Merge branch 'master' into KO-357

aerospike · Jan 10, 2025 · 3d515d4 · 3d515d4
2 parents 2afc9dd + 6f8af77
commit 3d515d4
Show file tree

Hide file tree

Showing 14 changed files with 5,309 additions and 121 deletions.
diff --git a/api/v1beta1/aerospikebackupservice_types.go b/api/v1beta1/aerospikebackupservice_types.go
@@ -55,8 +55,13 @@ type AerospikeBackupServiceSpec struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Backup Service Config"
 	Config runtime.RawExtension `json:"config"`
 
+	// Specify additional configuration for the AerospikeBackupService pods
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Pod Configuration"
+	PodSpec ServicePodSpec `json:"podSpec,omitempty"`
+
 	// Resources defines the requests and limits for the backup service container.
 	// Resources.Limits should be more than Resources.Requests.
+	// Deprecated: Resources field is now part of spec.podSpec.serviceContainer
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Resources"
 	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
 
@@ -82,9 +87,8 @@ type AerospikeBackupServiceStatus struct {
 	// It includes: service, backup-policies, storage, secret-agent.
 	Config runtime.RawExtension `json:"config,omitempty"`
 
-	// Resources defines the requests and limits for the backup service container.
-	// Resources.Limits should be more than Resources.Requests.
-	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
+	// Specify additional configuration for the AerospikeBackupService pods
+	PodSpec ServicePodSpec `json:"podSpec,omitempty"`
 
 	// SecretMounts is the list of secret to be mounted in the backup service.
 	SecretMounts []SecretMount `json:"secrets,omitempty"`
@@ -103,6 +107,30 @@ type AerospikeBackupServiceStatus struct {
 	Port int32 `json:"port,omitempty"`
 }
 
+type ServicePodSpec struct {
+	// ServiceContainerSpec configures the backup service container
+	// created by the operator.
+	ServiceContainerSpec ServiceContainerSpec `json:"serviceContainer,omitempty"`
+
+	// MetaData to add to the pod.
+	ObjectMeta AerospikeObjectMeta `json:"metadata,omitempty"`
+
+	// SchedulingPolicy controls pods placement on Kubernetes nodes.
+	SchedulingPolicy `json:",inline"`
+
+	// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of
+	// the images used by this PodSpec.
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+}
+
+type ServiceContainerSpec struct {
+	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
+
+	// Resources defines the requests and limits for the backup service container.
+	// Resources.Limits should be more than Resources.Requests.
+	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
+}
+
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
 // +kubebuilder:metadata:annotations="aerospike-kubernetes-operator/version=3.4.1"

diff --git a/api/v1beta1/aerospikebackupservice_webhook.go b/api/v1beta1/aerospikebackupservice_webhook.go
@@ -18,6 +18,7 @@ package v1beta1
 
 import (
 	"fmt"
+	"reflect"
 
 	set "github.com/deckarep/golang-set/v2"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -29,6 +30,7 @@ import (
 
 	"github.com/aerospike/aerospike-backup-service/v3/pkg/dto"
 	"github.com/aerospike/aerospike-backup-service/v3/pkg/validation"
+	asdbv1 "github.com/aerospike/aerospike-kubernetes-operator/api/v1"
 )
 
 const minSupportedVersion = "3.0.0"
@@ -39,14 +41,20 @@ func (r *AerospikeBackupService) SetupWebhookWithManager(mgr ctrl.Manager) error
 		Complete()
 }
 
-// Implemented Defaulter interface for future reference
+//nolint:lll // for readability
+//+kubebuilder:webhook:path=/mutate-asdb-aerospike-com-v1beta1-aerospikebackupservice,mutating=true,failurePolicy=fail,sideEffects=None,groups=asdb.aerospike.com,resources=aerospikebackupservices,verbs=create;update,versions=v1beta1,name=maerospikebackupservice.kb.io,admissionReviewVersions=v1
+
 var _ webhook.Defaulter = &AerospikeBackupService{}
 
 // Default implements webhook.Defaulter so a webhook will be registered for the type
 func (r *AerospikeBackupService) Default() {
 	absLog := logf.Log.WithName(namespacedName(r))
 
 	absLog.Info("Setting defaults for aerospikeBackupService")
+
+	if r.Spec.Resources != nil && r.Spec.PodSpec.ServiceContainerSpec.Resources == nil {
+		r.Spec.PodSpec.ServiceContainerSpec.Resources = r.Spec.Resources
+	}
 }
 
 //nolint:lll // for readability
@@ -64,7 +72,7 @@ func (r *AerospikeBackupService) ValidateCreate() (admission.Warnings, error) {
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *AerospikeBackupService) ValidateUpdate(_ runtime.Object) (admission.Warnings, error) {
+func (r *AerospikeBackupService) ValidateUpdate(oldObj runtime.Object) (admission.Warnings, error) {
 	absLog := logf.Log.WithName(namespacedName(r))
 
 	absLog.Info("Validate update")
@@ -95,7 +103,7 @@ func (r *AerospikeBackupService) validate() (admission.Warnings, error) {
 		return nil, err
 	}
 
-	return nil, nil
+	return r.validateServicePodSpec()
 }
 
 func (r *AerospikeBackupService) validateBackupServiceConfig() error {
@@ -138,3 +146,50 @@ func (r *AerospikeBackupService) validateBackupServiceSecrets() error {
 
 	return nil
 }
+
+func (r *AerospikeBackupService) validateServicePodSpec() (admission.Warnings, error) {
+	if err := validatePodObjectMeta(&r.Spec.PodSpec.ObjectMeta); err != nil {
+		return nil, err
+	}
+
+	return r.validateResources()
+}
+
+func (r *AerospikeBackupService) validateResources() (admission.Warnings, error) {
+	var warn admission.Warnings
+
+	if r.Spec.Resources != nil && r.Spec.PodSpec.ServiceContainerSpec.Resources != nil {
+		if !reflect.DeepEqual(r.Spec.Resources, r.Spec.PodSpec.ServiceContainerSpec.Resources) {
+			return nil, fmt.Errorf("resources mismatch, different resources requirements found in " +
+				"spec.resources and spec.podSpec.serviceContainer.resources")
+		}
+
+		warn = []string{"spec.resources field is deprecated, " +
+			"resources field is now part of spec.podSpec.serviceContainer"}
+	}
+
+	if r.Spec.PodSpec.ServiceContainerSpec.Resources != nil {
+		resources := r.Spec.PodSpec.ServiceContainerSpec.Resources
+		if resources.Limits != nil && resources.Requests != nil &&
+			((resources.Limits.Cpu().Cmp(*resources.Requests.Cpu()) < 0) ||
+				(resources.Limits.Memory().Cmp(*resources.Requests.Memory()) < 0)) {
+			return warn, fmt.Errorf("resources.Limits cannot be less than resource.Requests. Resources %v",
+				resources)
+		}
+	}
+
+	return warn, nil
+}
+
+func validatePodObjectMeta(objectMeta *AerospikeObjectMeta) error {
+	for label := range objectMeta.Labels {
+		if label == asdbv1.AerospikeAppLabel || label == asdbv1.AerospikeCustomResourceLabel {
+			return fmt.Errorf(
+				"label: %s is internally set by operator and shouldn't be specified by user",
+				label,
+			)
+		}
+	}
+
+	return nil
+}
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go