From a99b2857d0225d410a2090d394717d4c56d4fd26 Mon Sep 17 00:00:00 2001 From: lgtm <1gtm@users.noreply.github.com> Date: Fri, 1 Dec 2023 02:27:57 -0800 Subject: [PATCH] Prepare for release v0.38.0-rc.1 (#738) ProductLine: KubeDB Release: v2023.12.1-rc.1 Release-tracker: https://github.com/kubedb/CHANGELOG/pull/76 Signed-off-by: 1gtm <1gtm@appscode.com> --- go.mod | 4 +- go.sum | 8 +- .../catalog/v1alpha1/etcd_version_types.go | 3 + .../catalog/v1alpha1/kafka_version_types.go | 3 + .../catalog/v1alpha1/mariadb_version_types.go | 3 + .../v1alpha1/memcached_version_types.go | 3 + .../catalog/v1alpha1/mongodb_version_types.go | 3 + .../catalog/v1alpha1/mysql_version_types.go | 3 + .../catalog/v1alpha1/openapi_generated.go | 101 ++++++++++++++++-- .../v1alpha1/perconaxtradb_version_types.go | 3 + .../v1alpha1/proxysql_version_types.go | 3 + .../catalog/v1alpha1/redis_version_types.go | 3 + .../apis/catalog/v1alpha1/types.go | 5 + .../catalog/v1alpha1/zz_generated.deepcopy.go | 32 +++++- .../kubedb/v1alpha2/elasticsearch_helpers.go | 25 +++-- .../apis/kubedb/v1alpha2/kafka_helpers.go | 36 +++++-- .../apis/kubedb/v1alpha2/mariadb_helpers.go | 27 +++-- .../apis/kubedb/v1alpha2/mongodb_helpers.go | 58 +++------- .../apis/kubedb/v1alpha2/mysql_helpers.go | 27 +++-- .../kubedb/v1alpha2/perconaxtradb_helpers.go | 61 ++++++++--- .../apis/kubedb/v1alpha2/pgbouncer_helpers.go | 3 + .../apis/kubedb/v1alpha2/postgres_helpers.go | 9 ++ .../apis/kubedb/v1alpha2/redis_helpers.go | 25 +++-- .../kubedb/v1alpha2/redis_sentinel_helpers.go | 25 +++-- .../apis/kubedb/v1alpha2/types.go | 14 +++ .../crds/catalog.kubedb.com_etcdversions.yaml | 6 ++ .../catalog.kubedb.com_kafkaversions.yaml | 6 ++ .../catalog.kubedb.com_mariadbversions.yaml | 6 ++ .../catalog.kubedb.com_memcachedversions.yaml | 6 ++ .../catalog.kubedb.com_mongodbversions.yaml | 6 ++ .../catalog.kubedb.com_mysqlversions.yaml | 6 ++ ...alog.kubedb.com_perconaxtradbversions.yaml | 6 ++ .../catalog.kubedb.com_proxysqlversions.yaml | 6 ++ .../catalog.kubedb.com_redisversions.yaml | 6 ++ .../apimachinery/apis/constant.go | 67 +++++------- .../v1alpha1/backupconfiguration_helpers.go | 2 +- .../v1alpha1/backupconfiguration_webhook.go | 25 ++++- .../apis/storage/v1alpha1/repository_types.go | 4 +- .../apis/storage/v1alpha1/snapshot_helpers.go | 45 +------- .../apis/storage/v1alpha1/snapshot_types.go | 1 - .../apis/storage/v1alpha1/types_helpers.go | 40 +++++++ .../storage/v1alpha1/zz_generated.deepcopy.go | 4 + .../storage.kubestash.com_repositories.yaml | 7 +- .../crds/storage.kubestash.com_snapshots.yaml | 3 - vendor/modules.txt | 4 +- 45 files changed, 518 insertions(+), 225 deletions(-) diff --git a/go.mod b/go.mod index 98b1429c6..21df098dc 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( kmodules.xyz/client-go v0.25.43 kmodules.xyz/custom-resources v0.25.2 kmodules.xyz/monitoring-agent-api v0.25.6 - kubedb.dev/apimachinery v0.38.0-rc.0 + kubedb.dev/apimachinery v0.38.0-rc.1 kubedb.dev/db-client-go v0.0.8-0.20230818101900-6ddd035705ef sigs.k8s.io/controller-runtime v0.13.1 sigs.k8s.io/yaml v1.3.0 @@ -143,7 +143,7 @@ require ( kmodules.xyz/offshoot-api v0.25.5 // indirect kmodules.xyz/prober v0.25.0 // indirect kubeops.dev/sidekick v0.0.3 // indirect - kubestash.dev/apimachinery v0.2.0-rc.1 // indirect + kubestash.dev/apimachinery v0.2.0 // indirect sigs.k8s.io/gateway-api v0.4.3 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect diff --git a/go.sum b/go.sum index 921593879..4b164359f 100644 --- a/go.sum +++ b/go.sum @@ -1413,14 +1413,14 @@ kmodules.xyz/offshoot-api v0.25.5 h1:erUtTDj9iljikd9CvrCz0E32P5mgEqq1NYxy06lxrNo kmodules.xyz/offshoot-api v0.25.5/go.mod h1:wotLtcXWHw6KrWX6Ry2EsHn2I2QTvyLX7gXAuwBjkFc= kmodules.xyz/prober v0.25.0 h1:R5uRLHJEvEtEoogj+vaTAob0Btph6+PX5IlS6hPh8PA= kmodules.xyz/prober v0.25.0/go.mod h1:z4RTnjaajNQa/vPltsiOnO3xI716I/ziD2ac2Exm+1M= -kubedb.dev/apimachinery v0.38.0-rc.0 h1:6rUuZn15tcUmersxJdw4dLDLdmcVeceMd4JSgw1xYuk= -kubedb.dev/apimachinery v0.38.0-rc.0/go.mod h1:lenDiWAjCEVTHUFu4PR1f024tNErhaS0y6za1iBCY6Y= +kubedb.dev/apimachinery v0.38.0-rc.1 h1:EkqgCtr6JA9AIlhUSHBmxN04AnjEEYWcaxUtP3JjVL0= +kubedb.dev/apimachinery v0.38.0-rc.1/go.mod h1:cIralklbh1plpXPLCMweCATKzQV/YwX6RRzroiMCKGE= kubedb.dev/db-client-go v0.0.8-0.20230818101900-6ddd035705ef h1:1efGdivo8V46zH0umhrmSbJ1eBwqZcqQ6kMcKHe5+d0= kubedb.dev/db-client-go v0.0.8-0.20230818101900-6ddd035705ef/go.mod h1:rjVBtbrycRJg1SAa/YMNmQerbhTt+4CXW737rNG6wAM= kubeops.dev/sidekick v0.0.3 h1:xkIcgnOgBAblhDbsIWIJOIhAGZLzWieqPpm1VhGHTlU= kubeops.dev/sidekick v0.0.3/go.mod h1:h/f0nIKdRX/jrE7CbN0drhBBbEpFcAYViyVNE8dbDYM= -kubestash.dev/apimachinery v0.2.0-rc.1 h1:K4Gmtw6cSQngFQMcBjnwOuqgKaRGXk9z9zR4bVLanpU= -kubestash.dev/apimachinery v0.2.0-rc.1/go.mod h1:vlT+qYeOTh5GjzdKw9qhJlXxS+PvvVZivm+l7y+OUIs= +kubestash.dev/apimachinery v0.2.0 h1:xu6Um9Z0gFgMbKzUHIJAsvh+izJ6Nl4LJPyK4SUnntE= +kubestash.dev/apimachinery v0.2.0/go.mod h1:ouqYby7/IIHRJgadPc++tzh3vxtjIgk1pDzU0YRCCw4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/etcd_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/etcd_version_types.go index 96308c35d..dfd6db7c2 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/etcd_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/etcd_version_types.go @@ -64,6 +64,9 @@ type EtcdVersionSpec struct { Stash appcat.StashAddonSpec `json:"stash,omitempty"` // +optional GitSyncer GitSyncer `json:"gitSyncer,omitempty"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` } // EtcdVersionDatabase is the Etcd Database image diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/kafka_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/kafka_version_types.go index d4de83b89..d582789f6 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/kafka_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/kafka_version_types.go @@ -67,6 +67,9 @@ type KafkaVersionSpec struct { Stash appcat.StashAddonSpec `json:"stash,omitempty"` // update constraints UpdateConstraints UpdateConstraints `json:"updateConstraints,omitempty"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` } // KafkaVersionDatabase is the Kafka Database image diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mariadb_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mariadb_version_types.go index cdd52e32e..d82876646 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mariadb_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mariadb_version_types.go @@ -73,6 +73,9 @@ type MariaDBVersionSpec struct { UpdateConstraints UpdateConstraints `json:"updateConstraints,omitempty"` // +optional GitSyncer GitSyncer `json:"gitSyncer,omitempty"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` } // MariaDBVersionDatabase is the mariadb image diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/memcached_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/memcached_version_types.go index 064bab4cf..81b500ca8 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/memcached_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/memcached_version_types.go @@ -58,6 +58,9 @@ type MemcachedVersionSpec struct { Deprecated bool `json:"deprecated,omitempty"` // PSP names PodSecurityPolicies MemcachedVersionPodSecurityPolicy `json:"podSecurityPolicies"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` } // MemcachedVersionDatabase is the Memcached Database image diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mongodb_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mongodb_version_types.go index 9d4e31738..774bdd872 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mongodb_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mongodb_version_types.go @@ -75,6 +75,9 @@ type MongoDBVersionSpec struct { UpdateConstraints UpdateConstraints `json:"updateConstraints,omitempty"` // +optional GitSyncer GitSyncer `json:"gitSyncer,omitempty"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` // Archiver defines the walg & stash-addon related specifications Archiver ArchiverSpec `json:"archiver,omitempty"` } diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mysql_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mysql_version_types.go index dfc52b7f5..e7636f352 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mysql_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/mysql_version_types.go @@ -84,6 +84,9 @@ type MySQLVersionSpec struct { RouterInitContainer MySQLVersionRouterInitContainer `json:"routerInitContainer,omitempty"` // +optional GitSyncer GitSyncer `json:"gitSyncer,omitempty"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` } // MySQLVersionDatabase is the MySQL Database image diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/openapi_generated.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/openapi_generated.go index 282d01dc7..e9182c5f5 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/openapi_generated.