add containerSecurityContext, volumes, volumeMounts to Vector resource

Author: Dmitry Anisimov

.gitignore

@@ -25,3 +25,5 @@ testbin/*
 *~
 .vscode
 __debug_bin
+
+vendor

api/v1alpha1/vector_types.go

@@ -73,9 +73,12 @@ type VectorAgent struct {
 	// SecurityContext holds pod-level security attributes and common container settings.
 	// This defaults to the default PodSecurityContext.
 	// +optional
-	// Tolerations If specified, the pod's tolerations.
+	SecurityContext *v1.PodSecurityContext `json:"podSecurityContext,omitempty"`
+	// SecurityContext holds security configuration that will be applied to a container.
+	// Some fields are present in both SecurityContext and PodSecurityContext.
+	// When both are set, the values in SecurityContext take precedence.
 	// +optional
-	SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
+	ContainerSecurityContext *v1.SecurityContext `json:"containerSecurityContext,omitempty"`
 	// SchedulerName - defines kubernetes scheduler name
 	// +optional
 	SchedulerName string `json:"schedulerName,omitempty"`
@@ -107,6 +110,14 @@ type VectorAgent struct {
 	// +optional
 	InternalMetrics bool `json:"internalMetrics,omitempty"`
 
+	// List of volumes that can be mounted by containers belonging to the pod.
+	// +optional
+	Volumes []v1.Volume `json:"volumes,omitempty"`
+
+	// Pod volumes to mount into the container's filesystem.
+	// +optional
+	VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"`
+
 	ConfigCheck ConfigCheck `json:"configCheck,omitempty"`
 }
 

api/v1alpha1/zz_generated.deepcopy.go

@@ -41,7 +41,7 @@ func New(vector *vectorv1alpha1.Vector) *VectorConfig {
 	}
 
 	return &VectorConfig{
-		DataDir: vector.Spec.Agent.DataDir,
+		DataDir: "/vector-data-dir",
 		Api:     api,
 		Sources: sources,
 		Sinks:   sinks,

config/crd/bases/observability.kaasops.io_vectors.yaml

@@ -58,7 +58,7 @@ func (ctrl *Controller) createVectorAgentDaemonSet() *appsv1.DaemonSet {
 							},
 							VolumeMounts:    ctrl.generateVectorAgentVolumeMounts(),
 							Resources:       ctrl.Vector.Spec.Agent.Resources,
-							SecurityContext: &corev1.SecurityContext{},
+							SecurityContext: ctrl.Vector.Spec.Agent.ContainerSecurityContext,
 							ImagePullPolicy: ctrl.Vector.Spec.Agent.ImagePullPolicy,
 						},
 					},
@@ -71,7 +71,9 @@ func (ctrl *Controller) createVectorAgentDaemonSet() *appsv1.DaemonSet {
 }
 
 func (ctrl *Controller) generateVectorAgentVolume() []corev1.Volume {
-	volume := []corev1.Volume{
+	volume := ctrl.Vector.Spec.Agent.Volumes
+
+	volume = append(volume, []corev1.Volume{
 		{
 			Name: "config",
 			VolumeSource: corev1.VolumeSource{
@@ -84,31 +86,7 @@ func (ctrl *Controller) generateVectorAgentVolume() []corev1.Volume {
 			Name: "data",
 			VolumeSource: corev1.VolumeSource{
 				HostPath: &corev1.HostPathVolumeSource{
-					Path: "/var/lib/vector",
-				},
-			},
-		},
-		{
-			Name: "var-log",
-			VolumeSource: corev1.VolumeSource{
-				HostPath: &corev1.HostPathVolumeSource{
-					Path: "/var/log/",
-				},
-			},
-		},
-		{
-			Name: "journal",
-			VolumeSource: corev1.VolumeSource{
-				HostPath: &corev1.HostPathVolumeSource{
-					Path: "/var/log/journal",
-				},
-			},
-		},
-		{
-			Name: "var-lib",
-			VolumeSource: corev1.VolumeSource{
-				HostPath: &corev1.HostPathVolumeSource{
-					Path: "/var/lib/",
+					Path: ctrl.Vector.Spec.Agent.DataDir,
 				},
 			},
 		},
@@ -128,13 +106,15 @@ func (ctrl *Controller) generateVectorAgentVolume() []corev1.Volume {
 				},
 			},
 		},
-	}
+	}...)
 
