Minox fixes in rlease (#1135)

Signed-off-by: Tapajit Chandra Paul <tapajit@appscode.com>
kubedb · Jan 25, 2024 · e08f63b · e08f63b
1 parent 760f1c5
commit e08f63b
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 83 deletions.
diff --git a/apis/kubedb/v1alpha2/druid_helpers.go b/apis/kubedb/v1alpha2/druid_helpers.go
@@ -34,8 +34,11 @@ import (
 	appslister "k8s.io/client-go/listers/apps/v1"
 	"k8s.io/klog/v2"
 	"kmodules.xyz/client-go/apiextensions"
+	coreutil "kmodules.xyz/client-go/core/v1"
 	meta_util "kmodules.xyz/client-go/meta"
+	"kmodules.xyz/client-go/policy/secomp"
 	appcat "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1"
+	ofst "kmodules.xyz/offshoot-api/api/v2"
 )
 
 func (d *Druid) CustomResourceDefinition() *apiextensions.CustomResourceDefinition {
@@ -318,73 +321,61 @@ func (d *Druid) SetDefaults() {
 			if d.Spec.Topology.Coordinators.Replicas == nil {
 				d.Spec.Topology.Coordinators.Replicas = pointer.Int32P(1)
 			}
-
 			if d.Spec.Topology.Coordinators.PodTemplate.Spec.SecurityContext == nil {
 				d.Spec.Topology.Coordinators.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{FSGroup: druidVersion.Spec.SecurityContext.RunAsUser}
 			}
-			// d.Spec.Topology.Coordinators.PodTemplate.Spec.SecurityContext.RunAsGroup = druidVersion.Spec.SecurityContext.RunAsUser
-			// d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Coordinators.PodTemplate)
-			// d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Coordinators.PodTemplate)
+			d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Coordinators.PodTemplate)
+			d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Coordinators.PodTemplate)
 		}
 		if d.Spec.Topology.Overlords != nil {
 			if d.Spec.Topology.Overlords.Replicas == nil {
 				d.Spec.Topology.Overlords.Replicas = pointer.Int32P(1)
 			}
-
 			if d.Spec.Topology.Overlords.PodTemplate.Spec.SecurityContext == nil {
 				d.Spec.Topology.Overlords.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{FSGroup: druidVersion.Spec.SecurityContext.RunAsUser}
 			}
-			// d.Spec.Topology.Overlords.PodTemplate.Spec.SecurityContext.RunAsGroup = druidVersion.Spec.SecurityContext.RunAsUser
-			// d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Overlords.PodTemplate)
-			// d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Overlords.PodTemplate)
+			d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Overlords.PodTemplate)
+			d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Overlords.PodTemplate)
 		}
 		if d.Spec.Topology.MiddleManagers != nil {
 			if d.Spec.Topology.MiddleManagers.Replicas == nil {
 				d.Spec.Topology.MiddleManagers.Replicas = pointer.Int32P(1)
 			}
-
 			if d.Spec.Topology.MiddleManagers.PodTemplate.Spec.SecurityContext == nil {
 				d.Spec.Topology.MiddleManagers.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{FSGroup: druidVersion.Spec.SecurityContext.RunAsUser}
 			}
-			// d.Spec.Topology.MiddleManagers.PodTemplate.Spec.SecurityContext.RunAsGroup = druidVersion.Spec.SecurityContext.RunAsUser
-			// d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.MiddleManagers.PodTemplate)
-			// d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.MiddleManagers.PodTemplate)
+			d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.MiddleManagers.PodTemplate)
+			d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.MiddleManagers.PodTemplate)
 		}
 		if d.Spec.Topology.Historicals != nil {
 			if d.Spec.Topology.Historicals.Replicas == nil {
 				d.Spec.Topology.Historicals.Replicas = pointer.Int32P(1)
 			}
-
 			if d.Spec.Topology.Historicals.PodTemplate.Spec.SecurityContext == nil {
 				d.Spec.Topology.Historicals.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{FSGroup: druidVersion.Spec.SecurityContext.RunAsUser}
 			}
-			// d.Spec.Topology.Historicals.PodTemplate.Spec.SecurityContext.RunAsGroup = druidVersion.Spec.SecurityContext.RunAsUser
-			// d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Historicals.PodTemplate)
-			// d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Historicals.PodTemplate)
+			d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Historicals.PodTemplate)
+			d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Historicals.PodTemplate)
 		}
 		if d.Spec.Topology.Brokers != nil {
 			if d.Spec.Topology.Brokers.Replicas == nil {
 				d.Spec.Topology.Brokers.Replicas = pointer.Int32P(1)
 			}
-
 			if d.Spec.Topology.Brokers.PodTemplate.Spec.SecurityContext == nil {
 				d.Spec.Topology.Brokers.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{FSGroup: druidVersion.Spec.SecurityContext.RunAsUser}
 			}
-			// d.Spec.Topology.Brokers.PodTemplate.Spec.SecurityContext.RunAsGroup = druidVersion.Spec.SecurityContext.RunAsUser
-			// d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Brokers.PodTemplate)
-			// d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Brokers.PodTemplate)
+			d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Brokers.PodTemplate)
+			d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Brokers.PodTemplate)
 		}
 		if d.Spec.Topology.Routers != nil {
 			if d.Spec.Topology.Routers.Replicas == nil {
 				d.Spec.Topology.Routers.Replicas = pointer.Int32P(1)
 			}
-
 			if d.Spec.Topology.Routers.PodTemplate.Spec.SecurityContext == nil {
 				d.Spec.Topology.Routers.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{FSGroup: druidVersion.Spec.SecurityContext.RunAsUser}
 			}
-			// d.Spec.Topology.Routers.PodTemplate.Spec.SecurityContext.RunAsGroup = druidVersion.Spec.SecurityContext.RunAsUser
-			// d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Routers.PodTemplate)
-			// d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Routers.PodTemplate)
+			d.setDefaultContainerSecurityContext(&druidVersion, &d.Spec.Topology.Routers.PodTemplate)
+			d.setDefaultInitContainerSecurityContext(&druidVersion, &d.Spec.Topology.Routers.PodTemplate)
 		}
 	}
 	if d.Spec.MetadataStorage != nil {
@@ -394,55 +385,53 @@ func (d *Druid) SetDefaults() {
 	}
 }
 