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/openapi_generated.go @@ -542,6 +542,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionPodSecurityPolicy": schema_apimachinery_apis_catalog_v1alpha1_RedisVersionPodSecurityPolicy(ref), "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionSpec": schema_apimachinery_apis_catalog_v1alpha1_RedisVersionSpec(ref), "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ReplicationModeDetector": schema_apimachinery_apis_catalog_v1alpha1_ReplicationModeDetector(ref), + "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext": schema_apimachinery_apis_catalog_v1alpha1_SecurityContext(ref), "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints": schema_apimachinery_apis_catalog_v1alpha1_UpdateConstraints(ref), "kubedb.dev/apimachinery/apis/catalog/v1alpha1.VolumeSnapshot": schema_apimachinery_apis_catalog_v1alpha1_VolumeSnapshot(ref), "kubedb.dev/apimachinery/apis/catalog/v1alpha1.WalgSpec": schema_apimachinery_apis_catalog_v1alpha1_WalgSpec(ref), @@ -22644,12 +22645,19 @@ func schema_apimachinery_apis_catalog_v1alpha1_EtcdVersionSpec(ref common.Refere Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, }, Required: []string{"version", "db", "exporter"}, }, }, Dependencies: []string{ - "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.EtcdVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.EtcdVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer"}, + "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.EtcdVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.EtcdVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"}, } } @@ -22862,12 +22870,19 @@ func schema_apimachinery_apis_catalog_v1alpha1_KafkaVersionSpec(ref common.Refer Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, }, Required: []string{"version", "db", "cruiseControl"}, }, }, Dependencies: []string{ - "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.CruiseControlVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.KafkaVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.KafkaVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, + "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.CruiseControlVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.KafkaVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.KafkaVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, } } @@ -23182,12 +23197,19 @@ func schema_apimachinery_apis_catalog_v1alpha1_MariaDBVersionSpec(ref common.Ref Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, }, Required: []string{"version", "db", "exporter", "initContainer", "podSecurityPolicies"}, }, }, Dependencies: []string{ - "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionCoordinator", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, + "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionCoordinator", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MariaDBVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, } } @@ -23386,12 +23408,19 @@ func schema_apimachinery_apis_catalog_v1alpha1_MemcachedVersionSpec(ref common.R Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.MemcachedVersionPodSecurityPolicy"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, }, Required: []string{"version", "db", "exporter", "podSecurityPolicies"}, }, }, Dependencies: []string{ - "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MemcachedVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MemcachedVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MemcachedVersionPodSecurityPolicy"}, + "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MemcachedVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MemcachedVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MemcachedVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"}, } } @@ -23652,6 +23681,13 @@ func schema_apimachinery_apis_catalog_v1alpha1_MongoDBVersionSpec(ref common.Ref Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, "archiver": { SchemaProps: spec.SchemaProps{ Description: "Archiver defines the walg & stash-addon related specifications", @@ -23664,7 +23700,7 @@ func schema_apimachinery_apis_catalog_v1alpha1_MongoDBVersionSpec(ref common.Ref }, }, Dependencies: []string{ - "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ArchiverSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MongoDBVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MongoDBVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MongoDBVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MongoDBVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ReplicationModeDetector", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, + "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ArchiverSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MongoDBVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MongoDBVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MongoDBVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MongoDBVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ReplicationModeDetector", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, } } @@ -24120,12 +24156,19 @@ func schema_apimachinery_apis_catalog_v1alpha1_MySQLVersionSpec(ref common.Refer Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, }, Required: []string{"version", "db", "exporter", "initContainer", "podSecurityPolicies"}, }, }, Dependencies: []string{ - "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLUpdateConstraints", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionCoordinator", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionRouter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionRouterInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ReplicationModeDetector"}, + "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLUpdateConstraints", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionCoordinator", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionRouter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.MySQLVersionRouterInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ReplicationModeDetector", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"}, } } @@ -24400,12 +24443,19 @@ func schema_apimachinery_apis_catalog_v1alpha1_PerconaXtraDBVersionSpec(ref comm Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, }, Required: []string{"version", "db", "exporter", "initContainer", "podSecurityPolicies"}, }, }, Dependencies: []string{ - "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionCoordinator", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, + "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionCoordinator", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.PerconaXtraDBVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, } } @@ -25182,12 +25232,19 @@ func schema_apimachinery_apis_catalog_v1alpha1_ProxySQLVersionSpec(ref common.Re Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, }, Required: []string{"version", "proxysql", "podSecurityPolicies"}, }, }, Dependencies: []string{ - "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ProxySQLVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ProxySQLVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ProxySQLVersionProxysql", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, + "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ProxySQLVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ProxySQLVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.ProxySQLVersionProxysql", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, } } @@ -25462,12 +25519,19 @@ func schema_apimachinery_apis_catalog_v1alpha1_RedisVersionSpec(ref common.Refer Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer"), }, }, + "securityContext": { + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Default: map[string]interface{}{}, + Ref: ref("kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext"), + }, + }, }, Required: []string{"version", "db", "exporter", "podSecurityPolicies"}, }, }, Dependencies: []string{ - "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionCoordinator", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, + "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1.StashAddonSpec", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.GitSyncer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionCoordinator", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionDatabase", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionExporter", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionInitContainer", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.RedisVersionPodSecurityPolicy", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.SecurityContext", "kubedb.dev/apimachinery/apis/catalog/v1alpha1.UpdateConstraints"}, } } @@ -25492,6 +25556,25 @@ func schema_apimachinery_apis_catalog_v1alpha1_ReplicationModeDetector(ref commo } } +func schema_apimachinery_apis_catalog_v1alpha1_SecurityContext(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SecurityContext is for the additional config for the DB container", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "runAsUser": { + SchemaProps: spec.SchemaProps{ + Type: []string{"integer"}, + Format: "int64", + }, + }, + }, + }, + }, + } +} + func schema_apimachinery_apis_catalog_v1alpha1_UpdateConstraints(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/perconaxtradb_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/perconaxtradb_version_types.go index fa5af4c31..c8b0cf598 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/perconaxtradb_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/perconaxtradb_version_types.go @@ -73,6 +73,9 @@ type PerconaXtraDBVersionSpec struct { UpdateConstraints UpdateConstraints `json:"updateConstraints,omitempty"` // +optional GitSyncer GitSyncer `json:"gitSyncer,omitempty"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` } // PerconaXtraDBVersionDatabase is the perconaxtradb image diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/proxysql_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/proxysql_version_types.go index 773dcf68e..640d6febd 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/proxysql_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/proxysql_version_types.go @@ -59,6 +59,9 @@ type ProxySQLVersionSpec struct { PodSecurityPolicies ProxySQLVersionPodSecurityPolicy `json:"podSecurityPolicies"` // update constraints UpdateConstraints UpdateConstraints `json:"updateConstraints,omitempty"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` } // ProxySQLVersionProxysql is the proxysql image diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/redis_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/redis_version_types.go index c85c88d8d..acb82a90d 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/redis_version_types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/redis_version_types.go @@ -72,6 +72,9 @@ type RedisVersionSpec struct { UpdateConstraints UpdateConstraints `json:"updateConstraints,omitempty"` // +optional GitSyncer GitSyncer `json:"gitSyncer,omitempty"` + // SecurityContext is for the additional config for the DB container + // +optional + SecurityContext SecurityContext `json:"securityContext"` } // RedisVersionInitContainer is the Redis init container image diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/types.go index cd05851b2..73ec03ddf 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/types.