kuberesource: inject contrast-secrets mount into initcontainers

edgelesssys · Jan 24, 2025 · e43ff40 · e43ff40
1 parent 3dea5cb
commit e43ff40
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 22 deletions.
diff --git a/internal/kuberesource/mutators.go b/internal/kuberesource/mutators.go
@@ -59,22 +59,28 @@ func AddInitializer(
 			return nil, nil
 		}
 
-		// Remove already existing volume mounts on the worker containers with unique volume mount name.
 		for i := range spec.Containers {
-			spec.Containers[i].VolumeMounts = slices.DeleteFunc(spec.Containers[i].VolumeMounts, func(v applycorev1.VolumeMountApplyConfiguration) bool {
-				return v.Name != nil && *v.Name == *initializer.VolumeMounts[0].Name
-			})
-
-			// Add the volume mount written by the initializer to the worker container.
-			spec.Containers[i].WithVolumeMounts(VolumeMount().
-				WithName(*initializer.VolumeMounts[0].Name).
-				WithMountPath(*initializer.VolumeMounts[0].MountPath))
+			addOrReplaceVolumeMount(&spec.Containers[i], initializer.VolumeMounts[0])
+		}
+
+		for i := range spec.InitContainers {
+			addOrReplaceVolumeMount(&spec.InitContainers[i], initializer.VolumeMounts[0])
 		}
 		return meta, spec
 	})
 	return res, retErr
 }
 
+func addOrReplaceVolumeMount(container *applycorev1.ContainerApplyConfiguration, volumeMount applycorev1.VolumeMountApplyConfiguration) {
+	// Remove already existing volume mounts on the worker containers with unique volume mount name.
+	container.VolumeMounts = slices.DeleteFunc(container.VolumeMounts, func(v applycorev1.VolumeMountApplyConfiguration) bool {
+		return v.Name != nil && *v.Name == *volumeMount.Name
+	})
+
+	// Add the volume mount written by the initializer to the worker container.
+	container.WithVolumeMounts(&volumeMount)
+}
+
 type serviceMeshMode string
 
 const (

diff --git a/internal/kuberesource/mutators_test.go b/internal/kuberesource/mutators_test.go
@@ -59,6 +59,8 @@ func TestPatchNamespaces(t *testing.T) {
 }
 
 func TestAddInitializer(t *testing.T) {
+	expectedInitializerContainerName := *Initializer().Name
+	expectedInitializerVolumeMountName := *Initializer().VolumeMounts[0].Name
 	for _, tc := range []struct {
 		name      string
 		d         *applyappsv1.DeploymentApplyConfiguration
@@ -127,8 +129,39 @@ func TestAddInitializer(t *testing.T) {
 								applycorev1.Container().
 									WithVolumeMounts(
 										VolumeMount().
-											WithName(*Initializer().VolumeMounts[0].Name).
-											WithMountPath(*Initializer().VolumeMounts[0].Name),
+											WithName(expectedInitializerVolumeMountName).
+											WithMountPath("/some/other/path"),
+									),
+							).
+							WithRuntimeClassName("contrast-cc"),
+						))),
+			wantError: false,
+		},
+		{
+			name: "unrelated initializers",
+			d: applyappsv1.Deployment("test", "default").
+				WithSpec(applyappsv1.DeploymentSpec().
+					WithTemplate(applycorev1.PodTemplateSpec().
+						WithSpec(applycorev1.PodSpec().
+							WithContainers(applycorev1.Container()).
+							WithInitContainers(applycorev1.Container().WithName("custom-init")).
+							WithRuntimeClassName("contrast-cc"),
+						))),
+			wantError: false,
+		},
+		{
+			name: "volume mount reused in initializer",
+			d: applyappsv1.Deployment("test", "default").
+				WithSpec(applyappsv1.DeploymentSpec().
+					WithTemplate(applycorev1.PodTemplateSpec().
+						WithSpec(applycorev1.PodSpec().
+							WithContainers(applycorev1.Container()).
+							WithInitContainers(
+								applycorev1.Container().
+									WithVolumeMounts(
+										VolumeMount().
+											WithName(expectedInitializerVolumeMountName).
+											WithMountPath("/some/other/path"),
 									),
 							).
 							WithRuntimeClassName("contrast-cc"),
@@ -147,13 +180,13 @@ func TestAddInitializer(t *testing.T) {
 			require.NoError(err)
 
 			require.NotEmpty(tc.d.Spec.Template.Spec.InitContainers)
-			require.Equal(*tc.d.Spec.Template.Spec.InitContainers[0].Name, *Initializer().Name)
+			require.Equal(expectedInitializerContainerName, *tc.d.Spec.Template.Spec.InitContainers[0].Name)
 			require.NotEmpty(tc.d.Spec.Template.Spec.InitContainers[0].VolumeMounts)
-			require.Equal(*tc.d.Spec.Template.Spec.InitContainers[0].VolumeMounts[0].Name, *Initializer().VolumeMounts[0].Name)
+			require.Equal(expectedInitializerVolumeMountName, *tc.d.Spec.Template.Spec.InitContainers[0].VolumeMounts[0].Name)
 
 			initializerCount := 0
 			for _, c := range tc.d.Spec.Template.Spec.InitContainers {
-				if *c.Name == *Initializer().Name {
+				if c.Name != nil && *c.Name == expectedInitializerContainerName {
 					initializerCount++
 				}
 			}
@@ -163,7 +196,19 @@ func TestAddInitializer(t *testing.T) {
 			for _, c := range tc.d.Spec.Template.Spec.Containers {
 				initializerVolumeMountCount := 0
 				for _, v := range c.VolumeMounts {
-					if *v.Name == *Initializer().VolumeMounts[0].Name {
+					if *v.Name == expectedInitializerVolumeMountName {
+						initializerVolumeMountCount++
+					}
+				}
+				require.Equal(1, initializerVolumeMountCount)
+			}
+			for _, c := range tc.d.Spec.Template.Spec.InitContainers {
+				if c.Name == nil || *c.Name == expectedInitializerContainerName {
+					continue
+				}
+				initializerVolumeMountCount := 0
+				for _, v := range c.VolumeMounts {
+					if *v.Name == expectedInitializerVolumeMountName {
 						initializerVolumeMountCount++
 					}
 				}
@@ -173,7 +218,7 @@ func TestAddInitializer(t *testing.T) {
 			require.NotEmpty(tc.d.Spec.Template.Spec.Volumes)
 			initializerVolumeCount := 0
 			for _, v := range tc.d.Spec.Template.Spec.Volumes {
-				if *v.Name == *Initializer().VolumeMounts[0].Name {
+				if *v.Name == expectedInitializerVolumeMountName {
 					initializerVolumeCount++
 				}
 			}

diff --git a/internal/kuberesource/sets.go b/internal/kuberesource/sets.go
@@ -539,9 +539,6 @@ func VolumeStatefulSet() []any {
 										WithName("share").
 										WithMountPath("/state").
 										WithMountPropagation(corev1.MountPropagationBidirectional),
-									VolumeMount().
-										WithName("contrast-secrets").
-										WithMountPath("/contrast"),
 								).
 								WithSecurityContext(
 									applycorev1.SecurityContext().
@@ -634,9 +631,6 @@ func MySQL() []any {
 										WithName("share").
 										WithMountPath("/state").
 										WithMountPropagation(corev1.MountPropagationBidirectional),
-									VolumeMount().
-										WithName("contrast-secrets").
-										WithMountPath("/contrast"),
 								).
 								WithSecurityContext(
 									applycorev1.SecurityContext().