Skip to content

Commit

Permalink
[#1089] ignore plan size in restricted mode
Browse files Browse the repository at this point in the history
  • Loading branch information
@gtully @brusdev
gtully authored and brusdev committed Jan 23, 2025
1 parent fc30ea0 commit 7f03be4
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 26 deletions.
46 changes: 21 additions & 25 deletions controllers/activemqartemis_reconciler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) ProcessStatefulSet(customResour
}

labels := namer.LabelBuilder.Labels()
headlessServiceDefinition = svc.NewHeadlessServiceForCR2(client, headlesServiceName, ssNamespacedName.Namespace, serviceports.GetDefaultPorts(isRestricted(customResource)), labels, headlessServiceDefinition)
headlessServiceDefinition = svc.NewHeadlessServiceForCR2(client, headlesServiceName, ssNamespacedName.Namespace, serviceports.GetDefaultPorts(common.IsRestricted(customResource)), labels, headlessServiceDefinition)
reconciler.trackDesired(headlessServiceDefinition)

if isClustered(customResource) {
Expand All @@ -303,7 +303,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) ProcessStatefulSet(customResour
}

func isClustered(customResource *brokerv1beta1.ActiveMQArtemis) bool {
if isRestricted(customResource) {
if common.IsRestricted(customResource) {
return false
}

Expand All @@ -315,7 +315,7 @@ func isClustered(customResource *brokerv1beta1.ActiveMQArtemis) bool {

func (reconciler *ActiveMQArtemisReconcilerImpl) ProcessCredentials(customResource *brokerv1beta1.ActiveMQArtemis, namer common.Namers, client rtclient.Client, scheme *runtime.Scheme, currentStatefulSet *appsv1.StatefulSet) {

if isRestricted(customResource) {
if common.IsRestricted(customResource) {
return
}
reconciler.log.V(1).Info("ProcessCredentials")
Expand Down Expand Up @@ -416,7 +416,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) applyPodDisruptionBudget(custom

func (reconciler *ActiveMQArtemisReconcilerImpl) ProcessAcceptorsAndConnectors(customResource *brokerv1beta1.ActiveMQArtemis, namer common.Namers, client rtclient.Client, scheme *runtime.Scheme, currentStatefulSet *appsv1.StatefulSet) error {

if isRestricted(customResource) {
if common.IsRestricted(customResource) {
return nil
}

Expand Down Expand Up @@ -452,7 +452,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) ProcessAcceptorsAndConnectors(c
func (reconciler *ActiveMQArtemisReconcilerImpl) ProcessConsole(customResource *brokerv1beta1.ActiveMQArtemis, namer common.Namers, client rtclient.Client, scheme *runtime.Scheme, currentStatefulSet *appsv1.StatefulSet) error {

reconciler.configureConsoleExposure(customResource, namer, client)
if !customResource.Spec.Console.SSLEnabled || isRestricted(customResource) {
if !customResource.Spec.Console.SSLEnabled || common.IsRestricted(customResource) {
return nil
}

Expand Down Expand Up @@ -1737,7 +1737,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) MakeVolumes(customResource *bro
if customResource.Spec.DeploymentPlan.PersistenceEnabled {
basicCRVolume := volumes.MakePersistentVolume(customResource.Name)
volumeDefinitions = append(volumeDefinitions, basicCRVolume...)
} else if isRestricted(customResource) {
} else if common.IsRestricted(customResource) {
emptyDirData := volumes.MakeEmptyDirVolumeFor(customResource.Name)
volumeDefinitions = append(volumeDefinitions, emptyDirData)
}
Expand Down Expand Up @@ -1782,7 +1782,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) MakeVolumes(customResource *bro
}
}

if !isRestricted(customResource) && customResource.Spec.Console.SSLEnabled {
if !common.IsRestricted(customResource) && customResource.Spec.Console.SSLEnabled {
reconciler.log.V(1).Info("Make volumes for ssl console exposure on k8s")
secretName := namer.SecretsConsoleNameBuilder.Name()
addNewVolumes(secretVolumes, &volumeDefinitions, &secretName)
Expand All @@ -1805,7 +1805,7 @@ func addNewVolumeMounts(existingNames map[string]string, existing *[]corev1.Volu
func (reconciler *ActiveMQArtemisReconcilerImpl) MakeVolumeMounts(customResource *brokerv1beta1.ActiveMQArtemis, namer common.Namers) ([]corev1.VolumeMount, error) {

