diff --git a/CHANGELOG.md b/CHANGELOG.md
index 89c23ed80..bd9d49a69 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@
- (Improvement) (ML) CronJob status update
- (Improvement) (ML) Job Sidecar Shutdown
- (Feature) (ML) Handler for Extension StatefulSet and Service
+- (Feature) (ML) Pod & Container Config
## [1.2.35](https://github.com/arangodb/kube-arangodb/tree/1.2.35) (2023-11-06)
- (Maintenance) Update go-driver to v1.6.0, update IsNotFound() checks
diff --git a/docs/api/ArangoMLExtension.V1Alpha1.md b/docs/api/ArangoMLExtension.V1Alpha1.md
index 2ee955e8e..3333f3c4b 100644
--- a/docs/api/ArangoMLExtension.V1Alpha1.md
+++ b/docs/api/ArangoMLExtension.V1Alpha1.md
@@ -38,7 +38,7 @@ PullSecrets define Secrets used to pull Image from registry
### .spec.deployment.prediction.resources
-Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L33)
+Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L34)
Resources holds resource requests & limits for container
@@ -83,7 +83,7 @@ PullSecrets define Secrets used to pull Image from registry
### .spec.deployment.project.resources
-Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L33)
+Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L34)
Resources holds resource requests & limits for container
@@ -155,7 +155,7 @@ PullSecrets define Secrets used to pull Image from registry
### .spec.deployment.training.resources
-Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L33)
+Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L34)
Resources holds resource requests & limits for container
@@ -172,6 +172,48 @@ Image define image details
***
+### .spec.init.affinity
+
+Type: `core.Affinity` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/scheduling.go#L37)
+
+Affinity defines scheduling constraints for workload
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
+
+***
+
+### .spec.init.hostIPC
+
+Type: `boolean` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/container_namespace.go#L33)
+
+HostIPC defines to use the host's ipc namespace.
+
+Default Value: `false`
+
+***
+
+### .spec.init.hostNetwork
+
+Type: `boolean` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/container_namespace.go#L27)
+
+HostNetwork requests Host network for this pod. Use the host's network namespace.
+If this option is set, the ports that will be used must be specified.
+
+Default Value: `false`
+
+***
+
+### .spec.init.hostPID
+
+Type: `boolean` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/container_namespace.go#L30)
+
+HostPID define to use the host's pid namespace.
+
+Default Value: `false`
+
+***
+
### .spec.init.image
Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/image.go#L31)
@@ -180,6 +222,28 @@ Image define image details
***
+### .spec.init.nodeSelector
+
+Type: `object` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/scheduling.go#L32)
+
+NodeSelector is a selector that must be true for the workload to fit on a node.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
+
+***
+
+### .spec.init.podSecurityContext
+
+Type: `core.PodSecurityContext` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/security_pod.go#L29)
+
+PodSecurityContext holds pod-level security attributes and common container settings.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+
+***
+
### .spec.init.pullPolicy
Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/image.go#L35)
@@ -198,6 +262,63 @@ PullSecrets define Secrets used to pull Image from registry
***
+### .spec.init.resources
+
+Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L34)
+
+Resources holds resource requests & limits for container
+
+Links:
+* [Documentation of core.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#resourcerequirements-v1-core)
+
+***
+
+### .spec.init.schedulerName
+
+Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/scheduling.go#L47)
+
+SchedulerName specifies, the pod will be dispatched by specified scheduler.
+If not specified, the pod will be dispatched by default scheduler.
+
+Default Value: `""`
+
+***
+
+### .spec.init.securityContext
+
+Type: `core.SecurityContext` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/security_container.go#L29)
+
+PodSecurityContext holds pod-level security attributes and common container settings.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+
+***
+
+### .spec.init.shareProcessNamespace
+
+Type: `boolean` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/container_namespace.go#L39)
+
+ShareProcessNamespace defines to share a single process namespace between all of the containers in a pod.
+When this is set containers will be able to view and signal processes from other containers
+in the same pod, and the first process in each container will not be assigned PID 1.
+HostPID and ShareProcessNamespace cannot both be set.
