mirrors/kube-arangodb
1
0
Fork 0
mirror of https://github.com/arangodb/kube-arangodb.git synced 2024-12-14 11:57:37 +00:00
Code Activity

[Feature] Add ephemeral volumes for apps (#777)

Browse source
This commit is contained in:
Adam Janikowski 2021-08-23 16:22:50 +02:00 committed by GitHub
parent 2eb4ccc1b6
commit f7e5453f59
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 437 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -4,6 +4,7 @@
- Update 'github.com/arangodb/arangosync-client' dependency to v0.7.0
- Add HighPriorityPlan to ArangoDeployment Status
- Add Pending Member phase
- Add Ephemeral Volumes for apps feature
## [1.2.1](https://github.com/arangodb/kube-arangodb/tree/1.2.1) (2021-07-28)
- Fix ArangoMember race with multiple ArangoDeployments within single namespace

56
README.md
View file

@ -67,33 +67,35 @@ covers individual newer features separately.
Feature-wise production readiness table:
| Feature | Operator Version | ArangoDB Version | ArangoDB Edition | State | Enabled | Flag | Remarks |
|-----------------------------------------|------------------|------------------|-----------------------|------------|---------|--------------------------------------------|--------------------------------------------------------------------------|
| Pod Disruption Budgets | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Pod Disruption Budgets | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Volume Resizing | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Volume Resizing | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Disabling of liveness probes | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Disabling of liveness probes | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Volume Claim Templates | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Volume Claim Templates | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Prometheus Metrics Exporter | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | Prometheus required |
| Prometheus Metrics Exporter | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | Prometheus required |
| Sidecar Containers | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Sidecar Containers | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Operator Single Mode | 1.0.4 | Any | Community, Enterprise | Production | False | --mode.single | Only 1 instance of Operator allowed in namespace when feature is enabled |
| TLS SNI Support | 1.0.3 | >= 3.7.0 | Enterprise | Production | True | --deployment.feature.tls-sni | N/A |
| TLS Runtime Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.tls-rotation | N/A |
| TLS Runtime Rotation Support | 1.1.0 | > 3.7.0 | Enterprise | Production | True | --deployment.feature.tls-rotation | N/A |
| JWT Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.jwt-rotation | N/A |
| JWT Rotation Support | 1.1.0 | > 3.7.0 | Enterprise | Production | True | --deployment.feature.jwt-rotation | N/A |
| Encryption Key Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.encryption-rotation | N/A |
| Encryption Key Rotation Support | 1.1.0 | > 3.7.0 | Enterprise | Production | True | --deployment.feature.encryption-rotation | N/A |
| Version Check | 1.1.4 | >= 3.5.0 | Community, Enterprise | Alpha | False | --deployment.feature.upgrade-version-check | N/A |
| Operator Maintenance Management Support | 1.0.7 | >= 3.5.0 | Community, Enterprise | Alpha | False | --deployment.feature.maintenance | N/A |
| Operator Maintenance Management Support | 1.2.0 | >= 3.5.0 | Community, Enterprise | Production | True | --deployment.feature.maintenance | N/A |
| Operator Internal Metrics Exporter | 1.1.9 | >= 3.6.0 | Community, Enterprise | Alpha | False | --deployment.feature.metrics-exporter | N/A |
| Operator Internal Metrics Exporter | 1.2.0 | >= 3.6.0 | Community, Enterprise | Production | True | --deployment.feature.metrics-exporter | N/A |
| Feature | Operator Version | ArangoDB Version | ArangoDB Edition | State | Enabled | Flag | Remarks |
|-----------------------------------------|------------------|------------------|-----------------------|--------------|---------|--------------------------------------------|--------------------------------------------------------------------------|
| Pod Disruption Budgets | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Pod Disruption Budgets | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Volume Resizing | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Volume Resizing | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Disabling of liveness probes | 0.3.10 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Disabling of liveness probes | 0.3.11 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Volume Claim Templates | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Volume Claim Templates | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Prometheus Metrics Exporter | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | Prometheus required |
| Prometheus Metrics Exporter | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | Prometheus required |
| Sidecar Containers | 0.3.11 | Any | Community, Enterprise | Alpha | True | N/A | N/A |
| Sidecar Containers | 1.0.0 | Any | Community, Enterprise | Production | True | N/A | N/A |
| Operator Single Mode | 1.0.4 | Any | Community, Enterprise | Production | False | --mode.single | Only 1 instance of Operator allowed in namespace when feature is enabled |
| TLS SNI Support | 1.0.3 | >= 3.7.0 | Enterprise | Production | True | --deployment.feature.tls-sni | N/A |
| TLS Runtime Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.tls-rotation | N/A |
| TLS Runtime Rotation Support | 1.1.0 | > 3.7.0 | Enterprise | Production | True | --deployment.feature.tls-rotation | N/A |
| JWT Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.jwt-rotation | N/A |
| JWT Rotation Support | 1.1.0 | > 3.7.0 | Enterprise | Production | True | --deployment.feature.jwt-rotation | N/A |
| Encryption Key Rotation Support | 1.0.4 | > 3.7.0 | Enterprise | Alpha | False | --deployment.feature.encryption-rotation | N/A |
| Encryption Key Rotation Support | 1.1.0 | > 3.7.0 | Enterprise | Production | True | --deployment.feature.encryption-rotation | N/A |
| Encryption Key Rotation Support | 1.2.0 | > 3.7.0 | Enterprise | NotSupported | False | --deployment.feature.encryption-rotation | N/A |
| Version Check | 1.1.4 | >= 3.6.0 | Community, Enterprise | Alpha | False | --deployment.feature.upgrade-version-check | N/A |
| Operator Maintenance Management Support | 1.0.7 | >= 3.6.0 | Community, Enterprise | Alpha | False | --deployment.feature.maintenance | N/A |
| Operator Maintenance Management Support | 1.2.0 | >= 3.6.0 | Community, Enterprise | Production | True | --deployment.feature.maintenance | N/A |
| Operator Internal Metrics Exporter | 1.1.9 | >= 3.6.0 | Community, Enterprise | Alpha | False | --deployment.feature.metrics-exporter | N/A |
| Operator Internal Metrics Exporter | 1.2.0 | >= 3.6.0 | Community, Enterprise | Production | True | --deployment.feature.metrics-exporter | N/A |
| Operator Ephemeral Volumes | 1.2.2 | >= 3.7.0 | Community, Enterprise | Alpha | False | --deployment.feature.ephemeral-volumes | N/A |
## Release notes for 0.3.16