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/types.go @@ -71,3 +71,8 @@ type ManifestRestore struct { type GitSyncer struct { Image string `json:"image"` } + +// SecurityContext is for the additional config for the DB container +type SecurityContext struct { + RunAsUser *int64 `json:"runAsUser,omitempty"` +} diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/zz_generated.deepcopy.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/zz_generated.deepcopy.go index 47cae8268..10d0afb04 100644 --- a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/zz_generated.deepcopy.go @@ -397,6 +397,7 @@ func (in *EtcdVersionSpec) DeepCopyInto(out *EtcdVersionSpec) { out.Exporter = in.Exporter in.Stash.DeepCopyInto(&out.Stash) out.GitSyncer = in.GitSyncer + in.SecurityContext.DeepCopyInto(&out.SecurityContext) return } @@ -526,6 +527,7 @@ func (in *KafkaVersionSpec) DeepCopyInto(out *KafkaVersionSpec) { out.PodSecurityPolicies = in.PodSecurityPolicies in.Stash.DeepCopyInto(&out.Stash) in.UpdateConstraints.DeepCopyInto(&out.UpdateConstraints) + in.SecurityContext.DeepCopyInto(&out.SecurityContext) return } @@ -722,6 +724,7 @@ func (in *MariaDBVersionSpec) DeepCopyInto(out *MariaDBVersionSpec) { in.Stash.DeepCopyInto(&out.Stash) in.UpdateConstraints.DeepCopyInto(&out.UpdateConstraints) out.GitSyncer = in.GitSyncer + in.SecurityContext.DeepCopyInto(&out.SecurityContext) return } @@ -740,7 +743,7 @@ func (in *MemcachedVersion) DeepCopyInto(out *MemcachedVersion) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) return } @@ -849,6 +852,7 @@ func (in *MemcachedVersionSpec) DeepCopyInto(out *MemcachedVersionSpec) { out.DB = in.DB out.Exporter = in.Exporter out.PodSecurityPolicies = in.PodSecurityPolicies + in.SecurityContext.DeepCopyInto(&out.SecurityContext) return } @@ -997,6 +1001,7 @@ func (in *MongoDBVersionSpec) DeepCopyInto(out *MongoDBVersionSpec) { in.Stash.DeepCopyInto(&out.Stash) in.UpdateConstraints.DeepCopyInto(&out.UpdateConstraints) out.GitSyncer = in.GitSyncer + in.SecurityContext.DeepCopyInto(&out.SecurityContext) out.Archiver = in.Archiver return } @@ -1267,6 +1272,7 @@ func (in *MySQLVersionSpec) DeepCopyInto(out *MySQLVersionSpec) { out.Router = in.Router out.RouterInitContainer = in.RouterInitContainer out.GitSyncer = in.GitSyncer + in.SecurityContext.DeepCopyInto(&out.SecurityContext) return } @@ -1431,6 +1437,7 @@ func (in *PerconaXtraDBVersionSpec) DeepCopyInto(out *PerconaXtraDBVersionSpec) in.Stash.DeepCopyInto(&out.Stash) in.UpdateConstraints.DeepCopyInto(&out.UpdateConstraints) out.GitSyncer = in.GitSyncer + in.SecurityContext.DeepCopyInto(&out.SecurityContext) return } @@ -1899,6 +1906,7 @@ func (in *ProxySQLVersionSpec) DeepCopyInto(out *ProxySQLVersionSpec) { } out.PodSecurityPolicies = in.PodSecurityPolicies in.UpdateConstraints.DeepCopyInto(&out.UpdateConstraints) + in.SecurityContext.DeepCopyInto(&out.SecurityContext) return } @@ -2063,6 +2071,7 @@ func (in *RedisVersionSpec) DeepCopyInto(out *RedisVersionSpec) { in.Stash.DeepCopyInto(&out.Stash) in.UpdateConstraints.DeepCopyInto(&out.UpdateConstraints) out.GitSyncer = in.GitSyncer + in.SecurityContext.DeepCopyInto(&out.SecurityContext) return } @@ -2092,6 +2101,27 @@ func (in *ReplicationModeDetector) DeepCopy() *ReplicationModeDetector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecurityContext) DeepCopyInto(out *SecurityContext) { + *out = *in + if in.RunAsUser != nil { + in, out := &in.RunAsUser, &out.RunAsUser + *out = new(int64) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContext. +func (in *SecurityContext) DeepCopy() *SecurityContext { + if in == nil { + return nil + } + out := new(SecurityContext) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UpdateConstraints) DeepCopyInto(out *UpdateConstraints) { *out = *in diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go index 37db60441..6ff572ed8 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/elasticsearch_helpers.go @@ -386,17 +386,23 @@ func (e Elasticsearch) StatsServiceLabels() map[string]string { return e.ServiceLabels(StatsServiceAlias, map[string]string{LabelRole: RoleStats}) } -func (e Elasticsearch) setContainerSecurityContextDefaults(podTemplate *ofst.PodTemplateSpec) { +func (e Elasticsearch) setContainerSecurityContextDefaults(esVersion *catalog.ElasticsearchVersion, podTemplate *ofst.PodTemplateSpec) { if podTemplate == nil { return } if podTemplate.Spec.ContainerSecurityContext == nil { podTemplate.Spec.ContainerSecurityContext = &core.SecurityContext{} } - e.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext) + if podTemplate.Spec.SecurityContext == nil { + podTemplate.Spec.SecurityContext = &core.PodSecurityContext{} + } + if podTemplate.Spec.SecurityContext.FSGroup == nil { + podTemplate.Spec.SecurityContext.FSGroup = esVersion.Spec.SecurityContext.RunAsUser + } + e.assignDefaultContainerSecurityContext(esVersion, podTemplate.Spec.ContainerSecurityContext) } -func (e Elasticsearch) assignDefaultContainerSecurityContext(sc *core.SecurityContext) { +func (e Elasticsearch) assignDefaultContainerSecurityContext(esVersion *catalog.ElasticsearchVersion, sc *core.SecurityContext) { if sc.AllowPrivilegeEscalation == nil { sc.AllowPrivilegeEscalation = pointer.BoolP(false) } @@ -409,7 +415,10 @@ func (e Elasticsearch) assignDefaultContainerSecurityContext(sc *core.SecurityCo sc.RunAsNonRoot = pointer.BoolP(true) } if sc.RunAsUser == nil { - sc.RunAsUser = pointer.Int64P(1000) + sc.RunAsUser = esVersion.Spec.SecurityContext.RunAsUser + } + if sc.RunAsGroup == nil { + sc.RunAsGroup = esVersion.Spec.SecurityContext.RunAsUser } if sc.SeccompProfile == nil { sc.SeccompProfile = secomp.DefaultSeccompProfile() @@ -621,16 +630,16 @@ func (e *Elasticsearch) SetDefaults(esVersion *catalog.ElasticsearchVersion, top } e.setDefaultAffinity(&e.Spec.PodTemplate, e.OffshootSelectors(), topology) - e.setContainerSecurityContextDefaults(&e.Spec.PodTemplate) + e.setContainerSecurityContextDefaults(esVersion, &e.Spec.PodTemplate) e.setDefaultInternalUsersAndRoleMappings(esVersion) - e.SetMetricsExporterDefaults() + e.SetMetricsExporterDefaults(esVersion) e.SetTLSDefaults(esVersion) } -func (e *Elasticsearch) SetMetricsExporterDefaults() { +func (e *Elasticsearch) SetMetricsExporterDefaults(esVersion *catalog.ElasticsearchVersion) { e.Spec.Monitor.SetDefaults() if e.Spec.Monitor != nil && e.Spec.Monitor.Prometheus != nil && e.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { - e.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pointer.Int64P(1000) + e.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = esVersion.Spec.SecurityContext.RunAsUser } } diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/kafka_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/kafka_helpers.go index 97536de3f..725c769ad 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/kafka_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/kafka_helpers.go @@ -17,11 +17,13 @@ limitations under the License. package v1alpha2 import ( + "context" "fmt" "path/filepath" "strings" "kubedb.dev/apimachinery/apis" + catalog "kubedb.dev/apimachinery/apis/catalog/v1alpha1" "kubedb.dev/apimachinery/apis/kubedb" "kubedb.dev/apimachinery/crds" @@ -29,6 +31,8 @@ import ( "gomodules.xyz/pointer" core "k8s.io/api/core/v1" meta "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/klog/v2" kmapi "kmodules.xyz/client-go/api/v1" "kmodules.xyz/client-go/apiextensions" meta_util "kmodules.xyz/client-go/meta" @@ -316,14 +320,21 @@ func (k *Kafka) SetDefaults() { } } - k.setDefaultContainerSecurityContext(&k.Spec.PodTemplate) + var kfVersion catalog.KafkaVersion + err := DefaultClient.Get(context.TODO(), types.NamespacedName{Name: k.Spec.Version}, &kfVersion) + if err != nil { + klog.Errorf("can't get the kafka version object %s for %s \n", err.Error(), k.Spec.Version) + return + } + + k.setDefaultContainerSecurityContext(&kfVersion, &k.Spec.PodTemplate) if k.Spec.CruiseControl != nil { - k.setDefaultContainerSecurityContext(&k.Spec.CruiseControl.PodTemplate) + k.setDefaultContainerSecurityContext(&kfVersion, &k.Spec.CruiseControl.PodTemplate) } + k.Spec.Monitor.SetDefaults() - // If prometheus enabled, & RunAsUser not set. set the default 1001 if k.Spec.Monitor != nil && k.Spec.Monitor.Prometheus != nil && k.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { - k.