Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add shareProcessNamespace flag to podOptions #735

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions api/v1beta1/common_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,10 @@ type PodOptions struct {
// +optional
ServiceAccountName string `json:"serviceAccountName,omitempty"`

// Should process namespace sharing be enabled on created pods
// +optional
ShareProcessNamespace bool `json:"shareProcessNamespace,omitempty"`

// Optional PodSpreadTopologyConstraints to use when scheduling pods.
// More information here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
//
Expand Down
4 changes: 4 additions & 0 deletions config/crd/bases/solr.apache.org_solrclouds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5082,6 +5082,10 @@ spec:
serviceAccountName:
description: Optional Service Account to run the pod under.
type: string
shareProcessNamespace:
description: Should process namespace sharing be enabled on
created pods
type: boolean
sidecarContainers:
description: Sidecar containers to run in the pod. These are
in addition to the Solr Container
Expand Down
4 changes: 4 additions & 0 deletions config/crd/bases/solr.apache.org_solrprometheusexporters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3173,6 +3173,10 @@ spec:
serviceAccountName:
description: Optional Service Account to run the pod under.
type: string
shareProcessNamespace:
description: Should process namespace sharing be enabled on
created pods
type: boolean
sidecarContainers:
description: Sidecar containers to run in the pod. These are
in addition to the Solr Container
Expand Down
5 changes: 5 additions & 0 deletions controllers/solrcloud_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"github.com/apache/solr-operator/controllers/util"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
. "github.com/onsi/gomega/gstruct"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -146,6 +147,7 @@ var _ = FDescribe("SolrCloud controller - General", func() {
Expect(statefulSet.Spec.Template.Spec.Volumes).To(HaveLen(len(extraVolumes)+3), "Pod has wrong number of volumes")
Expect(statefulSet.Spec.Template.Spec.Volumes[3].Name).To(Equal(extraVolumes[0].Name), "Additional Volume from podOptions not loaded into pod properly.")
Expect(statefulSet.Spec.Template.Spec.Volumes[3].VolumeSource).To(Equal(extraVolumes[0].Source), "Additional Volume from podOptions not loaded into pod properly.")
Expect(statefulSet.Spec.Template.Spec.ShareProcessNamespace).Should(PointTo(BeFalse()))
Expect(statefulSet.Spec.Template.Spec.ReadinessGates).To(ContainElement(corev1.PodReadinessGate{ConditionType: util.SolrIsNotStoppedReadinessCondition}), "All pods should contain the isNotStopped readinessGate.")

By("testing the Solr Common Service")
Expand All @@ -169,6 +171,7 @@ var _ = FDescribe("SolrCloud controller - General", func() {

FContext("Solr Cloud with Custom Kube Options", func() {
three := intstr.FromInt(3)
testShareProcessNamespace := true
BeforeEach(func() {
replicas := int32(4)
solrCloud.Spec = solrv1beta1.SolrCloudSpec{
Expand Down Expand Up @@ -213,6 +216,7 @@ var _ = FDescribe("SolrCloud controller - General", func() {
TopologySpreadConstraints: testTopologySpreadConstraints,
DefaultInitContainerResources: testResources2,
InitContainers: extraContainers1,
ShareProcessNamespace: testShareProcessNamespace,
},
StatefulSetOptions: &solrv1beta1.StatefulSetOptions{
Annotations: testSSAnnotations,
Expand Down Expand Up @@ -284,6 +288,7 @@ var _ = FDescribe("SolrCloud controller - General", func() {
Expect(statefulSet.Spec.Template.Spec.ServiceAccountName).To(Equal(testServiceAccountName), "Incorrect serviceAccountName")
Expect(statefulSet.Spec.Template.Spec.TopologySpreadConstraints).To(HaveLen(len(testTopologySpreadConstraints)), "Wrong number of topologySpreadConstraints")
Expect(statefulSet.Spec.Template.Spec.TopologySpreadConstraints[0]).To(Equal(testTopologySpreadConstraints[0]), "Wrong first topologySpreadConstraint")
Expect(statefulSet.Spec.Template.Spec.ShareProcessNamespace).To(Equal(&testShareProcessNamespace), "Wrong shareProcessNamespace value")
expectedSecondTopologyConstraint := testTopologySpreadConstraints[1].DeepCopy()
expectedSecondTopologyConstraint.LabelSelector = statefulSet.Spec.Selector
Expect(statefulSet.Spec.Template.Spec.TopologySpreadConstraints[1]).To(Equal(*expectedSecondTopologyConstraint), "Wrong second topologySpreadConstraint")
Expand Down
3 changes: 3 additions & 0 deletions controllers/util/solr_util.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ var (
// zkConnectionString: the connectionString of the ZK instance to connect to
func GenerateStatefulSet(solrCloud *solr.SolrCloud, solrCloudStatus *solr.SolrCloudStatus, hostNameIPs map[string]string, reconcileConfigInfo map[string]string, tls *TLSCerts, security *SecurityConfig) *appsv1.StatefulSet {
terminationGracePeriod := int64(60)
shareProcessNamespace := false
solrPodPort := solrCloud.Spec.SolrAddressability.PodPort
defaultFSGroup := int64(DefaultSolrGroup)

