From 1b72e2b70fe90fb413daa2d4949044a562cc2cfa Mon Sep 17 00:00:00 2001 From: Michael Burman Date: Wed, 11 Sep 2024 10:44:04 +0300 Subject: [PATCH] If the ReadOnlyRootFilesystem is selected, always force the usage of k8ssandra-client for config building --- CHANGELOG.md | 2 + .../v1beta1/cassandradatacenter_types.go | 11 ++++ .../v1beta1/cassandradatacenter_types_test.go | 59 +++++++++++++++++++ .../construct_podtemplatespec.go | 12 ++-- 4 files changed, 76 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d0bd1a3..e8bf38e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ Changelog for Cass Operator, new PRs should update the `main / unreleased` secti ## unreleased +* [FEATURE] [#661](https://github.com/k8ssandra/cass-operator/issues/661) If ReadOnlyRootFilesystem is set, always use the new config builder instead of the old one. This change only applies to Cassandra 3.11, 4.0 and DSE 6.8, 6.9. Note that not all the versions mentioned here necessarily support ReadOnlyRootFilesystem. + ## v1.22.1 * [BUGFIX] [#687](https://github.com/k8ssandra/cass-operator/issues/687) Prevent a crash when when StorageClassName was not set in the CassandraDataVolumeClaimSpec diff --git a/apis/cassandra/v1beta1/cassandradatacenter_types.go b/apis/cassandra/v1beta1/cassandradatacenter_types.go index ec9aa20e..d3aa17c9 100644 --- a/apis/cassandra/v1beta1/cassandradatacenter_types.go +++ b/apis/cassandra/v1beta1/cassandradatacenter_types.go @@ -985,6 +985,10 @@ func (dc *CassandraDatacenter) DatacenterName() string { } func (dc *CassandraDatacenter) UseClientImage() bool { + if dc.ReadOnlyFs() { + return true + } + if dc.Spec.ServerType == "hcd" { return true } @@ -998,3 +1002,10 @@ func (dc *CassandraDatacenter) UseClientImage() bool { func (dc *CassandraDatacenter) GenerationChanged() bool { return dc.Status.ObservedGeneration < dc.Generation } + +func (dc *CassandraDatacenter) ReadOnlyFs() bool { + if dc.Spec.ReadOnlyRootFilesystem != nil { + return *dc.Spec.ReadOnlyRootFilesystem + } + return false +} diff --git a/apis/cassandra/v1beta1/cassandradatacenter_types_test.go b/apis/cassandra/v1beta1/cassandradatacenter_types_test.go index 266897c2..ac928d46 100644 --- a/apis/cassandra/v1beta1/cassandradatacenter_types_test.go +++ b/apis/cassandra/v1beta1/cassandradatacenter_types_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "k8s.io/utils/ptr" ) var internodeEnabledAll = ` @@ -125,3 +126,61 @@ func TestUseClientImage(t *testing.T) { } } } + +func TestUseClientImageReadOnlyRootFilesystem(t *testing.T) { + assert := assert.New(t) + + tests := []struct { + serverType string + version string + }{ + { + serverType: "cassandra", + version: "4.1.0", + }, + { + serverType: "cassandra", + version: "4.1.2", + }, + { + serverType: "cassandra", + version: "5.0.0", + }, + { + serverType: "cassandra", + version: "3.11.17", + }, + { + serverType: "cassandra", + version: "4.0.8", + }, + { + serverType: "dse", + version: "6.8.39", + }, + { + serverType: "dse", + version: "6.9.0", + }, + { + serverType: "hcd", + version: "1.0.0", + }, + { + serverType: "dse", + version: "4.1.2", + }, + } + + for _, tt := range tests { + dc := CassandraDatacenter{ + Spec: CassandraDatacenterSpec{ + ServerVersion: tt.version, + ServerType: tt.serverType, + ReadOnlyRootFilesystem: ptr.To[bool](true), + }, + } + + assert.True(dc.UseClientImage()) + } +} diff --git a/pkg/reconciliation/construct_podtemplatespec.go b/pkg/reconciliation/construct_podtemplatespec.go index 2dfc83e7..ae53546a 100644 --- a/pkg/reconciliation/construct_podtemplatespec.go +++ b/pkg/reconciliation/construct_podtemplatespec.go @@ -307,7 +307,7 @@ func addVolumes(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTemplateSpe volumeDefaults := []corev1.Volume{vServerConfig, vServerLogs} - if readOnlyFs(dc) { + if dc.ReadOnlyFs() { tmp := corev1.Volume{ Name: "tmp", VolumeSource: corev1.VolumeSource{ @@ -649,7 +649,7 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla } } - if readOnlyFs(dc) { + if dc.ReadOnlyFs() { cassContainer.SecurityContext = &corev1.SecurityContext{ ReadOnlyRootFilesystem: ptr.To[bool](true), } @@ -680,7 +680,7 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla envDefaults = append(envDefaults, corev1.EnvVar{Name: "HCD_AUTO_CONF_OFF", Value: "all"}) } - if readOnlyFs(dc) { + if dc.ReadOnlyFs() { envDefaults = append(envDefaults, corev1.EnvVar{Name: "MGMT_API_DISABLE_MCAC", Value: "true"}) } @@ -737,7 +737,7 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla } } - if readOnlyFs(dc) { + if dc.ReadOnlyFs() { cassContainer.VolumeMounts = append(cassContainer.VolumeMounts, corev1.VolumeMount{ Name: "tmp", MountPath: "/tmp", @@ -805,10 +805,6 @@ func buildContainers(dc *api.CassandraDatacenter, baseTemplate *corev1.PodTempla return nil } -func readOnlyFs(dc *api.CassandraDatacenter) bool { - return dc.Spec.ReadOnlyRootFilesystem != nil && *dc.Spec.ReadOnlyRootFilesystem && dc.UseClientImage() -} - func buildPodTemplateSpec(dc *api.CassandraDatacenter, rack api.Rack, addLegacyInternodeMount bool) (*corev1.PodTemplateSpec, error) { baseTemplate := dc.Spec.PodTemplateSpec.DeepCopy()