volumeMounts := []corev1.VolumeMount{}
if customResource.Spec.DeploymentPlan.PersistenceEnabled || isRestricted(customResource) {
if customResource.Spec.DeploymentPlan.PersistenceEnabled || common.IsRestricted(customResource) {
persistentCRVlMnt := volumes.MakePersistentVolumeMount(customResource.Name, getDataMountPath(customResource, namer))
volumeMounts = append(volumeMounts, persistentCRVlMnt...)
}
Expand Down Expand Up @@ -1892,7 +1892,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) MakeVolumeMounts(customResource
}

func getDataMountPath(cr *brokerv1beta1.ActiveMQArtemis, namer common.Namers) string {
if isRestricted(cr) {
if common.IsRestricted(cr) {
return "/app"
}
return namer.GLOBAL_DATA_PATH
Expand Down Expand Up @@ -1973,7 +1973,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) PodTemplateSpecForCR(customReso
}

additionalSystemPropsForRestricted := []string{}
if isRestricted(customResource) {
if common.IsRestricted(customResource) {

mountPathRoot := secretPathBase + getPropertiesResourceNsName(customResource).Name
security_properties := newPropsWithHeader()
Expand Down Expand Up @@ -2128,7 +2128,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) PodTemplateSpecForCR(customReso
}

container.StartupProbe = reconciler.configureStartupProbe(container, customResource.Spec.DeploymentPlan.StartupProbe)
if !isRestricted(customResource) {
if !common.IsRestricted(customResource) {
container.LivenessProbe = reconciler.configureLivenessProbe(container, customResource.Spec.DeploymentPlan.LivenessProbe)
}
container.ReadinessProbe = reconciler.configureReadinessProbe(container, customResource.Spec.DeploymentPlan.ReadinessProbe)
Expand Down Expand Up @@ -2189,7 +2189,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) PodTemplateSpecForCR(customReso
Value: fmt.Sprintf("-Dlog4j2.configurationFile=%v", loggingConfigPath),
}
environments.CreateOrAppend(podSpec.Containers, &loggerOpts)
} else if isRestricted(customResource) {
} else if common.IsRestricted(customResource) {
// modify log4j2 default of ERROR
loggerOpts := corev1.EnvVar{
Name: getLoginConfigEnvVarName(customResource),
Expand All @@ -2201,7 +2201,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) PodTemplateSpecForCR(customReso
// add TopologySpreadConstraints config
podSpec.TopologySpreadConstraints = customResource.Spec.DeploymentPlan.TopologySpreadConstraints

if !isRestricted(customResource) {
if !common.IsRestricted(customResource) {
//add empty-dir volume and volumeMounts to main container
volumeForCfg := volumes.MakeEmptyDirVolumeFor(cfgVolumeName)
podSpec.Volumes = append(podSpec.Volumes, volumeForCfg)
Expand Down Expand Up @@ -2406,7 +2406,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) PodTemplateSpecForCR(customReso

pts.Spec = *podSpec

if isRestricted(customResource) {
if common.IsRestricted(customResource) {
pts.Spec.InitContainers = nil

// restricted env
Expand Down Expand Up @@ -2453,7 +2453,7 @@ func supportsOrdinalReplacement(envVar corev1.EnvVar) bool {
}

func getJaasConfigEnvVarName(customResource *brokerv1beta1.ActiveMQArtemis) string {
if !isRestricted(customResource) {
if !common.IsRestricted(customResource) {
// legacy
return debugArgsEnvVarName
}
Expand All @@ -2462,18 +2462,14 @@ func getJaasConfigEnvVarName(customResource *brokerv1beta1.ActiveMQArtemis) stri
}