73
pkg/apis/deployment/v1/server_group_ephemeral_volumes.go Normal file
View file

@ -0,0 +1,73 @@
//
// DISCLAIMER
//
// Copyright 2021 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Adam Janikowski
//
package v1
import "k8s.io/apimachinery/pkg/api/resource"
// EphemeralVolumes keeps info about ephemeral volumes. Used only with `ephemeral-volumes` feature.
type EphemeralVolumes struct {
// Apps define apps ephemeral volume in case if `ephemeral-volumes` feature is enabled.
Apps *EphemeralVolume `json:"apps,omitempty"`
// Temp define temp ephemeral volume in case if `ephemeral-volumes` feature is enabled.
Temp *EphemeralVolume `json:"temp,omitempty"`
}
// GetAppsSize returns apps volume size with default value of nil.
func (e *EphemeralVolumes) GetAppsSize() *resource.Quantity {
return e.getAppsSize(nil)
}
func (e *EphemeralVolumes) getAppsSize(d *resource.Quantity) *resource.Quantity {
if e == nil {
return d
}
return e.Apps.GetSize(d)
}
// GetTempSize returns temp volume size with default value of nil.
func (e *EphemeralVolumes) GetTempSize() *resource.Quantity {
return e.getTempSize(nil)
}
func (e *EphemeralVolumes) getTempSize(d *resource.Quantity) *resource.Quantity {
if e == nil {
return d
}
return e.Temp.GetSize(d)
}
// EphemeralVolume keeps information about ephemeral volumes.
type EphemeralVolume struct {
Size *resource.Quantity `json:"size"`
}
// GetSize returns size. If not defined, default is returned.
func (e *EphemeralVolume) GetSize(d *resource.Quantity) *resource.Quantity {
if e == nil || e.Size == nil {
return d
}
return e.Size
}

