Merge branch 'feature/sync-access-pkg' into feature/replication-status

manifests/templates/deployment/deployment.yaml

@@ -51,3 +51,12 @@ spec:
             scheme: HTTPS
           initialDelaySeconds: 5
           periodSeconds: 10
+      tolerations:
+      - key: "node.kubernetes.io/unreachable"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 5
+      - key: "node.kubernetes.io/not-ready"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 5

manifests/templates/deployment/rbac.yaml

@@ -38,7 +38,7 @@ rules:
 
 ---
 
-## Bind the cluster role granting access to ArangoLocalStorage resources
+## Bind the cluster role granting access to ArangoDeployment resources
 ## to the default service account of the configured namespace.
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding

manifests/templates/storage/deployment.yaml

@@ -59,4 +59,12 @@ spec:
             scheme: HTTPS
           initialDelaySeconds: 5
           periodSeconds: 10
-      
+      tolerations:
+      - key: "node.kubernetes.io/unreachable"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 5
+      - key: "node.kubernetes.io/not-ready"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 5

pkg/apis/deployment/v1alpha/deployment.go

@@ -52,12 +52,13 @@ type ArangoDeployment struct {
 func (d *ArangoDeployment) AsOwner() metav1.OwnerReference {
 	trueVar := true
 	return metav1.OwnerReference{
-		APIVersion:         SchemeGroupVersion.String(),
-		Kind:               ArangoDeploymentResourceKind,
-		Name:               d.Name,
-		UID:                d.UID,
-		Controller:         &trueVar,
-		BlockOwnerDeletion: &trueVar,
+		APIVersion: SchemeGroupVersion.String(),
+		Kind:       ArangoDeploymentResourceKind,
+		Name:       d.Name,
+		UID:        d.UID,
+		Controller: &trueVar,
+		// For now BlockOwnerDeletion does not work on OpenShift, so we leave it out.
+		//BlockOwnerDeletion: &trueVar,
 	}
 }
 

pkg/apis/deployment/v1alpha/monitoring_spec_test.go

@@ -42,10 +42,15 @@ func TestMonitoringSpecValidate(t *testing.T) {
 
 func TestMonitoringSpecSetDefaults(t *testing.T) {
 	def := func(spec MonitoringSpec) MonitoringSpec {
-		spec.SetDefaults()
+		spec.SetDefaults("")
+		return spec
+	}
+	def2 := func(spec MonitoringSpec) MonitoringSpec {
+		spec.SetDefaults("def2")
 		return spec
 	}
 
 	assert.Equal(t, "", def(MonitoringSpec{}).GetTokenSecretName())
+	assert.Equal(t, "def2", def2(MonitoringSpec{}).GetTokenSecretName())
 	assert.Equal(t, "foo", def(MonitoringSpec{TokenSecretName: util.NewString("foo")}).GetTokenSecretName())
 }

pkg/apis/deployment/v1alpha/sync_spec_test.go

@@ -45,7 +45,7 @@ func TestSyncSpecValidate(t *testing.T) {
 
 func TestSyncSpecSetDefaults(t *testing.T) {
 	def := func(spec SyncSpec) SyncSpec {
-		spec.SetDefaults("test-jwt", "test-client-auth-ca", "test-tls-ca")
+		spec.SetDefaults("test-jwt", "test-client-auth-ca", "test-tls-ca", "test-mon")
 		return spec
 	}
 
@@ -53,6 +53,7 @@ func TestSyncSpecSetDefaults(t *testing.T) {
 	assert.False(t, def(SyncSpec{Enabled: util.NewBool(false)}).IsEnabled())
 	assert.True(t, def(SyncSpec{Enabled: util.NewBool(true)}).IsEnabled())
 	assert.Equal(t, "test-jwt", def(SyncSpec{}).Authentication.GetJWTSecretName())
+	assert.Equal(t, "test-mon", def(SyncSpec{}).Monitoring.GetTokenSecretName())
 	assert.Equal(t, "foo", def(SyncSpec{Authentication: SyncAuthenticationSpec{JWTSecretName: util.NewString("foo")}}).Authentication.GetJWTSecretName())
 }
 

pkg/deployment/images.go

@@ -167,6 +167,8 @@ func (ib *imagesBuilder) fetchArangoDBImageIDAndVersion(ctx context.Context, ima
 	args := []string{
 		"--server.authentication=false",
 		fmt.Sprintf("--server.endpoint=tcp://[::]:%d", k8sutil.ArangoPort),
+		"--database.directory=" + k8sutil.ArangodVolumeMountDir,
+		"--log.output=+",
 	}
 	terminationGracePeriod := time.Second * 30
 	tolerations := make([]v1.Toleration, 0, 2)

pkg/util/k8sutil/secrets_test.go

@@ -86,8 +86,8 @@ func TestCreateEncryptionKeySecret(t *testing.T) {
 	assert.Error(t, CreateEncryptionKeySecret(cli, "short-key", "ns", key))
 }
 
-// TestGetJWTSecret tests GetJWTSecret.
-func TestGetJWTSecret(t *testing.T) {
+// TestGetTokenSecret tests GetTokenSecret.
+func TestGetTokenSecret(t *testing.T) {
 	cli := mocks.NewCore()
 
 	// Prepare mock
@@ -104,17 +104,17 @@ func TestGetJWTSecret(t *testing.T) {
 	}, nil)
 	m.On("Get", "notfound", mock.Anything).Return(nil, apierrors.NewNotFound(schema.GroupResource{}, "notfound"))
 
-	token, err := GetJWTSecret(cli, "good", "ns")
+	token, err := GetTokenSecret(cli, "good", "ns")
 	assert.NoError(t, err)
 	assert.Equal(t, token, "foo")
-	_, err = GetJWTSecret(cli, "no-token", "ns")
+	_, err = GetTokenSecret(cli, "no-token", "ns")
 	assert.Error(t, err)
-	_, err = GetJWTSecret(cli, "notfound", "ns")
+	_, err = GetTokenSecret(cli, "notfound", "ns")
 	assert.True(t, IsNotFound(err))
 }
 
-// TestCreateJWTSecret tests CreateJWTSecret
-func TestCreateJWTSecret(t *testing.T) {
+// TestCreateTokenSecret tests CreateTokenSecret
+func TestCreateTokenSecret(t *testing.T) {
 	cli := mocks.NewCore()
 
 	// Prepare mock
@@ -130,6 +130,6 @@ func TestCreateJWTSecret(t *testing.T) {
 		}
 	}).Return(nil, nil)
 
-	assert.NoError(t, CreateJWTSecret(cli, "good", "ns", "token", nil))
-	assert.NoError(t, CreateJWTSecret(cli, "with-owner", "ns", "token", &metav1.OwnerReference{}))
+	assert.NoError(t, CreateTokenSecret(cli, "good", "ns", "token", nil))
+	assert.NoError(t, CreateTokenSecret(cli, "with-owner", "ns", "token", &metav1.OwnerReference{}))
 }