Merge remote-tracking branch 'origin/master' into feature/arangodbexporter

Author: lamai93

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## [0.3.10](---) (XXXX-XX-XX)
 - Added Pod Disruption Budgets for all server groups in production mode.
+- Added Priority Class Name to be specified per server group.
 
 ## [0.3.9](https://github.com/arangodb/kube-arangodb/tree/0.3.9) (2019-02-28)
 [Full Changelog](https://github.com/arangodb/kube-arangodb/compare/0.3.8...0.3.9)

Makefile

@@ -256,7 +256,7 @@ endif
 
 .PHONY: manifests
 manifests: $(GOBUILDDIR)
-	echo Building manifests
+	@echo Building manifests
 	GOPATH=$(GOBUILDDIR) go run $(ROOTDIR)/tools/manifests/manifest_builder.go \
 		--output-suffix=$(MANIFESTSUFFIX) \
 		--image=$(OPERATORIMAGE) \

docs/Manual/Deployment/Kubernetes/DeploymentResource.md

@@ -342,6 +342,18 @@ This setting specifies the name of a kubernetes `Secret` that contains
 the license key token used for enterprise images. This value is not used for
 the community edition.
 
+### `spec.bootstrap.passwordSecretNames.root: string`
+
+This setting specifies a secret name for the credentials of the root user.
+
+When a deployment is created the operator will setup the root user account 
+according to the credentials given by the secret. If the secret doesn't exist
+the operator creates a secret with a random password.
+
+There are two magic values for the secret name:
+- `None` specifies no action. This disables root password randomization. This is the default value. (Thus the root password is empty - not recommended)
+- `Auto` specifies automatic name generation, which is `<deploymentname>-root-password`. 
+
 ### `spec.<group>.count: number`
 
 This setting specifies the number of servers to start for the given group.
@@ -401,6 +413,18 @@ for each server of this group.
 This setting is not available for group `coordinators`, `syncmasters` & `syncworkers`
 because servers in these groups do not need persistent storage.
 
+### `spec.<group>.priorityClassName: string`
+
+Priority class name for pods of this group. Will be forwarded to the pod spec. [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/)
+
+### `spec.<group>.probes.livenessProbeDisabled: bool`
+
+If set to true, the operator does not generate a liveness probe for new pods belonging to this group.
+
+### `spec.<group>.probes.readinessProbeDisabled: bool`
+
+If set to true, the operator does not generate a readiness probe for new pods belonging to this group.
+
 ### `spec.<group>.tolerations: []Toleration`
 
 This setting specifies the `tolerations` for the `Pod`s created

docs/Manual/Tutorials/Kubernetes/README.md

@@ -3,7 +3,7 @@
 Starting an ArangoDB database (either single server or full blown cluster)
 on Kubernetes involves a lot of resources.
 
-The servers needs to run in `Pods`, you need `Secrets` for authentication,
+The servers need to run in `Pods`, you need `Secrets` for authentication,
 TLS certificates and `Services` to enable communication with the database.
 
 Use `kube-arangodb`, the ArangoDB Kubernetes Operator to greatly simplify
@@ -76,7 +76,7 @@ new custom resource definition:
 
 - `ArangoLocalStorage` is the resource used to provision `PersistentVolumes` on local storage.
 
-The optioal fourth command installs a `Deployment` that runs the
+The optional fourth command installs a `Deployment` that runs the
 operator that takes care of DC2DC replications.
 
 ## Deploying your first ArangoDB database

examples/reboot-pod.yaml

@@ -0,0 +1,35 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: kube-reboot-pod
+spec:
+  restartPolicy: OnFailure
+  serviceAccountName: default
+  containers:
+    - image: arangodb/kube-arangodb:0.3.10
+      name: reboot
+      command: ["arangodb_operator", "reboot"]
+      args:
+        - --deployment-name=my-rebooted-depl
+        - --image-name=arangodb/arangodb:3.4.3
+        - --license-secret-name=arangodb-license-key
+        - --coordinators=3
+        - pvc-5f98090b-4417-11e9-9423-42010aa401d7
+        - pvc-60119ef4-4417-11e9-9423-42010aa401d7
+        - pvc-60c8c3d8-4417-11e9-9423-42010aa401d7
+        - pvc-6142d36a-4417-11e9-9423-42010aa401d7
+        - pvc-61bce8a5-4417-11e9-9423-42010aa401d7
+        - pvc-62928477-4417-11e9-9423-42010aa401d7
+        - pvc-630c8f56-4417-11e9-9423-42010aa401d7
+        - pvc-63680b68-4417-11e9-9423-42010aa401d7
+        - pvc-63a52558-4417-11e9-9423-42010aa401d7
+        - pvc-6400be5b-4417-11e9-9423-42010aa401d7
+      env:
+        - name: MY_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name

