Merge pull request #82 from caigy/issue-80
[ISSUE 80] Skipping generating data replication command when remote command returns error
diff --git a/pkg/apis/rocketmq/v1alpha1/broker_types.go b/pkg/apis/rocketmq/v1alpha1/broker_types.go
index 1e694ee..54636ae 100644
--- a/pkg/apis/rocketmq/v1alpha1/broker_types.go
+++ b/pkg/apis/rocketmq/v1alpha1/broker_types.go
@@ -56,6 +56,10 @@
VolumeClaimTemplates []corev1.PersistentVolumeClaim `json:"volumeClaimTemplates"`
// The name of pod where the metadata from
ScalePodName string `json:"scalePodName"`
+ // Pod Security Context
+ PodSecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+ // Container Security Context
+ ContainerSecurityContext *corev1.SecurityContext `json:"containerSecurityContext,omitempty"`
}
// BrokerStatus defines the observed state of Broker
diff --git a/pkg/apis/rocketmq/v1alpha1/nameservice_types.go b/pkg/apis/rocketmq/v1alpha1/nameservice_types.go
index b8900e9..82e71bc 100644
--- a/pkg/apis/rocketmq/v1alpha1/nameservice_types.go
+++ b/pkg/apis/rocketmq/v1alpha1/nameservice_types.go
@@ -49,6 +49,10 @@
HostPath string `json:"hostPath"`
// VolumeClaimTemplates defines the StorageClass
VolumeClaimTemplates []corev1.PersistentVolumeClaim `json:"volumeClaimTemplates"`
+ // Pod Security Context
+ PodSecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+ // Container Security Context
+ ContainerSecurityContext *corev1.SecurityContext `json:"containerSecurityContext,omitempty"`
}
// NameServiceStatus defines the observed state of NameService
diff --git a/pkg/controller/broker/broker_controller.go b/pkg/controller/broker/broker_controller.go
index 8bcc8db..6de86a3 100644
--- a/pkg/controller/broker/broker_controller.go
+++ b/pkg/controller/broker/broker_controller.go
@@ -416,8 +416,8 @@
Spec: corev1.PodSpec{
Containers: []corev1.Container{{
Resources: broker.Spec.Resources,
- Image: broker.Spec.BrokerImage,
- Name: cons.BrokerContainerName,
+ Image: broker.Spec.BrokerImage,
+ Name: cons.BrokerContainerName,
Lifecycle: &corev1.Lifecycle{
PostStart: &corev1.Handler{
Exec: &corev1.ExecAction{
@@ -425,8 +425,9 @@
},
},
},
+ SecurityContext: getContainerSecurityContext(broker),
ImagePullPolicy: broker.Spec.ImagePullPolicy,
- Env: getENV(broker, replicaIndex, brokerGroupIndex),
+ Env: getENV(broker, replicaIndex, brokerGroupIndex),
Ports: []corev1.ContainerPort{{
ContainerPort: cons.BrokerVipContainerPort,
Name: cons.BrokerVipContainerPortName,
@@ -451,7 +452,8 @@
SubPath: cons.BrokerConfigName,
}},
}},
- Volumes: getVolumes(broker),
+ Volumes: getVolumes(broker),
+ SecurityContext: getPodSecurityContext(broker),
},
},
VolumeClaimTemplates: getVolumeClaimTemplates(broker),
@@ -464,7 +466,7 @@
}
-func getENV(broker *rocketmqv1alpha1.Broker, replicaIndex int, brokerGroupIndex int) []corev1.EnvVar {
+func getENV(broker *rocketmqv1alpha1.Broker, replicaIndex int, brokerGroupIndex int) []corev1.EnvVar {
envs := []corev1.EnvVar{{
Name: cons.EnvNameServiceAddress,
Value: share.NameServersStr,
@@ -493,6 +495,22 @@
}
}
+func getPodSecurityContext(broker *rocketmqv1alpha1.Broker) *corev1.PodSecurityContext {
+ var securityContext = corev1.PodSecurityContext{}
+ if broker.Spec.PodSecurityContext != nil {
+ securityContext = *broker.Spec.PodSecurityContext
+ }
+ return &securityContext
+}
+
+func getContainerSecurityContext(broker *rocketmqv1alpha1.Broker) *corev1.SecurityContext {
+ var securityContext = corev1.SecurityContext{}
+ if broker.Spec.ContainerSecurityContext != nil {
+ securityContext = *broker.Spec.ContainerSecurityContext
+ }
+ return &securityContext
+}
+
func getVolumes(broker *rocketmqv1alpha1.Broker) []corev1.Volume {
switch broker.Spec.StorageMode {
case cons.StorageModeStorageClass:
diff --git a/pkg/controller/nameservice/nameservice_controller.go b/pkg/controller/nameservice/nameservice_controller.go
index 410515f..573df0f 100644
--- a/pkg/controller/nameservice/nameservice_controller.go
+++ b/pkg/controller/nameservice/nameservice_controller.go
@@ -23,6 +23,7 @@
"os/exec"
"reflect"
"strconv"
+ "strings"
"time"
rocketmqv1alpha1 "github.com/apache/rocketmq-operator/pkg/apis/rocketmq/v1alpha1"
@@ -282,7 +283,10 @@
func getNameServers(pods []corev1.Pod) []string {
var nameServers []string
for _, pod := range pods {
- nameServers = append(nameServers, pod.Status.PodIP)
+ if pod.Status.Phase == corev1.PodRunning &&
+ !strings.EqualFold(pod.Status.PodIP, "") {
+ nameServers = append(nameServers, pod.Status.PodIP)
+ }
}
return nameServers
}
@@ -297,6 +301,22 @@
return num
}
+func getPodSecurityContext(nameService *rocketmqv1alpha1.NameService) *corev1.PodSecurityContext {
+ var securityContext = corev1.PodSecurityContext{}
+ if nameService.Spec.PodSecurityContext != nil {
+ securityContext = *nameService.Spec.PodSecurityContext
+ }
+ return &securityContext
+}
+
+func getContainerSecurityContext(nameService *rocketmqv1alpha1.NameService) *corev1.SecurityContext {
+ var securityContext = corev1.SecurityContext{}
+ if nameService.Spec.ContainerSecurityContext != nil {
+ securityContext = *nameService.Spec.ContainerSecurityContext
+ }
+ return &securityContext
+}
+
func labelsForNameService(name string) map[string]string {
return map[string]string{"app": "name_service", "name_service_cr": name}
}
@@ -319,10 +339,10 @@
},
Spec: corev1.PodSpec{
HostNetwork: nameService.Spec.HostNetwork,
- DNSPolicy: nameService.Spec.DNSPolicy,
+ DNSPolicy: nameService.Spec.DNSPolicy,
Containers: []corev1.Container{{
Resources: nameService.Spec.Resources,
- Image: nameService.Spec.NameServiceImage,
+ Image: nameService.Spec.NameServiceImage,
// Name must be lower case !
Name: "name-service",
ImagePullPolicy: nameService.Spec.ImagePullPolicy,
@@ -335,8 +355,10 @@
Name: nameService.Spec.VolumeClaimTemplates[0].Name,
SubPath: cons.LogSubPathName,
}},
+ SecurityContext: getContainerSecurityContext(nameService),
}},
- Volumes: getVolumes(nameService),
+ Volumes: getVolumes(nameService),
+ SecurityContext: getPodSecurityContext(nameService),
},
},
VolumeClaimTemplates: getVolumeClaimTemplates(nameService),