-//func (d *Druid) setDefaultInitContainerSecurityContext(slVersion *catalog.DruidVersion, podTemplate *ofst.PodTemplateSpec) {
-//	initContainer := coreutil.GetContainerByName(podTemplate.Spec.InitContainers, DruidInitContainer)
-//	if initContainer == nil {
-//		initContainer = &v1.Container{
-//			Name: DruidInitContainer,
-//		}
-//	}
-//	if initContainer.SecurityContext == nil {
-//		initContainer.SecurityContext = &v1.SecurityContext{}
-//	}
-//	apis.SetDefaultResourceLimits(&initContainer.Resources, DefaultResources)
-//	//d.assignDefaultContainerSecurityContext(slVersion, initContainer.SecurityContext)
-//	podTemplate.Spec.InitContainers = coreutil.UpsertContainer(podTemplate.Spec.InitContainers, *initContainer)
-//}
-//
-//func (d *Druid) setDefaultContainerSecurityContext(druidVersion *catalog.DruidVersion, podTemplate *ofst.PodTemplateSpec) {
-//	container := coreutil.GetContainerByName(podTemplate.Spec.Containers, DruidMainContainer)
-//	if container == nil {
-//		container = &v1.Container{
-//			Name: DruidMainContainer,
-//		}
-//	}
-//	if container.SecurityContext == nil {
-//		container.SecurityContext = &v1.SecurityContext{}
-//	}
-//	apis.SetDefaultResourceLimits(&container.Resources, DefaultResources)
-//	// d.assignDefaultContainerSecurityContext(druidVersion, container.SecurityContext)
-//	podTemplate.Spec.Containers = coreutil.UpsertContainer(podTemplate.Spec.Containers, *container)
-//}
-
-//func (d *Druid) assignDefaultContainerSecurityContext(druidVersion *catalog.DruidVersion, sc *v1.SecurityContext) {
-//	//if sc.AllowPrivilegeEscalation == nil {
-//	//	sc.AllowPrivilegeEscalation = pointer.BoolP(false)
-//	//}
-//	//if sc.Capabilities == nil {
-//	//	sc.Capabilities = &v1.Capabilities{
-//	//		Drop: []v1.Capability{"ALL"},
-//	//	}
-//	//}
-//	//if sc.RunAsNonRoot == nil {
-//	//	sc.RunAsNonRoot = pointer.BoolP(true)
-//	//}
-//	//if sc.RunAsUser == nil {
-//	//	sc.RunAsUser = druidVersion.Spec.SecurityContext.RunAsUser
-//	//}
-//	//if sc.SeccompProfile == nil {
-//	//	sc.SeccompProfile = secomp.DefaultSeccompProfile()
-//	//}
-//}
+func (d *Druid) setDefaultInitContainerSecurityContext(druidVersion *catalog.DruidVersion, podTemplate *ofst.PodTemplateSpec) {
+	initContainer := coreutil.GetContainerByName(podTemplate.Spec.InitContainers, DruidInitContainer)
+	if initContainer == nil {
+		initContainer = &v1.Container{
+			Name: DruidInitContainer,
+		}
+	}
+	if initContainer.SecurityContext == nil {
+		initContainer.SecurityContext = &v1.SecurityContext{}
+	}
+	d.assignDefaultContainerSecurityContext(druidVersion, initContainer.SecurityContext)
+	podTemplate.Spec.InitContainers = coreutil.UpsertContainer(podTemplate.Spec.InitContainers, *initContainer)
+}
+
+func (d *Druid) setDefaultContainerSecurityContext(druidVersion *catalog.DruidVersion, podTemplate *ofst.PodTemplateSpec) {
+	container := coreutil.GetContainerByName(podTemplate.Spec.Containers, DruidMainContainer)
+	if container == nil {
+		container = &v1.Container{
+			Name: DruidMainContainer,
+		}
+	}
+	if container.SecurityContext == nil {
+		container.SecurityContext = &v1.SecurityContext{}
+	}
+	d.assignDefaultContainerSecurityContext(druidVersion, container.SecurityContext)
+	podTemplate.Spec.Containers = coreutil.UpsertContainer(podTemplate.Spec.Containers, *container)
+}
+
+func (d *Druid) assignDefaultContainerSecurityContext(druidVersion *catalog.DruidVersion, sc *v1.SecurityContext) {
+	if sc.AllowPrivilegeEscalation == nil {
+		sc.AllowPrivilegeEscalation = pointer.BoolP(false)
+	}
+	if sc.Capabilities == nil {
+		sc.Capabilities = &v1.Capabilities{
+			Drop: []v1.Capability{"ALL"},
+		}
+	}
+	if sc.RunAsNonRoot == nil {
+		sc.RunAsNonRoot = pointer.BoolP(true)
+	}
+	if sc.RunAsUser == nil {
+		sc.RunAsUser = druidVersion.Spec.SecurityContext.RunAsUser
+	}
+	if sc.SeccompProfile == nil {
+		sc.SeccompProfile = secomp.DefaultSeccompProfile()
+	}
+}
 