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pointer.Int64P(1001) + k.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = kfVersion.Spec.SecurityContext.RunAsUser } if k.Spec.EnableSSL { @@ -332,17 +343,23 @@ func (k *Kafka) SetDefaults() { k.SetHealthCheckerDefaults() } -func (k *Kafka) setDefaultContainerSecurityContext(podTemplate *ofst.PodTemplateSpec) { +func (k *Kafka) setDefaultContainerSecurityContext(kfVersion *catalog.KafkaVersion, podTemplate *ofst.PodTemplateSpec) { if podTemplate == nil { return } if podTemplate.Spec.ContainerSecurityContext == nil { podTemplate.Spec.ContainerSecurityContext = &core.SecurityContext{} } - k.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext) + if podTemplate.Spec.SecurityContext == nil { + podTemplate.Spec.SecurityContext = &core.PodSecurityContext{} + } + if podTemplate.Spec.SecurityContext.FSGroup == nil { + podTemplate.Spec.SecurityContext.FSGroup = kfVersion.Spec.SecurityContext.RunAsUser + } + k.assignDefaultContainerSecurityContext(kfVersion, podTemplate.Spec.ContainerSecurityContext) } -func (k *Kafka) assignDefaultContainerSecurityContext(sc *core.SecurityContext) { +func (k *Kafka) assignDefaultContainerSecurityContext(kfVersion *catalog.KafkaVersion, sc *core.SecurityContext) { if sc.AllowPrivilegeEscalation == nil { sc.AllowPrivilegeEscalation = pointer.BoolP(false) } @@ -355,7 +372,10 @@ func (k *Kafka) assignDefaultContainerSecurityContext(sc *core.SecurityContext) sc.RunAsNonRoot = pointer.BoolP(true) } if sc.RunAsUser == nil { - sc.RunAsUser = pointer.Int64P(1001) + sc.RunAsUser = kfVersion.Spec.SecurityContext.RunAsUser + } + if sc.RunAsGroup == nil { + sc.RunAsGroup = kfVersion.Spec.SecurityContext.RunAsUser } if sc.SeccompProfile == nil { sc.SeccompProfile = secomp.DefaultSeccompProfile() diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mariadb_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mariadb_helpers.go index 94ca44567..d8ddfb3e2 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mariadb_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mariadb_helpers.go @@ -21,6 +21,7 @@ import ( "path/filepath" "kubedb.dev/apimachinery/apis" + "kubedb.dev/apimachinery/apis/catalog/v1alpha1" "kubedb.dev/apimachinery/apis/kubedb" "kubedb.dev/apimachinery/crds" @@ -191,7 +192,7 @@ func (m MariaDB) PrimaryServiceDNS() string { return fmt.Sprintf("%s.%s.svc", m.ServiceName(), m.Namespace) } -func (m *MariaDB) SetDefaults(topology *core_util.Topology) { +func (m *MariaDB) SetDefaults(mdVersion *v1alpha1.MariaDBVersion, topology *core_util.Topology) { if m == nil { return } @@ -202,7 +203,7 @@ func (m *MariaDB) SetDefaults(topology *core_util.Topology) { if m.Spec.Coordinator.SecurityContext == nil { m.Spec.Coordinator.SecurityContext = &core.SecurityContext{} } - m.assignDefaultContainerSecurityContext(m.Spec.Coordinator.SecurityContext) + m.assignDefaultContainerSecurityContext(mdVersion, m.Spec.Coordinator.SecurityContext) } if m.Spec.StorageType == "" { @@ -216,30 +217,35 @@ func (m *MariaDB) SetDefaults(topology *core_util.Topology) { m.Spec.PodTemplate.Spec.ServiceAccountName = m.OffshootName() } - m.setDefaultContainerSecurityContext(&m.Spec.PodTemplate) + m.setDefaultContainerSecurityContext(mdVersion, &m.Spec.PodTemplate) m.Spec.Monitor.SetDefaults() m.setDefaultAffinity(&m.Spec.PodTemplate, m.OffshootSelectors(), topology) m.SetTLSDefaults() m.SetHealthCheckerDefaults() apis.SetDefaultResourceLimits(&m.Spec.PodTemplate.Spec.Resources, DefaultResources) - // If prometheus enabled, & RunAsUser not set. set the default 999 if m.Spec.Monitor != nil && m.Spec.Monitor.Prometheus != nil && m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { - m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pointer.Int64P(999) + m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = mdVersion.Spec.SecurityContext.RunAsUser } } -func (m *MariaDB) setDefaultContainerSecurityContext(podTemplate *ofst.PodTemplateSpec) { +func (m *MariaDB) setDefaultContainerSecurityContext(mdVersion *v1alpha1.MariaDBVersion, podTemplate *ofst.PodTemplateSpec) { if podTemplate == nil { return } if podTemplate.Spec.ContainerSecurityContext == nil { podTemplate.Spec.ContainerSecurityContext = &core.SecurityContext{} } - m.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext) + if podTemplate.Spec.SecurityContext == nil { + podTemplate.Spec.SecurityContext = &core.PodSecurityContext{} + } + if podTemplate.Spec.SecurityContext.FSGroup == nil { + podTemplate.Spec.SecurityContext.FSGroup = mdVersion.Spec.SecurityContext.RunAsUser + } + m.assignDefaultContainerSecurityContext(mdVersion, podTemplate.Spec.ContainerSecurityContext) } -func (m *MariaDB) assignDefaultContainerSecurityContext(sc *core.SecurityContext) { +func (m *MariaDB) assignDefaultContainerSecurityContext(mdVersion *v1alpha1.MariaDBVersion, sc *core.SecurityContext) { if sc.AllowPrivilegeEscalation == nil { sc.AllowPrivilegeEscalation = pointer.BoolP(false) } @@ -252,7 +258,10 @@ func (m *MariaDB) assignDefaultContainerSecurityContext(sc *core.SecurityContext sc.RunAsNonRoot = pointer.BoolP(true) } if sc.RunAsUser == nil { - sc.RunAsUser = pointer.Int64P(999) + sc.RunAsUser = mdVersion.Spec.SecurityContext.RunAsUser + } + if sc.RunAsGroup == nil { + sc.RunAsGroup = mdVersion.Spec.SecurityContext.RunAsUser } if sc.SeccompProfile == nil { sc.SeccompProfile = secomp.DefaultSeccompProfile() diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mongodb_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mongodb_helpers.go index 8965bc1ed..fa26e89cb 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mongodb_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mongodb_helpers.go @@ -65,8 +65,7 @@ const ( MongoDBMongosLabelKey = "mongodb.kubedb.com/node.mongos" MongoDBTypeLabelKey = "mongodb.kubedb.com/node.type" - MongoDBShardAffinityTemplateVar = "SHARD_INDEX" - MongoDBUserID int64 = 999 + MongoDBShardAffinityTemplateVar = "SHARD_INDEX" ) type MongoShellScriptName string @@ -686,14 +685,14 @@ func (m *MongoDB) SetDefaults(mgVersion *v1alpha1.MongoDBVersion, topology *core mongosLabels[MongoDBMongosLabelKey] = m.MongosNodeName() m.setDefaultAffinity(&m.Spec.ShardTopology.Mongos.PodTemplate, mongosLabels, topology) - m.setDefaultSecurityContext(&m.Spec.ShardTopology.Shard.PodTemplate) - m.setDefaultSecurityContext(&m.Spec.ShardTopology.Mongos.PodTemplate) - m.setDefaultSecurityContext(&m.Spec.ShardTopology.ConfigServer.PodTemplate) + m.setDefaultSecurityContext(mgVersion, &m.Spec.ShardTopology.Shard.PodTemplate) + m.setDefaultSecurityContext(mgVersion, &m.Spec.ShardTopology.Mongos.PodTemplate) + m.setDefaultSecurityContext(mgVersion, &m.Spec.ShardTopology.ConfigServer.PodTemplate) if m.Spec.Arbiter != nil { - m.setDefaultSecurityContext(&m.Spec.Arbiter.PodTemplate) + m.setDefaultSecurityContext(mgVersion, &m.Spec.Arbiter.PodTemplate) } if m.Spec.Hidden != nil { - m.setDefaultSecurityContext(&m.Spec.Hidden.PodTemplate) + m.setDefaultSecurityContext(mgVersion, &m.Spec.Hidden.PodTemplate) } } else { if m.Spec.Replicas == nil { @@ -713,38 +712,37 @@ func (m *MongoDB) SetDefaults(mgVersion *v1alpha1.MongoDBVersion, topology *core m.setDefaultAffinity(m.Spec.PodTemplate, m.OffshootSelectors(), topology) apis.SetDefaultResourceLimits(&m.Spec.PodTemplate.Spec.Resources, DefaultResources) - m.setDefaultSecurityContext(m.Spec.PodTemplate) + m.setDefaultSecurityContext(mgVersion, m.Spec.PodTemplate) if m.Spec.Arbiter != nil { m.setDefaultProbes(&m.Spec.Arbiter.PodTemplate, mgVersion, true) m.setDefaultAffinity(&m.Spec.Arbiter.PodTemplate, m.OffshootSelectors(), topology) apis.SetDefaultResourceLimits(&m.Spec.Arbiter.PodTemplate.Spec.Resources, DefaultResources) - m.setDefaultSecurityContext(&m.Spec.Arbiter.PodTemplate) + m.setDefaultSecurityContext(mgVersion, &m.Spec.Arbiter.PodTemplate) } if m.Spec.Hidden != nil { m.setDefaultProbes(&m.Spec.Hidden.PodTemplate, mgVersion) m.setDefaultAffinity(&m.Spec.Hidden.PodTemplate, m.OffshootSelectors(), topology) apis.SetDefaultResourceLimits(&m.Spec.Hidden.PodTemplate.Spec.Resources, DefaultResources) - m.setDefaultSecurityContext(&m.Spec.Hidden.PodTemplate) + m.setDefaultSecurityContext(mgVersion, &m.Spec.Hidden.PodTemplate) } if m.Spec.ReplicaSet != nil { if m.Spec.Coordinator.SecurityContext == nil { m.Spec.Coordinator.SecurityContext = &core.SecurityContext{} } - m.assignDefaultContainerSecurityContext(m.Spec.Coordinator.SecurityContext) // modeDetector container + m.assignDefaultContainerSecurityContext(mgVersion, m.Spec.Coordinator.SecurityContext) // modeDetector container } } m.SetTLSDefaults() m.SetHealthCheckerDefaults() m.Spec.Monitor.SetDefaults() - // If prometheus enabled, & RunAsUser not set. set the default 999 if m.Spec.Monitor != nil && m.Spec.Monitor.Prometheus != nil && m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { - m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pointer.Int64P(MongoDBUserID) + m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = mgVersion.Spec.SecurityContext.RunAsUser } } -func (m *MongoDB) setDefaultSecurityContext(podTemplate *ofst.PodTemplateSpec) { +func (m *MongoDB) setDefaultSecurityContext(mgVersion *v1alpha1.MongoDBVersion, podTemplate *ofst.PodTemplateSpec) { if podTemplate == nil { return } @@ -755,12 +753,12 @@ func (m *MongoDB) setDefaultSecurityContext(podTemplate *ofst.PodTemplateSpec) { podTemplate.Spec.SecurityContext = &core.PodSecurityContext{} } if podTemplate.Spec.SecurityContext.FSGroup == nil { - podTemplate.Spec.SecurityContext.FSGroup = pointer.Int64P(MongoDBUserID) + podTemplate.Spec.SecurityContext.FSGroup = mgVersion.Spec.SecurityContext.RunAsUser } - m.