manifests/templates/test/rbac.yaml

@@ -15,6 +15,9 @@ rules:
 - apiGroups: ["apps"]
   resources: ["daemonsets", "deployments"]
   verbs: ["*"]
+- apiGroups: ["scheduling.k8s.io"]
+  resources: ["priorityclasses"]
+  verbs: ["*"]
 
 ---
 

pkg/apis/deployment/v1alpha/bootstrap.go

@@ -0,0 +1,136 @@
+//
+// DISCLAIMER
+//
+// Copyright 2018 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1alpha
+
+import (
+	"fmt"
+
+	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
+)
+
+const (
+	// UserNameRoot root user name
+	UserNameRoot = "root"
+)
+
+// PasswordSecretName contains user password secret name
+type PasswordSecretName string
+
+const (
+	// PasswordSecretNameNone is magic value for no action
+	PasswordSecretNameNone PasswordSecretName = "None"
+	// PasswordSecretNameAuto is magic value for autogenerate name
+	PasswordSecretNameAuto PasswordSecretName = "Auto"
+)
+
+// PasswordSecretNameList is a map from username to secretnames
+type PasswordSecretNameList map[string]PasswordSecretName
+
+// BootstrapSpec contains information for cluster bootstrapping
+type BootstrapSpec struct {
+	// PasswordSecretNames contains a map of username to password-secret-name
+	PasswordSecretNames PasswordSecretNameList `json:"passwordSecretNames,omitempty"`
+}
+
+// IsNone returns true if p is None or p is empty
+func (p PasswordSecretName) IsNone() bool {
+	return p == PasswordSecretNameNone || p == ""
+}
+
+// IsAuto returns true if p is Auto
+func (p PasswordSecretName) IsAuto() bool {
+	return p == PasswordSecretNameAuto
+}
+
+// GetSecretName returns the secret name given by the specs. Or None if not set.
+func (s PasswordSecretNameList) GetSecretName(user string) PasswordSecretName {
+	if s != nil {
+		if secretname, ok := s[user]; ok {
+			return secretname
+		}
+	}
+	return PasswordSecretNameNone
+}
+
+// getSecretNameForUserPassword returns the default secret name for the given user
+func getSecretNameForUserPassword(deploymentname, username string) PasswordSecretName {
+	return PasswordSecretName(k8sutil.FixupResourceName(deploymentname + "-" + username + "-password"))
+}
+
+// Validate the specification.
+func (b *BootstrapSpec) Validate() error {
+	for username, secretname := range b.PasswordSecretNames {
+		// Remove this restriction as soon as we can bootstrap databases
+		if username != UserNameRoot {
+			return fmt.Errorf("only username `root` allowed in passwordSecretNames")
+		}
+
+		if secretname.IsNone() {
+			if username != UserNameRoot {
+				return fmt.Errorf("magic value None not allowed for %s", username)
+			}
+		} else {
+			if err := k8sutil.ValidateResourceName(string(secretname)); err != nil {
+				return maskAny(err)
+			}
+		}
+	}
+
+	return nil
+}
+
+// SetDefaults fills in default values when a field is not specified.
+func (b *BootstrapSpec) SetDefaults(deploymentname string) {
+	if b.PasswordSecretNames == nil {
+		b.PasswordSecretNames = make(map[string]PasswordSecretName)
+	}
+
+	// If root is not set init with Auto
+	if _, ok := b.PasswordSecretNames[UserNameRoot]; !ok {
+		b.PasswordSecretNames[UserNameRoot] = PasswordSecretNameNone
+	}
+
+	// Replace Auto with generated secret name
+	for user, secretname := range b.PasswordSecretNames {
+		if secretname.IsAuto() {
+			b.PasswordSecretNames[user] = getSecretNameForUserPassword(deploymentname, user)
+		}
+	}
+}
+
+// NewPasswordSecretNameListOrNil returns nil if input is nil, otherwise returns a clone of the given value.
+func NewPasswordSecretNameListOrNil(list PasswordSecretNameList) PasswordSecretNameList {
+	if list == nil {
+		return nil
+	}
+	var newList = make(PasswordSecretNameList)
+	for k, v := range list {
+		newList[k] = v
+	}
+	return newList
+}
+
+// SetDefaultsFrom fills unspecified fields with a value from given source spec.
+func (b *BootstrapSpec) SetDefaultsFrom(source BootstrapSpec) {
+	if b.PasswordSecretNames == nil {
+		b.PasswordSecretNames = NewPasswordSecretNameListOrNil(source.PasswordSecretNames)
+	}
+}

