diff --git a/docs/api/ArangoMLExtension.V1Alpha1.md b/docs/api/ArangoMLExtension.V1Alpha1.md
index 3333f3c4b..a4bcae64a 100644
--- a/docs/api/ArangoMLExtension.V1Alpha1.md
+++ b/docs/api/ArangoMLExtension.V1Alpha1.md
@@ -2,6 +2,70 @@
## Spec
+### .spec.deployment.affinity
+
+Type: `core.Affinity` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/scheduling.go#L37)
+
+Affinity defines scheduling constraints for workload
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
+
+***
+
+### .spec.deployment.hostIPC
+
+Type: `boolean` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/container_namespace.go#L33)
+
+HostIPC defines to use the host's ipc namespace.
+
+Default Value: `false`
+
+***
+
+### .spec.deployment.hostNetwork
+
+Type: `boolean` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/container_namespace.go#L27)
+
+HostNetwork requests Host network for this pod. Use the host's network namespace.
+If this option is set, the ports that will be used must be specified.
+
+Default Value: `false`
+
+***
+
+### .spec.deployment.hostPID
+
+Type: `boolean` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/container_namespace.go#L30)
+
+HostPID define to use the host's pid namespace.
+
+Default Value: `false`
+
+***
+
+### .spec.deployment.nodeSelector
+
+Type: `object` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/scheduling.go#L32)
+
+NodeSelector is a selector that must be true for the workload to fit on a node.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
+
+***
+
+### .spec.deployment.podSecurityContext
+
+Type: `core.PodSecurityContext` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/security_pod.go#L29)
+
+PodSecurityContext holds pod-level security attributes and common container settings.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+
+***
+
### .spec.deployment.prediction.image
Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/image.go#L31)
@@ -47,6 +111,17 @@ Links:
***
+### .spec.deployment.prediction.securityContext
+
+Type: `core.SecurityContext` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/security_container.go#L29)
+
+PodSecurityContext holds pod-level security attributes and common container settings.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+
+***
+
### .spec.deployment.project.image
Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/image.go#L31)
@@ -92,9 +167,20 @@ Links:
***
+### .spec.deployment.project.securityContext
+
+Type: `core.SecurityContext` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/security_container.go#L29)
+
+PodSecurityContext holds pod-level security attributes and common container settings.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+
+***
+
### .spec.deployment.replicas
-Type: `integer` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/ml/v1alpha1/extension_spec_deployment.go#L32)
+Type: `integer` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/ml/v1alpha1/extension_spec_deployment.go#L33)
Replicas defines the number of replicas running specified components. No replicas created if no components are defined.
@@ -102,6 +188,17 @@ Default Value: `1`
***
+### .spec.deployment.schedulerName
+
+Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/scheduling.go#L47)
+
+SchedulerName specifies, the pod will be dispatched by specified scheduler.
+If not specified, the pod will be dispatched by default scheduler.
+
+Default Value: `""`
+
+***
+
### .spec.deployment.service.type
Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/ml/v1alpha1/extension_spec_deployment_service.go#L37)
@@ -119,6 +216,30 @@ Possible Values:
***
+### .spec.deployment.shareProcessNamespace
+
+Type: `boolean` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/container_namespace.go#L39)
+
+ShareProcessNamespace defines to share a single process namespace between all of the containers in a pod.
+When this is set containers will be able to view and signal processes from other containers
+in the same pod, and the first process in each container will not be assigned PID 1.
+HostPID and ShareProcessNamespace cannot both be set.
+
+Default Value: `false`
+
+***
+
+### .spec.deployment.tolerations
+
+Type: `[]core.Toleration` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/scheduling.go#L42)
+
+Tolerations defines tolerations
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
+
+***
+
### .spec.deployment.training.image
Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/image.go#L31)
@@ -164,6 +285,17 @@ Links:
***
+### .spec.deployment.training.securityContext
+
+Type: `core.SecurityContext` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/security_container.go#L29)
+
+PodSecurityContext holds pod-level security attributes and common container settings.
