Skip to content

Commit

Permalink
Merge remote-tracking branch 'apache/main' into dependabot/go_modules…
Browse files Browse the repository at this point in the history 
…/github.com/cyphar/filepath-securejoin-0.2.4
  • Loading branch information
@HoustonPutman
HoustonPutman committed Oct 5, 2023
2 parents f58cee5 + c72c44b commit d5ce9f8
Show file tree
Hide file tree
Showing 42 changed files with 2,355 additions and 1,494 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ Please visit the following pages for documentation on using and developing the S
- The released helm charts and their instructions should be used for all safe and stable deployments.
The charts found in `helm/` are not guaranteed to be compatible with the last stable release, and should only be used for development purposes.
- [Running the Solr Operator](https://apache.github.io/solr-operator/docs/running-the-operator)
- [Known Issues](https://apache.github.io/solr-operator/docs/known-issues)
- Available Solr Resources
- [Solr Clouds](https://apache.github.io/solr-operator/docs/solr-cloud)
- [Solr Backups](https://apache.github.io/solr-operator/docs/solr-backup)
Expand Down
184 changes: 127 additions & 57 deletions config/crd/bases/solr.apache.org_solrclouds.yaml
View file

Large diffs are not rendered by default.

91 changes: 63 additions & 28 deletions config/crd/bases/solr.apache.org_solrprometheusexporters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2100,6 +2100,28 @@ spec:
exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
restartPolicy:
description: 'RestartPolicy defines the restart behavior
of individual containers in a pod. This field may
only be set for init containers, and the only allowed
value is "Always". For non-init containers or when
this field is not specified, the restart behavior
is defined by the Pod''s restart policy and the container
type. Setting the RestartPolicy as "Always" for the
init container will have the following effect: this
init container will be continually restarted on exit
until all regular containers have terminated. Once
all regular containers have completed, all init containers
with restartPolicy "Always" will be shut down. This
lifecycle differs from normal init containers and
is often referred to as a "sidecar" container. Although
this init container still starts in the init container
sequence, it does not wait for the container to complete
before proceeding to the next init container. Instead,
the next init container starts immediately after this
init container is started, or after any startupProbe
has successfully completed.'
type: string
securityContext:
description: 'SecurityContext defines the security options
the container should be run with. If set, the fields
Expand Down Expand Up @@ -2229,7 +2251,8 @@ spec:
The profile must be preconfigured on the node
to work. Must be a descending path, relative
to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
location. Must be set if type is "Localhost".
Must NOT be set for any other type.
type: string
type:
description: "type indicates which kind of seccomp
Expand Down Expand Up @@ -2265,14 +2288,10 @@ spec:
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container.
This field is alpha-level and will only be
honored by components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the
feature flag will result in errors when validating
the Pod. All of a Pod's containers must have
the same effective HostProcess value (it is
not allowed to have a mix of HostProcess containers
and non-HostProcess containers). In addition,
All of a Pod's containers must have the same
effective HostProcess value (it is not allowed
to have a mix of HostProcess containers and
non-HostProcess containers). In addition,
if HostProcess is true then HostNetwork must
also be set to true.
type: boolean
Expand Down Expand Up @@ -3029,8 +3048,9 @@ spec:
defined in a file on the node should be used. The
profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's
configured seccomp profile location. Must only be
set if type is "Localhost".
configured seccomp profile location. Must be set
if type is "Localhost". Must NOT be set for any
other type.
type: string
type:
description: "type indicates which kind of seccomp
Expand Down Expand Up @@ -3098,15 +3118,11 @@ spec:
type: string
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container. This
field is alpha-level and will only be honored by
components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the feature
flag will result in errors when validating the Pod.
All of a Pod's containers must have the same effective
should be run as a 'Host Process' container. All
of a Pod's containers must have the same effective
HostProcess value (it is not allowed to have a mix
of HostProcess containers and non-HostProcess containers). In
addition, if HostProcess is true then HostNetwork
of HostProcess containers and non-HostProcess containers).
In addition, if HostProcess is true then HostNetwork
must also be set to true.
type: boolean
runAsUserName:
Expand Down Expand Up @@ -4208,6 +4224,28 @@ spec:
exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
restartPolicy:
description: 'RestartPolicy defines the restart behavior
of individual containers in a pod. This field may
only be set for init containers, and the only allowed
value is "Always". For non-init containers or when
this field is not specified, the restart behavior
is defined by the Pod''s restart policy and the container
type. Setting the RestartPolicy as "Always" for the
init container will have the following effect: this
init container will be continually restarted on exit
until all regular containers have terminated. Once
all regular containers have completed, all init containers
with restartPolicy "Always" will be shut down. This
lifecycle differs from normal init containers and
is often referred to as a "sidecar" container. Although
this init container still starts in the init container
sequence, it does not wait for the container to complete
before proceeding to the next init container. Instead,
the next init container starts immediately after this
init container is started, or after any startupProbe
has successfully completed.'
type: string
securityContext:
description: 'SecurityContext defines the security options
the container should be run with. If set, the fields
Expand Down Expand Up @@ -4337,7 +4375,8 @@ spec:
The profile must be preconfigured on the node
to work. Must be a descending path, relative
to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
location. Must be set if type is "Localhost".
Must NOT be set for any other type.
type: string
type:
description: "type indicates which kind of seccomp
Expand Down Expand Up @@ -4373,14 +4412,10 @@ spec:
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container.
This field is alpha-level and will only be
honored by components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the
feature flag will result in errors when validating
the Pod. All of a Pod's containers must have
the same effective HostProcess value (it is
not allowed to have a mix of HostProcess containers
and non-HostProcess containers). In addition,
All of a Pod's containers must have the same
effective HostProcess value (it is not allowed
to have a mix of HostProcess containers and
non-HostProcess containers). In addition,
if HostProcess is true then HostNetwork must
also be set to true.
type: boolean
Expand Down
47 changes: 32 additions & 15 deletions controllers/solrcloud_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,9 +225,9 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) (

