https://github.com/kubernetes/code-generator.git $(VENDORDIR)/k8s.io/code-generator + @git clone --branch kubernetes-1.15.11 https://github.com/kubernetes/code-generator.git $(VENDORDIR)/k8s.io/code-generator @rm -Rf $(VENDORDIR)/k8s.io/code-generator/.git @@ -581,8 +581,15 @@ ifdef PUSHIMAGES endif $(ROOTDIR)/scripts/kube_run_sync_tests.sh $(DEPLOYMENTNAMESPACE) '$(ARANGODIMAGE)' '$(ARANGOSYNCIMAGE)' '$(ARANGOSYNCTESTIMAGE)' '$(ARANGOSYNCTESTCTRLIMAGE)' '$(TESTOPTIONS)' +.PHONY: tidy +tidy: + @go mod tidy + +.PHONY: deps-reload +deps-reload: tidy init + .PHONY: init -init: tools vendor +init: tools update-generated $(GHRELEASE) $(RELEASE) $(TESTBIN) $(BIN) vendor .PHONY: tools tools: diff --git a/go.mod b/go.mod index c082b58da..db566c6e5 100644 --- a/go.mod +++ b/go.mod @@ -51,7 +51,7 @@ require ( github.com/ugorji/go/codec v0.0.0-20181209151446-772ced7fd4c2 // indirect golang.org/x/net v0.0.0-20200625001655-4c5254603344 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd - golang.org/x/tools v0.0.0-20200721154406-b8e13e1a4d3b // indirect + golang.org/x/tools v0.0.0-20200721223218-6123e77877b2 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/go-playground/validator.v8 v8.18.2 // indirect k8s.io/api v0.17.3 diff --git a/go.sum b/go.sum index 378c99d3d..ff8474f30 100644 --- a/go.sum +++ b/go.sum @@ -684,8 +684,6 @@ golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191112182307-2180aed22343 h1:00ohfJ4K98s3m6BGUoBd8nyfp4Yl0GoIKvw5abItTjI= golang.org/x/net v0.0.0-20191112182307-2180aed22343/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -788,8 +786,8 @@ golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2 h1:EtTFh6h4SAKemS+CURDMTDIANuduG5zKEXShyy18bGA= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200721154406-b8e13e1a4d3b h1:wiBdDAmMA4PLzWO5RSlR0NFHiIQ4/hE2DduJkGME9yc= -golang.org/x/tools v0.0.0-20200721154406-b8e13e1a4d3b/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200721223218-6123e77877b2 h1:kxDWg8KNMtpGjI/XVKGgOtSljTnVg/PrjhS8+0pxjLE= +golang.org/x/tools v0.0.0-20200721223218-6123e77877b2/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= diff --git a/pkg/deployment/resources/pod_creator_probes.go b/pkg/deployment/resources/pod_creator_probes.go index 8c5c8aa15..ba5d62ae9 100644 --- a/pkg/deployment/resources/pod_creator_probes.go +++ b/pkg/deployment/resources/pod_creator_probes.go @@ -27,6 +27,8 @@ import ( "os" "path/filepath" + "github.com/arangodb/kube-arangodb/pkg/deployment/features" + "github.com/arangodb/go-driver" "github.com/arangodb/go-driver/jwt" api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" @@ -144,20 +146,20 @@ func (r *Resources) isLivenessProbeEnabled(spec api.DeploymentSpec, group api.Se func (r *Resources) probeBuilders() map[api.ServerGroup]probeCheckBuilder { return map[api.ServerGroup]probeCheckBuilder{ api.ServerGroupSingle: { - liveness: r.probeBuilderLivenessCoreOperator, + liveness: r.probeBuilderLivenessCoreSelect(), readiness: r.probeBuilderReadinessCoreOperator, }, api.ServerGroupAgents: { - liveness: r.probeBuilderLivenessCoreOperator, - readiness: r.probeBuilderReadinessSimpleCoreOperator, + liveness: r.probeBuilderLivenessCoreSelect(), + readiness: r.probeBuilderReadinessSimpleCoreSelect(), }, api.ServerGroupDBServers: { - liveness: r.probeBuilderLivenessCoreOperator, - readiness: r.probeBuilderReadinessSimpleCoreOperator, + liveness: r.probeBuilderLivenessCoreSelect(), + readiness: r.probeBuilderReadinessSimpleCoreSelect(), }, api.ServerGroupCoordinators: { - liveness: r.probeBuilderLivenessCoreOperator, - readiness: r.probeBuilderReadinessCoreOperator, + liveness: r.probeBuilderLivenessCoreSelect(), + readiness: r.probeBuilderReadinessCoreSelect(), }, api.ServerGroupSyncMasters: { liveness: r.probeBuilderLivenessSync, @@ -194,6 +196,14 @@ func (r *Resources) probeCommand(spec api.DeploymentSpec, group api.ServerGroup, return args, nil } +func (r *Resources) probeBuilderLivenessCoreSelect() probeBuilder { + if features.JWTRotation().Enabled() { + return r.probeBuilderLivenessCoreOperator + } + + return r.probeBuilderLivenessCore +} + func (r *Resources) probeBuilderLivenessCoreOperator(spec api.DeploymentSpec, group api.ServerGroup, version driver.Version) (Probe, error) { args, err := r.probeCommand(spec, group, version, "/_api/version") if err != nil { @@ -224,6 +234,14 @@ func (r *Resources) probeBuilderLivenessCore(spec api.DeploymentSpec, group api. }, nil } +func (r *Resources) probeBuilderReadinessSimpleCoreSelect() probeBuilder { + if features.JWTRotation().Enabled() { + return r.probeBuilderReadinessSimpleCoreOperator + } + + return r.probeBuilderReadinessSimpleCore +} + func (r *Resources) probeBuilderReadinessSimpleCoreOperator(spec api.DeploymentSpec, group api.ServerGroup, version driver.Version) (Probe, error) { p, err := r.probeBuilderReadinessCoreOperator(spec, group, version) if err != nil { @@ -260,6 +278,14 @@ func (r *Resources) probeBuilderReadinessSimpleCore(spec api.DeploymentSpec, gro return p, nil } +func (r *Resources) probeBuilderReadinessCoreSelect() probeBuilder { + if features.JWTRotation().Enabled() { + return r.probeBuilderReadinessCoreOperator + } + + return r.probeBuilderReadinessCore +} + func (r *Resources) probeBuilderReadinessCoreOperator(spec api.DeploymentSpec, group api.ServerGroup, version driver.Version) (Probe, error) { localPath := "/_api/version" switch spec.GetMode() { diff --git a/tests/operator_upgrade_test.go b/tests/operator_upgrade_test.go index a3d36a705..b2a0a98ad 100644 --- a/tests/operator_upgrade_test.go +++ b/tests/operator_upgrade_test.go @@ -77,7 +77,7 @@ func TestOperatorUpgradeFrom038(t *testing.T) { return // Abort } if pod, ok := ev.Object.(*v1.Pod); ok { - if k8sutil.IsArangoDBImageIDAndVersionPod(*pod) { + if k8sutil.IsArangoDBImageIDAndVersionPod(pod) { continue } From 4e5b1f8c57a4a63891a1d7973cc3b545e794857f Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Wed, 22 Jul 2020 11:43:48 +0000 Subject: [PATCH 8/8] Fix UT --- pkg/deployment/deployment_affinity_test.go | 18 +++---- pkg/deployment/deployment_core_test.go | 50 +++++++++---------- pkg/deployment/deployment_encryption_test.go | 10 ++-- pkg/deployment/deployment_image_test.go | 6 +-- pkg/deployment/deployment_metrics_test.go | 12 ++--- pkg/deployment/deployment_pod_probe_test.go | 20 ++++---- .../deployment_pod_resources_test.go | 6 +-- pkg/deployment/deployment_pod_tls_sni_test.go | 10 ++-- pkg/deployment/deployment_pod_volumes_test.go | 6 +-- pkg/deployment/deployment_suite_test.go | 5 +- .../resources/pod_creator_probes.go | 4 +- 11 files changed, 74 insertions(+), 73 deletions(-) diff --git a/pkg/deployment/deployment_affinity_test.go b/pkg/deployment/deployment_affinity_test.go index d59048d8b..5badcda80 100644 --- a/pkg/deployment/deployment_affinity_test.go +++ b/pkg/deployment/deployment_affinity_test.go @@ -98,7 +98,7 @@ func TestEnsurePod_ArangoDB_AntiAffinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -160,7 +160,7 @@ func TestEnsurePod_ArangoDB_AntiAffinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -225,7 +225,7 @@ func TestEnsurePod_ArangoDB_AntiAffinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -295,7 +295,7 @@ func TestEnsurePod_ArangoDB_AntiAffinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -374,7 +374,7 @@ func TestEnsurePod_ArangoDB_Affinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -439,7 +439,7 @@ func TestEnsurePod_ArangoDB_Affinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -507,7 +507,7 @@ func TestEnsurePod_ArangoDB_Affinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -580,7 +580,7 @@ func TestEnsurePod_ArangoDB_Affinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -661,7 +661,7 @@ func TestEnsurePod_ArangoDB_NodeAffinity(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, diff --git a/pkg/deployment/deployment_core_test.go b/pkg/deployment/deployment_core_test.go index ae83a7d59..64a23d236 100644 --- a/pkg/deployment/deployment_core_test.go +++ b/pkg/deployment/deployment_core_test.go @@ -76,7 +76,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullAlways, SecurityContext: securityContext.NewSecurityContext(), }, @@ -127,7 +127,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullAlways, SecurityContext: securityContext.NewSecurityContext(), }, @@ -187,7 +187,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -244,7 +244,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -309,7 +309,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -364,7 +364,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -420,7 +420,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -477,7 +477,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -536,7 +536,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -588,7 +588,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -643,7 +643,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -696,7 +696,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.TlsKeyfileVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, true, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, true, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -735,7 +735,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { authorization, err := createTestToken(deployment, testCase, []string{"/_api/version"}) require.NoError(t, err) - testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(cmd, false, + testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(httpProbe, false, authorization, k8sutil.ArangoPort) }, ExpectedEvent: "member agent is created", @@ -795,7 +795,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { authorization, err := createTestToken(deployment, testCase, []string{"/_api/version"}) require.NoError(t, err) - testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(cmd, true, + testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(httpProbe, true, authorization, k8sutil.ArangoPort) }, ExpectedEvent: "member agent is created", @@ -875,7 +875,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.RocksdbEncryptionVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -927,7 +927,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -981,7 +981,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -1043,7 +1043,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -1116,7 +1116,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { }, Resources: emptyResources, Lifecycle: createTestLifecycle(), - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -1188,7 +1188,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { }, Resources: emptyResources, Lifecycle: createTestLifecycle(), - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -1238,7 +1238,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { authorization, err := createTestToken(deployment, testCase, []string{"/_api/version"}) require.NoError(t, err) - testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(cmd, true, + testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(httpProbe, true, authorization, k8sutil.ArangoPort) }, config: Config{ @@ -1273,7 +1273,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { }, Ports: createTestPorts(), Lifecycle: createTestLifecycle(), - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), VolumeMounts: []core.VolumeMount{ @@ -1327,7 +1327,7 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { auth, err := createTestToken(deployment, testCase, []string{"/_admin/server/availability"}) require.NoError(t, err) - testCase.ExpectedPod.Spec.Containers[0].ReadinessProbe = createTestReadinessProbe(cmd, true, auth) + testCase.ExpectedPod.Spec.Containers[0].ReadinessProbe = createTestReadinessProbe(httpProbe, true, auth) }, ExpectedEvent: "member coordinator is created", ExpectedPod: core.Pod{ @@ -1391,9 +1391,9 @@ func TestEnsurePod_ArangoDB_Core(t *testing.T) { authReadiness, err := createTestToken(deployment, testCase, []string{"/_admin/server/availability"}) require.NoError(t, err) - testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(cmd, true, + testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(httpProbe, true, authLiveness, 0) - testCase.ExpectedPod.Spec.Containers[0].ReadinessProbe = createTestReadinessProbe(cmd, true, authReadiness) + testCase.ExpectedPod.Spec.Containers[0].ReadinessProbe = createTestReadinessProbe(httpProbe, true, authReadiness) }, ExpectedEvent: "member single is created", ExpectedPod: core.Pod{ diff --git a/pkg/deployment/deployment_encryption_test.go b/pkg/deployment/deployment_encryption_test.go index d9fbf099c..863ca8c03 100644 --- a/pkg/deployment/deployment_encryption_test.go +++ b/pkg/deployment/deployment_encryption_test.go @@ -87,7 +87,7 @@ func TestEnsurePod_ArangoDB_Encryption(t *testing.T) { k8sutil.RocksdbEncryptionVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -136,7 +136,7 @@ func TestEnsurePod_ArangoDB_Encryption(t *testing.T) { authorization, err := createTestToken(deployment, testCase, []string{"/_api/version"}) require.NoError(t, err) - testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(cmd, true, + testCase.ExpectedPod.Spec.Containers[0].LivenessProbe = createTestLivenessProbe(httpProbe, true, authorization, k8sutil.ArangoPort) }, config: Config{ @@ -171,7 +171,7 @@ func TestEnsurePod_ArangoDB_Encryption(t *testing.T) { }, Ports: createTestPorts(), Lifecycle: createTestLifecycle(), - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), VolumeMounts: []core.VolumeMount{ @@ -245,7 +245,7 @@ func