Skip to content

Commit

Permalink
feat (jkube-kit/enricher) : Add flag in VolumePermissionEnricher to d…
Browse files Browse the repository at this point in the history 
…isable initContainer addition (eclipse-jkube#1179)

Currently, VolumePermissionEnricher adds an initContainer in order to
fix permission of currently mounted PeristentVolume. However, some users
have reported that they don't really need it.

Adding a flag to disable this behavior.

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
  • Loading branch information
@rohanKanojia
rohanKanojia committed Dec 8, 2022
1 parent 88ee15a commit dc7871e
Show file tree
Hide file tree
Showing 7 changed files with 276 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Usage:
./scripts/extract-changelog-for-version.sh 1.3.37 5
```
### 1.11-SNAPSHOT
* Fix #1179: Add flag in VolumePermissionEnricher to disable adding initContainer
* Fix #1546: Migrate to JUnit5 testing framework
* Fix #1935: `oc:remote-dev` goal / `ocRemoteDev` task have wrong log prefixes

Expand Down
103 changes: 103 additions & 0 deletions gradle-plugin/it/src/it/volume-permission/expected/no-init-container/kubernetes.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
---
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Service
metadata:
annotations:
jkube.io/iconUrl: "@ignore@"
jkube.io/git-url: "@ignore@"
jkube.io/git-commit: "@ignore@"
jkube.io/git-branch: "@ignore@"
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.devops.apps
name: jkube-docker-registry
spec:
ports:
- port: 80
protocol: TCP
targetPort: 5000
selector:
app: jkube-docker-registry
provider: jkube
group: org.eclipse.jkube.devops.apps
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.integration.tests.gradle
name: jkube-docker-registry-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
jkube.io/iconUrl: "@ignore@"
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.devops.apps
name: jkube-docker-registry
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
provider: jkube
app: volume-permission
group: org.eclipse.jkube.devops.apps
template:
metadata:
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.devops.apps
name: volume-permission
spec:
containers:
- env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: metadata.name
image: registry:2
imagePullPolicy: IfNotPresent
name: jkube-docker-registry
ports:
- containerPort: 5000
name: http
resources:
limits:
cpu: "0"
memory: "0"
requests:
cpu: "0"
memory: "0"
securityContext:
privileged: false
volumeMounts:
- mountPath: /var/lib/registry
name: jkube-docker-registry-storage
readOnly: false
volumes:
- name: jkube-docker-registry-storage
persistentVolumeClaim:
claimName: jkube-docker-registry-storage
138 changes: 138 additions & 0 deletions gradle-plugin/it/src/it/volume-permission/expected/no-init-container/openshift.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
---
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Service
metadata:
annotations:
app.openshift.io/vcs-ref: "@ignore@"
jkube.io/git-branch: "@ignore@"
jkube.io/iconUrl: "@ignore@"
jkube.io/git-url: "@ignore@"
app.openshift.io/vcs-uri: "@ignore@"
jkube.io/git-commit: "@ignore@"
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.devops.apps
name: jkube-docker-registry
spec:
ports:
- port: 80
protocol: TCP
targetPort: 5000
selector:
app: jkube-docker-registry
provider: jkube
group: org.eclipse.jkube.devops.apps
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.integration.tests.gradle
name: jkube-docker-registry-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
annotations:
jkube.io/iconUrl: "@ignore@"
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.devops.apps
name: jkube-docker-registry
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
provider: jkube
app: volume-permission
group: org.eclipse.jkube.devops.apps
strategy:
rollingParams:
timeoutSeconds: 3600
type: Rolling
template:
metadata:
annotations:
jkube.io/iconUrl: "@ignore@"
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.devops.apps
name: volume-permission
spec:
containers:
- env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry:2
imagePullPolicy: IfNotPresent
name: jkube-docker-registry
ports:
- containerPort: 5000
name: http
resources:
limits:
cpu: "0"
memory: "0"
requests:
cpu: "0"
memory: "0"
securityContext:
privileged: false
volumeMounts:
- mountPath: /var/lib/registry
name: jkube-docker-registry-storage
readOnly: false
volumes:
- name: jkube-docker-registry-storage