if hasSolrXml {
// make sure the user-provided solr.xml is valid
if !strings.Contains(solrXml, "${hostPort:") {
if !(strings.Contains(solrXml, "${solr.port.advertise:") || strings.Contains(solrXml, "${hostPort:")) {
return requeueOrNot,
fmt.Errorf("custom solr.xml in ConfigMap %s must contain a placeholder for the 'hostPort' variable, such as <int name=\"hostPort\">${hostPort:80}</int>",
fmt.Errorf("custom solr.xml in ConfigMap %s must contain a placeholder for either 'solr.port.advertise', or its deprecated alternative 'hostPort', e.g. <int name=\"hostPort\">${solr.port.advertise:80}</int>",
providedConfigMapName)
}
// stored in the pod spec annotations on the statefulset so that we get a restart when solr.xml changes
Expand Down Expand Up @@ -385,7 +385,8 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
if err = controllerutil.SetControllerReference(instance, expectedStatefulSet, r.Scheme); err == nil {
err = r.Create(ctx, expectedStatefulSet)
}
statefulSet = expectedStatefulSet
// Wait for the next reconcile loop
statefulSet = nil
} else if err == nil {
util.MaintainPreservedStatefulSetFields(expectedStatefulSet, foundStatefulSet)

Expand All @@ -401,9 +402,6 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
}
statefulSet = foundStatefulSet
}
if err != nil {
return requeueOrNot, err
}
} else {
// If we are blocking the reconciliation of the statefulSet, we still want to find information about it.
err = r.Get(ctx, types.NamespacedName{Name: instance.StatefulSetName(), Namespace: instance.Namespace}, statefulSet)
Expand All @@ -415,6 +413,9 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
}
}
}
if err != nil {
return requeueOrNot, err
}

// *********************************************************
// The operations after this require a statefulSet to exist,
Expand All @@ -427,7 +428,7 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
// Do not reconcile the storage finalizer unless we have PVC Labels that we know the Solr data PVCs are using.
// Otherwise it will delete all PVCs possibly
if len(statefulSet.Spec.Selector.MatchLabels) > 0 {
if err := r.reconcileStorageFinalizer(ctx, instance, statefulSet.Spec.Selector.MatchLabels, logger); err != nil {
if err = r.reconcileStorageFinalizer(ctx, instance, statefulSet.Spec.Selector.MatchLabels, logger); err != nil {
logger.Error(err, "Cannot delete PVCs while garbage collecting after deletion.")
updateRequeueAfter(&requeueOrNot, time.Second*15)
}
Expand All @@ -436,16 +437,21 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
// Get the SolrCloud's Pods and initialize them if necessary
var podList []corev1.Pod
var podSelector labels.Selector
if podSelector, podList, err = r.initializePods(ctx, instance, logger); err != nil {
if podSelector, podList, err = r.initializePods(ctx, instance, statefulSet, logger); err != nil {
return requeueOrNot, err
}

