Add DisableSecurity Support for ClickHouse (#137)

* Add DisableSecurity Support for ClickHouse Signed-off-by: SK Ali Arman <[email protected]> * update deps Signed-off-by: SK Ali Arman <[email protected]> * update deps Signed-off-by: SK Ali Arman <[email protected]> * update deps Signed-off-by: SK Ali Arman <[email protected]> --------- Signed-off-by: SK Ali Arman <[email protected]>
kubedb · Sep 25, 2024 · 2182ff5 · 2182ff5
1 parent f15802f
commit 2182ff5
Show file tree

Hide file tree

Showing 40 changed files with 7,083 additions and 1,164 deletions.
diff --git a/clickhouse/kubedb_client_builder.go b/clickhouse/kubedb_client_builder.go
@@ -21,11 +21,11 @@ import (
 	"database/sql"
 	"fmt"
 
-	olddbapi "kubedb.dev/apimachinery/apis/kubedb/v1alpha2"
-
 	_ "github.com/ClickHouse/clickhouse-go/v2"
 	core "k8s.io/api/core/v1"
 	"k8s.io/klog/v2"
+	"kubedb.dev/apimachinery/apis/kubedb"
+	olddbapi "kubedb.dev/apimachinery/apis/kubedb/v1alpha2"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -95,15 +95,17 @@ func (o *KubeDBClientBuilder) getURL() string {
 }
 
 func (o *KubeDBClientBuilder) getPort() *int {
-	chPort := 9000
+	chPort := kubedb.ClickHouseNativeTCP
 	return &chPort
 }
 
 func (o *KubeDBClientBuilder) getClickHouseRootCredentials() (string, string, error) {
 	db := o.db
 	var secretName string
-	if db.Spec.AuthSecret != nil {
+	if !db.Spec.DisableSecurity {
 		secretName = db.GetAuthSecretName()
+	} else {
+		return kubedb.ClickHouseDefaultUser, "", nil
 	}
 	var secret core.Secret
 	err := o.kc.Get(o.ctx, client.ObjectKey{Namespace: db.Namespace, Name: secretName}, &secret)

diff --git a/go.mod b/go.mod
@@ -33,7 +33,7 @@ require (
 	k8s.io/klog/v2 v2.130.1
 	kmodules.xyz/client-go v0.30.13
 	kmodules.xyz/custom-resources v0.30.0
-	kubedb.dev/apimachinery v0.47.1-0.20240924051141-f0421dd9f647
+	kubedb.dev/apimachinery v0.47.1-0.20240925065855-706baeb42442
 	sigs.k8s.io/controller-runtime v0.18.4
 	xorm.io/xorm v1.3.6
 )

diff --git a/go.sum b/go.sum
@@ -802,8 +802,8 @@ kmodules.xyz/monitoring-agent-api v0.29.0 h1:gpFl6OZrlMLb/ySMHdREI9EwGtnJ91oZBn9
 kmodules.xyz/monitoring-agent-api v0.29.0/go.mod h1:iNbvaMTgVFOI5q2LJtGK91j4Dmjv4ZRiRdasGmWLKQI=
 kmodules.xyz/offshoot-api v0.30.0 h1:dq9F93pu4Q8rL9oTcCk+vGGy8vpS7RNt0GSwx7Bvhec=
 kmodules.xyz/offshoot-api v0.30.0/go.mod h1:o9VoA3ImZMDBp3lpLb8+kc2d/KBxioRwCpaKDfLIyDw=
-kubedb.dev/apimachinery v0.47.1-0.20240924051141-f0421dd9f647 h1:yRqO/MkRwf4FxE/LktLz6fgkHn58FSxiNrR4NAMDxdQ=
-kubedb.dev/apimachinery v0.47.1-0.20240924051141-f0421dd9f647/go.mod h1:iD6XKg9Blvfd9iYEO0N9GKiSz6r+yzEPZnfkYdESNG4=
+kubedb.dev/apimachinery v0.47.1-0.20240925065855-706baeb42442 h1:MgXbQzSri2ibP/MJFNn9lajy+CzeW5ajsSuMS5bf6mI=
+kubedb.dev/apimachinery v0.47.1-0.20240925065855-706baeb42442/go.mod h1:iD6XKg9Blvfd9iYEO0N9GKiSz6r+yzEPZnfkYdESNG4=
 kubeops.dev/petset v0.0.5-0.20240603165102-e2d9decb8abe h1:uWyps3VIDFwGuL0yQa0eMGaLg4ofVwpy59U14Trxnz8=
 kubeops.dev/petset v0.0.5-0.20240603165102-e2d9decb8abe/go.mod h1:A15vh0r979NsvL65DTIZKWsa/NoX9VapHBAEw1ZsdYI=
 lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=

diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/clickhouse_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/clickhouse_version_types.go
@@ -63,6 +63,9 @@ type ClickHouseVersionSpec struct {
 	// Database Image
 	InitContainer ClickHouseInitContainer `json:"initContainer"`
 
+	// ClickHouse Keeper Image
+	ClickHouseKeeper ClickHouseKeeperContainer `json:"clickHouseKeeper"`
+
 	// SecurityContext is for the additional config for the DB container
 	// +optional
 	SecurityContext SecurityContext `json:"securityContext"`
@@ -81,6 +84,11 @@ type ClickHouseInitContainer struct {
 	Image string `json:"image"`
 }
 
+// ClickHouseKeeperContainer is the ClickHouse keeper Container image
+type ClickHouseKeeperContainer struct {
+	Image string `json:"image"`
+}
+
 // ClickHouseVersionStatus defines the observed state of ClickHouseVersion
 type ClickHouseVersionStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster

diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/openapi_generated.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/openapi_generated.go
diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/pgpool_version_types.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/pgpool_version_types.go
@@ -59,6 +59,9 @@ type PgpoolVersionSpec struct {
 	// Exporter Image
 	Exporter PgpoolVersionExporter `json:"exporter,omitempty"`
 
+	// update constraints
+	UpdateConstraints UpdateConstraints `json:"updateConstraints,omitempty"`
+
 	// SecurityContext is for the additional config for pgpool DB container
 	// +optional
 	SecurityContext PgpoolSecurityContext `json:"securityContext"`

diff --git a/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/zz_generated.deepcopy.go b/vendor/kubedb.dev/apimachinery/apis/catalog/v1alpha1/zz_generated.deepcopy.go
diff --git a/vendor/kubedb.dev/apimachinery/apis/elasticsearch/v1alpha1/elasticsearchdashboard_helpers.go b/vendor/kubedb.dev/apimachinery/apis/elasticsearch/v1alpha1/elasticsearchdashboard_helpers.go
@@ -17,16 +17,22 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"path/filepath"
 
 	"kubedb.dev/apimachinery/apis"
+	catalog "kubedb.dev/apimachinery/apis/catalog/v1alpha1"
 	"kubedb.dev/apimachinery/apis/kubedb"
 	dbapi "kubedb.dev/apimachinery/apis/kubedb/v1"
 	"kubedb.dev/apimachinery/crds"
 