+
+Default Value: `false`
+
+***
+
+### .spec.init.tolerations
+
+Type: `[]core.Toleration` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/scheduling.go#L42)
+
+Tolerations defines tolerations
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
+
+***
+
### .spec.metadataService.local.arangoMLFeatureStore
Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/ml/v1alpha1/extension_spec_metadata_service.go#L65)
diff --git a/docs/api/ArangoMLStorage.V1Alpha1.md b/docs/api/ArangoMLStorage.V1Alpha1.md
index 371485ec8..1768faf15 100644
--- a/docs/api/ArangoMLStorage.V1Alpha1.md
+++ b/docs/api/ArangoMLStorage.V1Alpha1.md
@@ -136,7 +136,7 @@ PullSecrets define Secrets used to pull Image from registry
### .spec.mode.sidecar.resources
-Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L33)
+Type: `core.ResourceRequirements` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/resources.go#L34)
Resources holds resource requests & limits for container
@@ -145,6 +145,17 @@ Links:
***
+### .spec.mode.sidecar.securityContext
+
+Type: `core.SecurityContext` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/security_container.go#L29)
+
+PodSecurityContext holds pod-level security attributes and common container settings.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+
+***
+
### .spec.mode.sidecar.shutdownListenPort
Type: `integer` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/ml/v1alpha1/storage_spec_mode_sidecar.go#L36)
diff --git a/pkg/apis/ml/v1alpha1/extension_spec.go b/pkg/apis/ml/v1alpha1/extension_spec.go
index 17f311377..b1f7e6818 100644
--- a/pkg/apis/ml/v1alpha1/extension_spec.go
+++ b/pkg/apis/ml/v1alpha1/extension_spec.go
@@ -92,7 +92,7 @@ func (a *ArangoMLExtensionSpec) Validate() error {
shared.PrefixResourceErrors("storage", shared.ValidateRequired(a.GetStorage(), func(obj sharedApi.Object) error { return obj.Validate() })),
a.GetImage().Validate(),
shared.PrefixResourceErrors("init", a.GetInit().Validate()),
- shared.ValidateAnyNotNil(".image or .init.image needs to be specified", a.GetImage(), a.GetInit().GetImage()),
+ shared.ValidateAnyNotNil(".image or .init.image needs to be specified", a.GetImage(), a.GetInit().GetContainerTemplate().GetImage()),
shared.PrefixResourceErrors("deployment", a.GetDeployment().Validate()),
))
}
diff --git a/pkg/apis/ml/v1alpha1/extension_spec_init.go b/pkg/apis/ml/v1alpha1/extension_spec_init_job.go
similarity index 64%
rename from pkg/apis/ml/v1alpha1/extension_spec_init.go
rename to pkg/apis/ml/v1alpha1/extension_spec_init_job.go
index cdc4a774b..42eab49b3 100644
--- a/pkg/apis/ml/v1alpha1/extension_spec_init.go
+++ b/pkg/apis/ml/v1alpha1/extension_spec_init_job.go
@@ -26,23 +26,36 @@ import (
)
type ArangoMLExtensionSpecInit struct {
- // Image define default image used for the init job
- *sharedApi.Image `json:",inline"`
+ // PodTemplate keeps the information about Pod configuration
+ *sharedApi.PodTemplate `json:",inline"`
+
+ // ContainerTemplate Keeps the information about Container configuration
+ *sharedApi.ContainerTemplate `json:",inline"`
}
-func (a *ArangoMLExtensionSpecInit) GetImage() *sharedApi.Image {
- if a == nil || a.Image == nil {
+func (a *ArangoMLExtensionSpecInit) GetPodTemplate() *sharedApi.PodTemplate {
+ if a == nil {
return nil
}
- return a.Image
+ return a.PodTemplate
+}
+
+func (a *ArangoMLExtensionSpecInit) GetContainerTemplate() *sharedApi.ContainerTemplate {
+ if a == nil {
+ return nil
+ }
+
+ return a.ContainerTemplate
}
func (a *ArangoMLExtensionSpecInit) Validate() error {
if a == nil {
return nil
}
+
return shared.WithErrors(
- a.GetImage().Validate(),
+ a.GetPodTemplate().Validate(),
+ a.GetContainerTemplate().Validate(),
)
}
diff --git a/pkg/apis/ml/v1alpha1/storage_spec_mode_sidecar.go b/pkg/apis/ml/v1alpha1/storage_spec_mode_sidecar.go
index e858d0070..b401e4158 100644
--- a/pkg/apis/ml/v1alpha1/storage_spec_mode_sidecar.go
+++ b/pkg/apis/ml/v1alpha1/storage_spec_mode_sidecar.go
@@ -35,27 +35,16 @@ type ArangoMLStorageSpecModeSidecar struct {
// +doc/default: 9202
ShutdownListenPort *uint16 `json:"shutdownListenPort,omitempty"`
- // Image define default image used for the extension
- *sharedApi.Image `json:",inline"`
-
- // Resources holds resource requests & limits for sidecar container
- *sharedApi.Resources `json:",inline"`
-}
-
-func (s *ArangoMLStorageSpecModeSidecar) GetImage() *sharedApi.Image {
- if s == nil || s.Image == nil {
- return nil
- }
-
- return s.Image
+ // ContainerTemplate Keeps the information about Container configuration
+ *sharedApi.ContainerTemplate `json:",inline"`
}
-func (s *ArangoMLStorageSpecModeSidecar) GetResources() *sharedApi.Resources {
- if s == nil || s.Resources == nil {
+func (s *ArangoMLStorageSpecModeSidecar) GetContainerTemplate() *sharedApi.ContainerTemplate {
+ if s == nil || s.ContainerTemplate == nil {
return nil
}
- return s.Resources
+ return s.ContainerTemplate
}
func (s *ArangoMLStorageSpecModeSidecar) Validate() error {
@@ -73,7 +62,7 @@ func (s *ArangoMLStorageSpecModeSidecar) Validate() error {
err = append(err, shared.PrefixResourceErrors("shutdownListenPort", errors.Newf("must be positive")))
}
- err = append(err, s.GetResources().Validate())
+ err = append(err, s.GetContainerTemplate().Validate())
return shared.WithErrors(err...)