 	return volume
 }
 
 func (ctrl *Controller) generateVectorAgentVolumeMounts() []corev1.VolumeMount {
-	volumeMount := []corev1.VolumeMount{
+	volumeMount := ctrl.Vector.Spec.Agent.VolumeMounts
+
+	volumeMount = append(volumeMount, []corev1.VolumeMount{
 		{
 			Name:      "config",
 			MountPath: "/etc/vector/",
@@ -143,18 +123,6 @@ func (ctrl *Controller) generateVectorAgentVolumeMounts() []corev1.VolumeMount {
 			Name:      "data",
 			MountPath: "/vector-data-dir",
 		},
-		{
-			Name:      "var-log",
-			MountPath: "/var/log/",
-		},
-		{
-			Name:      "journal",
-			MountPath: "/run/log/journal",
-		},
-		{
-			Name:      "var-lib",
-			MountPath: "/var/lib/",
-		},
 		{
 			Name:      "procfs",
 			MountPath: "/host/proc",
@@ -163,7 +131,7 @@ func (ctrl *Controller) generateVectorAgentVolumeMounts() []corev1.VolumeMount {
 			Name:      "sysfs",
 			MountPath: "/host/sys",
 		},
-	}
+	}...)
 
 	return volumeMount
 }

controllers/factory/config/config.go

@@ -44,7 +44,52 @@ func (ctrl *Controller) SetDefault() {
 	}
 
 	if ctrl.Vector.Spec.Agent.DataDir == "" {
-		ctrl.Vector.Spec.Agent.DataDir = "/vector-data-dir"
+		ctrl.Vector.Spec.Agent.DataDir = "/var/lib/vector"
 	}
 
+	if ctrl.Vector.Spec.Agent.Volumes == nil {
+		ctrl.Vector.Spec.Agent.Volumes = []corev1.Volume{
+			{
+				Name: "var-log",
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: "/var/log/",
+					},
+				},
+			},
+			{
+				Name: "journal",
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: "/var/log/journal",
+					},
+				},
+			},
+			{
+				Name: "var-lib",
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: "/var/lib/",
+					},
+				},
+			},
+		}
+	}
+
+	if ctrl.Vector.Spec.Agent.VolumeMounts == nil {
+		ctrl.Vector.Spec.Agent.VolumeMounts = []corev1.VolumeMount{
+			{
+				Name:      "var-log",
+				MountPath: "/var/log/",
+			},
+			{
+				Name:      "journal",
+				MountPath: "/run/log/journal",
+			},
+			{
+				Name:      "var-lib",
+				MountPath: "/var/lib/",
+			},
+		}
+	}
 }

controllers/factory/vector/vectoragent/vectoragent_daemonset.go

@@ -1,8 +1,9 @@
 # Specification
 
-- [Vector](#vector-spec)
-- [VectorPipeline](#vectorpipelinespec-clustervectorpipelinespec)
-- [ClusterVectorPipeline](#vectorpipelinespec-clustervectorpipelinespec)
+- [Specification](#specification)
+- [Vector Spec](#vector-spec)
+  - [Api Spec](#api-spec)
+- [VectorPipelineSpec (ClusterVectorPipelineSpec)](#vectorpipelinespec-clustervectorpipelinespec)
 
 
 
@@ -45,6 +46,10 @@
         <td>securityContext</td>
         <td>SecurityContext holds pod-level security attributes and common container settings. By default - not set</td>
     </tr>
+    <tr>
+        <td>containerSecurityContext</td>
+        <td>securityContext holds security configuration that will be applied to a container.</td>
+    </tr>
     <tr>
         <td>schedulerName</td>
         <td>SchedulerName - defines kubernetes scheduler name. By default - not set</td>
@@ -61,6 +66,14 @@
         <td>podSecurityPolicyName</td>
         <td>PodSecurityPolicyName - defines name for podSecurityPolicy in case of empty value, prefixedName will be used.</td>
     </tr>
+    <tr>
+        <td>volumes</td>
+        <td>List of volumes that can be mounted by containers belonging to the pod.</td>
+    </tr>
+    <tr>
+        <td>volumeMounts</td>
+        <td>Pod volumes to mount into the container's filesystem.</td>
+    </tr>
     <tr>
         <td>priorityClassName</td>
         <td>PriorityClassName assigned to the Pods.</td>
@@ -109,4 +122,4 @@
       <td>sinks</td>
       <td>List of Sinks</td>
     </tr>
-</table>
+</table>