3
pkg/apis/deployment/v1/server_group_spec.go
View file

@ -18,6 +18,7 @@
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Ewout Prangsma
// Author Adam Janikowski
//
package v1
@ -131,6 +132,8 @@ type ServerGroupSpec struct {
Volumes ServerGroupSpecVolumes `json:"volumes,omitempty"`
// VolumeMounts define list of volume mounts mounted into server container
VolumeMounts ServerGroupSpecVolumeMounts `json:"volumeMounts,omitempty"`
// EphemeralVolumes keeps information about ephemeral volumes.
EphemeralVolumes *EphemeralVolumes `json:"ephemeralVolumes,omitempty"`
// ExtendedRotationCheck extend checks for rotation
ExtendedRotationCheck *bool `json:"extendedRotationCheck,omitempty"`
// InitContainers Init containers specification

4
pkg/apis/deployment/v1/server_group_volume.go
View file

@ -42,7 +42,9 @@ var (
k8sutil.RocksdbEncryptionVolumeName,
k8sutil.ExporterJWTVolumeName,
k8sutil.ClusterJWTSecretVolumeName,
"lifecycle",
k8sutil.LifecycleVolumeName,
k8sutil.FoxxAppEphemeralVolumeName,
k8sutil.TMPEphemeralVolumeName,
}
)

52
pkg/apis/deployment/v1/zz_generated.deepcopy.go generated
View file

@ -815,6 +815,53 @@ func (in *DeploymentUpgradeSpec) DeepCopy() *DeploymentUpgradeSpec {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EphemeralVolume) DeepCopyInto(out *EphemeralVolume) {
*out = *in
if in.Size != nil {
in, out := &in.Size, &out.Size
x := (*in).DeepCopy()
*out = &x
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EphemeralVolume.
func (in *EphemeralVolume) DeepCopy() *EphemeralVolume {
if in == nil {
return nil
}
out := new(EphemeralVolume)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EphemeralVolumes) DeepCopyInto(out *EphemeralVolumes) {
*out = *in
if in.Apps != nil {
in, out := &in.Apps, &out.Apps
*out = new(EphemeralVolume)
(*in).DeepCopyInto(*out)
}
if in.Temp != nil {
in, out := &in.Temp, &out.Temp
*out = new(EphemeralVolume)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EphemeralVolumes.
func (in *EphemeralVolumes) DeepCopy() *EphemeralVolumes {
if in == nil {
return nil
}
out := new(EphemeralVolumes)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ExternalAccessSpec) DeepCopyInto(out *ExternalAccessSpec) {
*out = *in
@ -1504,6 +1551,11 @@ func (in *ServerGroupSpec) DeepCopyInto(out *ServerGroupSpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.EphemeralVolumes != nil {
in, out := &in.EphemeralVolumes, &out.EphemeralVolumes
*out = new(EphemeralVolumes)
(*in).DeepCopyInto(*out)
}
if in.ExtendedRotationCheck != nil {
in, out := &in.ExtendedRotationCheck, &out.ExtendedRotationCheck
*out = new(bool)

73
pkg/apis/deployment/v2alpha1/server_group_ephemeral_volumes.go Normal file
View file