// Make sure the SolrCloud status is up-to-date with the state of the cluster
var outOfDatePods util.OutOfDatePodSegmentation
var availableUpdatedPodCount int
outOfDatePods, availableUpdatedPodCount, err = createCloudStatus(instance, &newStatus, statefulSet.Status, podSelector, podList)
var shouldRequeue bool
outOfDatePods, availableUpdatedPodCount, shouldRequeue, err = createCloudStatus(instance, &newStatus, statefulSet.Status, podSelector, podList)
if err != nil {
return requeueOrNot, err
} else if shouldRequeue {
// There is an issue with the status, so requeue to get a more up-to-date view of the cluster
updateRequeueAfter(&requeueOrNot, time.Second*1)
return requeueOrNot, nil
}

// We only want to do one cluster operation at a time, so we use a lock to ensure that.
Expand Down Expand Up @@ -619,7 +625,7 @@ func (r *SolrCloudReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
}

// InitializePods Ensure that all SolrCloud Pods are initialized
func (r *SolrCloudReconciler) initializePods(ctx context.Context, solrCloud *solrv1beta1.SolrCloud, logger logr.Logger) (podSelector labels.Selector, podList []corev1.Pod, err error) {
func (r *SolrCloudReconciler) initializePods(ctx context.Context, solrCloud *solrv1beta1.SolrCloud, statefulSet *appsv1.StatefulSet, logger logr.Logger) (podSelector labels.Selector, podList []corev1.Pod, err error) {
foundPods := &corev1.PodList{}
selectorLabels := solrCloud.SharedLabels()
selectorLabels["technology"] = solrv1beta1.SolrTechnologyLabel
Expand All @@ -634,14 +640,24 @@ func (r *SolrCloudReconciler) initializePods(ctx context.Context, solrCloud *sol
logger.Error(err, "Error listing pods for SolrCloud")
return
}
podList = foundPods.Items

// Initialize the pod's notStopped readinessCondition so that they can receive traffic until they are stopped
for i, pod := range podList {
for _, pod := range foundPods.Items {
isOwnedByCurrentStatefulSet := false
for _, ownerRef := range pod.ObjectMeta.OwnerReferences {
if ownerRef.UID == statefulSet.UID {
isOwnedByCurrentStatefulSet = true
break
}
}
// Do not include pods that match, but are not owned by the current statefulSet
if !isOwnedByCurrentStatefulSet {
continue
}
if updatedPod, podError := r.initializePod(ctx, &pod, logger); podError != nil {
err = podError
} else if updatedPod != nil {
podList[i] = *updatedPod
podList = append(podList, *updatedPod)
}
}
return
Expand Down Expand Up @@ -675,7 +691,7 @@ func (r *SolrCloudReconciler) initializePod(ctx context.Context, pod *corev1.Pod
// Initialize the SolrCloud.Status object
func createCloudStatus(solrCloud *solrv1beta1.SolrCloud,
newStatus *solrv1beta1.SolrCloudStatus, statefulSetStatus appsv1.StatefulSetStatus, podSelector labels.Selector,
podList []corev1.Pod) (outOfDatePods util.OutOfDatePodSegmentation, availableUpdatedPodCount int, err error) {
podList []corev1.Pod) (outOfDatePods util.OutOfDatePodSegmentation, availableUpdatedPodCount int, shouldRequeue bool, err error) {
var otherVersions []string
nodeNames := make([]string, len(podList))
nodeStatusMap := map[string]solrv1beta1.SolrNodeStatus{}
Expand Down Expand Up @@ -797,8 +813,9 @@ func createCloudStatus(solrCloud *solrv1beta1.SolrCloud,
extAddress := solrCloud.UrlScheme(true) + "://" + solrCloud.ExternalCommonUrl(solrCloud.Spec.SolrAddressability.External.DomainName, true)
newStatus.ExternalCommonAddress = &extAddress
}
shouldRequeue = newStatus.ReadyReplicas != statefulSetStatus.ReadyReplicas || newStatus.Replicas != statefulSetStatus.Replicas || newStatus.UpToDateNodes != statefulSetStatus.UpdatedReplicas

return outOfDatePods, availableUpdatedPodCount, nil
return outOfDatePods, availableUpdatedPodCount, shouldRequeue, nil
}

func (r *SolrCloudReconciler) reconcileNodeService(ctx context.Context, logger logr.Logger, instance *solrv1beta1.SolrCloud, nodeName string) (err error, ip string) {
Expand Down
Loading

0 comments on commit d5ce9f8

Please sign in to comment.