Add only non-null default pool Security Context values

[allanrogerr]

Issue

From [cniackz],
Issue comes from file github.com/minio/operator/pkg/resources/statefulsets/minio-statefulset.go:424 because we cannot longer support securityContext: {} in our Tenant Specification under pools option as before. I think we are trying to get some values from an empty context:

	// Default to Pod values
	if pool.SecurityContext != nil {
		runAsNonRoot = *pool.SecurityContext.RunAsNonRoot
		runAsUser = *pool.SecurityContext.RunAsUser
		runAsGroup = *pool.SecurityContext.RunAsGroup
	}

PR was: #1372

We should fix above issue/panic and still support securityContext: {} under pools in Tenant Specification.

Reproduce

1. Deploy and maintain a kind cluster with tenant-lite. e.g. with testing/deploy-tenant.sh in the operator repo.
   Ensure that the destroy_kind command is commented out.

2. Once the tenant pods are online, edit the tenant ensuring the following is under .spec.pools, with k -n tenant-lite edit tenants.minio.min.io:

    securityContext:
      #runAsUser: 1000
      #runAsGroup: 1000
      #runAsNonRoot: true
      fsGroup: 1000
    containerSecurityContext:
      runAsUser: 1000       
      runAsGroup: 1000
      runAsNonRoot: true

3. Restart the tenant pods, and observe them in a non ready state

k -n tenant-lite delete pod/storage-lite-pool-0-0
k -n tenant-lite delete pod/storage-lite-pool-0-1
k -n tenant-lite delete pod/storage-lite-pool-0-2
k -n tenant-lite delete pod/storage-lite-pool-0-3

k -n tenant-lite get pods | grep "pool-0"

4. Add Security Context to tenant

k -n tenant-lite edit tenants.minio.min.io  

    securityContext:
      runAsUser: 1000
      runAsGroup: 1000
      runAsNonRoot: true
      fsGroup: 1000

5. Restart the tenant pods, and observe them in a ready state

k -n tenant-lite delete pod/storage-lite-pool-0-0
k -n tenant-lite delete pod/storage-lite-pool-0-1
k -n tenant-lite delete pod/storage-lite-pool-0-2
k -n tenant-lite delete pod/storage-lite-pool-0-3

k -n tenant-lite get pods | grep "pool-0"

Fix

1. Modify pkg/resources/statefulsets/minio-statefulset.go addingin only non-null fields to avoid the NPE.

        // Default to Pod values
	if pool.SecurityContext != nil {
		if pool.SecurityContext.RunAsNonRoot != nil {
			runAsNonRoot = *pool.SecurityContext.RunAsNonRoot
		}
		if pool.SecurityContext.RunAsUser != nil {
			runAsUser = *pool.SecurityContext.RunAsUser
		}
		if pool.SecurityContext.RunAsGroup != nil {
			runAsGroup = *pool.SecurityContext.RunAsGroup
		}
	}

Test

1. Clone https://github.com/allanrogerr/operator/tree/fix-security-context-npe
   Deploy and maintain a kind cluster with tenant-lite. e.g. with testing/deploy-tenant.sh in the operator repo.
   Ensure that the destroy_kind command is commented out.

2. Once the tenant pods are online, edit the tenant ensuring the following is under .spec.pools, with k -n tenant-lite edit tenants.minio.min.io:

    securityContext:
      #runAsUser: 1000
      #runAsGroup: 1000
      #runAsNonRoot: true
      fsGroup: 1000
    containerSecurityContext:
      runAsUser: 1000       
      runAsGroup: 1000
      runAsNonRoot: true

3. Restart the tenant pods, and observe them in a ready state

k -n tenant-lite delete pod/storage-lite-pool-0-0
k -n tenant-lite delete pod/storage-lite-pool-0-1
k -n tenant-lite delete pod/storage-lite-pool-0-2
k -n tenant-lite delete pod/storage-lite-pool-0-3

k -n tenant-lite get pods | grep "pool-0"

[cniackz]

LGTM

[pjuarezd]

🚢 it!