TestEnsurePod_ArangoDB_Encryption(t *testing.T) { k8sutil.RocksdbEncryptionVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -309,7 +309,7 @@ func TestEnsurePod_ArangoDB_Encryption(t *testing.T) { k8sutil.RocksdbEncryptionReadOnlyVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, diff --git a/pkg/deployment/deployment_image_test.go b/pkg/deployment/deployment_image_test.go index 4f990b828..5d2e72bd2 100644 --- a/pkg/deployment/deployment_image_test.go +++ b/pkg/deployment/deployment_image_test.go @@ -91,7 +91,7 @@ func TestEnsurePod_ArangoDB_ImagePropagation(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullAlways, SecurityContext: securityContext.NewSecurityContext(), }, @@ -143,7 +143,7 @@ func TestEnsurePod_ArangoDB_ImagePropagation(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullAlways, SecurityContext: securityContext.NewSecurityContext(), }, @@ -195,7 +195,7 @@ func TestEnsurePod_ArangoDB_ImagePropagation(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullAlways, SecurityContext: securityContext.NewSecurityContext(), }, diff --git a/pkg/deployment/deployment_metrics_test.go b/pkg/deployment/deployment_metrics_test.go index d87b8b72d..2adf94eeb 100644 --- a/pkg/deployment/deployment_metrics_test.go +++ b/pkg/deployment/deployment_metrics_test.go @@ -81,7 +81,7 @@ func TestEnsurePod_Metrics(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -142,7 +142,7 @@ func TestEnsurePod_Metrics(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -212,7 +212,7 @@ func TestEnsurePod_Metrics(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -281,7 +281,7 @@ func TestEnsurePod_Metrics(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -343,7 +343,7 @@ func TestEnsurePod_Metrics(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -410,7 +410,7 @@ func TestEnsurePod_Metrics(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, diff --git a/pkg/deployment/deployment_pod_probe_test.go b/pkg/deployment/deployment_pod_probe_test.go index a2e3da41d..e11dec39c 100644 --- a/pkg/deployment/deployment_pod_probe_test.go +++ b/pkg/deployment/deployment_pod_probe_test.go @@ -69,7 +69,7 @@ func TestEnsurePod_ArangoDB_Probe(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -126,7 +126,7 @@ func TestEnsurePod_ArangoDB_Probe(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: modTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort, func(probe *core.Probe) { + LivenessProbe: modTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort, func(probe *core.Probe) { probe.TimeoutSeconds = 50 }), ImagePullPolicy: core.PullIfNotPresent, @@ -184,8 +184,8 @@ func TestEnsurePod_ArangoDB_Probe(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), - ReadinessProbe: createTestReadinessSimpleProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), + ReadinessProbe: createTestReadinessSimpleProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -235,7 +235,7 @@ func TestEnsurePod_ArangoDB_Probe(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -291,8 +291,8 @@ func TestEnsurePod_ArangoDB_Probe(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), - ReadinessProbe: createTestReadinessSimpleProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), + ReadinessProbe: createTestReadinessSimpleProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -342,7 +342,7 @@ func TestEnsurePod_ArangoDB_Probe(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - ReadinessProbe: createTestReadinessProbe(cmd, false, ""), + ReadinessProbe: createTestReadinessProbe(httpProbe, false, ""), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -398,8 +398,8 @@ func TestEnsurePod_ArangoDB_Probe(t *testing.T) { k8sutil.ArangodVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), - ReadinessProbe: createTestReadinessProbe(cmd, false, ""), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), + ReadinessProbe: createTestReadinessProbe(httpProbe, false, ""), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, diff --git a/pkg/deployment/deployment_pod_resources_test.go b/pkg/deployment/deployment_pod_resources_test.go index 7da45def3..76862a56d 100644 --- a/pkg/deployment/deployment_pod_resources_test.go +++ b/pkg/deployment/deployment_pod_resources_test.go @@ -88,7 +88,7 @@ func TestEnsurePod_ArangoDB_Resources(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -148,7 +148,7 @@ func TestEnsurePod_ArangoDB_Resources(t *testing.T) { Env: []core.EnvVar{ resourceLimitAsEnv(t, resourcesUnfiltered), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -204,7 +204,7 @@ func TestEnsurePod_ArangoDB_Resources(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, diff --git a/pkg/deployment/deployment_pod_tls_sni_test.go b/pkg/deployment/deployment_pod_tls_sni_test.go index ce9338a9a..10c90137e 100644 --- a/pkg/deployment/deployment_pod_tls_sni_test.go +++ b/pkg/deployment/deployment_pod_tls_sni_test.go @@ -119,7 +119,7 @@ func TestEnsurePod_ArangoDB_TLS_SNI(t *testing.T) { k8sutil.TlsKeyfileVolumeMount(), }, Resources: emptyResources, - ReadinessProbe: createTestReadinessProbe(cmd, true, ""), + ReadinessProbe: createTestReadinessProbe(httpProbe, true, ""), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -194,7 +194,7 @@ func TestEnsurePod_ArangoDB_TLS_SNI(t *testing.T) { k8sutil.TlsKeyfileVolumeMount(), }, Resources: emptyResources, - ReadinessProbe: createTestReadinessProbe(cmd, true, ""), + ReadinessProbe: createTestReadinessProbe(httpProbe, true, ""), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -269,7 +269,7 @@ func TestEnsurePod_ArangoDB_TLS_SNI(t *testing.T) { k8sutil.TlsKeyfileVolumeMount(), }, Resources: emptyResources, - ReadinessProbe: createTestReadinessProbe(cmd, true, ""), + ReadinessProbe: createTestReadinessProbe(httpProbe, true, ""), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -377,7 +377,7 @@ func TestEnsurePod_ArangoDB_TLS_SNI(t *testing.T) { }, }, Resources: emptyResources, - ReadinessProbe: createTestReadinessProbe(cmd, true, ""), + ReadinessProbe: createTestReadinessProbe(httpProbe, true, ""), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -455,7 +455,7 @@ func TestEnsurePod_ArangoDB_TLS_SNI(t *testing.T) { k8sutil.TlsKeyfileVolumeMount(), }, Resources: emptyResources, - LivenessProbe: createTestLivenessProbe(cmd, true, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, true, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, diff --git a/pkg/deployment/deployment_pod_volumes_test.go b/pkg/deployment/deployment_pod_volumes_test.go index 7a1d030d8..8fece36ac 100644 --- a/pkg/deployment/deployment_pod_volumes_test.go +++ b/pkg/deployment/deployment_pod_volumes_test.go @@ -96,7 +96,7 @@ func TestEnsurePod_ArangoDB_Volumes(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -157,7 +157,7 @@ func TestEnsurePod_ArangoDB_Volumes(t *testing.T) { VolumeMounts: []core.VolumeMount{ k8sutil.ArangodVolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, @@ -221,7 +221,7 @@ func TestEnsurePod_ArangoDB_Volumes(t *testing.T) { k8sutil.ArangodVolumeMount(), createExampleVolumeMount("volume").VolumeMount(), }, - LivenessProbe: createTestLivenessProbe(cmd, false, "", k8sutil.ArangoPort), + LivenessProbe: createTestLivenessProbe(httpProbe, false, "", k8sutil.ArangoPort), ImagePullPolicy: core.PullIfNotPresent, SecurityContext: securityContext.NewSecurityContext(), }, diff --git a/pkg/deployment/deployment_suite_test.go b/pkg/deployment/deployment_suite_test.go index d60af5cb5..f545164c6 100644 --- a/pkg/deployment/deployment_suite_test.go +++ b/pkg/deployment/deployment_suite_test.go @@ -139,12 +139,13 @@ func createTestReadinessProbe(mode string, secure bool, authorization string) *c type probeCreator func(secure bool, authorization, endpoint string, port int) resources.Probe const ( - cmd = "cmd" + cmdProbe = "cmdProbe" + httpProbe = "http" ) func getProbeCreator(t string) probeCreator { switch t { - case cmd: + case cmdProbe: return getCMDProbeCreator() default: return getHTTPProbeCreator() diff --git a/pkg/deployment/resources/pod_creator_probes.go b/pkg/deployment/resources/pod_creator_probes.go index ba5d62ae9..3b8d7facc 100644 --- a/pkg/deployment/resources/pod_creator_probes.go +++ b/pkg/deployment/resources/pod_creator_probes.go @@ -147,7 +147,7 @@ func (r *Resources) probeBuilders() map[api.ServerGroup]probeCheckBuilder { return map[api.ServerGroup]probeCheckBuilder{ api.ServerGroupSingle: { liveness: r.probeBuilderLivenessCoreSelect(), - readiness: r.probeBuilderReadinessCoreOperator, + readiness: r.probeBuilderReadinessCoreSelect(), }, api.ServerGroupAgents: { liveness: r.probeBuilderLivenessCoreSelect(), @@ -261,7 +261,7 @@ func (r *Resources) probeBuilderReadinessSimpleCoreOperator(spec api.DeploymentS } func (r *Resources) probeBuilderReadinessSimpleCore(spec api.DeploymentSpec, group api.ServerGroup, version driver.Version) (Probe, error) { - p, err := r.probeBuilderLivenessCore(spec, group, version) + p, err := r.probeBuilderReadinessCore(spec, group, version) if err != nil { return nil, err }