+
+Links:
+* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+
+***
+
### .spec.image
Type: `string` [\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.35/pkg/apis/shared/v1/image.go#L31)
diff --git a/pkg/apis/ml/v1alpha1/extension_spec_deployment.go b/pkg/apis/ml/v1alpha1/extension_spec_deployment.go
index 076c23ee8..19f123440 100644
--- a/pkg/apis/ml/v1alpha1/extension_spec_deployment.go
+++ b/pkg/apis/ml/v1alpha1/extension_spec_deployment.go
@@ -22,6 +22,7 @@ package v1alpha1
import (
"github.com/arangodb/kube-arangodb/pkg/apis/shared"
+ sharedApi "github.com/arangodb/kube-arangodb/pkg/apis/shared/v1"
"github.com/arangodb/kube-arangodb/pkg/util"
"github.com/arangodb/kube-arangodb/pkg/util/errors"
)
@@ -34,6 +35,9 @@ type ArangoMLExtensionSpecDeployment struct {
// Service defines how components will be exposed
Service *ArangoMLExtensionSpecDeploymentService `json:"service,omitempty"`
+ // PodTemplate defines base template for pods
+ *sharedApi.PodTemplate
+
// Prediction defines how Prediction workload will be deployed
Prediction *ArangoMLExtensionSpecDeploymentComponent `json:"prediction,omitempty"`
// Training defines how Training workload will be deployed
@@ -49,6 +53,14 @@ func (s *ArangoMLExtensionSpecDeployment) GetReplicas() int32 {
return *s.Replicas
}
+func (s *ArangoMLExtensionSpecDeployment) GetPodTemplate() *sharedApi.PodTemplate {
+ if s == nil || s.PodTemplate == nil {
+ return nil
+ }
+
+ return s.PodTemplate
+}
+
func (s *ArangoMLExtensionSpecDeployment) GetPrediction() *ArangoMLExtensionSpecDeploymentComponent {
if s == nil {
return nil
@@ -108,6 +120,7 @@ func (s *ArangoMLExtensionSpecDeployment) Validate() error {
errs := []error{
shared.PrefixResourceErrors("service", shared.ValidateOptional(s.GetService(), func(s ArangoMLExtensionSpecDeploymentService) error { return s.Validate() })),
+ s.GetPodTemplate().Validate(),
}
if s.GetReplicas() < 0 || s.GetReplicas() > 10 {
diff --git a/pkg/apis/ml/v1alpha1/extension_spec_deployment_component.go b/pkg/apis/ml/v1alpha1/extension_spec_deployment_component.go
index 94dca8118..f919cf34f 100644
--- a/pkg/apis/ml/v1alpha1/extension_spec_deployment_component.go
+++ b/pkg/apis/ml/v1alpha1/extension_spec_deployment_component.go
@@ -30,12 +30,8 @@ type ArangoMLExtensionSpecDeploymentComponent struct {
// Port defines on which port the container will be listening for connections
Port *int32 `json:"port,omitempty"`
- // Image defines image used for the component
- *sharedApi.Image `json:",inline"`
-
- // Resources holds resource requests & limits for container
- // If not specified, default values will be used
- *sharedApi.Resources `json:",inline"`
+ // ContainerTemplate Keeps the information about Container configuration
+ *sharedApi.ContainerTemplate `json:",inline"`
}
func (s *ArangoMLExtensionSpecDeploymentComponent) GetPort() int32 {
@@ -45,20 +41,12 @@ func (s *ArangoMLExtensionSpecDeploymentComponent) GetPort() int32 {
return *s.Port
}
-func (s *ArangoMLExtensionSpecDeploymentComponent) GetImage() *sharedApi.Image {
- if s == nil || s.Image == nil {
- return nil
- }
-
- return s.Image
-}
-
-func (s *ArangoMLExtensionSpecDeploymentComponent) GetResources() *sharedApi.Resources {
- if s == nil || s.Resources == nil {
+func (s *ArangoMLExtensionSpecDeploymentComponent) GetContainerTemplate() *sharedApi.ContainerTemplate {
+ if s == nil || s.ContainerTemplate == nil {
return nil
}
- return s.Resources
+ return s.ContainerTemplate
}
func (s *ArangoMLExtensionSpecDeploymentComponent) Validate() error {
@@ -73,8 +61,7 @@ func (s *ArangoMLExtensionSpecDeploymentComponent) Validate() error {
}
err = append(err,
- shared.PrefixResourceErrors("resources", s.GetResources().Validate()),
- shared.PrefixResourceErrors("image", shared.ValidateRequired(s.GetImage(), func(obj sharedApi.Image) error { return obj.Validate() })),
+ s.GetContainerTemplate().Validate(),
)
return shared.WithErrors(err...)
