From 7c30bb590541a961729480aa2b0e361368e4a739 Mon Sep 17 00:00:00 2001 From: Jason Gerlowski Date: Thu, 12 Dec 2024 15:06:05 -0500 Subject: [PATCH 1/2] Add shareProcessNamespace flag to podOptions Boolean flag defaults unset, and is available in the CRD at `.spec.customSolrKubeOptions.podOptions.shareProcessNamespace` --- api/v1beta1/common_types.go | 4 ++++ api/v1beta1/zz_generated.deepcopy.go | 5 +++++ config/crd/bases/solr.apache.org_solrclouds.yaml | 4 ++++ .../bases/solr.apache.org_solrprometheusexporters.yaml | 4 ++++ controllers/solrcloud_controller_test.go | 5 +++++ controllers/util/solr_util.go | 5 +++++ helm/solr-operator/Chart.yaml | 7 +++++++ helm/solr-operator/crds/crds.yaml | 8 ++++++++ 8 files changed, 42 insertions(+) diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go index b440b900..5920a9ef 100644 --- a/api/v1beta1/common_types.go +++ b/api/v1beta1/common_types.go @@ -137,6 +137,10 @@ type PodOptions struct { // +optional ServiceAccountName string `json:"serviceAccountName,omitempty"` + // Should process namespace sharing be enabled on created pods + // +optional + ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty"` + // Optional PodSpreadTopologyConstraints to use when scheduling pods. // More information here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ // diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 87e030ff..f93d8ebe 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -518,6 +518,11 @@ func (in *PodOptions) DeepCopyInto(out *PodOptions) { *out = new(int64) **out = **in } + if in.ShareProcessNamespace != nil { + in, out := &in.ShareProcessNamespace, &out.ShareProcessNamespace + *out = new(bool) + **out = **in + } if in.TopologySpreadConstraints != nil { in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints *out = make([]v1.TopologySpreadConstraint, len(*in)) diff --git a/config/crd/bases/solr.apache.org_solrclouds.yaml b/config/crd/bases/solr.apache.org_solrclouds.yaml index 31733228..17feeab8 100644 --- a/config/crd/bases/solr.apache.org_solrclouds.yaml +++ b/config/crd/bases/solr.apache.org_solrclouds.yaml @@ -5082,6 +5082,10 @@ spec: serviceAccountName: description: Optional Service Account to run the pod under. type: string + shareProcessNamespace: + description: Should process namespace sharing be enabled on + created pods + type: boolean sidecarContainers: description: Sidecar containers to run in the pod. These are in addition to the Solr Container diff --git a/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml b/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml index e53c87b1..808140d2 100644 --- a/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml +++ b/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml @@ -3173,6 +3173,10 @@ spec: serviceAccountName: description: Optional Service Account to run the pod under. type: string + shareProcessNamespace: + description: Should process namespace sharing be enabled on + created pods + type: boolean sidecarContainers: description: Sidecar containers to run in the pod. These are in addition to the Solr Container diff --git a/controllers/solrcloud_controller_test.go b/controllers/solrcloud_controller_test.go index de590e1b..402a2f02 100644 --- a/controllers/solrcloud_controller_test.go +++ b/controllers/solrcloud_controller_test.go @@ -25,6 +25,7 @@ import ( "github.com/apache/solr-operator/controllers/util" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -146,6 +147,7 @@ var _ = FDescribe("SolrCloud controller - General", func() { Expect(statefulSet.Spec.Template.Spec.Volumes).To(HaveLen(len(extraVolumes)+3), "Pod has wrong number of volumes") Expect(statefulSet.Spec.Template.Spec.Volumes[3].Name).To(Equal(extraVolumes[0].Name), "Additional Volume from podOptions not loaded into pod properly.") Expect(statefulSet.Spec.Template.Spec.Volumes[3].VolumeSource).To(Equal(extraVolumes[0].Source), "Additional Volume from podOptions not loaded into pod properly.") + Expect(statefulSet.Spec.Template.Spec.ShareProcessNamespace).Should(PointTo(BeFalse())) Expect(statefulSet.Spec.Template.Spec.ReadinessGates).To(ContainElement(corev1.PodReadinessGate{ConditionType: util.SolrIsNotStoppedReadinessCondition}), "All pods should contain the isNotStopped readinessGate.") By("testing the Solr Common Service") @@ -169,6 +171,7 @@ var _ = FDescribe("SolrCloud controller - General", func() { FContext("Solr Cloud with Custom Kube Options", func() { three := intstr.FromInt(3) + testShareProcessNamespace := true BeforeEach(func() { replicas := int32(4) solrCloud.Spec = solrv1beta1.SolrCloudSpec{ @@ -213,6 +216,7 @@ var _ = FDescribe("SolrCloud controller - General", func() { TopologySpreadConstraints: testTopologySpreadConstraints, DefaultInitContainerResources: testResources2, InitContainers: extraContainers1, + ShareProcessNamespace: &testShareProcessNamespace, }, StatefulSetOptions: &solrv1beta1.StatefulSetOptions{ Annotations: testSSAnnotations, @@ -284,6 +288,7 @@ var _ = FDescribe("SolrCloud controller - General", func() { Expect(statefulSet.Spec.Template.Spec.ServiceAccountName).To(Equal(testServiceAccountName), "Incorrect serviceAccountName") Expect(statefulSet.Spec.Template.Spec.TopologySpreadConstraints).To(HaveLen(len(testTopologySpreadConstraints)), "Wrong number of topologySpreadConstraints") Expect(statefulSet.Spec.Template.Spec.TopologySpreadConstraints[0]).To(Equal(testTopologySpreadConstraints[0]), "Wrong