feat: add securityContext for exporter, initcontainers and sidecars (O…

…T-CONTAINER-KIT#987) * feat: add securityContext for exporter, initcontainers and sidecars Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com> * fix: add docs Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com> * fix: RedisExporterSecurityContext instead of SecurityContext Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com> * fix: code review Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com> * fix: refresh crds Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com> * fix: refresh crds Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com> --------- Signed-off-by: laurentiusoica <laurentiu.soica@spirent.com> Co-authored-by: laurentiusoica <laurentiu.soica@spirent.com> Signed-off-by: Matt Robinson <mattrobinsonsre@gmail.com>
mattrobinsonsre · Jul 11, 2024 · 0465cf2 · 0465cf2
1 parent aad2d83
commit 0465cf2
Show file tree

Hide file tree

Showing 18 changed files with 10,791 additions and 876 deletions.
diff --git a/api/common_types.go b/api/common_types.go
@@ -44,6 +44,7 @@ type RedisExporter struct {
 	Resources       *corev1.ResourceRequirements `json:"resources,omitempty"`
 	ImagePullPolicy corev1.PullPolicy            `json:"imagePullPolicy,omitempty"`
 	EnvVars         *[]corev1.EnvVar             `json:"env,omitempty"`
+	SecurityContext *corev1.SecurityContext      `json:"securityContext,omitempty"`
 }
 
 // RedisConfig defines the external configuration of Redis

diff --git a/api/v1beta2/common_types.go b/api/v1beta2/common_types.go
@@ -73,10 +73,11 @@ type ACLConfig struct {
 
 // Sidecar for each Redis pods
 type Sidecar struct {
-	common.Sidecar `json:",inline"`
-	Volumes        *[]corev1.VolumeMount   `json:"mountPath,omitempty"`
-	Command        []string                `json:"command,omitempty" protobuf:"bytes,3,rep,name=command"`
-	Ports          *[]corev1.ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
+	common.Sidecar  `json:",inline"`
+	Volumes         *[]corev1.VolumeMount   `json:"mountPath,omitempty"`
+	Command         []string                `json:"command,omitempty" protobuf:"bytes,3,rep,name=command"`
+	Ports           *[]corev1.ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
+	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
 }
 
 // InitContainer for each Redis pods
@@ -88,4 +89,5 @@ type InitContainer struct {
 	EnvVars         *[]corev1.EnvVar             `json:"env,omitempty"`
 	Command         []string                     `json:"command,omitempty"`
 	Args            []string                     `json:"args,omitempty"`
+	SecurityContext *corev1.SecurityContext      `json:"securityContext,omitempty"`
 }
diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go
diff --git a/api/zz_generated.deepcopy.go b/api/zz_generated.deepcopy.go
diff --git a/charts/redis-operator/crds/redis-cluster.yaml b/charts/redis-operator/crds/redis-cluster.yaml
diff --git a/charts/redis-operator/crds/redis-replication.yaml b/charts/redis-operator/crds/redis-replication.yaml
diff --git a/charts/redis-operator/crds/redis-sentinel.yaml b/charts/redis-operator/crds/redis-sentinel.yaml
diff --git a/charts/redis-operator/crds/redis.yaml b/charts/redis-operator/crds/redis.yaml
diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redis.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redis.yaml
diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redisclusters.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redisclusters.yaml
diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redisreplications.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redisreplications.yaml
diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml
diff --git a/docs/content/en/docs/CRD Reference/Redis API/_index.md b/docs/content/en/docs/CRD Reference/Redis API/_index.md
@@ -253,6 +253,7 @@ _Appears in:_
 | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ |  |
 | `imagePullPolicy` _[ImagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy)_ |  |
 | `env` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core)_ |  |
+| `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podsecuritycontext-v1-core)_ |  |
 
 #### RedisFollower
 
@@ -323,6 +324,7 @@ _Appears in:_
 | `imagePullPolicy` _[ImagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy)_ |  |
 | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ |  |
 | `env` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core)_ |  |
+| `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podsecuritycontext-v1-core)_ |  |
 
 #### Storage
 

diff --git a/k8sutils/redis-cluster.go b/k8sutils/redis-cluster.go
@@ -90,6 +90,7 @@ func generateRedisClusterInitContainerParams(cr *redisv1beta2.RedisCluster) init
 			AdditionalEnvVariable: initContainer.EnvVars,
 			Command:               initContainer.Command,
 			Arguments:             initContainer.Args,
+			SecurityContext:       initContainer.SecurityContext,
 		}
 
 		if cr.Spec.Storage != nil {
@@ -177,6 +178,7 @@ func generateRedisClusterContainerParams(cl kubernetes.Interface, logger logr.Lo
 	if cr.Spec.RedisExporter != nil {
 		containerProp.RedisExporterImage = cr.Spec.RedisExporter.Image
 		containerProp.RedisExporterImagePullPolicy = cr.Spec.RedisExporter.ImagePullPolicy
+		containerProp.RedisExporterSecurityContext = cr.Spec.RedisExporter.SecurityContext
 
 		if cr.Spec.RedisExporter.Resources != nil {
 			containerProp.RedisExporterResources = cr.Spec.RedisExporter.Resources