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext) + m.assignDefaultContainerSecurityContext(mgVersion, podTemplate.Spec.ContainerSecurityContext) } -func (m *MongoDB) assignDefaultContainerSecurityContext(sc *core.SecurityContext) { +func (m *MongoDB) assignDefaultContainerSecurityContext(mgVersion *v1alpha1.MongoDBVersion, sc *core.SecurityContext) { if sc.AllowPrivilegeEscalation == nil { sc.AllowPrivilegeEscalation = pointer.BoolP(false) } @@ -773,10 +771,10 @@ func (m *MongoDB) assignDefaultContainerSecurityContext(sc *core.SecurityContext sc.RunAsNonRoot = pointer.BoolP(true) } if sc.RunAsUser == nil { - sc.RunAsUser = pointer.Int64P(MongoDBUserID) + sc.RunAsUser = mgVersion.Spec.SecurityContext.RunAsUser } if sc.RunAsGroup == nil { - sc.RunAsGroup = pointer.Int64P(MongoDBUserID) + sc.RunAsGroup = mgVersion.Spec.SecurityContext.RunAsUser } if sc.SeccompProfile == nil { sc.SeccompProfile = secomp.DefaultSeccompProfile() @@ -1012,28 +1010,6 @@ func (m *MongoDB) setDefaultAffinity(podTemplate *ofst.PodTemplateSpec, labels m } } -// setSecurityContext will set default PodSecurityContext. -// These values will be applied only to newly created objects. -// These defaultings should not be applied to DBs or dormantDBs, -// that is managed by previous operators, -func (m *MongoDBSpec) SetSecurityContext(podTemplate *ofst.PodTemplateSpec) { - if podTemplate == nil { - return - } - if podTemplate.Spec.SecurityContext == nil { - podTemplate.Spec.SecurityContext = new(core.PodSecurityContext) - } - if podTemplate.Spec.SecurityContext.FSGroup == nil { - podTemplate.Spec.SecurityContext.FSGroup = pointer.Int64P(MongoDBUserID) - } - if podTemplate.Spec.SecurityContext.RunAsNonRoot == nil { - podTemplate.Spec.SecurityContext.RunAsNonRoot = pointer.BoolP(true) - } - if podTemplate.Spec.SecurityContext.RunAsUser == nil { - podTemplate.Spec.SecurityContext.RunAsUser = pointer.Int64P(MongoDBUserID) - } -} - func (m *MongoDBSpec) GetPersistentSecrets() []string { if m == nil { return nil diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_helpers.go index 64ce30db0..1c9685e00 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mysql_helpers.go @@ -20,6 +20,7 @@ import ( "fmt" "kubedb.dev/apimachinery/apis" + "kubedb.dev/apimachinery/apis/catalog/v1alpha1" "kubedb.dev/apimachinery/apis/kubedb" "kubedb.dev/apimachinery/crds" @@ -254,7 +255,7 @@ func (m *MySQL) IsSemiSync() bool { *m.Spec.Topology.Mode == MySQLModeSemiSync } -func (m *MySQL) SetDefaults(topology *core_util.Topology) { +func (m *MySQL) SetDefaults(myVersion *v1alpha1.MySQLVersion, topology *core_util.Topology) { if m == nil { return } @@ -272,7 +273,7 @@ func (m *MySQL) SetDefaults(topology *core_util.Topology) { if m.Spec.Coordinator.SecurityContext == nil { m.Spec.Coordinator.SecurityContext = &core.SecurityContext{} } - m.assignDefaultContainerSecurityContext(m.Spec.Coordinator.SecurityContext) + m.assignDefaultContainerSecurityContext(myVersion, m.Spec.Coordinator.SecurityContext) } } else { if m.Spec.Replicas == nil { @@ -284,16 +285,15 @@ func (m *MySQL) SetDefaults(topology *core_util.Topology) { m.Spec.PodTemplate.Spec.ServiceAccountName = m.OffshootName() } - m.setDefaultContainerSecurityContext(&m.Spec.PodTemplate) + m.setDefaultContainerSecurityContext(myVersion, &m.Spec.PodTemplate) m.Spec.Monitor.SetDefaults() m.setDefaultAffinity(&m.Spec.PodTemplate, m.OffshootSelectors(), topology) m.SetTLSDefaults() m.SetHealthCheckerDefaults() apis.SetDefaultResourceLimits(&m.Spec.PodTemplate.Spec.Resources, DefaultResources) - // If prometheus enabled, & RunAsUser not set. set the default 999 if m.Spec.Monitor != nil && m.Spec.Monitor.Prometheus != nil && m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { - m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pointer.Int64P(999) + m.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = myVersion.Spec.SecurityContext.RunAsUser } } @@ -418,17 +418,23 @@ func (m *MySQL) GetRouterName() string { return fmt.Sprintf("%s-router", m.Name) } -func (m *MySQL) setDefaultContainerSecurityContext(podTemplate *ofst.PodTemplateSpec) { +func (m *MySQL) setDefaultContainerSecurityContext(myVersion *v1alpha1.MySQLVersion, podTemplate *ofst.PodTemplateSpec) { if podTemplate == nil { return } if podTemplate.Spec.ContainerSecurityContext == nil { podTemplate.Spec.ContainerSecurityContext = &core.SecurityContext{} } - m.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext) + if podTemplate.Spec.SecurityContext == nil { + podTemplate.Spec.SecurityContext = &core.PodSecurityContext{} + } + if podTemplate.Spec.SecurityContext.FSGroup == nil { + podTemplate.Spec.SecurityContext.FSGroup = myVersion.Spec.SecurityContext.RunAsUser + } + m.assignDefaultContainerSecurityContext(myVersion, podTemplate.Spec.ContainerSecurityContext) } -func (m *MySQL) assignDefaultContainerSecurityContext(sc *core.SecurityContext) { +func (m *MySQL) assignDefaultContainerSecurityContext(myVersion *v1alpha1.MySQLVersion, sc *core.SecurityContext) { if sc.AllowPrivilegeEscalation == nil { sc.AllowPrivilegeEscalation = pointer.BoolP(false) } @@ -441,7 +447,10 @@ func (m *MySQL) assignDefaultContainerSecurityContext(sc *core.SecurityContext) sc.RunAsNonRoot = pointer.BoolP(true) } if sc.RunAsUser == nil { - sc.RunAsUser = pointer.Int64P(999) + sc.RunAsUser = myVersion.Spec.SecurityContext.RunAsUser + } + if sc.RunAsGroup == nil { + sc.RunAsGroup = myVersion.Spec.SecurityContext.RunAsUser } if sc.SeccompProfile == nil { sc.SeccompProfile = secomp.DefaultSeccompProfile() diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/perconaxtradb_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/perconaxtradb_helpers.go index e830e4a07..8d2ab393a 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/perconaxtradb_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/perconaxtradb_helpers.go @@ -21,6 +21,7 @@ import ( "path/filepath" "kubedb.dev/apimachinery/apis" + "kubedb.dev/apimachinery/apis/catalog/v1alpha1" "kubedb.dev/apimachinery/apis/kubedb" "kubedb.dev/apimachinery/crds" @@ -34,6 +35,7 @@ import ( "kmodules.xyz/client-go/apiextensions" core_util "kmodules.xyz/client-go/core/v1" meta_util "kmodules.xyz/client-go/meta" + "kmodules.xyz/client-go/policy/secomp" appcat "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1" mona "kmodules.xyz/monitoring-agent-api/api/v1" ofst "kmodules.xyz/offshoot-api/api/v1" @@ -204,7 +206,7 @@ func (p PerconaXtraDB) PrimaryServiceDNS() string { return fmt.Sprintf("%s.%s.svc", p.ServiceName(), p.Namespace) } -func (p *PerconaXtraDB) SetDefaults(topology *core_util.Topology) { +func (p *PerconaXtraDB) SetDefaults(pVersion *v1alpha1.PerconaXtraDBVersion, topology *core_util.Topology) { if p == nil { return } @@ -224,28 +226,57 @@ func (p *PerconaXtraDB) SetDefaults(topology *core_util.Topology) { p.Spec.PodTemplate.Spec.ServiceAccountName = p.OffshootName() } - if p.Spec.PodTemplate.Spec.SecurityContext == nil { - p.Spec.PodTemplate.Spec.SecurityContext = &core.PodSecurityContext{ - RunAsUser: pointer.Int64P(PerconaXtraDBMySQLUserGroupID), - RunAsGroup: pointer.Int64P(PerconaXtraDBMySQLUserGroupID), - } - } else { - if p.Spec.PodTemplate.Spec.SecurityContext.RunAsUser == nil { - p.Spec.PodTemplate.Spec.SecurityContext.RunAsUser = pointer.Int64P(PerconaXtraDBMySQLUserGroupID) - } - if p.Spec.PodTemplate.Spec.SecurityContext.RunAsGroup == nil { - p.Spec.PodTemplate.Spec.SecurityContext.RunAsGroup = pointer.Int64P(PerconaXtraDBMySQLUserGroupID) - } - } // Need to set FSGroup equal to p.Spec.PodTemplate.Spec.ContainerSecurityContext.RunAsGroup. // So that /var/pv directory have the group permission for the RunAsGroup user GID. // Otherwise, We will get write permission denied. - p.Spec.PodTemplate.Spec.SecurityContext.FSGroup = p.Spec.PodTemplate.Spec.SecurityContext.RunAsGroup + p.setDefaultContainerSecurityContext(pVersion, &p.Spec.PodTemplate) p.Spec.Monitor.SetDefaults() p.setDefaultAffinity(&p.Spec.PodTemplate, p.OffshootSelectors(), topology) p.SetTLSDefaults() apis.SetDefaultResourceLimits(&p.Spec.PodTemplate.Spec.Resources, DefaultResources) + if p.Spec.Monitor != nil && p.Spec.Monitor.Prometheus != nil && p.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { + p.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pVersion.Spec.SecurityContext.RunAsUser + } +} + +func (p *PerconaXtraDB) setDefaultContainerSecurityContext(pVersion *v1alpha1.PerconaXtraDBVersion, podTemplate *ofst.PodTemplateSpec) { + if podTemplate == nil { + return + } + if podTemplate.Spec.ContainerSecurityContext == nil { + podTemplate.Spec.ContainerSecurityContext = &core.SecurityContext{} + } + if podTemplate.Spec.SecurityContext == nil { + podTemplate.Spec.SecurityContext = &core.PodSecurityContext{} + } + if podTemplate.Spec.SecurityContext.FSGroup == nil { + podTemplate.Spec.SecurityContext.FSGroup = pVersion.Spec.SecurityContext.RunAsUser + } + p.assignDefaultContainerSecurityContext(pVersion, podTemplate.Spec.ContainerSecurityContext) +} + +func (p *PerconaXtraDB) assignDefaultContainerSecurityContext(pVersion *v1alpha1.PerconaXtraDBVersion, sc *core.SecurityContext) { + if sc.AllowPrivilegeEscalation == nil { + sc.AllowPrivilegeEscalation = pointer.BoolP(false) + } + if sc.Capabilities == nil { + sc.Capabilities = &core.Capabilities{ + Drop: []core.Capability{"ALL"}, + } + } + if sc.RunAsNonRoot == nil { + sc.RunAsNonRoot = pointer.BoolP(true) + } + if sc.RunAsUser == nil { + sc.RunAsUser = pVersion.Spec.SecurityContext.RunAsUser + } + if sc.RunAsGroup == nil { + sc.RunAsGroup = pVersion.Spec.SecurityContext.RunAsUser + } + if sc.SeccompProfile == nil { + sc.SeccompProfile = secomp.DefaultSeccompProfile() + } } // setDefaultAffinity diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/pgbouncer_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/pgbouncer_helpers.go index 4fcaadeee..3bb1f2257 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/pgbouncer_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/pgbouncer_helpers.go @@ -211,6 +211,9 @@ func (p *PgBouncer) SetDefaults(pgBouncerVersion *catalog.PgBouncerVersion, uses } p.Spec.Monitor.SetDefaults() + if p.Spec.Monitor != nil && p.Spec.Monitor.Prometheus != nil && p.