}
diff --git a/pkg/apis/ml/v1alpha1/storage_spec_test.go b/pkg/apis/ml/v1alpha1/storage_spec_test.go
index 88032862e..78bbcb7d1 100644
--- a/pkg/apis/ml/v1alpha1/storage_spec_test.go
+++ b/pkg/apis/ml/v1alpha1/storage_spec_test.go
@@ -66,6 +66,7 @@ func Test_ArangoMLStorageSpec(t *testing.T) {
core.ResourceMemory: resource.MustParse("128Mi"),
},
}
+ s.Mode.Sidecar.ContainerTemplate = &sharedApi.ContainerTemplate{}
s.Mode.Sidecar.Resources = &sharedApi.Resources{Resources: &assignedRequirements}
expectedRequirements := core.ResourceRequirements{
@@ -76,7 +77,7 @@ func Test_ArangoMLStorageSpec(t *testing.T) {
},
}
- actualRequirements := s.Mode.Sidecar.GetResources().With(core.ResourceRequirements{
+ actualRequirements := s.Mode.Sidecar.GetResources().With(&sharedApi.Resources{Resources: &core.ResourceRequirements{
Limits: core.ResourceList{
core.ResourceCPU: resource.MustParse("100m"),
core.ResourceMemory: resource.MustParse("128Mi"),
@@ -85,7 +86,7 @@ func Test_ArangoMLStorageSpec(t *testing.T) {
core.ResourceCPU: resource.MustParse("200m"),
core.ResourceMemory: resource.MustParse("256Mi"),
},
- })
- require.Equal(t, expectedRequirements, actualRequirements)
+ }})
+ require.Equal(t, expectedRequirements, *actualRequirements.GetResources())
})
}
diff --git a/pkg/apis/ml/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/ml/v1alpha1/zz_generated.deepcopy.go
index 6a97c20ef..1b7b81efd 100644
--- a/pkg/apis/ml/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/ml/v1alpha1/zz_generated.deepcopy.go
@@ -446,9 +446,14 @@ func (in *ArangoMLExtensionSpecDeploymentService) DeepCopy() *ArangoMLExtensionS
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ArangoMLExtensionSpecInit) DeepCopyInto(out *ArangoMLExtensionSpecInit) {
*out = *in
- if in.Image != nil {
- in, out := &in.Image, &out.Image
- *out = new(sharedv1.Image)
+ if in.PodTemplate != nil {
+ in, out := &in.PodTemplate, &out.PodTemplate
+ *out = new(sharedv1.PodTemplate)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.ContainerTemplate != nil {
+ in, out := &in.ContainerTemplate, &out.ContainerTemplate
+ *out = new(sharedv1.ContainerTemplate)
(*in).DeepCopyInto(*out)
}
return
@@ -779,14 +784,9 @@ func (in *ArangoMLStorageSpecModeSidecar) DeepCopyInto(out *ArangoMLStorageSpecM
*out = new(uint16)
**out = **in
}
- if in.Image != nil {
- in, out := &in.Image, &out.Image
- *out = new(sharedv1.Image)
- (*in).DeepCopyInto(*out)
- }
- if in.Resources != nil {
- in, out := &in.Resources, &out.Resources
- *out = new(sharedv1.Resources)
+ if in.ContainerTemplate != nil {
+ in, out := &in.ContainerTemplate, &out.ContainerTemplate
+ *out = new(sharedv1.ContainerTemplate)
(*in).DeepCopyInto(*out)
}
return
diff --git a/pkg/apis/shared/v1/container_namespace.go b/pkg/apis/shared/v1/container_namespace.go
new file mode 100644
index 000000000..248683ef0
--- /dev/null
+++ b/pkg/apis/shared/v1/container_namespace.go
@@ -0,0 +1,76 @@
+//
+// DISCLAIMER
+//
+// Copyright 2023 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1
+
+type ContainerNamespace struct {
+ // HostNetwork requests Host network for this pod. Use the host's network namespace.
