Skip to content

Commit 3f7b548

Browse files
ajanikowajanikow
authored
[Feature] Allow privileged pods (#631)
1 parent 50218df commit 3f7b548

File tree

5 files changed

+110
-85
lines changed

5 files changed

+110
-85
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
- Always use JWT Authorized requests in internal communication
55
- Add Operator Maintenance Management feature
66
- Add support for ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES ArangoDB Environment Variable
7+
- Allow to use privileged pods in ArangoStorage
78

89
## [1.0.6](https://github.com/arangodb/kube-arangodb/tree/1.0.6) (2020-08-19)
910
- Add Operator Namespaced mode (Alpha)

dashboard/assets.go

Lines changed: 61 additions & 61 deletions
Large diffs are not rendered by default.

pkg/apis/storage/v1alpha/local_storage_spec.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ type LocalStorageSpec struct {
3434
StorageClass StorageClassSpec `json:"storageClass"`
3535
LocalPath []string `json:"localPath,omitempty"`
3636
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
37+
Privileged *bool `json:"privileged,omitempty"`
3738
}
3839

3940
// Validate the given spec, returning an error on validation
@@ -73,3 +74,11 @@ func (s LocalStorageSpec) ResetImmutableFields(target *LocalStorageSpec) []strin
7374
// TODO NodeSelector
7475
return result
7576
}
77+
78+
func (s LocalStorageSpec) GetPrivileged() bool {
79+
if s.Privileged == nil {
80+
return false
81+
}
82+
83+
return *s.Privileged
84+
}

pkg/apis/storage/v1alpha/zz_generated.deepcopy.go

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/storage/daemon_set.go

Lines changed: 34 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,11 @@ import (
2626
"fmt"
2727
"strconv"
2828

29-
v1 "k8s.io/api/apps/v1"
30-
corev1 "k8s.io/api/core/v1"
31-
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
29+
"github.com/arangodb/kube-arangodb/pkg/util"
30+
31+
apps "k8s.io/api/apps/v1"
32+
core "k8s.io/api/core/v1"
33+
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
3234

3335
api "github.com/arangodb/kube-arangodb/pkg/apis/storage/v1alpha"
3436
"github.com/arangodb/kube-arangodb/pkg/storage/provisioner"
@@ -45,7 +47,7 @@ const (
4547
func (ls *LocalStorage) ensureDaemonSet(apiObject *api.ArangoLocalStorage) error {
4648
log := ls.deps.Log
4749
ns := ls.config.Namespace
48-
c := corev1.Container{
50+
c := core.Container{
4951
Name: "provisioner",
5052
Image: ls.image,
5153
ImagePullPolicy: ls.imagePullPolicy,
@@ -54,60 +56,68 @@ func (ls *LocalStorage) ensureDaemonSet(apiObject *api.ArangoLocalStorage) error
5456
"provisioner",
5557
"--port=" + strconv.Itoa(provisioner.DefaultPort),
5658
},
57-
Ports: []corev1.ContainerPort{
58-
corev1.ContainerPort{
59+
Ports: []core.ContainerPort{
60+
core.ContainerPort{
5961
ContainerPort: int32(provisioner.DefaultPort),
6062
},
6163
},
62-
Env: []corev1.EnvVar{
63-
corev1.EnvVar{
64+
Env: []core.EnvVar{
65+
core.EnvVar{
6466
Name: constants.EnvOperatorNodeName,
65-
ValueFrom: &corev1.EnvVarSource{
66-
FieldRef: &corev1.ObjectFieldSelector{
67+
ValueFrom: &core.EnvVarSource{
68+
FieldRef: &core.ObjectFieldSelector{
6769
FieldPath: "spec.nodeName",
6870
},
6971
},
7072
},
7173
},
7274
}
75+
76+
if apiObject.Spec.GetPrivileged() {
77+
c.SecurityContext = &core.SecurityContext{
78+
Privileged: util.NewBool(true),
79+
}
80+
}
81+
7382
dsLabels := k8sutil.LabelsForLocalStorage(apiObject.GetName(), roleProvisioner)
74-
dsSpec := v1.DaemonSetSpec{
75-
Selector: &metav1.LabelSelector{
83+
dsSpec := apps.DaemonSetSpec{
84+
Selector: &meta.LabelSelector{
7685
MatchLabels: dsLabels,
7786
},
78-
Template: corev1.PodTemplateSpec{
79-
ObjectMeta: metav1.ObjectMeta{
87+
Template: core.PodTemplateSpec{
88+
ObjectMeta: meta.ObjectMeta{
8089
Labels: dsLabels,
8190
},
82-
Spec: corev1.PodSpec{
83-
Containers: []corev1.Container{
91+
Spec: core.PodSpec{
92+
Containers: []core.Container{
8493
c,
8594
},
8695
NodeSelector: apiObject.Spec.NodeSelector,
8796
},
8897
},
8998
}
99+
90100
for i, lp := range apiObject.Spec.LocalPath {
91101
volName := fmt.Sprintf("local-path-%d", i)
92102
c := &dsSpec.Template.Spec.Containers[0]
93103
c.VolumeMounts = append(c.VolumeMounts,
94-
corev1.VolumeMount{
104+
core.VolumeMount{
95105
Name: volName,
96106
MountPath: lp,
97107
})
98-
hostPathType := corev1.HostPathDirectoryOrCreate
99-
dsSpec.Template.Spec.Volumes = append(dsSpec.Template.Spec.Volumes, corev1.Volume{
108+
hostPathType := core.HostPathDirectoryOrCreate
109+
dsSpec.Template.Spec.Volumes = append(dsSpec.Template.Spec.Volumes, core.Volume{
100110
Name: volName,
101-
VolumeSource: corev1.VolumeSource{
102-
HostPath: &corev1.HostPathVolumeSource{
111+
VolumeSource: core.VolumeSource{
112+
HostPath: &core.HostPathVolumeSource{
103113
Path: lp,
104114
Type: &hostPathType,
105115
},
106116
},
107117
})
108118
}
109-
ds := &v1.DaemonSet{
110-
ObjectMeta: metav1.ObjectMeta{
119+
ds := &apps.DaemonSet{
120+
ObjectMeta: meta.ObjectMeta{
111121
Name: apiObject.GetName(),
112122
Labels: dsLabels,
113123
},
@@ -134,7 +144,7 @@ func (ls *LocalStorage) ensureDaemonSet(apiObject *api.ArangoLocalStorage) error
134144
attempt++
135145

136146
// Load current DS
137-
current, err := ls.deps.KubeCli.AppsV1().DaemonSets(ns).Get(ds.GetName(), metav1.GetOptions{})
147+
current, err := ls.deps.KubeCli.AppsV1().DaemonSets(ns).Get(ds.GetName(), meta.GetOptions{})
138148
if err != nil {
139149
return maskAny(err)
140150
}

0 commit comments

Comments
 (0)