xline-kv · Phoenix500526 · Dec 20, 2023 · Dec 23, 2023 · Dec 23, 2023 · Jan 25, 2024
diff --git a/api/v1alpha1/xlinecluster_types.go b/api/v1alpha1/xlinecluster_types.go
@@ -133,6 +133,24 @@ type XlineClusterSpec struct {
 	// The replicas of xline nodes
 	// +kubebuilder:validation:Minimum=3
 	Replicas int32 `json:"replicas"`
+
+	// The auth secret keys
+	AuthSecrets *XlineAuthSecret `json:"authSecret,omitempty"`
+
+	// K8s storage-class-name of the Xline storage
+	// Defaults to Kubernetes default storage class.
+	// +optional
+	StorageClassName *string `json:"storageClassName"`
+
+	// Defines the specification of resource cpu, mem, storage.
+	corev1.ResourceRequirements `json:",inline"`
+}
+
+type XlineAuthSecret struct {
+	Name      *string `json:"name"`
+	MountPath *string `json:"mountPath"`
+	PubKey    *string `json:"pubKey"`
+	PriKey    *string `json:"priKey"`
 }
 
 func (s *XlineClusterSpec) BootArgs() []string {

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/xline.io.datenlord.com_xlineclusters.yaml b/config/crd/bases/xline.io.datenlord.com_xlineclusters.yaml
@@ -35,6 +35,23 @@ spec:
           spec:
             description: XlineClusterSpec defines the desired state of XlineCluster
             properties:
+              authSecret:
+                description: The auth secret keys
+                properties:
+                  mountPath:
+                    type: string
+                  name:
+                    type: string
+                  priKey:
+                    type: string
+                  pubKey:
+                    type: string
+                required:
+                - mountPath
+                - name
+                - priKey
+                - pubKey
+                type: object
               bootstrapArgs:
                 description: / Xline container bootstrap arguments / Set additional
                   arguments except [`--name`, `--members`, `--storage-engine`, `--data-dir`]
@@ -138,17 +155,63 @@ spec:
                     pattern: \d+(us|ms|s|m|h|d)
                     type: string
                 type: object
+              claims:
+                description: "Claims lists the names of resources, defined in spec.resourceClaims,
+                  that are used by this container. \n This is an alpha field and requires
+                  enabling the DynamicResourceAllocation feature gate. \n This field
+                  is immutable. It can only be set for containers."
+                items:
+                  description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                  properties:
+                    name:
+                      description: Name must match the name of one entry in pod.spec.resourceClaims
+                        of the Pod where this field is used. It makes that resource
+                        available inside a container.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - name
+                x-kubernetes-list-type: map
               image:
                 description: Xline cluster image
                 type: string
               imagePullPolicy:
                 description: ImagePullPolicy of Xline cluster Pods
                 type: string
+              limits:
+                additionalProperties:
+                  anyOf:
+                  - type: integer
+                  - type: string
+                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                  x-kubernetes-int-or-string: true
+                description: 'Limits describes the maximum amount of compute resources
+                  allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                type: object
               replicas:
                 description: The replicas of xline nodes
                 format: int32
                 minimum: 3
                 type: integer
+              requests:
+                additionalProperties:
+                  anyOf:
+                  - type: integer
+                  - type: string
+                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                  x-kubernetes-int-or-string: true
+                description: 'Requests describes the minimum amount of compute resources
+                  required. If Requests is omitted for a container, it defaults to
+                  Limits if that is explicitly specified, otherwise to an implementation-defined
+                  value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                type: object
+              storageClassName:
+                description: K8s storage-class-name of the Xline storage Defaults
+                  to Kubernetes default storage class.
+                type: string
             required:
             - replicas
             type: object

diff --git a/internal/transformer/xlinecluster_resource.go b/internal/transformer/xlinecluster_resource.go
@@ -5,6 +5,7 @@
 	"strings"
 
 	xapi "github.com/xline-kv/xline-operator/api/v1alpha1"
+	"github.com/xline-kv/xline-operator/internal/util"
 	appv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -46,6 +47,38 @@
 	return strings.Join(members, ",")
 }
 
