[Feature] Add customizable volumes (#533)

Author: ajanikow

CHANGELOG.md

@@ -1,6 +1,9 @@
 # Change Log
 
 ## [master](https://github.com/arangodb/kube-arangodb/tree/master) (N/A)
+- Added Customizable Volumes and VolumeMounts for ArangoDB server container
+- Added MemoryOverride flag for ArangoDB >= 3.6.3
+- Improved Rotation discovery process
 - Added annotation to rotate ArangoDeployment in secure way
 
 ## [1.0.0](https://github.com/arangodb/kube-arangodb/tree/1.0.0) (2020-03-03)

Makefile

@@ -177,7 +177,11 @@ linter: fmt
 	                  $(SOURCES_PACKAGES)
 
 .PHONY: build
-build: docker docker-ubi manifests
+build: docker manifests
+
+ifndef IGNORE_UBI
+build: docker-ubi
+endif
 
 .PHONY: clean
 clean:
@@ -204,12 +208,19 @@ update-generated:
 	@mkdir -p $(ORGDIR)
 	@ln -s -f $(SCRIPTDIR) $(ORGDIR)/kube-arangodb
 	GOPATH=$(GOBUILDDIR) $(VENDORDIR)/k8s.io/code-generator/generate-groups.sh  \
-		"all" \
-		"github.com/arangodb/kube-arangodb/pkg/generated" \
-		"github.com/arangodb/kube-arangodb/pkg/apis" \
-		"deployment:v1 replication:v1 storage:v1alpha backup:v1" \
-		--go-header-file "./tools/codegen/boilerplate.go.txt" \
-		$(VERIFYARGS)
+			"all" \
+			"github.com/arangodb/kube-arangodb/pkg/generated" \
+			"github.com/arangodb/kube-arangodb/pkg/apis" \
+			"deployment:v1 replication:v1 storage:v1alpha backup:v1" \
+			--go-header-file "./tools/codegen/boilerplate.go.txt" \
+			$(VERIFYARGS)
+	GOPATH=$(GOBUILDDIR) $(VENDORDIR)/k8s.io/code-generator/generate-groups.sh  \
+			"deepcopy" \
+			"github.com/arangodb/kube-arangodb/pkg/generated" \
+			"github.com/arangodb/kube-arangodb/pkg/apis" \
+			"shared:v1" \
+			--go-header-file "./tools/codegen/boilerplate.go.txt" \
+			$(VERIFYARGS)
 
 .PHONY: verify-generated
 verify-generated:
@@ -226,6 +237,9 @@ dashboard/assets.go: $(DASHBOARDSOURCES) $(DASHBOARDDIR)/Dockerfile.build
 		$(DASHBOARDBUILDIMAGE)
 	go run github.com/jessevdk/go-assets-builder -s /dashboard/build/ -o dashboard/assets.go -p dashboard dashboard/build
 
+.PHONY: bin
+bin: $(BIN)
+
 $(BIN): $(SOURCES) dashboard/assets.go VERSION
 	@mkdir -p $(BINDIR)
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -installsuffix netgo -ldflags "-X main.projectVersion=$(VERSION) -X main.projectBuild=$(COMMIT)" -o $(BIN) $(REPOPATH)

go.mod

@@ -44,6 +44,7 @@ require (
 	golang.org/x/sys v0.0.0-20200116001909-b77594299b42
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
 	gopkg.in/go-playground/validator.v8 v8.18.2 // indirect
+	gopkg.in/yaml.v2 v2.2.8
 	k8s.io/api v0.17.3
 	k8s.io/apiextensions-apiserver v0.17.3
 	k8s.io/apimachinery v0.17.3

pkg/apis/deployment/v1/deployment.go

@@ -45,8 +45,8 @@ type ArangoDeploymentList struct {
 type ArangoDeployment struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-	Spec              DeploymentSpec   `json:"spec"`
-	Status            DeploymentStatus `json:"status"`
+	Spec              DeploymentSpec   `json:"spec,omitempty"`
+	Status            DeploymentStatus `json:"status,omitempty"`
 }
 