diff --git a/pkg/apis/ml/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/ml/v1alpha1/zz_generated.deepcopy.go
index 1b7b81efd..611ee48cb 100644
--- a/pkg/apis/ml/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/ml/v1alpha1/zz_generated.deepcopy.go
@@ -363,6 +363,11 @@ func (in *ArangoMLExtensionSpecDeployment) DeepCopyInto(out *ArangoMLExtensionSp
*out = new(ArangoMLExtensionSpecDeploymentService)
(*in).DeepCopyInto(*out)
}
+ if in.PodTemplate != nil {
+ in, out := &in.PodTemplate, &out.PodTemplate
+ *out = new(sharedv1.PodTemplate)
+ (*in).DeepCopyInto(*out)
+ }
if in.Prediction != nil {
in, out := &in.Prediction, &out.Prediction
*out = new(ArangoMLExtensionSpecDeploymentComponent)
@@ -399,14 +404,9 @@ func (in *ArangoMLExtensionSpecDeploymentComponent) DeepCopyInto(out *ArangoMLEx
*out = new(int32)
**out = **in
}
- if in.Image != nil {
- in, out := &in.Image, &out.Image
- *out = new(sharedv1.Image)
- (*in).DeepCopyInto(*out)
- }
- if in.Resources != nil {
- in, out := &in.Resources, &out.Resources
- *out = new(sharedv1.Resources)
+ if in.ContainerTemplate != nil {
+ in, out := &in.ContainerTemplate, &out.ContainerTemplate
+ *out = new(sharedv1.ContainerTemplate)
(*in).DeepCopyInto(*out)
}
return
diff --git a/pkg/crd/crds/ml-extension.schema.generated.yaml b/pkg/crd/crds/ml-extension.schema.generated.yaml
index 772cc7d2c..61455a16c 100644
--- a/pkg/crd/crds/ml-extension.schema.generated.yaml
+++ b/pkg/crd/crds/ml-extension.schema.generated.yaml
@@ -6,6 +6,382 @@ v1alpha1:
deployment:
description: Deployment specifies how the ML extension will be deployed into cluster
properties:
+ affinity:
+ description: Affinity defines scheduling constraints for workload
+ properties:
+ nodeAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ preference:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ weight:
+ format: int32
+ type: integer
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ properties:
+ nodeSelectorTerms:
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ type: array
+ type: object
+ type: object
+ podAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ type: object
+ weight:
+ format: int32
+ type: integer
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ type: object
+ weight:
+ format: int32
+ type: integer
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ hostIPC:
+ description: HostIPC defines to use the host's ipc namespace.
+ type: boolean
+ hostNetwork:
+ description: |-
+ HostNetwork requests Host network for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ type: boolean
+ hostPID:
+ description: HostPID define to use the host's pid namespace.
+ type: boolean
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector is a selector that must be true for the workload to fit on a node.
+ type: object
+ podSecurityContext:
+ description: PodSecurityContext holds pod-level security attributes and common container settings.
+ properties:
+ fsGroup:
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ type: string
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ type: object
+ supplementalGroups:
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
prediction:
description: Prediction defines how Prediction workload will be deployed
properties:
@@ -36,6 +412,66 @@ v1alpha1:
type: string
type: object
type: object
+ securityContext:
+ description: PodSecurityContext holds pod-level security attributes and common container settings.
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
type: object
project:
description: Project defines how Project workload will be deployed
@@ -67,11 +503,76 @@ v1alpha1:
type: string
type: object
type: object
+ securityContext:
+ description: PodSecurityContext holds pod-level security attributes and common container settings.
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
type: object
replicas:
description: Replicas defines the number of replicas running specified components. No replicas created if no components are defined.
format: int32
type: integer
+ schedulerName:
+ description: |-
+ SchedulerName specifies, the pod will be dispatched by specified scheduler.
+ If not specified, the pod will be dispatched by default scheduler.
+ type: string
service:
description: Service defines how components will be exposed
properties:
@@ -84,6 +585,30 @@ v1alpha1:
- ExternalName
type: string
type: object
+ shareProcessNamespace:
+ description: |-
+ ShareProcessNamespace defines to share a single process namespace between all of the containers in a pod.
