diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go index 40f4e01a9..ee31f5937 100644 --- a/pkg/deployment/images.go +++ b/pkg/deployment/images.go @@ -62,7 +62,8 @@ type ContainerIdentity struct { // ArangoDIdentity helps to resolve the ArangoD identity, e.g.: image ID, version of the entrypoint. type ArangoDIdentity struct { interfaces.ContainerCreator - License api.LicenseSpec + License api.LicenseSpec + ipAddress string } // ArangoSyncIdentity helps to resolve the ArangoSync identity, e.g.: image ID, version of the entrypoint. @@ -209,13 +210,6 @@ func (ib *imagesBuilder) fetchArangoDBImageIDAndVersion(ctx context.Context, cac Msg("Found image ID and ArangoDB version") return false, nil } - // Pod cannot be fetched, ensure it is created - args := []string{ - "--server.authentication=false", - fmt.Sprintf("--server.endpoint=tcp://%s:%d", ib.Spec.GetListenAddr(), k8sutil.ArangoPort), - "--database.directory=" + k8sutil.ArangodVolumeMountDir, - "--log.output=+", - } imagePod := ImageUpdatePod{ spec: ib.Spec, @@ -226,11 +220,12 @@ func (ib *imagesBuilder) fetchArangoDBImageIDAndVersion(ctx context.Context, cac image: image, imagePullPolicy: ib.Spec.GetImagePullPolicy(), }, - License: ib.Spec.License, + License: ib.Spec.License, + ipAddress: ib.Spec.GetListenAddr(), }, } - pod, err = resources.RenderArangoPod(cachedStatus, ib.APIObject, role, id, podName, args, &imagePod) + pod, err = resources.RenderArangoPod(cachedStatus, ib.APIObject, role, id, podName, &imagePod) if err != nil { log.Debug().Err(err).Msg("Failed to render image ID pod") return true, errors.WithStack(err) @@ -282,14 +277,8 @@ func (i *ImageUpdatePod) GetAffinityRole() string { return "" } -func (i *ImageUpdatePod) GetVolumes() ([]core.Volume, []core.VolumeMount) { - var volumes []core.Volume - var volumeMounts []core.VolumeMount - - volumes = append(volumes, k8sutil.CreateVolumeEmptyDir(k8sutil.ArangodVolumeName)) - volumeMounts = append(volumeMounts, k8sutil.ArangodVolumeMount()) - - return volumes, volumeMounts +func (i *ImageUpdatePod) GetVolumes() []core.Volume { + return getVolumes().Volumes() } func (i *ImageUpdatePod) GetSidecars(*core.Pod) error { @@ -376,6 +365,10 @@ func (i *ImageUpdatePod) ApplyPodSpec(_ *core.PodSpec) error { return nil } +func (a *ContainerIdentity) GetArgs() ([]string, error) { + return nil, nil +} + func (a *ContainerIdentity) GetEnvs() []core.EnvVar { return nil } @@ -396,10 +389,14 @@ func (a *ContainerIdentity) GetLifecycle() (*core.Lifecycle, error) { return nil, nil } +func (a *ContainerIdentity) GetName() string { + return k8sutil.ServerContainerName +} + func (a *ContainerIdentity) GetPorts() []core.ContainerPort { return []core.ContainerPort{ { - Name: "server", + Name: k8sutil.ServerContainerName, ContainerPort: int32(k8sutil.ArangoPort), Protocol: core.ProtocolTCP, }, @@ -418,6 +415,21 @@ func (a *ContainerIdentity) GetSecurityContext() *core.SecurityContext { return a.ID.Get().SecurityContext.NewSecurityContext() } +// GetVolumeMounts returns nil for the basic container identity. +func (a *ContainerIdentity) GetVolumeMounts() []core.VolumeMount { + return nil +} + +// GetArgs returns the list of arguments for the ArangoD container identification. +func (a *ArangoDIdentity) GetArgs() ([]string, error) { + return []string{ + "--server.authentication=false", + fmt.Sprintf("--server.endpoint=tcp://%s:%d", a.ipAddress, k8sutil.ArangoPort), + "--database.directory=" + k8sutil.ArangodVolumeMountDir, + "--log.output=+", + }, nil +} + func (a *ArangoDIdentity) GetEnvs() []core.EnvVar { env := make([]core.EnvVar, 0) @@ -433,7 +445,20 @@ func (a *ArangoDIdentity) GetEnvs() []core.EnvVar { return nil } +// GetVolumeMounts returns volume mount for the ArangoD data. +func (a *ArangoDIdentity) GetVolumeMounts() []core.VolumeMount { + return getVolumes().VolumeMounts() +} + // GetExecutor returns the fixed path to the ArangoSync binary in the container. func (a *ArangoSyncIdentity) GetExecutor() string { return resources.ArangoSyncExecutor } + +func getVolumes() pod.Volumes { + volumes := pod.NewVolumes() + volumes.AddVolume(k8sutil.CreateVolumeEmptyDir(k8sutil.ArangodVolumeName)) + volumes.AddVolumeMount(k8sutil.ArangodVolumeMount()) + + return volumes +} diff --git a/pkg/deployment/pod/volumes.go b/pkg/deployment/pod/volumes.go index f4d2564c1..6eba76e2c 100644 --- a/pkg/deployment/pod/volumes.go +++ b/pkg/deployment/pod/volumes.go @@ -32,13 +32,8 @@ func NewVolumes() Volumes { type Volumes interface { Append(b Builder, i Input) - AddVolume(volumes ...core.Volume) - AddVolumes(volumes []core.Volume) - AddVolumeMount(mounts ...core.VolumeMount) - AddVolumeMounts(mounts []core.VolumeMount) - Volumes() []core.Volume VolumeMounts() []core.VolumeMount } @@ -52,15 +47,11 @@ type volumes struct { func (v *volumes) Append(b Builder, i Input) { vols, mounts := b.Volumes(i) - v.AddVolumes(vols) - v.AddVolumeMounts(mounts) + v.AddVolume(vols...) + v.AddVolumeMount(mounts...) } func (v *volumes) AddVolume(volumes ...core.Volume) { - v.AddVolumes(volumes) -} - -func (v *volumes) AddVolumes(volumes []core.Volume) { if len(volumes) == 0 { return } @@ -69,10 +60,6 @@ func (v *volumes) AddVolumes(volumes []core.Volume) { } func (v *volumes) AddVolumeMount(mounts ...core.VolumeMount) { - v.AddVolumeMounts(mounts) -} - -func (v *volumes) AddVolumeMounts(mounts []core.VolumeMount) { if len(mounts) == 0 { return } diff --git a/pkg/deployment/resources/pod_creator.go b/pkg/deployment/resources/pod_creator.go index 8d526fca6..d3243a995 100644 --- a/pkg/deployment/resources/pod_creator.go +++ b/pkg/deployment/resources/pod_creator.go @@ -180,7 +180,8 @@ func createArangodArgs(cachedStatus interfaces.Inspector, input pod.Input, addit } // createArangoSyncArgs creates command line arguments for an arangosync server in the given group. -func createArangoSyncArgs(apiObject meta.Object, spec api.DeploymentSpec, group api.ServerGroup, groupSpec api.ServerGroupSpec, member api.MemberStatus) []string { +func createArangoSyncArgs(apiObject meta.Object, spec api.DeploymentSpec, group api.ServerGroup, + groupSpec api.ServerGroupSpec, member api.MemberStatus) []string { options := k8sutil.CreateOptionPairs(64) var runCmd string var port int @@ -343,7 +344,6 @@ func (r *Resources) RenderPodForMember(ctx context.Context, cachedStatus inspect newMember.PodName = k8sutil.CreatePodName(apiObject.GetName(), roleAbbr, newMember.ID, CreatePodSuffix(spec)) var podCreator interfaces.PodCreator - var args []string if group.IsArangod() { // Prepare arguments autoUpgrade := newMember.Conditions.IsTrue(api.ConditionTypeAutoUpgrade) || spec.Upgrade.Get().AutoUpgrade @@ -358,16 +358,8 @@ func (r *Resources) RenderPodForMember(ctx context.Context, cachedStatus inspect context: r.context, autoUpgrade: autoUpgrade, deploymentStatus: status, - id: memberID, arangoMember: *member, - } - - input := memberPod.AsInput() - - var err error - args, err = createArangodArgs(cachedStatus, input) - if err != nil { - return nil, errors.WithStack(err) + cachedStatus: cachedStatus, } if err := memberPod.Validate(cachedStatus); err != nil { @@ -428,10 +420,7 @@ func (r *Resources) RenderPodForMember(ctx context.Context, cachedStatus inspect } } - // Prepare arguments - args = createArangoSyncArgs(apiObject, spec, group, groupSpec, *newMember) - - memberSyncPod := MemberSyncPod{ + podCreator = &MemberSyncPod{ tlsKeyfileSecretName: tlsKeyfileSecretName, clientAuthCASecretName: clientAuthCASecretName, masterJWTSecretName: masterJWTSecretName, @@ -442,14 +431,14 @@ func (r *Resources) RenderPodForMember(ctx context.Context, cachedStatus inspect resources: r, imageInfo: imageInfo, arangoMember: *member, + apiObject: apiObject, + memberStatus: *newMember, } - - podCreator = &memberSyncPod } else { return nil, errors.Newf("unable to render Pod") } - pod, err := RenderArangoPod(cachedStatus, apiObject, role, newMember.ID, newMember.PodName, args, podCreator) + pod, err := RenderArangoPod(cachedStatus, apiObject, role, newMember.ID, newMember.PodName, podCreator) if err != nil { return nil, err } @@ -637,7 +626,7 @@ func (r *Resources) createPodForMember(ctx context.Context, cachedStatus inspect // RenderArangoPod renders new ArangoD Pod func RenderArangoPod(cachedStatus inspectorInterface.Inspector, deployment k8sutil.APIObject, role, id, podName string, - args []string, podCreator interfaces.PodCreator) (*core.Pod, error) { + podCreator interfaces.PodCreator) (*core.Pod, error) { // Prepare basic pod p := k8sutil.NewPod(deployment.GetName(), role, id, podName, podCreator) @@ -666,12 +655,12 @@ func RenderArangoPod(cachedStatus inspectorInterface.Inspector, deployment k8sut p.Spec.InitContainers = append(p.Spec.InitContainers, initContainers...) } - c, err := k8sutil.NewContainer(args, podCreator.GetContainerCreator()) + p.Spec.Volumes = podCreator.GetVolumes() + c, err := k8sutil.NewContainer(podCreator.GetContainerCreator()) if err != nil { return nil, errors.WithStack(err) } - p.Spec.Volumes, c.VolumeMounts = podCreator.GetVolumes() p.Spec.Containers = append(p.Spec.Containers, c) if err := podCreator.GetSidecars(&p); err != nil { return nil, err diff --git a/pkg/deployment/resources/pod_creator_arangod.go b/pkg/deployment/resources/pod_creator_arangod.go index a075c2325..e20f81ba2 100644 --- a/pkg/deployment/resources/pod_creator_arangod.go +++ b/pkg/deployment/resources/pod_creator_arangod.go @@ -66,22 +66,40 @@ type MemberArangoDPod struct { resources *Resources imageInfo api.ImageInfo autoUpgrade bool - id string + cachedStatus interfaces.Inspector } type ArangoDContainer struct { - member *MemberArangoDPod - resources *Resources - groupSpec api.ServerGroupSpec - spec api.DeploymentSpec - group api.ServerGroup - imageInfo api.ImageInfo + member *MemberArangoDPod + resources *Resources + groupSpec api.ServerGroupSpec + spec api.DeploymentSpec + group api.ServerGroup + imageInfo api.ImageInfo + cachedStatus interfaces.Inspector + input pod.Input + status api.MemberStatus +} + +// ArangoUpgradeContainer can construct ArangoD upgrade container. +type ArangoUpgradeContainer struct { + interfaces.ContainerCreator + cachedStatus interfaces.Inspector + input pod.Input +} + +// ArangoVersionCheckContainer can construct ArangoD version check container. +type ArangoVersionCheckContainer struct { + interfaces.ContainerCreator + cachedStatus interfaces.Inspector + input pod.Input + versionArgs k8sutil.OptionPairs } func (a *ArangoDContainer) GetPorts() []core.ContainerPort { ports := []core.ContainerPort{ { - Name: "server", + Name: k8sutil.ServerContainerName, ContainerPort: int32(k8sutil.ArangoPort), Protocol: core.ProtocolTCP, }, @@ -101,6 +119,14 @@ func (a *ArangoDContainer) GetPorts() []core.ContainerPort { return ports } +func (a *ArangoDContainer) GetArgs() ([]string, error) { + return createArangodArgs(a.cachedStatus, a.input) +} + +func (a *ArangoDContainer) GetName() string { + return k8sutil.ServerContainerName +} + func (a *ArangoDContainer) GetExecutor() string { return a.groupSpec.GetEntrypoint(ArangoDExecutor) } @@ -205,6 +231,12 @@ func (a *ArangoDContainer) GetImagePullPolicy() core.PullPolicy { return a.spec.GetImagePullPolicy() } +func (a *ArangoDContainer) GetVolumeMounts() []core.VolumeMount { + volumes := CreateArangoDVolumes(a.status, a.input, a.spec, a.groupSpec) + + return volumes.VolumeMounts() +} + func (m *MemberArangoDPod) AsInput() pod.Input { return pod.Input{ ApiObject: m.context.GetAPIObject(), @@ -326,55 +358,10 @@ func (m *MemberArangoDPod) GetSidecars(pod *core.Pod) error { return nil } -func (m *MemberArangoDPod) GetVolumes() ([]core.Volume, []core.VolumeMount) { - volumes := pod.NewVolumes() - - volumes.AddVolumeMount(k8sutil.ArangodVolumeMount()) - - volumes.AddVolumeMount(k8sutil.LifecycleVolumeMount()) - - if m.status.PersistentVolumeClaimName != "" { - vol := k8sutil.CreateVolumeWithPersitantVolumeClaim(k8sutil.ArangodVolumeName, - m.status.PersistentVolumeClaimName) - - volumes.AddVolume(vol) - } else { - volumes.AddVolume(k8sutil.CreateVolumeEmptyDir(k8sutil.ArangodVolumeName)) - } - - // TLS - volumes.Append(pod.TLS(), m.AsInput()) - - // Encryption - volumes.Append(pod.Encryption(), m.AsInput()) - - // Security - volumes.Append(pod.Security(), m.AsInput()) - - if m.spec.Metrics.IsEnabled() { - token := m.spec.Metrics.GetJWTTokenSecretName() - if m.spec.Authentication.IsAuthenticated() && token != "" { - vol := k8sutil.CreateVolumeWithSecret(k8sutil.ExporterJWTVolumeName, token) - volumes.AddVolume(vol) - } - } - - volumes.Append(pod.JWT(), m.AsInput()) - - volumes.AddVolume(k8sutil.LifecycleVolume()) - - // SNI - volumes.Append(pod.SNI(), m.AsInput()) - - if len(m.groupSpec.Volumes) > 0 { - volumes.AddVolume(m.groupSpec.Volumes.Volumes()...) - } +func (m *MemberArangoDPod) GetVolumes() []core.Volume { + volumes := CreateArangoDVolumes(m.status, m.AsInput(), m.spec, m.groupSpec) - if len(m.groupSpec.VolumeMounts) > 0 { - volumes.AddVolumeMount(m.groupSpec.VolumeMounts.VolumeMounts()...) - } - - return volumes.Volumes(), volumes.VolumeMounts() + return volumes.Volumes() } func (m *MemberArangoDPod) IsDeploymentMode() bool { @@ -414,23 +401,16 @@ func (m *MemberArangoDPod) GetInitContainers(cachedStatus interfaces.Inspector) { // Upgrade container - run in background if m.autoUpgrade || m.status.Upgrade { - args, err := createArangodArgsWithUpgrade(cachedStatus, m.AsInput()) - if err != nil { - return nil, err + upgradeContainer := &ArangoUpgradeContainer{ + m.GetContainerCreator(), + cachedStatus, + m.AsInput(), } - - c, err := k8sutil.NewContainer(args, m.GetContainerCreator()) + c, err := k8sutil.NewContainer(upgradeContainer) if err != nil { return nil, err } - _, c.VolumeMounts = m.GetVolumes() - - c.Name = api.ServerGroupReservedInitContainerNameUpgrade - c.Lifecycle = nil - c.LivenessProbe = nil - c.ReadinessProbe = nil - initContainers = append(initContainers, c) } @@ -438,23 +418,18 @@ func (m *MemberArangoDPod) GetInitContainers(cachedStatus interfaces.Inspector) { versionArgs := pod.UpgradeVersionCheck().Args(m.AsInput()) if len(versionArgs) > 0 { - args, err := createArangodArgs(cachedStatus, m.AsInput(), versionArgs...) - if err != nil { - return nil, err + upgradeContainer := &ArangoVersionCheckContainer{ + m.GetContainerCreator(), + cachedStatus, + m.AsInput(), + versionArgs, } - c, err := k8sutil.NewContainer(args, m.GetContainerCreator()) + c, err := k8sutil.NewContainer(upgradeContainer) if err != nil { return nil, err } - _, c.VolumeMounts = m.GetVolumes() - - c.Name = api.ServerGroupReservedInitContainerNameVersionCheck - c.Lifecycle = nil - c.LivenessProbe = nil - c.ReadinessProbe = nil - initContainers = append(initContainers, c) } } @@ -490,12 +465,15 @@ func (m *MemberArangoDPod) GetTolerations() []core.Toleration { func (m *MemberArangoDPod) GetContainerCreator() interfaces.ContainerCreator { return &ArangoDContainer{ - member: m, - spec: m.spec, - group: m.group, - resources: m.resources, - imageInfo: m.imageInfo, - groupSpec: m.groupSpec, + member: m, + spec: m.spec, + group: m.group, + resources: m.resources, + imageInfo: m.imageInfo, + groupSpec: m.groupSpec, + cachedStatus: m.cachedStatus, + input: m.AsInput(), + status: m.status, } } @@ -551,3 +529,96 @@ func (m *MemberArangoDPod) Labels() map[string]string { return l } + +// CreateArangoDVolumes returns wrapper with volumes for a pod and volume mounts for a container. +func CreateArangoDVolumes(status api.MemberStatus, input pod.Input, spec api.DeploymentSpec, + groupSpec api.ServerGroupSpec) pod.Volumes { + volumes := pod.NewVolumes() + + volumes.AddVolumeMount(k8sutil.ArangodVolumeMount()) + + volumes.AddVolumeMount(k8sutil.LifecycleVolumeMount()) + + if status.PersistentVolumeClaimName != "" { + vol := k8sutil.CreateVolumeWithPersitantVolumeClaim(k8sutil.ArangodVolumeName, + status.PersistentVolumeClaimName) + + volumes.AddVolume(vol) + } else { + volumes.AddVolume(k8sutil.CreateVolumeEmptyDir(k8sutil.ArangodVolumeName)) + } + + // TLS + volumes.Append(pod.TLS(), input) + + // Encryption + volumes.Append(pod.Encryption(), input) + + // Security + volumes.Append(pod.Security(), input) + + if spec.Metrics.IsEnabled() { + token := spec.Metrics.GetJWTTokenSecretName() + if spec.Authentication.IsAuthenticated() && token != "" { + vol := k8sutil.CreateVolumeWithSecret(k8sutil.ExporterJWTVolumeName, token) + volumes.AddVolume(vol) + } + } + + volumes.Append(pod.JWT(), input) + + volumes.AddVolume(k8sutil.LifecycleVolume()) + + // SNI + volumes.Append(pod.SNI(), input) + + if len(groupSpec.Volumes) > 0 { + volumes.AddVolume(groupSpec.Volumes.Volumes()...) + } + + if len(groupSpec.VolumeMounts) > 0 { + volumes.AddVolumeMount(groupSpec.VolumeMounts.VolumeMounts()...) + } + + return volumes +} + +// GetArgs returns list of arguments for the ArangoD upgrade container. +func (a *ArangoUpgradeContainer) GetArgs() ([]string, error) { + return createArangodArgsWithUpgrade(a.cachedStatus, a.input) +} + +// GetLifecycle returns no lifecycle for the ArangoD upgrade container. +func (a *ArangoUpgradeContainer) GetLifecycle() (*core.Lifecycle, error) { + return nil, nil +} + +// GetName returns the name of the ArangoD upgrade container. +func (a *ArangoUpgradeContainer) GetName() string { + return api.ServerGroupReservedInitContainerNameUpgrade +} + +// GetProbes returns no probes for the ArangoD upgrade container. +func (a *ArangoUpgradeContainer) GetProbes() (*core.Probe, *core.Probe, error) { + return nil, nil, nil +} + +// GetArgs returns list of arguments for the ArangoD version check container. +func (a *ArangoVersionCheckContainer) GetArgs() ([]string, error) { + return createArangodArgs(a.cachedStatus, a.input, a.versionArgs...) +} + +// GetLifecycle returns no lifecycle for the ArangoD version check container. +func (a *ArangoVersionCheckContainer) GetLifecycle() (*core.Lifecycle, error) { + return nil, nil +} + +// GetName returns the name of the ArangoD version check container. +func (a *ArangoVersionCheckContainer) GetName() string { + return api.ServerGroupReservedInitContainerNameVersionCheck +} + +// GetProbes returns no probes for the ArangoD version check container. +func (a *ArangoVersionCheckContainer) GetProbes() (*core.Probe, *core.Probe, error) { + return nil, nil, nil +} diff --git a/pkg/deployment/resources/pod_creator_sync.go b/pkg/deployment/resources/pod_creator_sync.go index f1b8d3cb8..8dbaf7b03 100644 --- a/pkg/deployment/resources/pod_creator_sync.go +++ b/pkg/deployment/resources/pod_creator_sync.go @@ -25,6 +25,8 @@ package resources import ( "math" + meta "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/arangodb/kube-arangodb/pkg/util/collection" "github.com/arangodb/kube-arangodb/pkg/util/k8sutil/interfaces" @@ -43,11 +45,17 @@ const ( ) type ArangoSyncContainer struct { - groupSpec api.ServerGroupSpec - spec api.DeploymentSpec - group api.ServerGroup - resources *Resources - imageInfo api.ImageInfo + groupSpec api.ServerGroupSpec + spec api.DeploymentSpec + group api.ServerGroup + resources *Resources + imageInfo api.ImageInfo + apiObject meta.Object + memberStatus api.MemberStatus + tlsKeyfileSecretName string + clientAuthCASecretName string + masterJWTSecretName string + clusterJWTSecretName string } var _ interfaces.PodCreator = &MemberSyncPod{} @@ -64,12 +72,22 @@ type MemberSyncPod struct { arangoMember api.ArangoMember resources *Resources imageInfo api.ImageInfo + apiObject meta.Object + memberStatus api.MemberStatus +} + +func (a *ArangoSyncContainer) GetArgs() ([]string, error) { + return createArangoSyncArgs(a.apiObject, a.spec, a.group, a.groupSpec, a.memberStatus), nil +} + +func (a *ArangoSyncContainer) GetName() string { + return k8sutil.ServerContainerName } func (a *ArangoSyncContainer) GetPorts() []core.ContainerPort { return []core.ContainerPort{ { - Name: "server", + Name: k8sutil.ServerContainerName, ContainerPort: int32(k8sutil.ArangoPort), Protocol: core.ProtocolTCP, }, @@ -156,6 +174,13 @@ func (a *ArangoSyncContainer) GetEnvs() []core.EnvVar { return envs.GetEnvList() } +func (a *ArangoSyncContainer) GetVolumeMounts() []core.VolumeMount { + volumes := createArangoSyncVolumes(a.tlsKeyfileSecretName, a.clientAuthCASecretName, a.masterJWTSecretName, + a.clusterJWTSecretName) + + return volumes.VolumeMounts() +} + func (m *MemberSyncPod) GetName() string { return m.resources.context.GetAPIObject().GetName() } @@ -218,41 +243,12 @@ func (m *MemberSyncPod) GetSidecars(pod *core.Pod) error { return nil } -func (m *MemberSyncPod) GetVolumes() ([]core.Volume, []core.VolumeMount) { - var volumes []core.Volume - var volumeMounts []core.VolumeMount - - volumes = append(volumes, k8sutil.LifecycleVolume()) - volumeMounts = append(volumeMounts, k8sutil.LifecycleVolumeMount()) - - if m.tlsKeyfileSecretName != "" { - vol := k8sutil.CreateVolumeWithSecret(k8sutil.TlsKeyfileVolumeName, m.tlsKeyfileSecretName) - volumes = append(volumes, vol) - volumeMounts = append(volumeMounts, k8sutil.TlsKeyfileVolumeMount()) - } - - // Client Authentication certificate secret mount (if any) - if m.clientAuthCASecretName != "" { - vol := k8sutil.CreateVolumeWithSecret(k8sutil.ClientAuthCAVolumeName, m.clientAuthCASecretName) - volumes = append(volumes, vol) - volumeMounts = append(volumeMounts, k8sutil.ClientAuthCACertificateVolumeMount()) - } - - // Master JWT secret mount (if any) - if m.masterJWTSecretName != "" { - vol := k8sutil.CreateVolumeWithSecret(k8sutil.MasterJWTSecretVolumeName, m.masterJWTSecretName) - volumes = append(volumes, vol) - volumeMounts = append(volumeMounts, k8sutil.MasterJWTVolumeMount()) - } +// GetVolumes returns volumes for the ArangoSync container. +func (m *MemberSyncPod) GetVolumes() []core.Volume { + volumes := createArangoSyncVolumes(m.tlsKeyfileSecretName, m.clientAuthCASecretName, m.masterJWTSecretName, + m.clusterJWTSecretName) - // Cluster JWT secret mount (if any) - if m.clusterJWTSecretName != "" { - vol := k8sutil.CreateVolumeWithSecret(k8sutil.ClusterJWTSecretVolumeName, m.clusterJWTSecretName) - volumes = append(volumes, vol) - volumeMounts = append(volumeMounts, k8sutil.ClusterJWTVolumeMount()) - } - - return volumes, volumeMounts + return volumes.Volumes() } func (m *MemberSyncPod) IsDeploymentMode() bool { @@ -288,11 +284,17 @@ func (m *MemberSyncPod) GetTolerations() []core.Toleration { func (m *MemberSyncPod) GetContainerCreator() interfaces.ContainerCreator { return &ArangoSyncContainer{ - groupSpec: m.groupSpec, - spec: m.spec, - group: m.group, - resources: m.resources, - imageInfo: m.imageInfo, + groupSpec: m.groupSpec, + spec: m.spec, + group: m.group, + resources: m.resources, + imageInfo: m.imageInfo, + apiObject: m.apiObject, + memberStatus: m.memberStatus, + tlsKeyfileSecretName: m.tlsKeyfileSecretName, + clientAuthCASecretName: m.clientAuthCASecretName, + masterJWTSecretName: m.masterJWTSecretName, + clusterJWTSecretName: m.clusterJWTSecretName, } } @@ -321,3 +323,37 @@ func (m *MemberSyncPod) Annotations() map[string]string { func (m *MemberSyncPod) Labels() map[string]string { return collection.ReservedLabels().Filter(collection.MergeAnnotations(m.spec.Labels, m.groupSpec.Labels)) } + +func createArangoSyncVolumes(tlsKeyfileSecretName, clientAuthCASecretName, masterJWTSecretName, + clusterJWTSecretName string) pod.Volumes { + volumes := pod.NewVolumes() + + volumes.AddVolume(k8sutil.LifecycleVolume()) + volumes.AddVolumeMount(k8sutil.LifecycleVolumeMount()) + + if tlsKeyfileSecretName != "" { + vol := k8sutil.CreateVolumeWithSecret(k8sutil.TlsKeyfileVolumeName, tlsKeyfileSecretName) + volumes.AddVolume(vol) + volumes.AddVolumeMount(k8sutil.TlsKeyfileVolumeMount()) + } + + if clientAuthCASecretName != "" { + vol := k8sutil.CreateVolumeWithSecret(k8sutil.ClientAuthCAVolumeName, clientAuthCASecretName) + volumes.AddVolume(vol) + volumes.AddVolumeMount(k8sutil.ClientAuthCACertificateVolumeMount()) + } + + if masterJWTSecretName != "" { + vol := k8sutil.CreateVolumeWithSecret(k8sutil.MasterJWTSecretVolumeName, masterJWTSecretName) + volumes.AddVolume(vol) + volumes.AddVolumeMount(k8sutil.MasterJWTVolumeMount()) + } + + if clusterJWTSecretName != "" { + vol := k8sutil.CreateVolumeWithSecret(k8sutil.ClusterJWTSecretVolumeName, clusterJWTSecretName) + volumes.AddVolume(vol) + volumes.AddVolumeMount(k8sutil.ClusterJWTVolumeMount()) + } + + return volumes +} diff --git a/pkg/util/k8sutil/interfaces/pod_creator.go b/pkg/util/k8sutil/interfaces/pod_creator.go index 34af9defe..1cd908071 100644 --- a/pkg/util/k8sutil/interfaces/pod_creator.go +++ b/pkg/util/k8sutil/interfaces/pod_creator.go @@ -41,7 +41,7 @@ type PodCreator interface { Init(*core.Pod) GetName() string GetRole() string - GetVolumes() ([]core.Volume, []core.VolumeMount) + GetVolumes() []core.Volume GetSidecars(*core.Pod) error GetInitContainers(cachedStatus Inspector) ([]core.Container, error) GetFinalizers() []string @@ -63,6 +63,8 @@ type PodCreator interface { } type ContainerCreator interface { + GetArgs() ([]string, error) + GetName() string GetExecutor() string GetProbes() (*core.Probe, *core.Probe, error) GetResourceRequirements() core.ResourceRequirements @@ -72,4 +74,5 @@ type ContainerCreator interface { GetEnvs() []core.EnvVar GetSecurityContext() *core.SecurityContext GetPorts() []core.ContainerPort + GetVolumeMounts() []core.VolumeMount } diff --git a/pkg/util/k8sutil/pods.go b/pkg/util/k8sutil/pods.go index ea0bb3b56..9aefe9b50 100644 --- a/pkg/util/k8sutil/pods.go +++ b/pkg/util/k8sutil/pods.go @@ -413,7 +413,7 @@ func ExtractPodResourceRequirement(resources core.ResourceRequirements) core.Res } // NewContainer creates a container for specified creator -func NewContainer(args []string, containerCreator interfaces.ContainerCreator) (core.Container, error) { +func NewContainer(containerCreator interfaces.ContainerCreator) (core.Container, error) { liveness, readiness, err := containerCreator.GetProbes() if err != nil { @@ -425,8 +425,13 @@ func NewContainer(args []string, containerCreator interfaces.ContainerCreator) ( return core.Container{}, err } + args, err := containerCreator.GetArgs() + if err != nil { + return core.Container{}, err + } + return core.Container{ - Name: ServerContainerName, + Name: containerCreator.GetName(), Image: containerCreator.GetImage(), Command: append([]string{containerCreator.GetExecutor()}, args...), Ports: containerCreator.GetPorts(), @@ -437,6 +442,7 @@ func NewContainer(args []string, containerCreator interfaces.ContainerCreator) ( Lifecycle: lifecycle, ImagePullPolicy: containerCreator.GetImagePullPolicy(), SecurityContext: containerCreator.GetSecurityContext(), + VolumeMounts: containerCreator.GetVolumeMounts(), }, nil }