func getLoginConfigEnvVarName(customResource *brokerv1beta1.ActiveMQArtemis) string {
if !isRestricted(customResource) {
if !common.IsRestricted(customResource) {
// legacy
return javaArgsAppendEnvVarName
}

return jdkJavaOptionsEnvVarName
}

func isRestricted(customResource *brokerv1beta1.ActiveMQArtemis) bool {
return customResource.Spec.Restricted != nil && *customResource.Spec.Restricted
}

func newPropsWithHeader() *bytes.Buffer {
return newBufferWithHeader("#")
}
Expand Down Expand Up @@ -2574,7 +2570,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) configureLivenessProbe(containe
reconciler.log.V(1).Info("Using user provided Liveness Probe Handler" + probeFromCr.ProbeHandler.String())
livenessProbe.ProbeHandler = probeFromCr.ProbeHandler
}
} else if !isRestricted(reconciler.customResource) {
} else if !common.IsRestricted(reconciler.customResource) {

reconciler.log.V(1).Info("Creating Default Liveness Probe")

Expand Down Expand Up @@ -2631,7 +2627,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) configureReadinessProbe(contain
} else {
readinessProbe.ProbeHandler = probeFromCr.ProbeHandler
}
} else if isRestricted(reconciler.customResource) {
} else if common.IsRestricted(reconciler.customResource) {
// liveness probe is sufficient
readinessProbe = nil
} else {
Expand Down Expand Up @@ -2819,7 +2815,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) configureContianerSecurityConte
container.SecurityContext = containerSecurityContext
} else {
reconciler.log.V(2).Info("Incoming Container SecurityContext is nil, creating with default values")
readOnlyRootFilesystem := isRestricted(reconciler.customResource)
readOnlyRootFilesystem := common.IsRestricted(reconciler.customResource)
runAsNonRoot := true
allowPrivilegeEscalation := false
capabilities := corev1.Capabilities{Drop: []corev1.Capability{"ALL"}}
Expand Down Expand Up @@ -2859,7 +2855,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) configPodSecurity(podSpec *core
reconciler.log.V(2).Info("Pod serviceAccountName specified", "existing", podSpec.ServiceAccountName, "new", *podSecurity.ServiceAccountName)
podSpec.ServiceAccountName = *podSecurity.ServiceAccountName
} else {
autoMount := !isRestricted(reconciler.customResource)
autoMount := !common.IsRestricted(reconciler.customResource)
podSpec.AutomountServiceAccountToken = &autoMount
}
if podSecurity.RunAsUser != nil {
Expand Down Expand Up @@ -3351,7 +3347,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) checkStatus(cr *brokerv1beta1.A
reqLogger := ctrl.Log.WithValues("ActiveMQArtemis Name", cr.Name)

var jks []*jolokia_client.JkInfo
if isRestricted(cr) {
if common.IsRestricted(cr) {
jks = jolokia_client.GetMinimalJolokiaAgents(cr, client)
} else {
resource := types.NamespacedName{
Expand Down
1 change: 1 addition & 0 deletions controllers/controll_plane_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ var _ = Describe("minimal", func() {
})

crd.Spec.Restricted = common.NewTrue()
crd.Spec.DeploymentPlan.Size = common.Int32ToPtr(2) // will be ignored and default to 1

// how the jdk command line can be configured or modified
crd.Spec.Env = []corev1.EnvVar{
Expand Down
6 changes: 5 additions & 1 deletion pkg/utils/common/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -649,8 +649,12 @@ func PodStartingStatusDigestMessage(podName string, status corev1.PodStatus) str
return buf.String()
}

func IsRestricted(customResource *brokerv1beta1.ActiveMQArtemis) bool {
return customResource.Spec.Restricted != nil && *customResource.Spec.Restricted
}

func GetDeploymentSize(cr *brokerv1beta1.ActiveMQArtemis) int32 {
if cr.Spec.DeploymentPlan.Size == nil {
if cr.Spec.DeploymentPlan.Size == nil || IsRestricted(cr) {
return DefaultDeploymentSize
}
return *cr.Spec.DeploymentPlan.Size
Expand Down

0 comments on commit 7f03be4

Please sign in to comment.