Skip to content

Commit fd9e7c9

Browse files
CasperGNCasperGN
committed
Merge branch 'main' into ContainerSecurityContext
2 parents 9f499c9 + fe7cc2b commit fd9e7c9

12 files changed

+326
-12
lines changed

api/v1/kubegres_types.go

+1
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,7 @@ type KubegresSpec struct {
7777
SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
7878
ContainerSecurityContext *v1.SecurityContext `json:"containerSecurityContext,omitempty"`
7979
Probe Probe `json:"probe,omitempty"`
80+
ServiceAccountName string `json:"serviceAccountName,omitempty"`
8081
}
8182

8283
// ----------------------- STATUS -----------------------------------------

config/crd/bases/kubegres.reactive-tech.io_kubegres.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -1943,6 +1943,8 @@ spec:
19431943
type: string
19441944
type: object
19451945
type: object
1946+
serviceAccountName:
1947+
type: string
19461948
volume:
19471949
properties:
19481950
volumeClaimTemplates:

internal/controller/ctx/KubegresContext.go

+4-2
Original file line numberDiff line numberDiff line change
@@ -22,12 +22,13 @@ package ctx
2222

2323
import (
2424
"context"
25+
"strconv"
26+
"strings"
27+
2528
"reactive-tech.io/kubegres/api/v1"
2629
"reactive-tech.io/kubegres/internal/controller/ctx/log"
2730
"reactive-tech.io/kubegres/internal/controller/ctx/status"
2831
"sigs.k8s.io/controller-runtime/pkg/client"
29-
"strconv"
30-
"strings"
3132
)
3233

3334
type KubegresContext struct {
@@ -48,6 +49,7 @@ const (
4849
BaseConfigMapName = "base-kubegres-config"
4950
CronJobNamePrefix = "backup-"
5051
DefaultContainerPortNumber = 5432
52+
DefaultPodServiceAccountName = "default"
5153
DefaultDatabaseVolumeMount = "/var/lib/postgresql/data"
5254
DefaultDatabaseFolder = "pgdata"
5355
EnvVarNamePgData = "PGDATA"

internal/controller/ctx/resources/ResourcesContext.go

+2
Original file line numberDiff line numberDiff line change
@@ -168,6 +168,7 @@ func addStatefulSetSpecEnforcers(rc *ResourcesContext) {
168168
securityContextSpecEnforcer := statefulset_spec2.CreateSecurityContextSpecEnforcer(rc.KubegresContext)
169169
livenessProbeSpecEnforcer := statefulset_spec2.CreateLivenessProbeSpecEnforcer(rc.KubegresContext)
170170
readinessProbeSpecEnforcer := statefulset_spec2.CreateReadinessProbeSpecEnforcer(rc.KubegresContext)
171+
serviAccountNameSpecEnforcer := statefulset_spec2.CreateServiceAccountNameSpecEnforcer(rc.KubegresContext)
171172

172173
rc.StatefulSetsSpecsEnforcer = statefulset_spec2.CreateStatefulSetsSpecsEnforcer(rc.KubegresContext)
173174
rc.StatefulSetsSpecsEnforcer.AddSpecEnforcer(&imageSpecEnforcer)
@@ -182,6 +183,7 @@ func addStatefulSetSpecEnforcers(rc *ResourcesContext) {
182183
rc.StatefulSetsSpecsEnforcer.AddSpecEnforcer(&securityContextSpecEnforcer)
183184
rc.StatefulSetsSpecsEnforcer.AddSpecEnforcer(&livenessProbeSpecEnforcer)
184185
rc.StatefulSetsSpecsEnforcer.AddSpecEnforcer(&readinessProbeSpecEnforcer)
186+
rc.StatefulSetsSpecsEnforcer.AddSpecEnforcer(&serviAccountNameSpecEnforcer)
185187

186188
rc.AllStatefulSetsSpecEnforcer = statefulset_spec2.CreateAllStatefulSetsSpecEnforcer(rc.KubegresContext, rc.ResourcesStates, rc.BlockingOperation, rc.StatefulSetsSpecsEnforcer)
187189
}

internal/controller/spec/enforcer/statefulset_spec/ServiceAccountNameSpecEnforcer.go