+func GetAuthSecretVolume(auth_sec *xapi.XlineAuthSecret) []corev1.Volume {
+	if auth_sec == nil {
+		return []corev1.Volume{}
+	}
+	return []corev1.Volume{
+		{Name: "auth-cred", VolumeSource: corev1.VolumeSource{
+			Secret: &corev1.SecretVolumeSource{
+				SecretName: *auth_sec.Name,
+			},
+		}},
+	}
+}
+
+func GetAuthSecretVolumeMount(auth_sec *xapi.XlineAuthSecret) []corev1.VolumeMount {
+	if auth_sec == nil {
+		return []corev1.VolumeMount{}
+	}
+	return []corev1.VolumeMount{
+		{Name: "auth-cred", ReadOnly: true, MountPath: *auth_sec.MountPath},
+	}
+}
+
+func GetAuthSecretEnvVars(auth_sec *xapi.XlineAuthSecret) []corev1.EnvVar {
+	if auth_sec == nil {
+		return []corev1.EnvVar{}
+	}
+	return []corev1.EnvVar{
+		{Name: "AUTH_PUBLIC_KEY", Value: fmt.Sprintf("%s/%s", *auth_sec.MountPath, *auth_sec.PubKey)},
+		{Name: "AUTH_PRIVATE_KEY", Value: fmt.Sprintf("%s/%s", *auth_sec.MountPath, *auth_sec.PriKey)},
+	}
+}
+
 func MakeService(cr *xapi.XlineCluster, scheme *runtime.Scheme) *corev1.Service {
 	svcRef := GetServiceKey(cr.ObjKey())
 	svcLabel := GetXlineInstanceLabels(cr.ObjKey())
@@ -82,9 +115,26 @@
 		"--storage-engine", "rocksdb",
 		"--data-dir", DataDir,
 	}
-
 	initCmd = append(initCmd, cr.Spec.BootArgs()...)
 
+	envs := []corev1.EnvVar{
+		{Name: "MEMBERS", Value: GetMemberTopology(stsRef, svcName, int(cr.Spec.Replicas))},
+		{Name: "POD_NAME", ValueFrom: &corev1.EnvVarSource{
+			FieldRef: &corev1.ObjectFieldSelector{
+				FieldPath: "metadata.name",
+			},
+		}},
+	}
+	envs = append(envs, GetAuthSecretEnvVars(cr.Spec.AuthSecrets)...)
+
+	volumes := GetAuthSecretVolume(cr.Spec.AuthSecrets)
+	volumeMounts := GetAuthSecretVolumeMount(cr.Spec.AuthSecrets)
+	volumeMounts = append(volumeMounts, corev1.VolumeMount{Name: "xline-storage", MountPath: "/usr/local/xline/data-dir"})
+
+	pvcTemplates := []corev1.PersistentVolumeClaim{
+		util.NewReadWriteOncePVC("xline-storage", cr.Spec.StorageClassName, cr.Spec.Requests.Storage()),
+	}
+
 	// pod template: main container
 	mainContainer := corev1.Container{
 		Name:            "xline",
@@ -93,15 +143,9 @@
 		Ports: []corev1.ContainerPort{
 			{Name: "xline-port", ContainerPort: XlinePort},
 		},
-		Command: initCmd,
-		Env: []corev1.EnvVar{
-			{Name: "MEMBERS", Value: GetMemberTopology(stsRef, svcName, int(cr.Spec.Replicas))},
-			{Name: "POD_NAME", ValueFrom: &corev1.EnvVarSource{
-				FieldRef: &corev1.ObjectFieldSelector{
-					FieldPath: "metadata.name",
-				},
-			}},
-		},
+		Command:      initCmd,
+		Env:          envs,
+		VolumeMounts: volumeMounts,
 	}
 
 	// pod template
@@ -110,6 +154,7 @@
 			Labels: stsLabels,
 		},
 		Spec: corev1.PodSpec{
+			Volumes:    volumes,
 			Containers: []corev1.Container{mainContainer},
 		},
 	}
@@ -124,10 +169,11 @@
 			Labels:    stsLabels,
 		},
 		Spec: appv1.StatefulSetSpec{
-			Replicas:    &cr.Spec.Replicas,
-			ServiceName: svcName,
-			Selector:    &metav1.LabelSelector{MatchLabels: stsLabels},
-			Template:    podTemplate,
+			Replicas:             &cr.Spec.Replicas,
+			ServiceName:          svcName,
+			Selector:             &metav1.LabelSelector{MatchLabels: stsLabels},
+			VolumeClaimTemplates: pvcTemplates,
+			Template:             podTemplate,
 		},
 	}
 

diff --git a/internal/util/kubeutil.go b/internal/util/kubeutil.go
@@ -5,6 +5,9 @@
 	"encoding/json"
 	"fmt"
 
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 )
 
@@ -34,3 +37,19 @@
 	}
 	return hash
 }
+
+func NewReadWriteOncePVC(name string, storageClassName *string, storageRequest *resource.Quantity) corev1.PersistentVolumeClaim {
+	pvc := corev1.PersistentVolumeClaim{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Spec: corev1.PersistentVolumeClaimSpec{
+			AccessModes:      []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce},
+			StorageClassName: storageClassName,
+		},
+	}
+	if storageRequest != nil {
+		pvc.Spec.Resources.Requests = corev1.ResourceList{corev1.ResourceStorage: *storageRequest}
+	}
+	return pvc
+}