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { + p.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pgBouncerVersion.Spec.SecurityContext.RunAsUser + } apis.SetDefaultResourceLimits(&p.Spec.PodTemplate.Spec.Resources, DefaultResources) } diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/postgres_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/postgres_helpers.go index 211d7cdd9..5359acc9c 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/postgres_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/postgres_helpers.go @@ -267,6 +267,9 @@ func (p *Postgres) SetDefaults(postgresVersion *catalog.PostgresVersion, topolog p.SetHealthCheckerDefaults() apis.SetDefaultResourceLimits(&p.Spec.PodTemplate.Spec.Resources, DefaultResources) p.setDefaultAffinity(&p.Spec.PodTemplate, p.OffshootSelectors(), topology) + if p.Spec.Monitor != nil && p.Spec.Monitor.Prometheus != nil && p.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { + p.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = postgresVersion.Spec.SecurityContext.RunAsUser + } } func (p *Postgres) setDefaultInitContainerSecurityContext(podTemplate *ofst.PodTemplateSpec, pgVersion *catalog.PostgresVersion) { @@ -313,6 +316,12 @@ func (p *Postgres) setDefaultContainerSecurityContext(podTemplate *ofst.PodTempl if podTemplate.Spec.ContainerSecurityContext == nil { podTemplate.Spec.ContainerSecurityContext = &core.SecurityContext{} } + if podTemplate.Spec.SecurityContext == nil { + podTemplate.Spec.SecurityContext = &core.PodSecurityContext{} + } + if podTemplate.Spec.SecurityContext.FSGroup == nil { + podTemplate.Spec.SecurityContext.FSGroup = pgVersion.Spec.SecurityContext.RunAsUser + } p.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext, pgVersion) } diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/redis_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/redis_helpers.go index 74281378e..ebe5048e4 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/redis_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/redis_helpers.go @@ -20,6 +20,7 @@ import ( "fmt" "kubedb.dev/apimachinery/apis" + catalog "kubedb.dev/apimachinery/apis/catalog/v1alpha1" "kubedb.dev/apimachinery/apis/kubedb" "kubedb.dev/apimachinery/crds" @@ -203,7 +204,7 @@ func (r Redis) StatsServiceLabels() map[string]string { return r.ServiceLabels(StatsServiceAlias, map[string]string{LabelRole: RoleStats}) } -func (r *Redis) SetDefaults(topology *core_util.Topology) { +func (r *Redis) SetDefaults(rdVersion *catalog.RedisVersion, topology *core_util.Topology) { if r == nil { return } @@ -228,7 +229,7 @@ func (r *Redis) SetDefaults(topology *core_util.Topology) { if r.Spec.TerminationPolicy == "" { r.Spec.TerminationPolicy = TerminationPolicyDelete } - r.setDefaultContainerSecurityContext(&r.Spec.PodTemplate) + r.setDefaultContainerSecurityContext(rdVersion, &r.Spec.PodTemplate) if r.Spec.PodTemplate.Spec.ServiceAccountName == "" { r.Spec.PodTemplate.Spec.ServiceAccountName = r.OffshootName() } @@ -240,9 +241,8 @@ func (r *Redis) SetDefaults(topology *core_util.Topology) { r.setDefaultAffinity(&r.Spec.PodTemplate, labels, topology) r.Spec.Monitor.SetDefaults() - // If prometheus enabled, & RunAsUser not set. set the default 999 if r.Spec.Monitor != nil && r.Spec.Monitor.Prometheus != nil && r.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { - r.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pointer.Int64P(999) + r.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = rdVersion.Spec.SecurityContext.RunAsUser } r.SetTLSDefaults() r.SetHealthCheckerDefaults() @@ -321,17 +321,23 @@ func (r *Redis) setDefaultAffinity(podTemplate *ofst.PodTemplateSpec, labels map } } -func (r *Redis) setDefaultContainerSecurityContext(podTemplate *ofst.PodTemplateSpec) { +func (r *Redis) setDefaultContainerSecurityContext(rdVersion *catalog.RedisVersion, podTemplate *ofst.PodTemplateSpec) { if podTemplate == nil { return } if podTemplate.Spec.ContainerSecurityContext == nil { podTemplate.Spec.ContainerSecurityContext = &corev1.SecurityContext{} } - r.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext) + if podTemplate.Spec.SecurityContext == nil { + podTemplate.Spec.SecurityContext = &corev1.PodSecurityContext{} + } + if podTemplate.Spec.SecurityContext.FSGroup == nil { + podTemplate.Spec.SecurityContext.FSGroup = rdVersion.Spec.SecurityContext.RunAsUser + } + r.assignDefaultContainerSecurityContext(rdVersion, podTemplate.Spec.ContainerSecurityContext) } -func (r *Redis) assignDefaultContainerSecurityContext(sc *corev1.SecurityContext) { +func (r *Redis) assignDefaultContainerSecurityContext(rdVersion *catalog.RedisVersion, sc *corev1.SecurityContext) { if sc.AllowPrivilegeEscalation == nil { sc.AllowPrivilegeEscalation = pointer.BoolP(false) } @@ -344,7 +350,10 @@ func (r *Redis) assignDefaultContainerSecurityContext(sc *corev1.SecurityContext sc.RunAsNonRoot = pointer.BoolP(true) } if sc.RunAsUser == nil { - sc.RunAsUser = pointer.Int64P(999) + sc.RunAsUser = rdVersion.Spec.SecurityContext.RunAsUser + } + if sc.RunAsGroup == nil { + sc.RunAsGroup = rdVersion.Spec.SecurityContext.RunAsUser } if sc.SeccompProfile == nil { sc.SeccompProfile = secomp.DefaultSeccompProfile() diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/redis_sentinel_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/redis_sentinel_helpers.go index 52a75707f..824617273 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/redis_sentinel_helpers.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/redis_sentinel_helpers.go @@ -20,6 +20,7 @@ import ( "fmt" "kubedb.dev/apimachinery/apis" + catalog "kubedb.dev/apimachinery/apis/catalog/v1alpha1" "kubedb.dev/apimachinery/apis/kubedb" "kubedb.dev/apimachinery/crds" @@ -178,7 +179,7 @@ func (rs RedisSentinel) StatsServiceLabels() map[string]string { return rs.ServiceLabels(StatsServiceAlias, map[string]string{LabelRole: RoleStats}) } -func (rs *RedisSentinel) SetDefaults(topology *core_util.Topology) { +func (rs *RedisSentinel) SetDefaults(rdVersion *catalog.RedisVersion, topology *core_util.Topology) { if rs == nil { return } @@ -190,7 +191,7 @@ func (rs *RedisSentinel) SetDefaults(topology *core_util.Topology) { rs.Spec.TerminationPolicy = TerminationPolicyDelete } - rs.setDefaultContainerSecurityContext(&rs.Spec.PodTemplate) + rs.setDefaultContainerSecurityContext(rdVersion, &rs.Spec.PodTemplate) if rs.Spec.PodTemplate.Spec.ServiceAccountName == "" { rs.Spec.PodTemplate.Spec.ServiceAccountName = rs.OffshootName() } @@ -198,9 +199,8 @@ func (rs *RedisSentinel) SetDefaults(topology *core_util.Topology) { rs.setDefaultAffinity(&rs.Spec.PodTemplate, rs.OffshootSelectors(), topology) rs.Spec.Monitor.SetDefaults() - // If prometheus enabled, & RunAsUser not set. set the default 999 if rs.Spec.Monitor != nil && rs.Spec.Monitor.Prometheus != nil && rs.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser == nil { - rs.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = pointer.Int64P(999) + rs.Spec.Monitor.Prometheus.Exporter.SecurityContext.RunAsUser = rdVersion.Spec.SecurityContext.RunAsUser } rs.SetTLSDefaults() rs.SetHealthCheckerDefaults() @@ -279,17 +279,23 @@ func (rs *RedisSentinel) setDefaultAffinity(podTemplate *ofst.PodTemplateSpec, l } } -func (rs *RedisSentinel) setDefaultContainerSecurityContext(podTemplate *ofst.PodTemplateSpec) { +func (rs *RedisSentinel) setDefaultContainerSecurityContext(rdVersion *catalog.RedisVersion, podTemplate *ofst.PodTemplateSpec) { if podTemplate == nil { return } if podTemplate.Spec.ContainerSecurityContext == nil { podTemplate.Spec.ContainerSecurityContext = &corev1.SecurityContext{} } - rs.assignDefaultContainerSecurityContext(podTemplate.Spec.ContainerSecurityContext) + if podTemplate.Spec.SecurityContext == nil { + podTemplate.Spec.SecurityContext = &corev1.PodSecurityContext{} + } + if podTemplate.Spec.SecurityContext.FSGroup == nil { + podTemplate.Spec.SecurityContext.FSGroup = rdVersion.Spec.SecurityContext.RunAsUser + } + rs.assignDefaultContainerSecurityContext(rdVersion, podTemplate.Spec.ContainerSecurityContext) } -func (rs *RedisSentinel) assignDefaultContainerSecurityContext(sc *corev1.SecurityContext) { +func (rs *RedisSentinel) assignDefaultContainerSecurityContext(rdVersion *catalog.RedisVersion, sc *corev1.SecurityContext) { if sc.AllowPrivilegeEscalation == nil { sc.AllowPrivilegeEscalation = pointer.BoolP(false) } @@ -302,7 +308,10 @@ func (rs *RedisSentinel) assignDefaultContainerSecurityContext(sc *corev1.Securi sc.RunAsNonRoot = pointer.BoolP(true) } if sc.RunAsUser == nil { - sc.RunAsUser = pointer.Int64P(999) + sc.RunAsUser = rdVersion.Spec.SecurityContext.RunAsUser + } + if sc.RunAsGroup == nil { + sc.RunAsGroup = rdVersion.Spec.SecurityContext.RunAsUser } if sc.SeccompProfile == nil { sc.SeccompProfile = secomp.DefaultSeccompProfile() diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/types.