first topologySpreadConstraint") + Expect(statefulSet.Spec.Template.Spec.ShareProcessNamespace).To(Equal(&testShareProcessNamespace), "Wrong shareProcessNamespace value") expectedSecondTopologyConstraint := testTopologySpreadConstraints[1].DeepCopy() expectedSecondTopologyConstraint.LabelSelector = statefulSet.Spec.Selector Expect(statefulSet.Spec.Template.Spec.TopologySpreadConstraints[1]).To(Equal(*expectedSecondTopologyConstraint), "Wrong second topologySpreadConstraint") diff --git a/controllers/util/solr_util.go b/controllers/util/solr_util.go index de44d7c1..2e84a90a 100644 --- a/controllers/util/solr_util.go +++ b/controllers/util/solr_util.go @@ -82,6 +82,7 @@ var ( // zkConnectionString: the connectionString of the ZK instance to connect to func GenerateStatefulSet(solrCloud *solr.SolrCloud, solrCloudStatus *solr.SolrCloudStatus, hostNameIPs map[string]string, reconcileConfigInfo map[string]string, tls *TLSCerts, security *SecurityConfig) *appsv1.StatefulSet { terminationGracePeriod := int64(60) + shareProcessNamespace := false solrPodPort := solrCloud.Spec.SolrAddressability.PodPort defaultFSGroup := int64(DefaultSolrGroup) @@ -122,6 +123,9 @@ func GenerateStatefulSet(solrCloud *solr.SolrCloud, solrCloudStatus *solr.SolrCl if customPodOptions.TerminationGracePeriodSeconds != nil { terminationGracePeriod = *customPodOptions.TerminationGracePeriodSeconds } + if customPodOptions.ShareProcessNamespace != nil { + shareProcessNamespace = *customPodOptions.ShareProcessNamespace + } } // The isNotStopped readiness gate will always be used for managedUpdates @@ -543,6 +547,7 @@ func GenerateStatefulSet(solrCloud *solr.SolrCloud, solrCloudStatus *solr.SolrCl Spec: corev1.PodSpec{ TerminationGracePeriodSeconds: &terminationGracePeriod, + ShareProcessNamespace: &shareProcessNamespace, SecurityContext: &corev1.PodSecurityContext{ FSGroup: &defaultFSGroup, }, diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml index af4b1730..3f5cd10f 100644 --- a/helm/solr-operator/Chart.yaml +++ b/helm/solr-operator/Chart.yaml @@ -61,6 +61,13 @@ annotations: url: https://github.com/apache/solr-operator/issues/684 - name: Github PR url: https://github.com/apache/solr-operator/pull/685 + - kind: added + description: SolrClouds now support namespace sharing among pod containers in a pod. + links: + - name: Github Issue + url: https://github.com/apache/solr-operator/issues/716 + - name: Github PR + url: https://github.com/apache/solr-operator/pull/735 - kind: changed description: SolrClouds now support auto-readOnlyRootFilesystem setting. links: diff --git a/helm/solr-operator/crds/crds.yaml b/helm/solr-operator/crds/crds.yaml index 14f285ca..0f807e31 100644 --- a/helm/solr-operator/crds/crds.yaml +++ b/helm/solr-operator/crds/crds.yaml @@ -5343,6 +5343,10 @@ spec: serviceAccountName: description: Optional Service Account to run the pod under. type: string + shareProcessNamespace: + description: Should process namespace sharing be enabled on + created pods + type: boolean sidecarContainers: description: Sidecar containers to run in the pod. These are in addition to the Solr Container @@ -19456,6 +19460,10 @@ spec: serviceAccountName: description: Optional Service Account to run the pod under. type: string + shareProcessNamespace: + description: Should process namespace sharing be enabled on + created pods + type: boolean sidecarContainers: description: Sidecar containers to run in the pod. These are in addition to the Solr Container From c5082af411ae36e251d25be456ad6fcbc370d823 Mon Sep 17 00:00:00 2001 From: Jason Gerlowski Date: Thu, 12 Dec 2024 15:11:21 -0500 Subject: [PATCH 2/2] Move CHANGES entry to correct chart --- helm/solr-operator/Chart.yaml | 7 ------- helm/solr/Chart.yaml | 9 +++------ 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml index 3f5cd10f..af4b1730 100644 --- a/helm/solr-operator/Chart.yaml +++ b/helm/solr-operator/Chart.yaml @@ -61,13 +61,6 @@ annotations: url: https://github.com/apache/solr-operator/issues/684 - name: Github PR url: https://github.com/apache/solr-operator/pull/685 - - kind: added - description: SolrClouds now support namespace sharing among pod containers in a pod. - links: - - name: Github Issue - url: https://github.com/apache/solr-operator/issues/716 - - name: Github PR - url: https://github.com/apache/solr-operator/pull/735 - kind: changed description: SolrClouds now support auto-readOnlyRootFilesystem setting. links: diff --git a/helm/solr/Chart.yaml b/helm/solr/Chart.yaml index f93a1182..ca8733ef 100644 --- a/helm/solr/Chart.yaml +++ b/helm/solr/Chart.yaml @@ -42,15 +42,12 @@ annotations: # Allowed syntax is described at: https://artifacthub.io/docs/topics/annotations/helm/#example artifacthub.io/changes: | - kind: added - description: Addition 1 + description: SolrClouds now support namespace sharing among pod containers in a pod. links: - name: Github Issue - url: https://github.com/issue-url - - kind: changed - description: Change 2 - links: + url: https://github.com/apache/solr-operator/issues/716 - name: Github PR - url: https://github.com/pr-url + url: https://github.com/apache/solr-operator/pull/735 artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/recommendations: | - url: https://artifacthub.io/packages/helm/apache-solr/solr-operator