chore(revert-later): working prototype

Signed-off-by: Vishal Choudhary <[email protected]>
kyverno · Oct 9, 2024 · d6eb242 · d6eb242
1 parent 1e1ae86
commit d6eb242
Show file tree

Hide file tree

Showing 8 changed files with 95 additions and 12 deletions.
diff --git a/.github/kind.yml b/.github/kind.yml
@@ -31,6 +31,9 @@ nodes:
       - containerPort: 443
         hostPort: 443
         protocol: TCP
+    extraMounts:
+      - hostPath: /home/tmp
+        containerPath: /data/etcd
   - role: worker
   - role: worker
   - role: worker
diff --git a/charts/reports-server/templates/deployment.yaml b/charts/reports-server/templates/deployment.yaml
@@ -39,6 +39,7 @@ spec:
           args:
             {{- if .Values.config.debug }}
             - --debug
+            - --etcdDir=/data/etcd
             {{- else }}
             - --dbhost={{ include "reports-server.dbHost" . }}
             - --dbport={{ include "reports-server.dbPort" . }}
@@ -92,6 +93,8 @@ spec:
               containerPort: 4443
               protocol: TCP
           volumeMounts:
+            - mountPath: "/data/etcd"
+              name: task-pv-storage
             - mountPath: /tmp
               name: tmp-dir
           {{- with .Values.livenessProbe }}
@@ -119,3 +122,6 @@ spec:
       volumes:
       - emptyDir: {}
         name: tmp-dir
+      - name: task-pv-storage
+        persistentVolumeClaim:
+          claimName: task-pv-claim
diff --git a/charts/reports-server/templates/pv.yaml b/charts/reports-server/templates/pv.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: task-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: standard
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: "/data/etcd"
diff --git a/charts/reports-server/templates/pvc.yaml b/charts/reports-server/templates/pvc.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: task-pv-claim
+  labels:
+    pv.beta.kubernetes.io/gid: "2000"
+spec:
+  selector:
+    matchLabels:
+    {{- include "reports-server.selectorLabels" . | nindent 4 }}
+  storageClassName: standard
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 3Gi
diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml
@@ -59,16 +59,16 @@ podSecurityContext:
 # -- Container security context
 # @default -- See [values.yaml](values.yaml)
 securityContext:
-  capabilities:
-    drop:
-    - ALL
-  readOnlyRootFilesystem: true
-  runAsNonRoot: true
-  runAsUser: 1000
-  privileged: false
-  allowPrivilegeEscalation: false
-  seccompProfile:
-    type: RuntimeDefault
+  # capabilities:
+  #   drop:
+  #   - ALL
+  readOnlyRootFilesystem: false
+  # runAsNonRoot: true
+  runAsUser: 0
+  privileged: true
+  allowPrivilegeEscalation: true
+  # seccompProfile:
+  #   type: RuntimeDefault
 
 # -- Liveness probe
 livenessProbe:

diff --git a/config/install.yaml b/config/install.yaml
@@ -45,6 +45,33 @@ data:
   postgres-password: "cmVwb3J0cw=="
   # We don't auto-generate LDAP password when it's not provided as we do for other passwords
 ---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: task-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: task-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -312,6 +339,10 @@ spec:
       serviceAccountName: reports-server
       securityContext:
         fsGroup: 2000
+      volumes:
+      - name: task-pv-storage
+        persistentVolumeClaim:
+          claimName: task-pv-claim
       containers:
         - name: reports-server
           args:
@@ -345,6 +376,8 @@ spec:
               containerPort: 4443
               protocol: TCP
           volumeMounts:
+            - mountPath: "/data/etcd"
+              name: task-pv-storage
             - mountPath: /tmp
               name: tmp-dir
           livenessProbe:

diff --git a/pkg/app/policyserver.go b/pkg/app/policyserver.go
@@ -67,6 +67,7 @@ func runCommand(o *opts.Options, stopCh <-chan struct{}) error {
 
 	if o.Debug {
 		go func() {
+			klog.InfoS("starting embedded etcd etcd in directory=%s", o.EtcdDir)
 			err := etcd.StartETCDServer(stopCh, o.EtcdDir)
 			if err != nil {
 				klog.ErrorS(err, "failed to start etcd server")

diff --git a/pkg/storage/etcd/store.go b/pkg/storage/etcd/store.go
@@ -10,6 +10,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/klog/v2"
 )
 
 type ObjectStorageNamespaced[T metav1.Object] interface {
@@ -57,13 +58,16 @@ func (o *objectStoreNamespaced[T]) Get(ctx context.Context, name, namespace stri
 	key := o.getKey(name, namespace)
 	resp, err := o.etcdclient.Get(ctx, key)
 	if err != nil {
+		klog.ErrorS(err, "failed to get report kind=%s", o.gvk.String())
 		return obj, err
 	}
+	klog.InfoS("get resp resp=%+v", resp)
 	if len(resp.Kvs) != 1 {
 		return obj, errors.NewNotFound(o.gr, key)
 	}
-	err = json.Unmarshal(resp.Kvs[0].Value, obj)
+	err = json.Unmarshal(resp.Kvs[0].Value, &obj)
 	if err != nil {
+		klog.ErrorS(err, "failed to marshal report kind=%s", o.gvk.String())
 		return obj, errors.NewNotFound(o.gr, key)
 	}
 	return obj, nil
@@ -77,15 +81,17 @@ func (o *objectStoreNamespaced[T]) List(ctx context.Context, namespace string) (
 	key := o.getPrefix()
 	resp, err := o.etcdclient.Get(ctx, key, clientv3.WithPrefix())
 	if err != nil {
+		klog.ErrorS(err, "failed to list report kind=%s", o.gvk.String())
 		return objects, err
 	}
+	klog.InfoS("list resp resp=%+v", resp)
 	if len(resp.Kvs) == 0 {
 		return objects, errors.NewNotFound(o.gr, key)
 	}
 	objects = make([]T, 0, len(resp.Kvs))
 	for _, v := range resp.Kvs {
 		var obj T
-		err = json.Unmarshal(v.Value, obj)
+		err = json.Unmarshal(v.Value, &obj)
 		if err != nil {
 			return objects, errors.NewNotFound(o.gr, key)
 		}
@@ -101,8 +107,10 @@ func (o *objectStoreNamespaced[T]) Create(ctx context.Context, obj T) error {
 	key := o.getKey(obj.GetName(), obj.GetNamespace())
 	resp, err := o.etcdclient.Get(ctx, key)
 	if err != nil {
+		klog.ErrorS(err, "failed to create report kind=%s", o.gvk.String())
 		return err
 	}
+	klog.InfoS("create resp resp=%+v", resp)
 	if len(resp.Kvs) > 0 {
 		return errors.NewAlreadyExists(o.gr, key)
 	}
@@ -126,6 +134,7 @@ func (o *objectStoreNamespaced[T]) Update(ctx context.Context, obj T) error {
 	key := o.getKey(obj.GetName(), obj.GetNamespace())
 	resp, err := o.etcdclient.Get(ctx, key)
 	if err != nil {
+		klog.ErrorS(err, "failed to update report kind=%s", o.gvk.String())
 		return err
 	}
 	if len(resp.Kvs) != 1 {
@@ -151,6 +160,7 @@ func (o *objectStoreNamespaced[T]) Delete(ctx context.Context, name, namespace s
 	key := o.getKey(name, namespace)
 	resp, err := o.etcdclient.Delete(ctx, key)
 	if err != nil {
+		klog.ErrorS(err, "failed to delete report kind=%s", o.gvk.String())
 		return err
 	}
 	if resp.Deleted == 0 {