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/types.go index 3f0b50b28..b8353244f 100644 --- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/types.go +++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/types.go @@ -17,12 +17,26 @@ limitations under the License. package v1alpha2 import ( + "sync" + core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kmapi "kmodules.xyz/client-go/api/v1" ofst "kmodules.xyz/offshoot-api/api/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +var ( + once sync.Once + DefaultClient client.Client ) +func SetDefaultClient(kc client.Client) { + once.Do(func() { + DefaultClient = kc + }) +} + type InitSpec struct { // Initialized indicates that this database has been initialized. // This will be set by the operator when status.conditions["Provisioned"] is set to ensure diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_etcdversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_etcdversions.yaml index 4e22f6153..910c6f496 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_etcdversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_etcdversions.yaml @@ -68,6 +68,12 @@ spec: required: - image type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object stash: properties: addon: diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_kafkaversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_kafkaversions.yaml index fc1b06986..54d684b5e 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_kafkaversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_kafkaversions.yaml @@ -68,6 +68,12 @@ spec: required: - databasePolicyName type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object stash: properties: addon: diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mariadbversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mariadbversions.yaml index 01c2d90d2..3c136d0ed 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mariadbversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mariadbversions.yaml @@ -89,6 +89,12 @@ spec: required: - databasePolicyName type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object stash: properties: addon: diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_memcachedversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_memcachedversions.yaml index 6addd3bc6..9a4c9bb8f 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_memcachedversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_memcachedversions.yaml @@ -68,6 +68,12 @@ spec: required: - databasePolicyName type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object version: type: string required: diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mongodbversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mongodbversions.yaml index efa273a9e..5de254212 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mongodbversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mongodbversions.yaml @@ -141,6 +141,12 @@ spec: required: - image type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object stash: properties: addon: diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mysqlversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mysqlversions.yaml index 97bb5babf..6c5c52944 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mysqlversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_mysqlversions.yaml @@ -121,6 +121,12 @@ spec: required: - image type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object stash: properties: addon: diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_perconaxtradbversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_perconaxtradbversions.yaml index 115fb1ddd..3c4471fa3 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_perconaxtradbversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_perconaxtradbversions.yaml @@ -89,6 +89,12 @@ spec: required: - databasePolicyName type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object stash: properties: addon: diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_proxysqlversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_proxysqlversions.yaml index 90582946b..cde519ca8 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_proxysqlversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_proxysqlversions.yaml @@ -66,6 +66,12 @@ spec: required: - image type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object updateConstraints: properties: allowlist: diff --git a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_redisversions.yaml b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_redisversions.yaml index 25a68430f..cc8965ba7 100644 --- a/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_redisversions.yaml +++ b/vendor/kubedb.dev/apimachinery/crds/catalog.kubedb.com_redisversions.yaml @@ -89,6 +89,12 @@ spec: required: - databasePolicyName type: object + securityContext: + properties: + runAsUser: + format: int64 + type: integer + type: object stash: properties: addon: diff --git a/vendor/kubestash.dev/apimachinery/apis/constant.go b/vendor/kubestash.dev/apimachinery/apis/constant.go index d882efab1..25c89934d 100644 --- a/vendor/kubestash.dev/apimachinery/apis/constant.go +++ b/vendor/kubestash.dev/apimachinery/apis/constant.go @@ -19,9 +19,6 @@ package apis import "time" const ( - RequeueTimeInterval = 10 * time.Second - OwnerKey = ".metadata.controller" - KubeStashKey = "kubestash.com" KubeStashApp = "kubestash.com/app" KubeStashCleanupFinalizer = "kubestash.com/cleanup" @@ -39,6 +36,8 @@ const ( KindReplicationController = "ReplicationController" KindJob = "Job" KindVolumeSnapshot = "VolumeSnapshot" + KindNamespace = "Namespace" + KindEmpty = "" ) const ( @@ -71,8 +70,7 @@ const ( // Keys for snapshots labels const ( - KubeStashRepositoryName = "kubestash.com/repo-name" - + KubeStashRepoName = "kubestash.com/repo-name" KubeStashAppRefKind = "kubestash.com/app-ref-kind" KubeStashAppRefNamespace = "kubestash.com/app-ref-namespace" KubeStashAppRefName = "kubestash.com/app-ref-name" @@ -109,42 +107,9 @@ const ( // Reconciliation related const ( - Requeue = true - DoNotRequeue = false -) - -// Addon related -const ( - EnvComponentName = "COMPONENT_NAME" - - ComponentPod = "pod" - ComponentDeployment = "deployment" - ComponentPVC = "pvc" - ComponentDump = "dump" - ComponentManifests = "manifests" - ComponentVolumeSnapshots = "volumesnapshots" - - DirRepository = "repository" -) - -// Interim Volume Related Constant -const ( - KeyDBVersion = "DB_VERSION" - - KeyInterimVolume = "INTERIM_VOLUME" - InterimVolumeName = "kubestash-interim-volume" -) - -// PersistentVolumeClaim related -const ( - KeyPodOrdinal = "POD_ORDINAL" - PVCName = "PVC_NAME" -) - -// Kubedump related -const ( - TargetKindEmpty = "" - KindNamespace = "Namespace" + RequeueTimeInterval = 10 * time.Second + Requeue = true + DoNotRequeue = false ) // Local Network Volume Accessor related @@ -164,7 +129,25 @@ const ( KubeStashPopulatorContainer = "kubestash-populator" ) -// Snapshot version related constants const ( + ComponentPod = "pod" + ComponentDeployment = "deployment" + ComponentPVC = "pvc" + ComponentDump = "dump" + ComponentWal = "wal" + ComponentManifests = "manifests" + ComponentVolumeSnapshots = "volumesnapshots" +) + +const ( + EnvComponentName = "COMPONENT_NAME" + KeyPodOrdinal = "POD_ORDINAL" + KeyPVCName = "PVC_NAME" + KeyDBVersion = "DB_VERSION" + KeyInterimVolume = "INTERIM_VOLUME" + + InterimVolumeName = "kubestash-interim-volume" + OwnerKey = ".metadata.controller" SnapshotVersionV1 = "v1" + DirRepository = "repository" ) diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_helpers.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_helpers.go index 015153552..06e620440 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_helpers.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_helpers.go @@ -98,7 +98,7 @@ func (b *BackupConfiguration) GetTargetRef() *kmapi.TypedObjectReference { if b.Spec.Target == nil { return &kmapi.TypedObjectReference{ APIGroup: "na", - Kind: apis.TargetKindEmpty, + Kind: apis.KindEmpty, Name: "na", } } diff --git a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go index e2b48d7af..a99af0277 100644 --- a/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go +++ b/vendor/kubestash.dev/apimachinery/apis/core/v1alpha1/backupconfiguration_webhook.go @@ -136,7 +136,7 @@ func (b *BackupConfiguration) getDefaultStorage(ctx context.Context, c client.Cl } } - backupconfigurationlog.Error(fmt.Errorf("no default BackupStorage is found"), "no usable default BackupStorage is found") + backupconfigurationlog.Error(fmt.Errorf("no default BackupStorage found"), "") return nil } @@ -178,7 +178,7 @@ func (b *BackupConfiguration) getDefaultRetentionPolicy(ctx context.Context, c c } } - backupconfigurationlog.Error(fmt.Errorf("no default RetentionPolicy is found"), "no usable default RetentionPolicy is found") + backupconfigurationlog.Error(fmt.Errorf("no default RetentionPolicy found"), "") return nil } @@ -300,6 +300,10 @@ func (b *BackupConfiguration) validateSessions(ctx context.Context, c client.Cli } } + if err := b.validateUniqueRepo(); err != nil { + return err + } + if err := b.validateUniqueRepoDir(ctx, c); err != nil { return err } @@ -337,7 +341,7 @@ func (b *BackupConfiguration) validateAddonInfo(session Session) error { } if session.Addon.Name == "" { - return fmt.Errorf("addon name is empty for session: %q. Please provide a valid addon name", session.Addon.Name) + return fmt.Errorf("addon name is empty for session: %q. Please provide a valid addon name", session.Name) } if len(session.Addon.Tasks) == 0 { @@ -388,6 +392,21 @@ func (b *BackupConfiguration) validateRepositories(ctx context.Context, c client return nil } +func (b *BackupConfiguration) validateUniqueRepo() error { + mapRepoToBackend := make(map[string]map[string]string) + for _, session := range b.Spec.Sessions { + for _, repo := range session.Repositories { + if repoInfo, ok := mapRepoToBackend[repo.Name]; ok && repoInfo[repo.Backend] == repo.Name { + return fmt.Errorf("repository %q can not be used from multiple sessions. Please choose a different repository", repo.Name) + } + mapRepoToBackend[repo.Name] = map[string]string{ + repo.Backend: repo.Name, + } + } + } + return nil +} + func (b *BackupConfiguration) validateUniqueRepoDir(ctx context.Context, c client.Client) error { if err := b.validateRepoDirectories(); err != nil { return err diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/repository_types.