@ -0,0 +1,73 @@
//
// DISCLAIMER
//
// Copyright 2021 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Adam Janikowski
//
package v2alpha1
import "k8s.io/apimachinery/pkg/api/resource"
// EphemeralVolumes keeps info about ephemeral volumes. Used only with `ephemeral-volumes` feature.
type EphemeralVolumes struct {
// Apps define apps ephemeral volume in case if `ephemeral-volumes` feature is enabled.
Apps *EphemeralVolume `json:"apps,omitempty"`
// Temp define temp ephemeral volume in case if `ephemeral-volumes` feature is enabled.
Temp *EphemeralVolume `json:"temp,omitempty"`
}
// GetAppsSize returns apps volume size with default value of nil.
func (e *EphemeralVolumes) GetAppsSize() *resource.Quantity {
return e.getAppsSize(nil)
}
func (e *EphemeralVolumes) getAppsSize(d *resource.Quantity) *resource.Quantity {
if e == nil {
return d
}
return e.Apps.GetSize(d)
}
// GetTempSize returns temp volume size with default value of nil.
func (e *EphemeralVolumes) GetTempSize() *resource.Quantity {
return e.getTempSize(nil)
}
func (e *EphemeralVolumes) getTempSize(d *resource.Quantity) *resource.Quantity {
if e == nil {
return d
}
return e.Temp.GetSize(d)
}
// EphemeralVolume keeps information about ephemeral volumes.
type EphemeralVolume struct {
Size *resource.Quantity `json:"size"`
}
// GetSize returns size. If not defined, default is returned.
func (e *EphemeralVolume) GetSize(d *resource.Quantity) *resource.Quantity {
if e == nil || e.Size == nil {
return d
}
return e.Size
}

3
pkg/apis/deployment/v2alpha1/server_group_spec.go
View file

@ -18,6 +18,7 @@
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Ewout Prangsma
// Author Adam Janikowski
//
package v2alpha1
@ -131,6 +132,8 @@ type ServerGroupSpec struct {
Volumes ServerGroupSpecVolumes `json:"volumes,omitempty"`
// VolumeMounts define list of volume mounts mounted into server container
VolumeMounts ServerGroupSpecVolumeMounts `json:"volumeMounts,omitempty"`
// EphemeralVolumes keeps information about ephemeral volumes.
EphemeralVolumes *EphemeralVolumes `json:"ephemeralVolumes,omitempty"`
// ExtendedRotationCheck extend checks for rotation
ExtendedRotationCheck *bool `json:"extendedRotationCheck,omitempty"`
// InitContainers Init containers specification

4
pkg/apis/deployment/v2alpha1/server_group_volume.go
View file

@ -42,7 +42,9 @@ var (
k8sutil.RocksdbEncryptionVolumeName,
k8sutil.ExporterJWTVolumeName,
k8sutil.ClusterJWTSecretVolumeName,
"lifecycle",
k8sutil.LifecycleVolumeName,
k8sutil.FoxxAppEphemeralVolumeName,
k8sutil.TMPEphemeralVolumeName,
}
)

52
pkg/apis/deployment/v2alpha1/zz_generated.deepcopy.go generated
View file

@ -815,6 +815,53 @@ func (in *DeploymentUpgradeSpec) DeepCopy() *DeploymentUpgradeSpec {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EphemeralVolume) DeepCopyInto(out *EphemeralVolume) {
*out = *in
if in.Size != nil {
in, out := &in.Size, &out.Size
x := (*in).DeepCopy()
*out = &x
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EphemeralVolume.
func (in *EphemeralVolume) DeepCopy() *EphemeralVolume {
if in == nil {
return nil
}
out := new(EphemeralVolume)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EphemeralVolumes) DeepCopyInto(out *EphemeralVolumes) {
*out = *in
if in.Apps != nil {
in, out := &in.Apps, &out.Apps
*out = new(EphemeralVolume)
(*in).DeepCopyInto(*out)
}
if in.Temp != nil {
in, out := &in.Temp, &out.Temp
*out = new(EphemeralVolume)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EphemeralVolumes.
func (in *EphemeralVolumes) DeepCopy() *EphemeralVolumes {
if in == nil {
return nil
}
out := new(EphemeralVolumes)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ExternalAccessSpec) DeepCopyInto(out *ExternalAccessSpec) {
*out = *in
@ -1504,6 +1551,11 @@ func (in *ServerGroupSpec) DeepCopyInto(out *ServerGroupSpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.EphemeralVolumes != nil {
in, out := &in.EphemeralVolumes, &out.EphemeralVolumes
*out = new(EphemeralVolumes)
(*in).DeepCopyInto(*out)
}
if in.ExtendedRotationCheck != nil {
in, out := &in.ExtendedRotationCheck, &out.ExtendedRotationCheck
*out = new(bool)