 type ServerGroupFunc func(ServerGroup, ServerGroupSpec, *MemberStatusList) error

pkg/apis/deployment/v1/deployment_status.go

@@ -29,7 +29,7 @@ import (
 // DeploymentStatus contains the status part of a Cluster resource.
 type DeploymentStatus struct {
 	// Phase holds the current lifetime phase of the deployment
-	Phase DeploymentPhase `json:"phase"`
+	Phase DeploymentPhase `json:"phase,omitempty"`
 	// Reason contains a human readable reason for reaching the current state (can be empty)
 	Reason string `json:"reason,omitempty"` // Reason for current state
 

pkg/apis/deployment/v1/server_group_spec.go

@@ -26,6 +26,8 @@ import (
 	"math"
 	"strings"
 
+	"github.com/arangodb/kube-arangodb/pkg/apis/shared"
+
 	"github.com/pkg/errors"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -72,6 +74,10 @@ type ServerGroupSpec struct {
 	Sidecars []v1.Container `json:"sidecars,omitempty"`
 	// SecurityContext specifies security context for group
 	SecurityContext *ServerGroupSpecSecurityContext `json:"securityContext,omitempty"`
+	// Volumes define list of volumes mounted to pod
+	Volumes ServerGroupSpecVolumes `json:"volumes,omitempty"`
+	// VolumeMounts define list of volume mounts mounted into server container
+	VolumeMounts ServerGroupSpecVolumeMounts `json:"volumeMounts,omitempty"`
 }
 
 // ServerGroupSpecSecurityContext contains specification for pod security context
@@ -372,12 +378,44 @@ func (s ServerGroupSpec) Validate(group ServerGroup, used bool, mode DeploymentM
 				}
 			}
 		}
+
+		if err := s.validate(); err != nil {
+			return maskAny(err)
+		}
 	} else if s.GetCount() != 0 {
 		return maskAny(errors.Wrapf(ValidationError, "Invalid count value %d for un-used group. Expected 0", s.GetCount()))
 	}
 	return nil
 }
 
+func (s *ServerGroupSpec) validate() error {
+	if s == nil {
+		return nil
+	}
+
+	return shared.WithErrors(
+		shared.PrefixResourceError("volumes", s.Volumes.Validate()),
+		shared.PrefixResourceError("volumeMounts", s.VolumeMounts.Validate()),
+		s.validateVolumes(),
+	)
+}
+
+func (s *ServerGroupSpec) validateVolumes() error {
+	volumes := map[string]bool{}
+
+	for _, volume := range s.Volumes {
+		volumes[volume.Name] = true
+	}
+
+	for _, mount := range s.VolumeMounts {
+		if _, ok := volumes[mount.Name]; !ok {
+			return errors.Errorf("Volume %s is not defined, but required by mount", mount.Name)
+		}
+	}
+
+	return nil
+}
+
 // SetDefaults fills in missing defaults
 func (s *ServerGroupSpec) SetDefaults(group ServerGroup, used bool, mode DeploymentMode) {
 	if s.GetCount() == 0 && used {