diff --git a/k8sutils/redis-replication.go b/k8sutils/redis-replication.go
@@ -145,6 +145,7 @@ func generateRedisReplicationContainerParams(cr *redisv1beta2.RedisReplication)
 	if cr.Spec.RedisExporter != nil {
 		containerProp.RedisExporterImage = cr.Spec.RedisExporter.Image
 		containerProp.RedisExporterImagePullPolicy = cr.Spec.RedisExporter.ImagePullPolicy
+		containerProp.RedisExporterSecurityContext = cr.Spec.RedisExporter.SecurityContext
 
 		if cr.Spec.RedisExporter.Resources != nil {
 			containerProp.RedisExporterResources = cr.Spec.RedisExporter.Resources
@@ -188,6 +189,7 @@ func generateRedisReplicationInitContainerParams(cr *redisv1beta2.RedisReplicati
 			AdditionalEnvVariable: initContainer.EnvVars,
 			Command:               initContainer.Command,
 			Arguments:             initContainer.Args,
+			SecurityContext:       initContainer.SecurityContext,
 		}
 
 		if cr.Spec.Storage != nil {

diff --git a/k8sutils/redis-sentinel.go b/k8sutils/redis-sentinel.go
@@ -132,6 +132,7 @@ func generateRedisSentinelInitContainerParams(cr *redisv1beta2.RedisSentinel) in
 			AdditionalEnvVariable: initContainer.EnvVars,
 			Command:               initContainer.Command,
 			Arguments:             initContainer.Args,
+			SecurityContext:       initContainer.SecurityContext,
 		}
 	}
 	return initcontainerProp
@@ -162,6 +163,7 @@ func generateRedisSentinelContainerParams(ctx context.Context, client kubernetes
 	if cr.Spec.RedisExporter != nil {
 		containerProp.RedisExporterImage = cr.Spec.RedisExporter.Image
 		containerProp.RedisExporterImagePullPolicy = cr.Spec.RedisExporter.ImagePullPolicy
+		containerProp.RedisExporterSecurityContext = cr.Spec.RedisExporter.SecurityContext
 
 		if cr.Spec.RedisExporter.Resources != nil {
 			containerProp.RedisExporterResources = cr.Spec.RedisExporter.Resources

diff --git a/k8sutils/redis-standalone.go b/k8sutils/redis-standalone.go
@@ -150,6 +150,7 @@ func generateRedisStandaloneContainerParams(cr *redisv1beta2.Redis) containerPar
 		if cr.Spec.RedisExporter.EnvVars != nil {
 			containerProp.RedisExporterEnv = cr.Spec.RedisExporter.EnvVars
 		}
+		containerProp.RedisExporterSecurityContext = cr.Spec.RedisExporter.SecurityContext
 	}
 	if cr.Spec.ReadinessProbe != nil {
 		containerProp.ReadinessProbe = cr.Spec.ReadinessProbe
@@ -186,6 +187,7 @@ func generateRedisStandaloneInitContainerParams(cr *redisv1beta2.Redis) initCont
 			AdditionalEnvVariable: initContainer.EnvVars,
 			Command:               initContainer.Command,
 			Arguments:             initContainer.Args,
+			SecurityContext:       initContainer.SecurityContext,
 		}
 
 		if cr.Spec.Storage != nil {

diff --git a/k8sutils/statefulset.go b/k8sutils/statefulset.go
@@ -118,6 +118,7 @@ type containerParameters struct {
 	RedisExporterResources       *corev1.ResourceRequirements
 	RedisExporterEnv             *[]corev1.EnvVar
 	RedisExporterPort            *int
+	RedisExporterSecurityContext *corev1.SecurityContext
 	Role                         string
 	EnabledPassword              *bool
 	SecretName                   *string
@@ -146,6 +147,7 @@ type initContainerParameters struct {
 	AdditionalEnvVariable *[]corev1.EnvVar
 	AdditionalVolume      []corev1.Volume
 	AdditionalMountPath   []corev1.VolumeMount
+	SecurityContext       *corev1.SecurityContext
 }
 
 // CreateOrUpdateStateFul method will create or update Redis service
@@ -438,6 +440,7 @@ func generateContainerDef(name string, containerParams containerParameters, clus
 			Name:            sidecar.Name,
 			Image:           sidecar.Image,
 			ImagePullPolicy: sidecar.ImagePullPolicy,
+			SecurityContext: sidecar.SecurityContext,
 		}
 		if sidecar.Command != nil {
 			container.Command = sidecar.Command
@@ -473,6 +476,7 @@ func generateInitContainerDef(name string, initcontainerParams initContainerPara
 			Command:         initcontainerParams.Command,
 			Args:            initcontainerParams.Arguments,
 			VolumeMounts:    getVolumeMount(name, initcontainerParams.PersistenceEnabled, false, false, nil, mountpath, nil, nil),
+			SecurityContext: initcontainerParams.SecurityContext,
 		},
 	}
 
@@ -540,6 +544,7 @@ func enableRedisMonitoring(params containerParameters) corev1.Container {
 				Protocol:      corev1.ProtocolTCP,
 			},
 		},
+		SecurityContext: params.RedisExporterSecurityContext,
 	}
 	if params.RedisExporterResources != nil {
 		exporterDefinition.Resources = *params.RedisExporterResources