If the ReadOnlyRootFilesystem is selected, always force the usage of …

…k8ssandra-client for config building
k8ssandra · Sep 11, 2024 · 1b72e2b · 1b72e2b
1 parent cc63a41
commit 1b72e2b
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,8 @@ Changelog for Cass Operator, new PRs should update the `main / unreleased` secti
 
 ## unreleased
 
+* [FEATURE] [#661](https://github.com/k8ssandra/cass-operator/issues/661) If ReadOnlyRootFilesystem is set, always use the new config builder instead of the old one. This change only applies to Cassandra 3.11, 4.0 and DSE 6.8, 6.9. Note that not all the versions mentioned here necessarily support ReadOnlyRootFilesystem. 
+
 ## v1.22.1
 
 * [BUGFIX] [#687](https://github.com/k8ssandra/cass-operator/issues/687) Prevent a crash when when StorageClassName was not set in the CassandraDataVolumeClaimSpec

diff --git a/apis/cassandra/v1beta1/cassandradatacenter_types.go b/apis/cassandra/v1beta1/cassandradatacenter_types.go
@@ -985,6 +985,10 @@ func (dc *CassandraDatacenter) DatacenterName() string {
 }
 
 func (dc *CassandraDatacenter) UseClientImage() bool {
+	if dc.ReadOnlyFs() {
+		return true
+	}
+
 	if dc.Spec.ServerType == "hcd" {
 		return true
 	}
@@ -998,3 +1002,10 @@ func (dc *CassandraDatacenter) UseClientImage() bool {
 func (dc *CassandraDatacenter) GenerationChanged() bool {
 	return dc.Status.ObservedGeneration < dc.Generation
 }
+
+func (dc *CassandraDatacenter) ReadOnlyFs() bool {
+	if dc.Spec.ReadOnlyRootFilesystem != nil {
+		return *dc.Spec.ReadOnlyRootFilesystem
+	}
+	return false
+}
diff --git a/apis/cassandra/v1beta1/cassandradatacenter_types_test.go b/apis/cassandra/v1beta1/cassandradatacenter_types_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"k8s.io/utils/ptr"
 )
 
 var internodeEnabledAll = `
@@ -125,3 +126,61 @@ func TestUseClientImage(t *testing.T) {
 		}
 	}
 }
+
+func TestUseClientImageReadOnlyRootFilesystem(t *testing.T) {
+	assert := assert.New(t)
+
+	tests := []struct {
+		serverType string
+		version    string
+	}{
+		{
+			serverType: "cassandra",
+			version:    "4.1.0",
+		},
+		{
+			serverType: "cassandra",
+			version:    "4.1.2",
+		},
+		{
+			serverType: "cassandra",
+			version:    "5.0.0",
+		},
+		{
+			serverType: "cassandra",
+			version:    "3.11.17",
+		},
+		{
+			serverType: "cassandra",
+			version:    "4.0.8",
+		},
+		{
+			serverType: "dse",
+			version:    "6.8.39",
+		},
+		{
+			serverType: "dse",
+			version:    "6.9.0",
+		},
+		{
+			serverType: "hcd",
+			version:    "1.0.0",
+		},
+		{
+			serverType: "dse",
+			version:    "4.1.2",
+		},
+	}
+
+	for _, tt := range tests {
+		dc := CassandraDatacenter{
+			Spec: CassandraDatacenterSpec{
+				ServerVersion:          tt.version,
+				ServerType:             tt.serverType,
+				ReadOnlyRootFilesystem: ptr.To[bool](true),
+			},
+		}
+
+		assert.True(dc.UseClientImage())
+	}
+}
diff --git a/pkg/reconciliation/construct_podtemplatespec.go b/pkg/reconciliation/construct_podtemplatespec.go
@@ -307,7 +307,7 @@ func addVolumes(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTemplateSpe
 
 	volumeDefaults := []corev1.Volume{vServerConfig, vServerLogs}
 
-	if readOnlyFs(dc) {
+	if dc.ReadOnlyFs() {
 		tmp := corev1.Volume{
 			Name: "tmp",
 			VolumeSource: corev1.VolumeSource{
@@ -649,7 +649,7 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla
 		}
 	}
 
-	if readOnlyFs(dc) {
+	if dc.ReadOnlyFs() {
 		cassContainer.SecurityContext = &corev1.SecurityContext{
 			ReadOnlyRootFilesystem: ptr.To[bool](true),
 		}
@@ -680,7 +680,7 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla
 		envDefaults = append(envDefaults, corev1.EnvVar{Name: "HCD_AUTO_CONF_OFF", Value: "all"})
 	}
 
-	if readOnlyFs(dc) {
+	if dc.ReadOnlyFs() {
 		envDefaults = append(envDefaults, corev1.EnvVar{Name: "MGMT_API_DISABLE_MCAC", Value: "true"})
 	}
 
@@ -737,7 +737,7 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla
 		}
 	}
 
-	if readOnlyFs(dc) {
+	if dc.ReadOnlyFs() {
 		cassContainer.VolumeMounts = append(cassContainer.VolumeMounts, corev1.VolumeMount{
 			Name:      "tmp",
 			MountPath: "/tmp",
@@ -805,10 +805,6 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla
 	return nil
 }
 
-func readOnlyFs(dc *api.CassandraDatacenter) bool {
-	return dc.Spec.ReadOnlyRootFilesystem != nil && *dc.Spec.ReadOnlyRootFilesystem && dc.UseClientImage()
-}
-
 func buildPodTemplateSpec(dc *api.CassandraDatacenter, rack api.Rack, addLegacyInternodeMount bool) (*corev1.PodTemplateSpec, error) {
 
 	baseTemplate := dc.Spec.PodTemplateSpec.DeepCopy()