persistentVolumeClaim:
claimName: jkube-docker-registry-storage
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- jkube-docker-registry
from:
kind: ImageStreamTag
name: registry:2
type: ImageChange
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
annotations:
app.openshift.io/vcs-ref: "@ignore@"
jkube.io/git-branch: "@ignore@"
jkube.io/iconUrl: "@ignore@"
jkube.io/git-url: "@ignore@"
app.openshift.io/vcs-uri: "@ignore@"
jkube.io/git-commit: "@ignore@"
labels:
app: volume-permission
provider: jkube
version: "@ignore@"
group: org.eclipse.jkube.devops.apps
name: jkube-docker-registry
spec:
port:
targetPort: 80
to:
kind: Service
name: jkube-docker-registry
3 changes: 2 additions & 1 deletion gradle-plugin/it/src/test/java/org/eclipse/jkube/gradle/plugin/tests/VolumePermissionIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ static Stream<Arguments> data() {
return Stream.of(
arguments("default", new String[] {}),
arguments("custom-storageclass-annotation", new String[] {"-Pjkube.enricher.jkube-volume-permission.defaultStorageClass=cheese", "-Pjkube.enricher.jkube-volume-permission.useStorageClassAnnotation=true"}),
arguments("custom-storageclass", new String[] {"-Pjkube.enricher.jkube-volume-permission.defaultStorageClass=cheese"})
arguments("custom-storageclass", new String[] {"-Pjkube.enricher.jkube-volume-permission.defaultStorageClass=cheese"}),
arguments("no-init-container", new String[] {"-Pjkube.enricher.jkube-volume-permission.useInitContainer=false"})
);
}

Expand Down
6 changes: 6 additions & 0 deletions .../src/main/asciidoc/inc/enricher/volume-permission/_jkube_volume_permission.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@ Defaults to `777`.
Defaults to `false`
| `jkube.enricher.jkube-volume-permission.useStorageClassAnnotation`

| *useInitContainer*
| If enabled, an initContainer would be added to fix permission of PersistentVolume mount.

Defaults to `true`
| `jkube.enricher.jkube-volume-permission.useInitContainer`

| *cpuLimit*
| Set PersistentVolume *initContainer*'s `.resources` CPU limit
| `jkube.enricher.jkube-volume-permission.cpuLimit`
Expand Down
4 changes: 3 additions & 1 deletion ...er/generic/src/main/java/org/eclipse/jkube/enricher/generic/VolumePermissionEnricher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ enum Config implements Configs.Config {
PERMISSION("permission", "777"),
DEFAULT_STORAGE_CLASS("defaultStorageClass", null),
USE_ANNOTATION("useStorageClassAnnotation", "false"),
USE_INIT_CONTAINER("useInitContainer", "true"),
CPU_LIMIT("cpuLimit", null),
CPU_REQUEST("cpuRequest", null),
MEMORY_LIMIT("memoryLimit", null),
Expand Down Expand Up @@ -100,7 +101,8 @@ public void visit(PodTemplateSpecBuilder builder) {

log.verbose("Adding init container for changing persistent volumes access mode to %s",
getConfig(Config.PERMISSION));
if (!initContainerHandler.hasInitContainer(builder, ENRICHER_NAME)) {
if (!initContainerHandler.hasInitContainer(builder, ENRICHER_NAME) &&
Boolean.parseBoolean(getConfig(Config.USE_INIT_CONTAINER))) {
initContainerHandler.appendInitContainer(builder, createPvInitContainer(podSpec));
}
}
Expand Down
23 changes: 23 additions & 0 deletions ...eneric/src/test/java/org/eclipse/jkube/enricher/generic/VolumePermissionEnricherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,29 @@ void enrich_withResourcesEnabledInConfiguration_shouldAddRequestsLimitsToVolumeI
.hasFieldOrPropertyWithValue("limits", limitMap);
}

@Test
void enrich_withUseInitContainerFalse_shouldNotAddAnyInitContainer() {
// Given
Properties properties = new Properties();
properties.put("jkube.enricher.jkube-volume-permission.useInitContainer", "false");
when(context.getProperties()).thenReturn(properties);
VolumePermissionEnricher enricher = new VolumePermissionEnricher(context);
KubernetesListBuilder kubernetesListBuilder = new KubernetesListBuilder();
kubernetesListBuilder.addToPodTemplateItems(addVolume(createEmptyPodTemplate(), "volumeC").build());

// When
enricher.enrich(PlatformMode.kubernetes, kubernetesListBuilder);

// Then
assertThat(kubernetesListBuilder.buildItems())
.singleElement(InstanceOfAssertFactories.type(PodTemplate.class))
.extracting(PodTemplate::getTemplate)
.extracting(PodTemplateSpec::getSpec)
.extracting(PodSpec::getInitContainers)
.asList()
.isEmpty();
}

public PodTemplateBuilder addVolume(PodTemplateBuilder ptb, String vn) {
ptb = ptb.editTemplate().
editSpec().
Expand Down

0 comments on commit dc7871e

Please sign in to comment.