From 79a5a46cdf32a0057d5483b9b2e6473e59c4dd79 Mon Sep 17 00:00:00 2001 From: Ye Cao Date: Tue, 19 Dec 2023 16:52:57 +0800 Subject: [PATCH] Support to add the volume, volume mount and privileged for vineyardd CRD (#1671) Signed-off-by: Ye Cao --- charts/vineyard-operator/Chart.yaml | 2 +- .../templates/backup-crd.yaml | 27 +- .../templates/csidriver-crd.yaml | 2 +- .../templates/globalobject-crd.yaml | 2 +- .../templates/localobject-crd.yaml | 2 +- .../templates/operation-crd.yaml | 2 +- .../templates/recover-crd.yaml | 2 +- .../templates/sidecar-crd.yaml | 792 ++++++++++++++++- .../templates/vineyardd-crd.yaml | 792 ++++++++++++++++- docs/notes/cloud-native/deploy-kubernetes.rst | 2 +- docs/notes/cloud-native/vineyard-operator.rst | 84 ++ k8s/apis/k8s/v1alpha1/README.md | 6 + k8s/apis/k8s/v1alpha1/sidecar_types.go | 16 + k8s/apis/k8s/v1alpha1/vineyardd_types.go | 15 + .../k8s/v1alpha1/zz_generated.deepcopy.go | 30 + k8s/cmd/README.md | 10 + .../deploy/deploy_vineyard_deployment.go | 14 + k8s/cmd/commands/deploy/deploy_vineyardd.go | 22 + k8s/cmd/commands/flags/inject_flags.go | 6 + k8s/cmd/commands/flags/vineyardd_flags.go | 35 +- k8s/cmd/commands/inject/inject.go | 34 + k8s/cmd/commands/util/parse.go | 30 + k8s/config/crd/bases/k8s.v6d.io_backups.yaml | 33 +- .../crd/bases/k8s.v6d.io_csidrivers.yaml | 8 +- .../crd/bases/k8s.v6d.io_globalobjects.yaml | 8 +- .../crd/bases/k8s.v6d.io_localobjects.yaml | 8 +- .../crd/bases/k8s.v6d.io_operations.yaml | 8 +- k8s/config/crd/bases/k8s.v6d.io_recovers.yaml | 8 +- k8s/config/crd/bases/k8s.v6d.io_sidecars.yaml | 798 +++++++++++++++++- .../crd/bases/k8s.v6d.io_vineyardds.yaml | 798 +++++++++++++++++- k8s/controllers/k8s/sidecar_controller.go | 17 +- k8s/controllers/k8s/vineyardd_controller.go | 14 + .../templates/sidecar/injection-template.yaml | 10 + k8s/pkg/templates/vineyardd/deployment.yaml | 10 + test.log | 445 ++++++++++ 35 files changed, 3906 insertions(+), 186 deletions(-) create mode 100644 test.log diff --git a/charts/vineyard-operator/Chart.yaml b/charts/vineyard-operator/Chart.yaml index 6382a80fe5..8dbd30865b 100644 --- a/charts/vineyard-operator/Chart.yaml +++ b/charts/vineyard-operator/Chart.yaml @@ -34,5 +34,5 @@ appVersion: 0.19.1 dependencies: - name: cert-manager repository: https://charts.jetstack.io - version: v1.9.1 + version: v1.8.0 condition: cert-manager.enabled diff --git a/charts/vineyard-operator/templates/backup-crd.yaml b/charts/vineyard-operator/templates/backup-crd.yaml index 2530991176..df019e34e6 100644 --- a/charts/vineyard-operator/templates/backup-crd.yaml +++ b/charts/vineyard-operator/templates/backup-crd.yaml @@ -5,7 +5,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "vineyard-operator.fullname" . }}-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.0 + controller-gen.kubebuilder.io/version: v0.8.0 labels: {{- include "vineyard-operator.labels" . | nindent 4 }} spec: @@ -67,7 +67,6 @@ spec: - kind - name type: object - x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -80,7 +79,6 @@ spec: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: limits: @@ -123,7 +121,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic storageClassName: type: string volumeMode: @@ -210,7 +207,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic user: type: string required: @@ -229,7 +225,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic volumeID: type: string required: @@ -252,7 +247,6 @@ spec: uid: type: string type: object - x-kubernetes-map-type: granular csi: properties: controllerExpandSecretRef: @@ -262,7 +256,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic controllerPublishSecretRef: properties: name: @@ -270,19 +263,10 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic driver: type: string fsType: type: string - nodeExpandSecretRef: - properties: - name: - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic nodePublishSecretRef: properties: name: @@ -290,7 +274,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic nodeStageSecretRef: properties: name: @@ -298,7 +281,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -348,7 +330,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic required: - driver type: object @@ -426,7 +407,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -499,12 +479,10 @@ spec: type: object type: array type: object - x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object - x-kubernetes-map-type: atomic type: object persistentVolumeReclaimPolicy: type: string @@ -569,7 +547,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic user: type: string required: @@ -593,7 +570,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -634,7 +610,6 @@ spec: uid: type: string type: object - x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: diff --git a/charts/vineyard-operator/templates/csidriver-crd.yaml