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/repository_types.go index 0fac35595..ad2bf9b65 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/repository_types.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/repository_types.go @@ -31,8 +31,6 @@ const ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=repositories,singular=repository,shortName=repo,categories={kubestash,appscode,all} -// +kubebuilder:printcolumn:name="App",type="string",JSONPath=".spec.appRef.Kind/.spec.appRef.name" -// +kubebuilder:printcolumn:name="BackupStorage",type="string",JSONPath=".spec.storageRef.namespace/.spec.storageRef.name" // +kubebuilder:printcolumn:name="Integrity",type="boolean",JSONPath=".status.integrity" // +kubebuilder:printcolumn:name="Snapshot-Count",type="integer",JSONPath=".status.snapshotCount" // +kubebuilder:printcolumn:name="Size",type="string",JSONPath=".status.size" @@ -94,7 +92,7 @@ type RepositoryStatus struct { // LastBackupTime specifies the timestamp when the last successful backup has been taken // +optional - LastBackupTime string `json:"lastBackupTime,omitempty"` + LastBackupTime *metav1.Time `json:"lastBackupTime,omitempty"` // Integrity specifies whether the backed up data of this Repository has been corrupted or not // +optional diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_helpers.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_helpers.go index 2924afa8c..06a8b8213 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_helpers.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_helpers.go @@ -22,7 +22,6 @@ import ( "kubestash.dev/apimachinery/crds" "path/filepath" "regexp" - "strconv" "strings" "kmodules.xyz/client-go/apiextensions" @@ -114,7 +113,7 @@ func (s *Snapshot) GetTotalBackupSizeInBytes() (uint64, error) { return 0, fmt.Errorf("resticStats size of component %s is invalid for the snapshot %s/%s", componentName, s.Namespace, s.Name) } - sizeInByte, err := convertSizeToByte(sizeWithUnit) + sizeInByte, err := ConvertSizeToByte(sizeWithUnit) if err != nil { return 0, err } @@ -140,51 +139,13 @@ func (s *Snapshot) GetSize() string { return "" } - sizeInByte, err := convertSizeToByte(sizeWithUnit) + sizeInByte, err := ConvertSizeToByte(sizeWithUnit) if err != nil { return "" } totalSizeInByte += sizeInByte } - return formatBytes(totalSizeInByte) -} - -func convertSizeToByte(sizeWithUnit []string) (uint64, error) { - numeral, err := strconv.ParseFloat(sizeWithUnit[0], 64) - if err != nil { - return 0, err - } - - switch sizeWithUnit[1] { - case "TiB": - return uint64(numeral * (1 << 40)), nil - case "GiB": - return uint64(numeral * (1 << 30)), nil - case "MiB": - return uint64(numeral * (1 << 20)), nil - case "KiB": - return uint64(numeral * (1 << 10)), nil - case "B": - return uint64(numeral), nil - default: - return 0, fmt.Errorf("no valid unit matched") - } -} - -func formatBytes(c uint64) string { - b := float64(c) - switch { - case c > 1<<40: - return fmt.Sprintf("%.3f TiB", b/(1<<40)) - case c > 1<<30: - return fmt.Sprintf("%.3f GiB", b/(1<<30)) - case c > 1<<20: - return fmt.Sprintf("%.3f MiB", b/(1<<20)) - case c > 1<<10: - return fmt.Sprintf("%.3f KiB", b/(1<<10)) - default: - return fmt.Sprintf("%d B", c) - } + return FormatBytes(totalSizeInByte) } func GenerateSnapshotName(repoName, backupSession string) string { diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_types.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_types.go index 91373f81c..9e66f3487 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_types.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/snapshot_types.go @@ -38,7 +38,6 @@ const ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=snapshots,singular=snapshot,categories={kubestash,appscode} -// +kubebuilder:printcolumn:name="App",type="string",JSONPath=".spec.appRef.Kind/.spec.appRef.name" // +kubebuilder:printcolumn:name="Repository",type="string",JSONPath=".spec.repository" // +kubebuilder:printcolumn:name="Session",type="string",JSONPath=".spec.session" // +kubebuilder:printcolumn:name="Snapshot-Time",type="string",JSONPath=".status.snapshotTime" diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types_helpers.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types_helpers.go index d3f3be7e8..30af80097 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types_helpers.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/types_helpers.go @@ -17,8 +17,10 @@ limitations under the License. package v1alpha1 import ( + "fmt" "gomodules.xyz/x/filepath" core "k8s.io/api/core/v1" + "strconv" ) // ToVolumeAndMount returns volumes and mounts for local backend @@ -39,3 +41,41 @@ func (l LocalSpec) ToLocalMountPath(storageName string) (string, error) { _, mnt := l.ToVolumeAndMount(storageName) return filepath.SecureJoin("/", storageName, mnt.MountPath) } + +func ConvertSizeToByte(sizeWithUnit []string) (uint64, error) { + numeral, err := strconv.ParseFloat(sizeWithUnit[0], 64) + if err != nil { + return 0, err + } + + switch sizeWithUnit[1] { + case "TiB": + return uint64(numeral * (1 << 40)), nil + case "GiB": + return uint64(numeral * (1 << 30)), nil + case "MiB": + return uint64(numeral * (1 << 20)), nil + case "KiB": + return uint64(numeral * (1 << 10)), nil + case "B": + return uint64(numeral), nil + default: + return 0, fmt.Errorf("no valid unit matched") + } +} + +func FormatBytes(c uint64) string { + b := float64(c) + switch { + case c > 1<<40: + return fmt.Sprintf("%.3f TiB", b/(1<<40)) + case c > 1<<30: + return fmt.Sprintf("%.3f GiB", b/(1<<30)) + case c > 1<<20: + return fmt.Sprintf("%.3f MiB", b/(1<<20)) + case c > 1<<10: + return fmt.Sprintf("%.3f KiB", b/(1<<10)) + default: + return fmt.Sprintf("%d B", c) + } +} diff --git a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go index 221d62eff..0005004df 100644 --- a/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/kubestash.dev/apimachinery/apis/storage/v1alpha1/zz_generated.deepcopy.go @@ -429,6 +429,10 @@ func (in *RepositorySpec) DeepCopy() *RepositorySpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RepositoryStatus) DeepCopyInto(out *RepositoryStatus) { *out = *in + if in.LastBackupTime != nil { + in, out := &in.LastBackupTime, &out.LastBackupTime + *out = (*in).DeepCopy() + } if in.Integrity != nil { in, out := &in.Integrity, &out.Integrity *out = new(bool) diff --git a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_repositories.yaml b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_repositories.yaml index 8bd0127bf..fdfb85a4d 100644 --- a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_repositories.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_repositories.yaml @@ -21,12 +21,6 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: .spec.appRef.Kind/.spec.appRef.name - name: App - type: string - - jsonPath: .spec.storageRef.namespace/.spec.storageRef.name - name: BackupStorage - type: string - jsonPath: .status.integrity name: Integrity type: boolean @@ -211,6 +205,7 @@ spec: lastBackupTime: description: LastBackupTime specifies the timestamp when the last successful backup has been taken + format: date-time type: string phase: description: Phase represents the current state of the Repository. diff --git a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_snapshots.yaml b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_snapshots.yaml index 0bb33aa6a..f819e587f 100644 --- a/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_snapshots.yaml +++ b/vendor/kubestash.dev/apimachinery/crds/storage.kubestash.com_snapshots.yaml @@ -18,9 +18,6 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: .spec.appRef.Kind/.spec.appRef.name - name: App - type: string - jsonPath: .spec.repository name: Repository type: string diff --git a/vendor/modules.txt b/vendor/modules.txt index 0aa8f2ae1..b57a599d3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1483,7 +1483,7 @@ kmodules.xyz/offshoot-api/api/v1 # kmodules.xyz/prober v0.25.0 ## explicit; go 1.18 kmodules.xyz/prober/api/v1 -# kubedb.dev/apimachinery v0.38.0-rc.0 +# kubedb.dev/apimachinery v0.38.0-rc.1 ## explicit; go 1.18 kubedb.dev/apimachinery/apis kubedb.dev/apimachinery/apis/archiver/v1alpha1 @@ -1530,7 +1530,7 @@ kubedb.dev/db-client-go/redis ## explicit; go 1.18 kubeops.dev/sidekick/apis/apps kubeops.dev/sidekick/apis/apps/v1alpha1 -# kubestash.dev/apimachinery v0.2.0-rc.1 +# kubestash.dev/apimachinery v0.2.0 ## explicit; go 1.20 kubestash.dev/apimachinery/apis kubestash.dev/apimachinery/apis/core/v1alpha1