From 7ae7c0afdb75ffaf62a73e90c1eaa9658a7b8647 Mon Sep 17 00:00:00 2001 From: Robbie Blaine Date: Mon, 2 Jul 2018 15:00:47 +0200 Subject: [PATCH 1/4] Add PersistentVolumeClaimSpec to DeployEtcdCluster --- pkg/apis/vault/v1alpha1/types.go | 3 ++ pkg/util/k8sutil/vault.go | 93 +++++++++++++++++++++++--------- 2 files changed, 72 insertions(+), 24 deletions(-) diff --git a/pkg/apis/vault/v1alpha1/types.go b/pkg/apis/vault/v1alpha1/types.go index 87128b7..c48bda5 100644 --- a/pkg/apis/vault/v1alpha1/types.go +++ b/pkg/apis/vault/v1alpha1/types.go @@ -73,6 +73,9 @@ type VaultServiceSpec struct { // TLS policy of vault nodes TLS *TLSPolicy `json:"TLS,omitempty"` + + // ETCD PVC + ETCDPVC string `json:"etcdPVC,omitempty"` } // PodPolicy defines the policy for pods owned by vault operator. diff --git a/pkg/util/k8sutil/vault.go b/pkg/util/k8sutil/vault.go index 44c6cb8..344fd7c 100644 --- a/pkg/util/k8sutil/vault.go +++ b/pkg/util/k8sutil/vault.go @@ -33,6 +33,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes" + "k8s.io/apimachinery/pkg/api/resource" ) var ( @@ -75,34 +76,78 @@ func EtcdPeerTLSSecretName(vaultName string) string { // waits for all of its members to be ready. func DeployEtcdCluster(etcdCRCli etcdCRClient.Interface, v *api.VaultService) error { size := 3 - etcdCluster := &etcdCRAPI.EtcdCluster{ - TypeMeta: metav1.TypeMeta{ - Kind: etcdCRAPI.EtcdClusterResourceKind, - APIVersion: etcdCRAPI.SchemeGroupVersion.String(), - }, - ObjectMeta: metav1.ObjectMeta{ - Name: EtcdNameForVault(v.Name), - Namespace: v.Namespace, - Labels: LabelsForVault(v.Name), - }, - Spec: etcdCRAPI.ClusterSpec{ - Size: size, - TLS: &etcdCRAPI.TLSPolicy{ - Static: &etcdCRAPI.StaticTLS{ - Member: &etcdCRAPI.MemberSecret{ - PeerSecret: EtcdPeerTLSSecretName(v.Name), - ServerSecret: EtcdServerTLSSecretName(v.Name), + pvcSize := v.Spec.ETCDPVC + etcdCluster := &etcdCRAPI.EtcdCluster{} + + if len(pvcSize) > 0 { // If length of pvc size is > 0, deploy ETCD Cluster with PVCs + etcdCluster = &etcdCRAPI.EtcdCluster{ + TypeMeta: metav1.TypeMeta{ + Kind: etcdCRAPI.EtcdClusterResourceKind, + APIVersion: etcdCRAPI.SchemeGroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: EtcdNameForVault(v.Name), + Namespace: v.Namespace, + Labels: LabelsForVault(v.Name), + }, + Spec: etcdCRAPI.ClusterSpec{ + Size: size, + TLS: &etcdCRAPI.TLSPolicy{ + Static: &etcdCRAPI.StaticTLS{ + Member: &etcdCRAPI.MemberSecret{ + PeerSecret: EtcdPeerTLSSecretName(v.Name), + ServerSecret: EtcdServerTLSSecretName(v.Name), + }, + OperatorSecret: EtcdClientTLSSecretName(v.Name), + }, + }, + Pod: &etcdCRAPI.PodPolicy{ + EtcdEnv: []v1.EnvVar{{ + Name: "ETCD_AUTO_COMPACTION_RETENTION", + Value: "1", + }}, + PersistentVolumeClaimSpec: &v1.PersistentVolumeClaimSpec{ + AccessModes: []v1.PersistentVolumeAccessMode{"ReadWriteOnce"}, + Resources: struct { + Limits v1.ResourceList + Requests v1.ResourceList + }{Limits: nil, Requests: map[v1.ResourceName]resource.Quantity{ + "storage": {nil, nil, pvcSize, resource.DecimalSI,}, + }}, }, - OperatorSecret: EtcdClientTLSSecretName(v.Name), }, }, - Pod: &etcdCRAPI.PodPolicy{ - EtcdEnv: []v1.EnvVar{{ - Name: "ETCD_AUTO_COMPACTION_RETENTION", - Value: "1", - }}, + } + } else { // Otherwise, if pvc size is not > 0, don't PVC back the ETCD Cluster + etcdCluster = &etcdCRAPI.EtcdCluster{ + TypeMeta: metav1.TypeMeta{ + Kind: etcdCRAPI.EtcdClusterResourceKind, + APIVersion: etcdCRAPI.SchemeGroupVersion.String(), }, - }, + ObjectMeta: metav1.ObjectMeta{ + Name: EtcdNameForVault(v.Name), + Namespace: v.Namespace, + Labels: LabelsForVault(v.Name), + }, + Spec: etcdCRAPI.ClusterSpec{ + Size: size, + TLS: &etcdCRAPI.TLSPolicy{ + Static: &etcdCRAPI.StaticTLS{ + Member: &etcdCRAPI.MemberSecret{ + PeerSecret: EtcdPeerTLSSecretName(v.Name), + ServerSecret: EtcdServerTLSSecretName(v.Name), + }, + OperatorSecret: EtcdClientTLSSecretName(v.Name), + }, + }, + Pod: &etcdCRAPI.PodPolicy{ + EtcdEnv: []v1.EnvVar{{ + Name: "ETCD_AUTO_COMPACTION_RETENTION", + Value: "1", + }}, + }, + }, + } } if v.Spec.Pod != nil { etcdCluster.Spec.Pod.Resources = v.Spec.Pod.Resources From 31cca5c27da590cc2f9ec2d77093c528d4bd2261 Mon Sep 17 00:00:00 2001 From: Robbie Blaine Date: Mon, 2 Jul 2018 15:17:49 +0200 Subject: [PATCH 2/4] Comment clarification --- pkg/util/k8sutil/vault.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/util/k8sutil/vault.go b/pkg/util/k8sutil/vault.go index 344fd7c..eb873ee 100644 --- a/pkg/util/k8sutil/vault.go +++ b/pkg/util/k8sutil/vault.go @@ -118,7 +118,7 @@ func DeployEtcdCluster(etcdCRCli etcdCRClient.Interface, v *api.VaultService) er }, }, } - } else { // Otherwise, if pvc size is not > 0, don't PVC back the ETCD Cluster + } else { // Otherwise, deploy default etcd cluster with no PVCs (ephemeral) etcdCluster = &etcdCRAPI.EtcdCluster{ TypeMeta: metav1.TypeMeta{ Kind: etcdCRAPI.EtcdClusterResourceKind, From 64d1cf260af16fc78a0fb0bd915281ffaed0ea56 Mon Sep 17 00:00:00 2001 From: Robbie Blaine Date: Tue, 3 Jul 2018 09:27:04 +0200 Subject: [PATCH 3/4] Fixed PVC Stop reinventing the wheel --- pkg/apis/vault/v1alpha1/types.go | 4 ++-- pkg/util/k8sutil/vault.go | 16 +++------------- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/pkg/apis/vault/v1alpha1/types.go b/pkg/apis/vault/v1alpha1/types.go index c48bda5..d4702e0 100644 --- a/pkg/apis/vault/v1alpha1/types.go +++ b/pkg/apis/vault/v1alpha1/types.go @@ -74,8 +74,8 @@ type VaultServiceSpec struct { // TLS policy of vault nodes TLS *TLSPolicy `json:"TLS,omitempty"` - // ETCD