+ // If this option is set, the ports that will be used must be specified.
+ // +doc/default: false
+ HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,11,opt,name=hostNetwork"`
+ // HostPID define to use the host's pid namespace.
+ // +doc/default: false
+ HostPID bool `json:"hostPID,omitempty" protobuf:"varint,12,opt,name=hostPID"`
+ // HostIPC defines to use the host's ipc namespace.
+ // +doc/default: false
+ HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,13,opt,name=hostIPC"`
+ // ShareProcessNamespace defines to share a single process namespace between all of the containers in a pod.
+ // When this is set containers will be able to view and signal processes from other containers
+ // in the same pod, and the first process in each container will not be assigned PID 1.
+ // HostPID and ShareProcessNamespace cannot both be set.
+ // +doc/default: false
+ ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty" protobuf:"varint,27,opt,name=shareProcessNamespace"`
+}
+
+func (c *ContainerNamespace) GetHostNetwork() bool {
+ if c == nil {
+ return false
+ }
+
+ return c.HostNetwork
+}
+
+func (c *ContainerNamespace) GetHostPID() bool {
+ if c == nil {
+ return false
+ }
+
+ return c.HostPID
+}
+
+func (c *ContainerNamespace) GetHostIPC() bool {
+ if c == nil {
+ return false
+ }
+
+ return c.HostIPC
+}
+
+func (c *ContainerNamespace) GetShareProcessNamespace() *bool {
+ if c == nil {
+ return nil
+ }
+
+ return c.ShareProcessNamespace
+}
+
+func (c *ContainerNamespace) Validate() error {
+ return nil
+}
diff --git a/pkg/apis/shared/v1/core_container_spec.go b/pkg/apis/shared/v1/core_container_spec.go
new file mode 100644
index 000000000..003da9885
--- /dev/null
+++ b/pkg/apis/shared/v1/core_container_spec.go
@@ -0,0 +1,91 @@
+//
+// DISCLAIMER
+//
+// Copyright 2023 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1
+
+import (
+ "github.com/arangodb/kube-arangodb/pkg/apis/shared"
+)
+
+type ContainerTemplate struct {
+ // Image define default image used for the job
+ *Image `json:",inline"`
+
+ // Resources define resources assigned to the pod
+ *Resources `json:",inline"`
+
+ // SecurityContainer keeps the security settings for Container
+ *SecurityContainer `json:",inline"`
+}
+
+func (a *ContainerTemplate) With(other *ContainerTemplate) *ContainerTemplate {
+ if a == nil && other == nil {
+ return nil
+ }
+
+ if a == nil {
+ return other.DeepCopy()
+ }
+
+ if other == nil {
+ return a.DeepCopy()
+ }
+
+ return &ContainerTemplate{
+ Image: a.GetImage().With(other.GetImage()),
+ Resources: a.GetResources().With(other.GetResources()),
+ SecurityContainer: a.GetSecurityContainer().With(other.GetSecurityContainer()),
+ }
+}
+
+func (a *ContainerTemplate) GetImage() *Image {
+ if a == nil || a.Image == nil {
+ return nil
+ }
+
+ return a.Image
+}
+
+func (a *ContainerTemplate) GetSecurityContainer() *SecurityContainer {
+ if a == nil || a.SecurityContainer == nil {
+ return nil
+ }
+
+ return a.SecurityContainer
+}
+
+func (a *ContainerTemplate) GetResources() *Resources {
+ if a == nil || a.Resources == nil {
+ return nil
+ }
+
+ return a.Resources
+}
+
+func (a *ContainerTemplate) Validate() error {
+ if a == nil {
+ return nil
+ }
+ return shared.WithErrors(
+ a.GetImage().Validate(),
+ a.GetResources().Validate(),
+ a.GetSecurityContainer().Validate(),
+ )
+}
diff --git a/pkg/apis/shared/v1/core_pod_spec.go b/pkg/apis/shared/v1/core_pod_spec.go
new file mode 100644
index 000000000..0a5da9f27
--- /dev/null
+++ b/pkg/apis/shared/v1/core_pod_spec.go
@@ -0,0 +1,69 @@
+//
+// DISCLAIMER
+//
+// Copyright 2023 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1
+
+import "github.com/arangodb/kube-arangodb/pkg/apis/shared"
+
+type PodTemplate struct {