pkg/apis/deployment/v1/server_group_volume.go

@@ -0,0 +1,176 @@
+//
+// DISCLAIMER
+//
+// Copyright 2020 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Adam Janikowski
+//
+
+package v1
+
+import (
+	"fmt"
+
+	"github.com/arangodb/kube-arangodb/pkg/apis/shared"
+	sharedv1 "github.com/arangodb/kube-arangodb/pkg/apis/shared/v1"
+
+	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
+	"github.com/pkg/errors"
+	core "k8s.io/api/core/v1"
+)
+
+var (
+	restrictedVolumeNames = []string{
+		k8sutil.ArangodVolumeName,
+		k8sutil.TlsKeyfileVolumeName,
+		k8sutil.RocksdbEncryptionVolumeName,
+		k8sutil.ExporterJWTVolumeName,
+		k8sutil.ClusterJWTSecretVolumeName,
+		"lifecycle",
+	}
+)
+
+// IsRestrictedVolumeName check of volume name is restricted, for example for originally mounted volumes
+func IsRestrictedVolumeName(name string) bool {
+	for _, restrictedVolumeName := range restrictedVolumeNames {
+		if restrictedVolumeName == name {
+			return true
+		}
+	}
+
+	return false
+}
+
+// ServerGroupSpecVolumes definition of volume list which need to be mounted to Pod
+type ServerGroupSpecVolumes []ServerGroupSpecVolume
+
+// Validate if ServerGroupSpec volumes are valid and does not collide
+func (s ServerGroupSpecVolumes) Validate() error {
+	var validationErrors []error
+
+	mappedVolumes := map[string]int{}
+
+	for id, volume := range s {
+		if i, ok := mappedVolumes[volume.Name]; ok {
+			mappedVolumes[volume.Name] = i + 1
+		} else {
+			mappedVolumes[volume.Name] = 1
+		}
+
+		if err := volume.Validate(); err != nil {
+			validationErrors = append(validationErrors, shared.PrefixResourceErrors(fmt.Sprintf("%d", id), err))
+		}
+	}
+
+	for volumeName, count := range mappedVolumes {
+		if IsRestrictedVolumeName(volumeName) {
+			validationErrors = append(validationErrors, errors.Errorf("volume with name %s is restricted", volumeName))
+		}
+
+		if count == 1 {
+			continue
+		}
+
+		validationErrors = append(validationErrors, errors.Errorf("volume with name %s defined more than once: %d", volumeName, count))
+	}
+
+	return shared.WithErrors(validationErrors...)
+}
+
+// Volumes create volumes
+func (s ServerGroupSpecVolumes) Volumes() []core.Volume {
+	volumes := make([]core.Volume, len(s))
+
+	for id, volume := range s {
+		volumes[id] = volume.Volume()
+	}
+
+	return volumes
+}
+
+// ServerGroupSpecVolume definition of volume which need to be mounted to Pod
+type ServerGroupSpecVolume struct {
+	// Name of volume
+	Name string `json:"name"`
+
+	// Secret which should be mounted into pod
+	Secret *ServerGroupSpecVolumeSecret `json:"secret,omitempty"`
+
+	// ConfigMap which should be mounted into pod
+	ConfigMap *ServerGroupSpecVolumeConfigMap `json:"configMap,omitempty"`
+}
+
+// Validate if ServerGroupSpec volume is valid
+func (s *ServerGroupSpecVolume) Validate() error {
+	if s == nil {
+		return nil
+	}
+
+	return shared.WithErrors(
+		shared.PrefixResourceErrors("name", sharedv1.AsKubernetesResourceName(&s.Name).Validate()),
+		shared.PrefixResourceErrors("secret", s.Secret.Validate()),
+		shared.PrefixResourceErrors("configMap", s.ConfigMap.Validate()),
+		s.validate(),
+	)
+}
+
+// Volume create Pod Volume object
+func (s ServerGroupSpecVolume) Volume() core.Volume {
+	return core.Volume{
+		Name: s.Name,
+		VolumeSource: core.VolumeSource{
+			ConfigMap: (*core.ConfigMapVolumeSource)(s.ConfigMap),
+			Secret:    (*core.SecretVolumeSource)(s.Secret),
+		},
+	}
+}
+
+func (s *ServerGroupSpecVolume) validate() error {
+	if s.ConfigMap == nil && s.Secret == nil {
+		return errors.Errorf("at least one option need to be defined: secret or configMap")
+	}
+
+	if s.ConfigMap != nil && s.Secret != nil {
+		return errors.Errorf("only one option can be defined: secret or configMap")
+	}
+
+	return nil
+}
+
+type ServerGroupSpecVolumeSecret core.SecretVolumeSource
+
+func (s *ServerGroupSpecVolumeSecret) Validate() error {
+	if s == nil {
+		return nil
+	}
+
+	return shared.WithErrors(
+		shared.PrefixResourceError("secretName", sharedv1.AsKubernetesResourceName(&s.SecretName).Validate()),
+	)
+}
+
+type ServerGroupSpecVolumeConfigMap core.ConfigMapVolumeSource
+
+func (s *ServerGroupSpecVolumeConfigMap) Validate() error {
+	if s == nil {
+		return nil
+	}
+
+	return shared.WithErrors(
+		shared.PrefixResourceError("name", sharedv1.AsKubernetesResourceName(&s.Name).Validate()),
+	)
+}