b/charts/vineyard-operator/templates/csidriver-crd.yaml index 87ecf588b2..a5fa26f3d6 100644 --- a/charts/vineyard-operator/templates/csidriver-crd.yaml +++ b/charts/vineyard-operator/templates/csidriver-crd.yaml @@ -5,7 +5,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "vineyard-operator.fullname" . }}-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.0 + controller-gen.kubebuilder.io/version: v0.8.0 labels: {{- include "vineyard-operator.labels" . | nindent 4 }} spec: diff --git a/charts/vineyard-operator/templates/globalobject-crd.yaml b/charts/vineyard-operator/templates/globalobject-crd.yaml index b056a62e84..0d205d538b 100644 --- a/charts/vineyard-operator/templates/globalobject-crd.yaml +++ b/charts/vineyard-operator/templates/globalobject-crd.yaml @@ -5,7 +5,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "vineyard-operator.fullname" . }}-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.0 + controller-gen.kubebuilder.io/version: v0.8.0 labels: {{- include "vineyard-operator.labels" . | nindent 4 }} spec: diff --git a/charts/vineyard-operator/templates/localobject-crd.yaml b/charts/vineyard-operator/templates/localobject-crd.yaml index e914cd7300..23aaaa4b59 100644 --- a/charts/vineyard-operator/templates/localobject-crd.yaml +++ b/charts/vineyard-operator/templates/localobject-crd.yaml @@ -5,7 +5,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "vineyard-operator.fullname" . }}-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.0 + controller-gen.kubebuilder.io/version: v0.8.0 labels: {{- include "vineyard-operator.labels" . | nindent 4 }} spec: diff --git a/charts/vineyard-operator/templates/operation-crd.yaml b/charts/vineyard-operator/templates/operation-crd.yaml index bc0240b791..c812159baa 100644 --- a/charts/vineyard-operator/templates/operation-crd.yaml +++ b/charts/vineyard-operator/templates/operation-crd.yaml @@ -5,7 +5,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "vineyard-operator.fullname" . }}-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.0 + controller-gen.kubebuilder.io/version: v0.8.0 labels: {{- include "vineyard-operator.labels" . | nindent 4 }} spec: diff --git a/charts/vineyard-operator/templates/recover-crd.yaml b/charts/vineyard-operator/templates/recover-crd.yaml index ee55908aa7..d985216246 100644 --- a/charts/vineyard-operator/templates/recover-crd.yaml +++ b/charts/vineyard-operator/templates/recover-crd.yaml @@ -5,7 +5,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "vineyard-operator.fullname" . }}-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.0 + controller-gen.kubebuilder.io/version: v0.8.0 labels: {{- include "vineyard-operator.labels" . | nindent 4 }} spec: diff --git a/charts/vineyard-operator/templates/sidecar-crd.yaml b/charts/vineyard-operator/templates/sidecar-crd.yaml index f465a02f46..4a45f3ec7f 100644 --- a/charts/vineyard-operator/templates/sidecar-crd.yaml +++ b/charts/vineyard-operator/templates/sidecar-crd.yaml @@ -5,7 +5,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "vineyard-operator.fullname" . }}-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.0 + controller-gen.kubebuilder.io/version: v0.8.0 labels: {{- include "vineyard-operator.labels" . | nindent 4 }} spec: @@ -68,6 +68,67 @@ spec: replicas: default: 0 type: integer + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object selector: default: "" type: string @@ -114,7 +175,6 @@ spec: required: - key type: object - x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -124,7 +184,6 @@ spec: required: - fieldPath type: object - x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -140,7 +199,6 @@ spec: required: - resource type: object - x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -152,7 +210,6 @@ spec: required: - key type: object - x-kubernetes-map-type: atomic type: object required: - name @@ -201,7 +258,6 @@ spec: - kind - name type: object - x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -214,7 +270,6 @@ spec: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: limits: @@ -257,7 +312,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic storageClassName: type: string volumeMode: @@ -344,7 +398,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic user: type: string required: @@ -363,7 +416,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic volumeID: type: string required: @@ -386,7 +438,6 @@ spec: uid: type: string type: object - x-kubernetes-map-type: granular csi: properties: controllerExpandSecretRef: @@ -396,7 +447,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic controllerPublishSecretRef: properties: name: @@ -404,19 +454,10 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic driver: type: string fsType: type: string - nodeExpandSecretRef: - properties: - name: - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic nodePublishSecretRef: properties: name: @@ -424,7 +465,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic nodeStageSecretRef: properties: name: @@ -432,7 +472,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -482,7 +521,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic required: - driver type: object @@ -560,7 +598,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -633,12 +670,10 @@ spec: type: object type: array type: object - x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object - x-kubernetes-map-type: atomic type: object persistentVolumeReclaimPolicy: type: string @@ -703,7 +738,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic user: type: string required: @@ -727,7 +761,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -768,7 +801,6 @@ spec: uid: type: string type: object - x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -814,6 +846,706 @@ spec: default: "" type: string type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array type: object status: properties: diff --git a/charts/vineyard-operator/templates/vineyardd-crd.yaml b/charts/vineyard-operator/templates/vineyardd-crd.yaml index 8d50d1a8b5..1b1ec030a4 100644 --- a/charts/vineyard-operator/templates/vineyardd-crd.yaml +++ b/charts/vineyard-operator/templates/vineyardd-crd.yaml @@ -5,7 +5,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "vineyard-operator.fullname" . }}-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.0 + controller-gen.kubebuilder.io/version: v0.8.0 labels: {{- include "vineyard-operator.labels" . | nindent 4 }} spec: @@ -92,6 +92,67 @@ spec: replicas: default: 3 type: integer + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object service: default: port: 9600 @@ -135,7 +196,6 @@ spec: required: - key type: object - x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -145,7 +205,6 @@ spec: required: - fieldPath type: object - x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -161,7 +220,6 @@ spec: required: - resource type: object - x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -173,7 +231,6 @@ spec: required: - key type: object - x-kubernetes-map-type: atomic type: object required: - name @@ -222,7 +279,6 @@ spec: - kind - name type: object - x-kubernetes-map-type: atomic dataSourceRef: properties: apiGroup: @@ -235,7 +291,6 @@ spec: - kind - name type: object - x-kubernetes-map-type: atomic resources: properties: limits: @@ -278,7 +333,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic storageClassName: type: string volumeMode: @@ -365,7 +419,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic user: type: string required: @@ -384,7 +437,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic volumeID: type: string required: @@ -407,7 +459,6 @@ spec: uid: type: string type: object - x-kubernetes-map-type: granular csi: properties: controllerExpandSecretRef: @@ -417,7 +468,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic controllerPublishSecretRef: properties: name: @@ -425,19 +475,10 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic driver: type: string fsType: type: string - nodeExpandSecretRef: - properties: - name: - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic nodePublishSecretRef: properties: name: @@ -445,7 +486,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic nodeStageSecretRef: properties: name: @@ -453,7 +493,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic readOnly: type: boolean volumeAttributes: @@ -503,7 +542,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic required: - driver type: object @@ -581,7 +619,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic targetPortal: type: string required: @@ -654,12 +691,10 @@ spec: type: object type: array type: object - x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object - x-kubernetes-map-type: atomic type: object persistentVolumeReclaimPolicy: type: string @@ -724,7 +759,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic user: type: string required: @@ -748,7 +782,6 @@ spec: namespace: type: string type: object - x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: @@ -789,7 +822,6 @@ spec: uid: type: string type: object - x-kubernetes-map-type: atomic volumeName: type: string volumeNamespace: @@ -838,6 +870,706 @@ spec: default: "" type: string type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array type: object status: properties: diff --git a/docs/notes/cloud-native/deploy-kubernetes.rst b/docs/notes/cloud-native/deploy-kubernetes.rst index 8b02ca434e..941f748a71 100644 --- a/docs/notes/cloud-native/deploy-kubernetes.rst +++ b/docs/notes/cloud-native/deploy-kubernetes.rst @@ -81,7 +81,7 @@ Option #2: Install form source code .. code:: bash - $ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml + $ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml .. note:: diff --git a/docs/notes/cloud-native/vineyard-operator.rst b/docs/notes/cloud-native/vineyard-operator.rst index 1c76723d3b..4a4cabf58a 100644 --- a/docs/notes/cloud-native/vineyard-operator.rst +++ b/docs/notes/cloud-native/vineyard-operator.rst @@ -84,6 +84,33 @@ components will be created and managed by the vineyard operator: replicaset.apps/vineyard-controller-manager-5c6f4bc454 1 1 1 72s replicaset.apps/vineyardd-sample-5cc797668f 3 3 3 48s +Also, if you want to use the custom vineyard socket path and mount something like /dev to the +vineyard container, you could use the following YAML file: + +.. code:: yaml + + $ cat <`_. Installing vineyard as sidecar @@ -317,6 +344,63 @@ sidecar cr as follows: value: v6d-workflow-demo-job EOF +Also, if you want to use the custom vineyard socket path and mount something like /dev to the +vineyard container, you could use the following YAML file: + +.. code:: yaml + + $ cat <\" (2023-12-18 12:48:36 +0000 UTC to 2033-12-15 12:48:36 +0000 UTC (now=2023-12-19 06:39:55.435089597 +0000 UTC))" +I1219 06:39:55.435125 1 shared_informer.go:270] caches populated +I1219 06:39:55.435129 1 shared_informer.go:270] caches populated +I1219 06:39:55.435144 1 tlsconfig.go:178] "Loaded client CA" index=1 certName="client-ca::kube-system::extension-apiserver-authentication::client-ca-file,client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file" certDetail="\"front-proxy-ca\" [] validServingFor=[front-proxy-ca] issuer=\"\" (2023-12-18 12:48:37 +0000 UTC to 2033-12-15 12:48:37 +0000 UTC (now=2023-12-19 06:39:55.435131585 +0000 UTC))" +I1219 06:39:55.435253 1 tlsconfig.go:200] "Loaded serving cert" certName="Generated self signed cert" certDetail="\"localhost@1702967994\" [serving] validServingFor=[127.0.0.1,localhost,localhost] issuer=\"localhost-ca@1702967994\" (2023-12-19 05:39:54 +0000 UTC to 2024-12-18 05:39:54 +0000 UTC (now=2023-12-19 06:39:55.435241084 +0000 UTC))" +I1219 06:39:55.435337 1 named_certificates.go:53] "Loaded SNI cert" index=0 certName="self-signed loopback" certDetail="\"apiserver-loopback-client@1702967995\" [serving] validServingFor=[apiserver-loopback-client] issuer=\"apiserver-loopback-client-ca@1702967995\" (2023-12-19 05:39:54 +0000 UTC to 2024-12-18 05:39:54 +0000 UTC (now=2023-12-19 06:39:55.435326516 +0000 UTC))" +2023-12-19T06:40:14.708Z INFO default {"name": "sidecar-sample"} +2023-12-19T06:40:14.713Z INFO validate create {"name": "sidecar-sample"} +2023-12-19T06:40:14.720Z INFO could not find existing resource, creating one... +2023-12-19T06:40:14.724Z INFO created +I1219 06:40:14.726513 1 eventhandlers.go:186] "Add event for scheduled pod" pod="vineyard-job/sidecar-sample-etcd-0" +2023-12-19T06:40:14.727Z INFO could not find existing resource, creating one... +I1219 06:40:14.730948 1 eventhandlers.go:186] "Add event for scheduled pod" pod="vineyard-job/job-deployment-with-custom-sidecar-767d486b4c-f5sx5" +2023-12-19T06:40:14.732Z INFO created +I1219 06:40:14.733540 1 eventhandlers.go:186] "Add event for scheduled pod" pod="vineyard-job/job-deployment-with-custom-sidecar-767d486b4c-5jwng" +2023-12-19T06:40:14.735Z INFO could not find existing resource, creating one... +2023-12-19T06:40:14.740Z INFO created +2023-12-19T06:40:14.744Z INFO could not find existing resource, creating one... +2023-12-19T06:40:14.748Z INFO created +I1219 06:40:14.748669 1 reflector.go:219] Starting reflector *v1.Pod (9h21m50.901843105s) from pkg/mod/k8s.io/client-go@v0.23.0/tools/cache/reflector.go:167 +I1219 06:40:14.748680 1 reflector.go:255] Listing and watching *v1.Pod from pkg/mod/k8s.io/client-go@v0.23.0/tools/cache/reflector.go:167 +I1219 06:40:14.849168 1 shared_informer.go:270] caches populated +2023-12-19T06:40:14.856Z INFO resource keeps the same as before +2023-12-19T06:40:14.858Z INFO resource keeps the same as before +2023-12-19T06:40:14.859Z INFO resource keeps the same as before +2023-12-19T06:40:14.860Z INFO resource keeps the same as before +2023-12-19T06:41:14.859Z INFO resource keeps the same as before +2023-12-19T06:41:14.861Z INFO resource keeps the same as before +2023-12-19T06:41:14.862Z INFO resource keeps the same as before +2023-12-19T06:41:14.864Z INFO resource keeps the same as before +2023-12-19T06:42:14.873Z INFO resource keeps the same as before +2023-12-19T06:42:14.875Z INFO resource keeps the same as before +2023-12-19T06:42:14.880Z INFO resource keeps the same as before +2023-12-19T06:42:14.886Z INFO resource keeps the same as before +2023-12-19T06:43:14.901Z INFO resource keeps the same as before +2023-12-19T06:43:14.903Z INFO resource keeps the same as before +2023-12-19T06:43:14.904Z INFO resource keeps the same as before +2023-12-19T06:43:14.906Z INFO resource keeps the same as before