+ // Scheduling keeps the scheduling information
+ *Scheduling `json:",inline"`
+
+ // ContainerNamespace keeps the Container layer Kernel namespace configuration
+ *ContainerNamespace `json:",inline"`
+
+ // SecurityPod keeps the security settings for Pod
+ *SecurityPod `json:",inline"`
+}
+
+func (a *PodTemplate) GetSecurityPod() *SecurityPod {
+ if a == nil {
+ return nil
+ }
+
+ return a.SecurityPod
+}
+
+func (a *PodTemplate) GetScheduling() *Scheduling {
+ if a == nil {
+ return nil
+ }
+
+ return a.Scheduling
+}
+
+func (a *PodTemplate) GetContainerNamespace() *ContainerNamespace {
+ if a == nil {
+ return nil
+ }
+
+ return a.ContainerNamespace
+}
+
+func (a *PodTemplate) Validate() error {
+ if a == nil {
+ return nil
+ }
+ return shared.WithErrors(
+ a.GetScheduling().Validate(),
+ a.GetContainerNamespace().Validate(),
+ a.GetSecurityPod().Validate(),
+ )
+}
diff --git a/pkg/apis/shared/v1/image.go b/pkg/apis/shared/v1/image.go
index e40de8043..d27948edd 100644
--- a/pkg/apis/shared/v1/image.go
+++ b/pkg/apis/shared/v1/image.go
@@ -38,6 +38,18 @@ type Image struct {
PullSecrets []string `json:"pullSecrets,omitempty"`
}
+func (i *Image) With(other *Image) *Image {
+ if i == nil && other == nil {
+ return nil
+ }
+
+ if other == nil {
+ return i.DeepCopy()
+ }
+
+ return other.DeepCopy()
+}
+
func (i *Image) GetImage() string {
if i == nil || i.Image == nil {
return ""
diff --git a/pkg/apis/shared/v1/resources.go b/pkg/apis/shared/v1/resources.go
index 6c9afca04..0fb3fe133 100644
--- a/pkg/apis/shared/v1/resources.go
+++ b/pkg/apis/shared/v1/resources.go
@@ -23,6 +23,7 @@ package v1
import (
core "k8s.io/api/core/v1"
+ "github.com/arangodb/kube-arangodb/pkg/util"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil/resources"
)
@@ -33,12 +34,20 @@ type Resources struct {
Resources *core.ResourceRequirements `json:"resources,omitempty"`
}
-func (r *Resources) With(newResources core.ResourceRequirements) core.ResourceRequirements {
- if res := r.GetResources(); res == nil {
- return newResources
- } else {
- return resources.ApplyContainerResource(*res, newResources)
+func (r *Resources) With(newResources *Resources) *Resources {
+ if r == nil && newResources == nil {
+ return nil
+ }
+
+ if r == nil {
+ return newResources.DeepCopy()
}
+
+ if newResources == nil {
+ return r.DeepCopy()
+ }
+
+ return &Resources{Resources: util.NewType(resources.ApplyContainerResource(util.TypeOrDefault(r.GetResources()), util.TypeOrDefault(newResources.GetResources())))}
}
func (r *Resources) GetResources() *core.ResourceRequirements {
diff --git a/pkg/apis/shared/v1/scheduling.go b/pkg/apis/shared/v1/scheduling.go
new file mode 100644
index 000000000..340f7028e
--- /dev/null
+++ b/pkg/apis/shared/v1/scheduling.go
@@ -0,0 +1,84 @@
+//
+// DISCLAIMER
+//
+// Copyright 2023 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1
+
+import (
+ core "k8s.io/api/core/v1"
+)
+
+type SchedulingTolerations []core.Toleration
+
+type Scheduling struct {
+ // NodeSelector is a selector that must be true for the workload to fit on a node.
+ // +doc/link: Kubernetes docs|https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+ // Affinity defines scheduling constraints for workload
+ // +doc/type: core.Affinity
+ // +doc/link: Kubernetes docs|https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ Affinity *core.Affinity `json:"affinity,omitempty"`
+
+ // Tolerations defines tolerations
+ // +doc/type: []core.Toleration
+ // +doc/link: Kubernetes docs|https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+ Tolerations SchedulingTolerations `json:"tolerations,omitempty"`
+
+ // SchedulerName specifies, the pod will be dispatched by specified scheduler.
+ // If not specified, the pod will be dispatched by default scheduler.