PVC - ETCDPVC string `json:"etcdPVC,omitempty"` + // PersistentVolumeClaimSpec for the ETCD Cluster + PersistentVolumeClaimSpec *v1.PersistentVolumeClaimSpec `json:"PersistentVolumeClaimSpec,omitempty"` } // PodPolicy defines the policy for pods owned by vault operator. diff --git a/pkg/util/k8sutil/vault.go b/pkg/util/k8sutil/vault.go index eb873ee..1d9ec7b 100644 --- a/pkg/util/k8sutil/vault.go +++ b/pkg/util/k8sutil/vault.go @@ -33,7 +33,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes" - "k8s.io/apimachinery/pkg/api/resource" ) var ( @@ -76,11 +75,10 @@ func EtcdPeerTLSSecretName(vaultName string) string { // waits for all of its members to be ready. func DeployEtcdCluster(etcdCRCli etcdCRClient.Interface, v *api.VaultService) error { size := 3 - pvcSize := v.Spec.ETCDPVC etcdCluster := &etcdCRAPI.EtcdCluster{} - if len(pvcSize) > 0 { // If length of pvc size is > 0, deploy ETCD Cluster with PVCs - etcdCluster = &etcdCRAPI.EtcdCluster{ + if v.Spec.PersistentVolumeClaimSpec != nil { // If a PersistentVolumeClaimSpec is made in the vault manifest + etcdCluster = &etcdCRAPI.EtcdCluster{ // Deploy the etcd Cluster with the PVC spec TypeMeta: metav1.TypeMeta{ Kind: etcdCRAPI.EtcdClusterResourceKind, APIVersion: etcdCRAPI.SchemeGroupVersion.String(), @@ -106,15 +104,7 @@ func DeployEtcdCluster(etcdCRCli etcdCRClient.Interface, v *api.VaultService) er Name: "ETCD_AUTO_COMPACTION_RETENTION", Value: "1", }}, - PersistentVolumeClaimSpec: &v1.PersistentVolumeClaimSpec{ - AccessModes: []v1.PersistentVolumeAccessMode{"ReadWriteOnce"}, - Resources: struct { - Limits v1.ResourceList - Requests v1.ResourceList - }{Limits: nil, Requests: map[v1.ResourceName]resource.Quantity{ - "storage": {nil, nil, pvcSize, resource.DecimalSI,}, - }}, - }, + PersistentVolumeClaimSpec: v.Spec.PersistentVolumeClaimSpec, }, }, } From 8e5fe65e4c6b42195df16cfb154185a3578c5bef Mon Sep 17 00:00:00 2001 From: Robbie Blaine Date: Tue, 3 Jul 2018 10:38:00 +0200 Subject: [PATCH 4/4] typo in vault types "PersistentVolumeClaimSpec,omitempt" to "persistentVolumeClaimSpec,omitempty" --- pkg/apis/vault/v1alpha1/types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/apis/vault/v1alpha1/types.go b/pkg/apis/vault/v1alpha1/types.go index d4702e0..f7e6e21 100644 --- a/pkg/apis/vault/v1alpha1/types.go +++ b/pkg/apis/vault/v1alpha1/types.go @@ -75,7 +75,7 @@ type VaultServiceSpec struct { TLS *TLSPolicy `json:"TLS,omitempty"` // PersistentVolumeClaimSpec for the ETCD Cluster - PersistentVolumeClaimSpec *v1.PersistentVolumeClaimSpec `json:"PersistentVolumeClaimSpec,omitempty"` + PersistentVolumeClaimSpec *v1.PersistentVolumeClaimSpec `json:"persistentVolumeClaimSpec,omitempty"` } // PodPolicy defines the policy for pods owned by vault operator.