+ When this is set containers will be able to view and signal processes from other containers
+ in the same pod, and the first process in each container will not be assigned PID 1.
+ HostPID and ShareProcessNamespace cannot both be set.
+ type: boolean
+ tolerations:
+ description: Tolerations defines tolerations
+ items:
+ properties:
+ effect:
+ type: string
+ key:
+ type: string
+ operator:
+ type: string
+ tolerationSeconds:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: array
training:
description: Training defines how Training workload will be deployed
properties:
@@ -114,6 +639,66 @@ v1alpha1:
type: string
type: object
type: object
+ securityContext:
+ description: PodSecurityContext holds pod-level security attributes and common container settings.
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
type: object
type: object
image:
diff --git a/pkg/util/k8sutil/pods.go b/pkg/util/k8sutil/pods.go
index 90485e0df..601178864 100644
--- a/pkg/util/k8sutil/pods.go
+++ b/pkg/util/k8sutil/pods.go
@@ -802,3 +802,34 @@ func InjectContainerTemplate(spec *sharedApi.ContainerTemplate, pod *core.PodTem
return nil
}
+
+func CreateDefaultContainerTemplate(image *sharedApi.Image) *sharedApi.ContainerTemplate {
+ return &sharedApi.ContainerTemplate{
+ Image: image.DeepCopy(),
+ Resources: &sharedApi.Resources{
+ Resources: &core.ResourceRequirements{
+ Requests: core.ResourceList{
+ core.ResourceCPU: resource.MustParse("100m"),
+ core.ResourceMemory: resource.MustParse("128Mi"),
+ },
+ Limits: core.ResourceList{
+ core.ResourceCPU: resource.MustParse("200m"),
+ core.ResourceMemory: resource.MustParse("256Mi"),
+ },
+ },
+ },
+ SecurityContainer: &sharedApi.SecurityContainer{
+ SecurityContext: &core.SecurityContext{
+ RunAsUser: util.NewType[int64](shared.DefaultRunAsUser),
+ RunAsGroup: util.NewType[int64](shared.DefaultRunAsGroup),
+ RunAsNonRoot: util.NewType(true),
+ ReadOnlyRootFilesystem: util.NewType(true),
+ Capabilities: &core.Capabilities{
+ Drop: []core.Capability{
+ "ALL",
+ },
+ },
+ },
+ },
+ }
+}
diff --git a/pkg/util/k8sutil/security_context.go b/pkg/util/k8sutil/security_context.go
index 0f68479b0..84dd58ba2 100644
--- a/pkg/util/k8sutil/security_context.go
+++ b/pkg/util/k8sutil/security_context.go
@@ -24,9 +24,7 @@ import (
core "k8s.io/api/core/v1"
api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
- "github.com/arangodb/kube-arangodb/pkg/apis/shared"
"github.com/arangodb/kube-arangodb/pkg/deployment/features"
- "github.com/arangodb/kube-arangodb/pkg/util"
)
// CreateSecurityContext returns security context.
@@ -39,29 +37,3 @@ func CreateSecurityContext(spec *api.ServerGroupSpecSecurityContext) *core.Secur
func CreatePodSecurityContext(spec *api.ServerGroupSpecSecurityContext) *core.PodSecurityContext {
return spec.NewPodSecurityContext(features.SecuredContainers().Enabled())
}
-
-func CreateSecurePodSecurityContext() *core.PodSecurityContext {
- psc := &core.PodSecurityContext{
- RunAsUser: util.NewType[int64](shared.DefaultRunAsUser),
- RunAsGroup: util.NewType[int64](shared.DefaultRunAsGroup),
- RunAsNonRoot: util.NewType(true),
- FSGroup: util.NewType[int64](shared.DefaultFSGroup),
- }
-
- return psc
-}
-
-func CreateDefaultSecurityContext() *core.SecurityContext {
- r := &core.SecurityContext{
- RunAsUser: util.NewType[int64](shared.DefaultRunAsUser),
- RunAsGroup: util.NewType[int64](shared.DefaultRunAsGroup),
- RunAsNonRoot: util.NewType(true),
- ReadOnlyRootFilesystem: util.NewType(true),
- Capabilities: &core.Capabilities{
- Drop: []core.Capability{
- "ALL",
- },
- },
- }
- return r
-}