+ // +doc/default: ""
+ SchedulerName *string `json:"schedulerName,omitempty"`
+}
+
+func (s *Scheduling) GetNodeSelector() map[string]string {
+ if s != nil {
+ return s.NodeSelector
+ }
+
+ return nil
+}
+
+func (s *Scheduling) GetSchedulerName() string {
+ if s != nil && s.SchedulerName != nil {
+ return *s.SchedulerName
+ }
+
+ return ""
+}
+
+func (s *Scheduling) GetAffinity() *core.Affinity {
+ if s != nil {
+ return s.Affinity
+ }
+
+ return nil
+}
+
+func (s *Scheduling) GetTolerations() SchedulingTolerations {
+ if s != nil {
+ return s.Tolerations
+ }
+
+ return nil
+}
+
+func (s *Scheduling) Validate() error {
+ return nil
+}
diff --git a/pkg/apis/shared/v1/security_container.go b/pkg/apis/shared/v1/security_container.go
new file mode 100644
index 000000000..d8d10f934
--- /dev/null
+++ b/pkg/apis/shared/v1/security_container.go
@@ -0,0 +1,56 @@
+//
+// DISCLAIMER
+//
+// Copyright 2023 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1
+
+import core "k8s.io/api/core/v1"
+
+type SecurityContainer struct {
+ // PodSecurityContext holds pod-level security attributes and common container settings.
+ // +doc/type: core.SecurityContext
+ // +doc/link: Kubernetes docs|https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ SecurityContext *core.SecurityContext `json:"securityContext,omitempty"`
+}
+
+func (s *SecurityContainer) With(other *SecurityContainer) *SecurityContainer {
+ if s == nil && other == nil {
+ return nil
+ }
+
+ if other == nil {
+ return s.DeepCopy()
+ }
+
+ // TODO: Add fine graned merge
+
+ return other.DeepCopy()
+}
+
+func (s *SecurityContainer) GetSecurityContext() *core.SecurityContext {
+ if s == nil {
+ return nil
+ }
+
+ return s.SecurityContext
+}
+
+func (s *SecurityContainer) Validate() error {
+ return nil
+}
diff --git a/pkg/apis/shared/v1/security_pod.go b/pkg/apis/shared/v1/security_pod.go
new file mode 100644
index 000000000..3d788b4c3
--- /dev/null
+++ b/pkg/apis/shared/v1/security_pod.go
@@ -0,0 +1,42 @@
+//
+// DISCLAIMER
+//
+// Copyright 2023 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1
+
+import core "k8s.io/api/core/v1"
+
+type SecurityPod struct {
+ // PodSecurityContext holds pod-level security attributes and common container settings.
+ // +doc/type: core.PodSecurityContext
+ // +doc/link: Kubernetes docs|https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext,omitempty"`
+}
+
+func (s *SecurityPod) GetPodSecurityContext() *core.PodSecurityContext {
+ if s == nil {
+ return nil
+ }
+
+ return s.PodSecurityContext
+}
+
+func (s *SecurityPod) Validate() error {
+ return nil
+}
diff --git a/pkg/apis/shared/v1/zz_generated.deepcopy.go b/pkg/apis/shared/v1/zz_generated.deepcopy.go
index 02d8e5454..3eb567e46 100644
--- a/pkg/apis/shared/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/shared/v1/zz_generated.deepcopy.go
@@ -30,6 +30,58 @@ import (
types "k8s.io/apimachinery/pkg/types"
)
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ContainerNamespace) DeepCopyInto(out *ContainerNamespace) {
+ *out = *in
+ if in.ShareProcessNamespace != nil {
+ in, out := &in.ShareProcessNamespace, &out.ShareProcessNamespace
+ *out = new(bool)
+ **out = **in
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerNamespace.
+func (in *ContainerNamespace) DeepCopy() *ContainerNamespace {
+ if in == nil {
+ return nil
+ }
+ out := new(ContainerNamespace)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ContainerTemplate) DeepCopyInto(out *ContainerTemplate) {
+ *out = *in
+ if in.Image != nil {
+ in, out := &in.Image, &out.Image
+ *out = new(Image)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.Resources != nil {
+ in, out := &in.Resources, &out.Resources
+ *out = new(Resources)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.SecurityContainer != nil {
+ in, out := &in.SecurityContainer, &out.SecurityContainer
+ *out = new(SecurityContainer)
+ (*in).DeepCopyInto(*out)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerTemplate.
+func (in *ContainerTemplate) DeepCopy() *ContainerTemplate {
+ if in == nil {
+ return nil
+ }
+ out := new(ContainerTemplate)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in HashList) DeepCopyInto(out *HashList) {
{
@@ -107,6 +159,37 @@ func (in *Object) DeepCopy() *Object {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodTemplate) DeepCopyInto(out *PodTemplate) {
+ *out = *in
+ if in.Scheduling != nil {
+ in, out := &in.Scheduling, &out.Scheduling
+ *out = new(Scheduling)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.ContainerNamespace != nil {
+ in, out := &in.ContainerNamespace, &out.ContainerNamespace
+ *out = new(ContainerNamespace)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.SecurityPod != nil {
+ in, out := &in.SecurityPod, &out.SecurityPod
+ *out = new(SecurityPod)
+ (*in).DeepCopyInto(*out)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodTemplate.