39
pkg/deployment/features/security.go Normal file
View file

@ -0,0 +1,39 @@
//
// DISCLAIMER
//
// Copyright 2021 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Adam Janikowski
//
package features
func init() {
registerFeature(ephemeralVolumes)
}
var ephemeralVolumes = &feature{
name: "ephemeral-volumes",
description: "Enables ephemeral volumes for apps and tmp directory",
version: "3.7.0",
enterpriseRequired: false,
enabledByDefault: false,
}
func EphemeralVolumes() Feature {
return ephemeralVolumes
}

97
pkg/deployment/pod/security.go Normal file
View file

@ -0,0 +1,97 @@
//
// DISCLAIMER
//
// Copyright 2021 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Adam Janikowski
//
package pod
import (
"github.com/arangodb/kube-arangodb/pkg/deployment/features"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil/interfaces"
core "k8s.io/api/core/v1"
)
func Security() Builder {
return security{}
}
type security struct{}
func (s security) Args(i Input) k8sutil.OptionPairs {
opts := k8sutil.CreateOptionPairs()
if features.EphemeralVolumes().Enabled() {
opts.Add("--temp.path", "/ephemeral/app")
opts.Add("--javascript.app-path", "/ephemeral/tmp")
}
return opts
}
func (s security) Volumes(i Input) ([]core.Volume, []core.VolumeMount) {
var v []core.Volume
var vm []core.VolumeMount
if features.EphemeralVolumes().Enabled() {
// Add Volumes
{
v = append(v, core.Volume{
Name: k8sutil.FoxxAppEphemeralVolumeName,
VolumeSource: core.VolumeSource{
EmptyDir: &core.EmptyDirVolumeSource{
SizeLimit: i.GroupSpec.EphemeralVolumes.GetAppsSize(),
},
},
})
}
{
v = append(v, core.Volume{
Name: k8sutil.TMPEphemeralVolumeName,
VolumeSource: core.VolumeSource{
EmptyDir: &core.EmptyDirVolumeSource{
SizeLimit: i.GroupSpec.EphemeralVolumes.GetTempSize(),
},
},
})
}
// Mount volumes
vm = append(vm, core.VolumeMount{
Name: k8sutil.FoxxAppEphemeralVolumeName,
MountPath: "/ephemeral/app",
})
vm = append(vm, core.VolumeMount{
Name: k8sutil.TMPEphemeralVolumeName,
MountPath: "/ephemeral/tmp",
})
}
return v, vm
}
func (s security) Envs(i Input) []core.EnvVar {
return nil
}
func (s security) Verify(i Input, cachedStatus interfaces.Inspector) error {
return nil
}

3
pkg/deployment/resources/pod_creator.go
View file

@ -86,6 +86,9 @@ func createArangodArgs(cachedStatus interfaces.Inspector, input pod.Input, addit
// Authentication
options.Merge(pod.JWT().Args(input))
// Security
options.Merge(pod.Security().Args(input))
// Storage engine
options.Add("--server.storage-engine", input.Deployment.GetStorageEngine().AsArangoArgument())

3
pkg/deployment/resources/pod_creator_arangod.go
View file

@ -363,6 +363,9 @@ func (m *MemberArangoDPod) GetVolumes() ([]core.Volume, []core.VolumeMount) {
// Encryption
volumes.Append(pod.Encryption(), m.AsInput())
// Security
volumes.Append(pod.Security(), m.AsInput())
if m.spec.Metrics.IsEnabled() {
if features.MetricsExporter().Enabled() {
token := m.spec.Metrics.GetJWTTokenSecretName()

3
pkg/util/k8sutil/pods.go
View file

@ -52,6 +52,9 @@ const (
ClientAuthCAVolumeName = "client-auth-ca"
ClusterJWTSecretVolumeName = "cluster-jwt"
MasterJWTSecretVolumeName = "master-jwt"
LifecycleVolumeName = "lifecycle"
FoxxAppEphemeralVolumeName = "ephemeral-apps"
TMPEphemeralVolumeName = "ephemeral-tmp"
RocksdbEncryptionVolumeName = "rocksdb-encryption"
ExporterJWTVolumeName = "exporter-jwt"
ArangodVolumeMountDir = "/data"