Expand Down Expand Up @@ -122,6 +123,7 @@ func GenerateStatefulSet(solrCloud *solr.SolrCloud, solrCloudStatus *solr.SolrCl
if customPodOptions.TerminationGracePeriodSeconds != nil {
terminationGracePeriod = *customPodOptions.TerminationGracePeriodSeconds
}
shareProcessNamespace = customPodOptions.ShareProcessNamespace
}

// The isNotStopped readiness gate will always be used for managedUpdates
Expand Down Expand Up @@ -543,6 +545,7 @@ func GenerateStatefulSet(solrCloud *solr.SolrCloud, solrCloudStatus *solr.SolrCl

Spec: corev1.PodSpec{
TerminationGracePeriodSeconds: &terminationGracePeriod,
ShareProcessNamespace: &shareProcessNamespace,
SecurityContext: &corev1.PodSecurityContext{
FSGroup: &defaultFSGroup,
},
Expand Down
7 changes: 7 additions & 0 deletions helm/solr-operator/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,13 @@ annotations:
url: https://github.com/apache/solr-operator/issues/684
- name: Github PR
url: https://github.com/apache/solr-operator/pull/685
- kind: added
description: SolrClouds now support namespace sharing among pod containers in a pod.
links:
- name: Github Issue
url: https://github.com/apache/solr-operator/issues/716
- name: Github PR
url: https://github.com/apache/solr-operator/pull/735
- kind: changed
description: SolrClouds now support auto-readOnlyRootFilesystem setting.
links:
Expand Down
8 changes: 8 additions & 0 deletions helm/solr-operator/crds/crds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5343,6 +5343,10 @@ spec:
serviceAccountName:
description: Optional Service Account to run the pod under.
type: string
shareProcessNamespace:
description: Should process namespace sharing be enabled on
created pods
type: boolean
sidecarContainers:
description: Sidecar containers to run in the pod. These are
in addition to the Solr Container
Expand Down Expand Up @@ -19456,6 +19460,10 @@ spec:
serviceAccountName:
description: Optional Service Account to run the pod under.
type: string
shareProcessNamespace:
description: Should process namespace sharing be enabled on
created pods
type: boolean
sidecarContainers:
description: Sidecar containers to run in the pod. These are
in addition to the Solr Container
Expand Down
1 change: 1 addition & 0 deletions helm/solr/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,7 @@ When using the helm chart, omit `customSolrKubeOptions.`
| podOptions.tolerations | []object | | Specify a list of Kubernetes tolerations for the Solr pod |
| podOptions.topologySpreadConstraints | []object | | Specify a list of Kubernetes topologySpreadConstraints for the Solr pod. No need to provide a `labelSelector`, as the Solr Operator will default that for you. More information can be found in [the documentation](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/). |
| podOptions.serviceAccountName | string | | Optional serviceAccount to run the Solr pods under |
| podOptions.shareProcessNamespace | boolean | false | Whether containers in a pod should share the same process namespace. |
| podOptions.priorityClassName | string | | Optional priorityClassName for the Solr pod |
| podOptions.sidecarContainers | []object | | An optional list of additional containers to run along side the Solr in its pod |
| podOptions.initContainers | []object | | An optional list of additional initContainers to run before the Solr container starts |
Expand Down
3 changes: 3 additions & 0 deletions helm/solr/templates/_custom_option_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ resources:
{{- if (include "solr.serviceAccountName.solr" .) -}}
serviceAccountName: {{ include "solr.serviceAccountName.solr" . }}
{{ end }}
{{- if .Values.podOptions.shareProcessNamespace -}}
shareProcessNamespace: {{ .Values.podOptions.shareProcessNamespace }}
{{ end }}
{{- if .Values.podOptions.priorityClassName -}}
priorityClassName: {{ .Values.podOptions.priorityClassName }}
{{ end }}
Expand Down
2 changes: 2 additions & 0 deletions helm/solr/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,8 @@ podOptions:
# Set Solr service account individually instead of the global "serviceAccount.name"
serviceAccountName: ""

shareProcessNamespace: false

# Manage where the Solr pods are scheduled
affinity: {}
tolerations: []
Expand Down
Loading