+func (in *PodTemplate) DeepCopy() *PodTemplate {
+ if in == nil {
+ return nil
+ }
+ out := new(PodTemplate)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Resources) DeepCopyInto(out *Resources) {
*out = *in
@@ -128,6 +211,110 @@ func (in *Resources) DeepCopy() *Resources {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Scheduling) DeepCopyInto(out *Scheduling) {
+ *out = *in
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Affinity != nil {
+ in, out := &in.Affinity, &out.Affinity
+ *out = new(corev1.Affinity)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make(SchedulingTolerations, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.SchedulerName != nil {
+ in, out := &in.SchedulerName, &out.SchedulerName
+ *out = new(string)
+ **out = **in
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Scheduling.
+func (in *Scheduling) DeepCopy() *Scheduling {
+ if in == nil {
+ return nil
+ }
+ out := new(Scheduling)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in SchedulingTolerations) DeepCopyInto(out *SchedulingTolerations) {
+ {
+ in := &in
+ *out = make(SchedulingTolerations, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ return
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SchedulingTolerations.
+func (in SchedulingTolerations) DeepCopy() SchedulingTolerations {
+ if in == nil {
+ return nil
+ }
+ out := new(SchedulingTolerations)
+ in.DeepCopyInto(out)
+ return *out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecurityContainer) DeepCopyInto(out *SecurityContainer) {
+ *out = *in
+ if in.SecurityContext != nil {
+ in, out := &in.SecurityContext, &out.SecurityContext
+ *out = new(corev1.SecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContainer.
+func (in *SecurityContainer) DeepCopy() *SecurityContainer {
+ if in == nil {
+ return nil
+ }
+ out := new(SecurityContainer)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecurityPod) DeepCopyInto(out *SecurityPod) {
+ *out = *in
+ if in.PodSecurityContext != nil {
+ in, out := &in.PodSecurityContext, &out.PodSecurityContext
+ *out = new(corev1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPod.
+func (in *SecurityPod) DeepCopy() *SecurityPod {
+ if in == nil {
+ return nil
+ }
+ out := new(SecurityPod)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceAccount) DeepCopyInto(out *ServiceAccount) {
*out = *in
diff --git a/pkg/crd/crds/ml-extension.schema.generated.yaml b/pkg/crd/crds/ml-extension.schema.generated.yaml
index 865964bba..772cc7d2c 100644
--- a/pkg/crd/crds/ml-extension.schema.generated.yaml
+++ b/pkg/crd/crds/ml-extension.schema.generated.yaml
@@ -122,9 +122,385 @@ v1alpha1:
init:
description: ArangoMLExtensionSpecInit define Init job specification
properties:
+ affinity:
+ description: Affinity defines scheduling constraints for workload
+ properties:
+ nodeAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ preference:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ weight:
+ format: int32
+ type: integer
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ properties:
+ nodeSelectorTerms:
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ type: array
+ type: object
+ type: object
+ podAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ type: object
+ weight:
+ format: int32
+ type: integer
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ type: object
+ weight:
+ format: int32
+ type: integer
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ hostIPC:
+ description: HostIPC defines to use the host's ipc namespace.
+ type: boolean
+ hostNetwork:
+ description: |-
+ HostNetwork requests Host network for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ type: boolean
+ hostPID:
+ description: HostPID define to use the host's pid namespace.
+ type: boolean
image:
description: Image define image details
type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector is a selector that must be true for the workload to fit on a node.
+ type: object
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes and common container settings.
+ properties:
+ fsGroup:
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ type: string
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ type: object
+ supplementalGroups:
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
pullPolicy:
description: PullPolicy define Image pull policy
type: string
@@ -133,6 +509,107 @@ v1alpha1:
items:
type: string
type: array
+ resources:
+ description: Resources holds resource requests & limits for container
+ properties:
+ limits:
+ additionalProperties:
+ type: string
+ type: object
+ requests:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ schedulerName:
+ description: |-
+ SchedulerName specifies, the pod will be dispatched by specified scheduler.
+ If not specified, the pod will be dispatched by default scheduler.
+ type: string
+ securityContext:
+ description: PodSecurityContext holds pod-level security attributes and common container settings.
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ shareProcessNamespace:
+ description: |-
+ ShareProcessNamespace defines to share a single process namespace between all of the containers in a pod.
+ When this is set containers will be able to view and signal processes from other containers
+ in the same pod, and the first process in each container will not be assigned PID 1.
+ HostPID and ShareProcessNamespace cannot both be set.
