From 38911867b328a557a9b01697e948e5d12c6b456d Mon Sep 17 00:00:00 2001 From: Rafal Korepta Date: Mon, 2 Jan 2023 15:22:27 +0100 Subject: [PATCH] k8s: Move ordinal extraction to seperated function (cherry picked from commit 29d348a71460510740e04ec43cdfaca256a8cc23) --- src/go/k8s/README.md | 2 +- .../redpanda/cluster_controller.go | 22 ++++++++++++++----- src/go/k8s/pkg/resources/statefulset.go | 4 ++++ .../e2e/superusers-prefix/01-assert.yaml | 2 +- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/src/go/k8s/README.md b/src/go/k8s/README.md index 5cf39eec5e625..28ea09b0a80d4 100644 --- a/src/go/k8s/README.md +++ b/src/go/k8s/README.md @@ -11,7 +11,7 @@ Use all your favorite open source tooling - 10x faster. ## Getting started Official Kubernetes quick start documentation can be found at -[https://vectorized.io/docs/](https://vectorized.io/docs/quick-start-kubernetes) +[https://docs.redpanda.com/docs/](https://docs.redpanda.com/docs/platform/quickstart/kubernetes-qs-dev/) ### Requirements diff --git a/src/go/k8s/controllers/redpanda/cluster_controller.go b/src/go/k8s/controllers/redpanda/cluster_controller.go index 87eae45c0c9c4..3a66f3fcfc55b 100644 --- a/src/go/k8s/controllers/redpanda/cluster_controller.go +++ b/src/go/k8s/controllers/redpanda/cluster_controller.go @@ -441,7 +441,7 @@ func (r *ClusterReconciler) handlePodFinalizer( // if it's not gone if broker != nil { // decommission it - log.WithValues(nodeID).Info("decommissioning broker") + log.WithValues("node-id", nodeID).Info("decommissioning broker") if err = adminClient.DecommissionBroker(ctx, nodeID); err != nil { return fmt.Errorf(`unable to decommission node "%d": %w`, nodeID, err) } @@ -470,7 +470,7 @@ func (r *ClusterReconciler) handlePodFinalizer( } continue } - log.WithValues(key).Info("deleting PersistentVolumeClaim") + log.WithValues("persistent-volume-claim", key).Info("deleting PersistentVolumeClaim") if err := r.Delete(ctx, &pvc, &client.DeleteOptions{}); err != nil && !apierrors.IsNotFound(err) { return fmt.Errorf(`unable to delete PersistentVolumeClaim "%s/%s": %w`, key.Name, key.Namespace, err) } @@ -488,7 +488,7 @@ func (r *ClusterReconciler) removePodFinalizer( ctx context.Context, pod *corev1.Pod, log logr.Logger, ) error { if controllerutil.ContainsFinalizer(pod, FinalizerKey) { - log.V(7).WithValues(pod.Namespace, pod.Name).Info("removing finalizer") + log.V(7).WithValues("namespace", pod.Namespace, "name", pod.Name).Info("removing finalizer") controllerutil.RemoveFinalizer(pod, FinalizerKey) if err := r.Update(ctx, pod); err != nil { return err @@ -501,7 +501,7 @@ func (r *ClusterReconciler) setPodFinalizer( ctx context.Context, pod *corev1.Pod, log logr.Logger, ) error { if !controllerutil.ContainsFinalizer(pod, FinalizerKey) { - log.V(7).WithValues(pod.Namespace, pod.Name).Info("adding finalizer") + log.V(7).WithValues("namespace", pod.Namespace, "name", pod.Name).Info("adding finalizer") controllerutil.AddFinalizer(pod, FinalizerKey) if err := r.Update(ctx, pod); err != nil { return err @@ -530,7 +530,7 @@ func (r *ClusterReconciler) setPodNodeIDAnnotation( if err != nil { return fmt.Errorf("cannot fetch node id for node-id annotation: %w", err) } - log.WithValues(pod.Name, nodeID).Info("setting node-id annotation") + log.WithValues("pod-name", pod.Name, "node-id", nodeID).Info("setting node-id annotation") pod.Annotations[PodAnnotationNodeIDKey] = fmt.Sprintf("%d", nodeID) if err := r.Update(ctx, pod, &client.UpdateOptions{}); err != nil { return fmt.Errorf(`unable to update pod "%s" with node-id annotation: %w`, pod.Name, err) @@ -551,7 +551,7 @@ func (r *ClusterReconciler) fetchAdminNodeID(ctx context.Context, rp *redpandav1 return -1, fmt.Errorf("creating pki: %w", err) } - ordinal, err := strconv.ParseInt(pod.Name[len(rp.Name)+1:], 10, 0) + ordinal, err := strconv.ParseInt(getPodOrdinal(pod.Name, rp.Name), 10, 0) if err != nil { return -1, fmt.Errorf("cluster %s: cannot convert pod name (%s) to ordinal: %w", rp.Name, pod.Name, err) } @@ -567,6 +567,16 @@ func (r *ClusterReconciler) fetchAdminNodeID(ctx context.Context, rp *redpandav1 return int32(cfg.NodeID), nil } +func getPodOrdinal(podName string, clusterName string) string { + // Pod name needs to have at least 2 more characters + if len(podName) < len(clusterName)+2 { + return "" + } + + // The +1 is for the separator between stateful set name and pod ordinal + return podName[len(clusterName)+1:] +} + func (r *ClusterReconciler) reportStatus( ctx context.Context, redpandaCluster *redpandav1alpha1.Cluster, diff --git a/src/go/k8s/pkg/resources/statefulset.go b/src/go/k8s/pkg/resources/statefulset.go index d4b3c7978224c..26d1e820a1af0 100644 --- a/src/go/k8s/pkg/resources/statefulset.go +++ b/src/go/k8s/pkg/resources/statefulset.go @@ -506,6 +506,10 @@ func (r *StatefulSetResource) obj( ContainerPort: int32(r.pandaCluster.Spec.Configuration.RPCServer.Port), }, }, r.getPorts()...), + SecurityContext: &corev1.SecurityContext{ + RunAsUser: pointer.Int64Ptr(userID), + RunAsGroup: pointer.Int64Ptr(groupID), + }, Resources: corev1.ResourceRequirements{ Limits: r.pandaCluster.Spec.Resources.Limits, Requests: r.pandaCluster.Spec.Resources.Requests, diff --git a/src/go/k8s/tests/e2e/superusers-prefix/01-assert.yaml b/src/go/k8s/tests/e2e/superusers-prefix/01-assert.yaml index 5422abe92b739..d66a2d7f8b782 100644 --- a/src/go/k8s/tests/e2e/superusers-prefix/01-assert.yaml +++ b/src/go/k8s/tests/e2e/superusers-prefix/01-assert.yaml @@ -42,4 +42,4 @@ collectors: - type: command command: kubectl get secret -n superusers-prefix -o jsonpath='{.data.username}' cluster-schema-registry-sasl - type: command - command: kubectl get secret -n superusers-prefix -o jsonpath='{.data.username}' cluster-asl + command: kubectl get secret -n superusers-prefix -o jsonpath='{.data.username}' cluster-sasl