+63
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
/*
2+
Copyright 2023 Reactive Tech Limited.
3+
"Reactive Tech Limited" is a company located in England, United Kingdom.
4+
https://www.reactive-tech.io
5+
6+
Lead Developer: Alex Arica
7+
8+
Licensed under the Apache License, Version 2.0 (the "License");
9+
you may not use this file except in compliance with the License.
10+
You may obtain a copy of the License at
11+
12+
http://www.apache.org/licenses/LICENSE-2.0
13+
14+
Unless required by applicable law or agreed to in writing, software
15+
distributed under the License is distributed on an "AS IS" BASIS,
16+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17+
See the License for the specific language governing permissions and
18+
limitations under the License.
19+
*/
20+
21+
package statefulset_spec
22+
23+
import (
24+
apps "k8s.io/api/apps/v1"
25+
"reactive-tech.io/kubegres/internal/controller/ctx"
26+
)
27+
28+
type ServiceAccountNameSpecEnforcer struct {
29+
kubegresContext ctx.KubegresContext
30+
}
31+
32+
func CreateServiceAccountNameSpecEnforcer(kubegresContext ctx.KubegresContext) ServiceAccountNameSpecEnforcer {
33+
return ServiceAccountNameSpecEnforcer{kubegresContext: kubegresContext}
34+
}
35+
36+
func (r *ServiceAccountNameSpecEnforcer) GetSpecName() string {
37+
return "ServiceAccountName"
38+
}
39+
40+
func (r *ServiceAccountNameSpecEnforcer) CheckForSpecDifference(statefulSet *apps.StatefulSet) StatefulSetSpecDifference {
41+
42+
current := statefulSet.Spec.Template.Spec.ServiceAccountName
43+
expected := r.kubegresContext.Kubegres.Spec.ServiceAccountName
44+
45+
if current != expected {
46+
return StatefulSetSpecDifference{
47+
SpecName: r.GetSpecName(),
48+
Current: current,
49+
Expected: expected,
50+
}
51+
}
52+
53+
return StatefulSetSpecDifference{}
54+
}
55+
56+
func (r *ServiceAccountNameSpecEnforcer) EnforceSpec(statefulSet *apps.StatefulSet) (wasSpecUpdated bool, err error) {
57+
statefulSet.Spec.Template.Spec.ServiceAccountName = r.kubegresContext.Kubegres.Spec.ServiceAccountName
58+
return true, nil
59+
}
60+
61+
func (r *ServiceAccountNameSpecEnforcer) OnSpecEnforcedSuccessfully(_ *apps.StatefulSet) error {
62+
return nil
63+
}

internal/controller/spec/template/ResourcesCreatorFromTemplate.go

+4
Original file line numberDiff line numberDiff line change
@@ -273,6 +273,10 @@ func (r *ResourcesCreatorFromTemplate) initStatefulSet(
273273
if postgresSpec.Probe.ReadinessProbe != nil {
274274
statefulSetTemplate.Spec.Template.Spec.Containers[0].ReadinessProbe = postgresSpec.Probe.ReadinessProbe
275275
}
276+
277+
if postgresSpec.ServiceAccountName != "" {
278+
statefulSetTemplate.Spec.Template.Spec.ServiceAccountName = postgresSpec.ServiceAccountName
279+
}
276280
}
277281

278282
// Extract annotations set in Kubegres YAML by

internal/controller/spec/template/yaml/Templates.go

+4-6
Original file line numberDiff line numberDiff line change
@@ -152,12 +152,10 @@ data:
152152
#echo "$dt - Running: psql -v ON_ERROR_STOP=1 --username $POSTGRES_USER --dbname $POSTGRES_DB ...";
153153
154154
#psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
155-
#CREATE DATABASE $customDatabaseName;
156-
#\connect $customDatabaseName;
157-
#CREATE USER $customUserName WITH PASSWORD '$POSTGRES_MYAPP_PASSWORD';
158-
#GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER ON ALL TABLES IN SCHEMA public TO $customUserName;
159-
#GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO $customUserName;
160-
#GRANT USAGE, CREATE ON SCHEMA public TO $customUserName;
155+
#CREATE USER $customUserName WITH PASSWORD '$POSTGRES_MYAPP_PASSWORD';
156+
#CREATE DATABASE $customDatabaseName;
157+
#\connect $customDatabaseName;
158+
#GRANT ALL ON SCHEMA public TO $customUserName;
161159
#EOSQL
162160
163161
#echo "$dt - Init script is completed";

internal/test/resourceConfigs/ConfigForTest.go

+3
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,9 @@ const (
4040
SecretYamlFile = "resourceConfigs/secret.yaml"
4141
SecretResourceName = "my-kubegres-secret"
4242

43+
ServiceAccountYamlFile = "resourceConfigs/serviceAccount.yaml"
44+
ServiceAccountResourceName = "my-kubegres"
45+
4346
ServiceToSqlQueryPrimaryDbYamlFile = "resourceConfigs/primaryService.yaml"
4447
ServiceToSqlQueryPrimaryDbResourceName = "test-kubegres-primary"
4548
ServiceToSqlQueryPrimaryDbNodePort = 30007

internal/test/resourceConfigs/LoadTestYaml.go

+8-1
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,11 @@ package resourceConfigs
2222

2323
import (
2424
"io/ioutil"
25+
"log"
26+
2527
v1 "k8s.io/api/core/v1"
2628
"k8s.io/apimachinery/pkg/runtime"
2729
"k8s.io/client-go/kubernetes/scheme"
28-
"log"
2930
kubegresv1 "reactive-tech.io/kubegres/api/v1"
3031
)
3132

@@ -53,6 +54,12 @@ func LoadSecretYaml() v1.Secret {
5354
return *obj.(*v1.Secret)
5455
}
5556

57+
func LoadServiceAccountYaml() v1.ServiceAccount {
58+
fileContents := getFileContents(ServiceAccountYamlFile)
59+
obj := decodeYaml(fileContents)
60+
return *obj.(*v1.ServiceAccount)
61+
}
62+
5663
func LoadYamlServiceToSqlQueryPrimaryDb() v1.Service {
5764
fileContents := getFileContents(ServiceToSqlQueryPrimaryDbYamlFile)
5865
obj := decodeYaml(fileContents)

internal/test/resourceConfigs/serviceAccount.yaml

+5
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
apiVersion: v1
2+
kind: ServiceAccount
3+
metadata:
4+
name: my-kubegres
5+
namespace: default

0 commit comments

Comments
 (0)