+ type: boolean
+ tolerations:
+ description: Tolerations defines tolerations
+ items:
+ properties:
+ effect:
+ type: string
+ key:
+ type: string
+ operator:
+ type: string
+ tolerationSeconds:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: array
type: object
metadataService:
description: MetadataService keeps the MetadataService configuration
diff --git a/pkg/crd/crds/ml-storage.schema.generated.yaml b/pkg/crd/crds/ml-storage.schema.generated.yaml
index addb482bc..a102f7fc1 100644
--- a/pkg/crd/crds/ml-storage.schema.generated.yaml
+++ b/pkg/crd/crds/ml-storage.schema.generated.yaml
@@ -95,6 +95,66 @@ v1alpha1:
type: string
type: object
type: object
+ securityContext:
+ description: PodSecurityContext holds pod-level security attributes and common container settings.
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
shutdownListenPort:
description: ShutdownListenPort defines on which port the sidecar container will be listening for shutdown connections
format: int32
diff --git a/pkg/util/dict.go b/pkg/util/dict.go
index a516d3209..fa138e97b 100644
--- a/pkg/util/dict.go
+++ b/pkg/util/dict.go
@@ -43,6 +43,18 @@ func SortKeys(m interface{}) []string {
return r
}
+func CopyFullMap[K comparable, V any](src map[K]V) map[K]V {
+ if src == nil {
+ return nil
+ }
+
+ r := map[K]V{}
+
+ CopyMap(r, src)
+
+ return r
+}
+
func CopyMap[K comparable, V any](dst, src map[K]V) {
// TODO: replace with maps.Copy when switching to go1.21
for k, v := range src {
diff --git a/pkg/util/k8sutil/deepcopy.go b/pkg/util/k8sutil/deepcopy.go
index 837475c8c..455197ca9 100644
--- a/pkg/util/k8sutil/deepcopy.go
+++ b/pkg/util/k8sutil/deepcopy.go
@@ -21,5 +21,5 @@
package k8sutil
type DeepCopy[T interface{}] interface {
- DeepCopy() T
+ DeepCopy() DeepCopy[T]
}
diff --git a/pkg/util/k8sutil/pods.go b/pkg/util/k8sutil/pods.go
index d49471479..90485e0df 100644
--- a/pkg/util/k8sutil/pods.go
+++ b/pkg/util/k8sutil/pods.go
@@ -36,6 +36,7 @@ import (
api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
"github.com/arangodb/kube-arangodb/pkg/apis/shared"
+ sharedApi "github.com/arangodb/kube-arangodb/pkg/apis/shared/v1"
"github.com/arangodb/kube-arangodb/pkg/deployment/features"
"github.com/arangodb/kube-arangodb/pkg/deployment/patch"
"github.com/arangodb/kube-arangodb/pkg/handlers/utils"
@@ -763,3 +764,41 @@ func GetFinalizers(spec api.ServerGroupSpec, group api.ServerGroup) []string {
return finalizers
}
+
+func InjectPodTemplate(spec *sharedApi.PodTemplate, pod *core.PodTemplateSpec) error {
+ if scheduling := spec.GetScheduling(); scheduling != nil {
+ pod.Spec.Tolerations = scheduling.GetTolerations().DeepCopy()
+ pod.Spec.Affinity = scheduling.GetAffinity().DeepCopy()
+ pod.Spec.NodeSelector = util.CopyFullMap(scheduling.GetNodeSelector())
+ pod.Spec.SchedulerName = spec.GetSchedulerName()
+ }
+
+ if namespace := spec.GetContainerNamespace(); namespace != nil {
+ pod.Spec.HostNetwork = namespace.GetHostNetwork()
+ pod.Spec.HostPID = namespace.GetHostPID()
+ pod.Spec.HostIPC = namespace.GetHostIPC()
+ pod.Spec.ShareProcessNamespace = util.NewType(util.TypeOrDefault(namespace.GetShareProcessNamespace(), false))
+ }
+
+ if security := spec.GetSecurityPod(); security != nil {
+ pod.Spec.SecurityContext = security.PodSecurityContext.DeepCopy()
+ }
+
+ return nil
+}
+
+func InjectContainerTemplate(spec *sharedApi.ContainerTemplate, pod *core.PodTemplateSpec, container *core.Container) error {
+ if err := InjectImageDetails(spec.GetImage(), pod, container); err != nil {
+ return err
+ }
+
+ if res := spec.GetResources(); res != nil {
+ container.Resources = util.TypeOrDefault(res.GetResources())
+ }
+
+ if security := spec.GetSecurityContainer(); security != nil {
+ container.SecurityContext = security.SecurityContext.DeepCopy()
+ }
+
+ return nil
+}