+	"gomodules.xyz/pointer"
+	v1 "k8s.io/api/core/v1"
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/klog/v2"
 	kmapi "kmodules.xyz/client-go/api/v1"
 	"kmodules.xyz/client-go/apiextensions"
 	meta_util "kmodules.xyz/client-go/meta"
@@ -232,3 +238,66 @@ func (ed *ElasticsearchDashboard) CertSecretExists(alias ElasticsearchDashboardC
 	}
 	return false
 }
+
+func (ed *ElasticsearchDashboard) SetHealthCheckerDefaults() {
+	if ed.Spec.HealthChecker.PeriodSeconds == nil {
+		ed.Spec.HealthChecker.PeriodSeconds = pointer.Int32P(20)
+	}
+	if ed.Spec.HealthChecker.TimeoutSeconds == nil {
+		ed.Spec.HealthChecker.TimeoutSeconds = pointer.Int32P(10)
+	}
+	if ed.Spec.HealthChecker.FailureThreshold == nil {
+		ed.Spec.HealthChecker.FailureThreshold = pointer.Int32P(3)
+	}
+}
+
+func (ed *ElasticsearchDashboard) SetDefaults() {
+	if ed.Spec.DeletionPolicy == "" {
+		ed.Spec.DeletionPolicy = dbapi.DeletionPolicyDelete
+	}
+
+	db := dbapi.Elasticsearch{}
+	esVersion := catalog.ElasticsearchVersion{}
+	err := dbapi.DefaultClient.Get(context.TODO(), types.NamespacedName{
+		Name:      ed.Spec.DatabaseRef.Name,
+		Namespace: ed.Namespace,
+	}, &db)
+	if err != nil {
+		klog.Errorf("can't get the elasticsearch: %v\n", err.Error())
+		return
+	}
+
+	err = dbapi.DefaultClient.Get(context.TODO(), types.NamespacedName{
+		Name: db.Spec.Version,
+	}, &esVersion)
+	if err != nil {
+		klog.Errorf("can't get the elasticsearch version: %v\n", err.Error())
+		return
+	}
+
+	if ed.Spec.Replicas == nil {
+		ed.Spec.Replicas = pointer.Int32P(1)
+	}
+	if ed.Spec.PodTemplate.Spec.SecurityContext == nil {
+		ed.Spec.PodTemplate.Spec.SecurityContext = &v1.PodSecurityContext{}
+	}
+	ed.Spec.PodTemplate.Spec.SecurityContext.FSGroup = esVersion.Spec.SecurityContext.RunAsUser
+	ed.setDefaultContainerSecurityContext(esVersion, &ed.Spec.PodTemplate)
+	ed.setDefaultContainerResourceLimits(&ed.Spec.PodTemplate)
+
+	if ed.Spec.EnableSSL {
+		if ed.Spec.TLS == nil {
+			ed.Spec.TLS = &kmapi.TLSConfig{}
+		}
+		if ed.Spec.TLS.IssuerRef == nil {
+			ed.Spec.TLS.Certificates = kmapi.SetMissingSpecForCertificate(ed.Spec.TLS.Certificates, kmapi.CertificateSpec{
+				Alias:      string(ElasticsearchDashboardCACert),
+				SecretName: ed.DefaultCertificateSecretName(ElasticsearchDashboardCACert),
+			})
+		}
+		ed.Spec.TLS.Certificates = kmapi.SetMissingSpecForCertificate(ed.Spec.TLS.Certificates, kmapi.CertificateSpec{
+			Alias:      string(ElasticsearchDashboardServerCert),
+			SecretName: ed.DefaultCertificateSecretName(ElasticsearchDashboardServerCert),
+		})
+	}
+}
diff --git a/vendor/kubedb.dev/apimachinery/apis/elasticsearch/v1alpha1/elasticsearchdashboard_types.go b/vendor/kubedb.dev/apimachinery/apis/elasticsearch/v1alpha1/elasticsearchdashboard_types.go
@@ -22,7 +22,7 @@ import (
 	core "k8s.io/api/core/v1"
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kmapi "kmodules.xyz/client-go/api/v1"
-	ofst "kmodules.xyz/offshoot-api/api/v1"
+	ofst "kmodules.xyz/offshoot-api/api/v2"
 )
 
 const (
@@ -64,9 +64,14 @@ type ElasticsearchDashboardSpec struct {
 	// +optional
 	TLS *kmapi.TLSConfig `json:"tls,omitempty"`
 
+	// HealthChecker defines attributes of the health checker
+	// +optional
+	// +kubebuilder:default={periodSeconds: 20, timeoutSeconds: 10, failureThreshold: 3}
+	HealthChecker kmapi.HealthCheckSpec `json:"healthChecker"`
+
 	// TerminationPolicy controls the delete operation for Dashboard
 	// +optional
-	TerminationPolicy dbapi.DeletionPolicy `json:"terminationPolicy,omitempty"`
+	DeletionPolicy dbapi.DeletionPolicy `json:"deletionPolicy,omitempty"`
 }
 
 // ElasticsearchDashboardStatus defines the observed state of ElasticsearchDashboard