 func (d *Druid) GetPersistentSecrets() []string {
 	if d == nil {

diff --git a/apis/kubedb/v1alpha2/druid_webhook.go b/apis/kubedb/v1alpha2/druid_webhook.go
@@ -17,11 +17,15 @@ limitations under the License.
 package v1alpha2
 
 import (
+	"context"
 	"errors"
 
+	catalog "kubedb.dev/apimachinery/apis/catalog/v1alpha1"
+
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ofst "kmodules.xyz/offshoot-api/api/v2"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -78,10 +82,6 @@ func (d *Druid) ValidateDelete() (admission.Warnings, error) {
 	return nil, nil
 }
 
-var druidAvailableVersions = []string{
-	"25.0.0",
-}
-
 var druidReservedVolumes = []string{
 	DruidVolumeOperatorConfig,
 	DruidVolumeMainConfig,
@@ -302,13 +302,14 @@ func (d *Druid) validateCreateOrUpdate() field.ErrorList {
 }
 
 func druidValidateVersion(d *Druid) error {
-	version := d.Spec.Version
-	for _, v := range druidAvailableVersions {
-		if v == version {
-			return nil
-		}
+	var druidVersion catalog.DruidVersion
+	err := DefaultClient.Get(context.TODO(), types.NamespacedName{
+		Name: d.Spec.Version,
+	}, &druidVersion)
+	if err != nil {
+		return errors.New("version not supported")
 	}
-	return errors.New("version not supported")
+	return nil
 }
 
 func druidValidateVolumes(podTemplate *ofst.PodTemplateSpec, nodeType DruidNodeRoleType) error {