pkg/apis/deployment/v1alpha/conditions.go

@@ -53,6 +53,10 @@ const (
 	ConditionTypeSecretsChanged ConditionType = "SecretsChanged"
 	// ConditionTypeMemberOfCluster indicates that the member is a known member of the ArangoDB cluster.
 	ConditionTypeMemberOfCluster ConditionType = "MemberOfCluster"
+	// ConditionTypeBootstrapCompleted indicates that the initial cluster bootstrap has been completed.
+	ConditionTypeBootstrapCompleted ConditionType = "BootstrapCompleted"
+	// ConditionTypeBootstrapSucceded indicates that the initial cluster bootstrap completed successfully.
+	ConditionTypeBootstrapSucceded ConditionType = "BootstrapSucceded"
 	// ConditionTypeTerminating indicates that the member is terminating but not yet terminated.
 	ConditionTypeTerminating ConditionType = "Terminating"
 )

pkg/apis/deployment/v1alpha/deployment_spec.go

@@ -71,6 +71,8 @@ type DeploymentSpec struct {
 	SyncWorkers  ServerGroupSpec `json:"syncworkers"`
 
 	Chaos ChaosSpec `json:"chaos"`
+
+	Bootstrap BootstrapSpec `json:"bootstrap",omitempty`
 }
 
 // Equal compares two DeploymentSpec
@@ -190,6 +192,7 @@ func (s *DeploymentSpec) SetDefaults(deploymentName string) {
 	s.SyncWorkers.SetDefaults(ServerGroupSyncWorkers, s.Sync.IsEnabled(), s.GetMode())
 	s.Metrics.SetDefaults(deploymentName+"-exporter-jwt-token", s.Authentication.IsAuthenticated())
 	s.Chaos.SetDefaults()
+	s.Bootstrap.SetDefaults(deploymentName)
 }
 
 // SetDefaultsFrom fills unspecified fields with a value from given source spec.
@@ -229,6 +232,7 @@ func (s *DeploymentSpec) SetDefaultsFrom(source DeploymentSpec) {
 	s.SyncWorkers.SetDefaultsFrom(source.SyncWorkers)
 	s.Metrics.SetDefaultsFrom(source.Metrics)
 	s.Chaos.SetDefaultsFrom(source.Chaos)
+	s.Bootstrap.SetDefaultsFrom(source.Bootstrap)
 }
 
 // Validate the specification.
@@ -291,6 +295,9 @@ func (s *DeploymentSpec) Validate() error {
 	if err := s.License.Validate(); err != nil {
 		return maskAny(errors.Wrap(err, "spec.licenseKey"))
 	}
+	if err := s.Bootstrap.Validate(); err != nil {
+		return maskAny(err)
+	}
 	return nil
 }
 

pkg/apis/deployment/v1alpha/deployment_status_members.go

@@ -243,3 +243,23 @@ func (ds DeploymentStatusMembers) AllMembersReady(mode DeploymentMode, syncEnabl
 		return false
 	}
 }
+
+// MembersOfGroup returns the member list of the given group
+func (ds DeploymentStatusMembers) MembersOfGroup(group ServerGroup) MemberStatusList {
+	switch group {
+	case ServerGroupSingle:
+		return ds.Single
+	case ServerGroupAgents:
+		return ds.Agents
+	case ServerGroupDBServers:
+		return ds.DBServers
+	case ServerGroupCoordinators:
+		return ds.Coordinators
+	case ServerGroupSyncMasters:
+		return ds.SyncMasters
+	case ServerGroupSyncWorkers:
+		return ds.SyncWorkers
+	default:
+		return MemberStatusList{}
+	}
+}