Skip to content

Commit

Permalink
Merge branch 'main' into k8spsmdb-913-restore-recreates-balancer
Browse files Browse the repository at this point in the history
  • Loading branch information
@inelpandzic
inelpandzic authored Aug 30, 2023
2 parents 04eb3f3 + 3d4ed9c commit d02ce1f
Show file tree
Hide file tree
Showing 12 changed files with 59 additions and 12 deletions.
2 changes: 2 additions & 0 deletions e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-4-oc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down
2 changes: 2 additions & 0 deletions e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-oc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down
6 changes: 5 additions & 1 deletion e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-secret.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -166,7 +169,8 @@ spec:
restartPolicy: Always
runtimeClassName: container-rc
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: some-name-mongodb-keyfile
Expand Down
6 changes: 5 additions & 1 deletion e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -166,7 +169,8 @@ spec:
restartPolicy: Always
runtimeClassName: container-rc
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: some-name-mongodb-keyfile
Expand Down
2 changes: 2 additions & 0 deletions e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-4-oc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down
2 changes: 2 additions & 0 deletions e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-oc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,8 @@ spec:
imagePullPolicy: Always
name: mongos-sidecar-1
resources: {}
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
6 changes: 5 additions & 1 deletion e2e-tests/expose-sharded/compare/statefulset_some-name-mongos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -166,7 +169,8 @@ spec:
restartPolicy: Always
runtimeClassName: container-rc
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: some-name-mongodb-keyfile
Expand Down
2 changes: 2 additions & 0 deletions e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos-oc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,8 @@ spec:
requests:
cpu: 300m
memory: 500M
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down
6 changes: 5 additions & 1 deletion e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,9 @@ spec:
requests:
cpu: 300m
memory: 500M
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -295,7 +298,8 @@ spec:
name: bin
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: monitoring-mongodb-keyfile
Expand Down
6 changes: 5 additions & 1 deletion e2e-tests/pitr-sharded/compare/statefulset_some-name-mongos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,9 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -163,7 +166,8 @@ spec:
restartPolicy: Always
runtimeClassName: container-rc
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: some-name-mongodb-keyfile
Expand Down
11 changes: 4 additions & 7 deletions e2e-tests/serviceless-external-nodes/run
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,8 @@ set -o xtrace
test_dir=$(realpath "$(dirname "$0")")
. "${test_dir}/../functions"

if [[ ${IMAGE_MONGOD} == *"percona-server-mongodb-operator"* ]]; then
MONGO_VER=$(echo -n "${IMAGE_MONGOD}" | $sed -r 's/.*([0-9].[0-9])$/\1/')
else
MONGO_VER=$(echo -n "${IMAGE_MONGOD}" | $sed -r 's/.*:([0-9]+\.[0-9]+).*$/\1/')
fi
FULL_VER=$(get_mongod_ver_from_image ${IMAGE_MONGOD})
MONGO_VER=${FULL_VER:0:3}
unset OPERATOR_NS

desc "Create main cluster"
Expand Down Expand Up @@ -59,8 +56,8 @@ cat "${test_dir}/compare/rs.txt" \

diff $tmp_dir/rs-expected.txt "$tmp_dir/rs.txt"

destroy "$namespace" "true"

kubectl_bin -n ${replica_namespace} delete psmdb/${cluster}
destroy $replica_namespace "true"
destroy $namespace "true"

desc "test passed"
20 changes: 20 additions & 0 deletions pkg/apis/psmdb/v1/psmdb_defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,27 @@ func (cr *PerconaServerMongoDB) CheckNSetDefaults(platform version.Platform, log
cr.Spec.Sharding.Mongos.Size = minSafeMongosSize
}
}
if cr.CompareVersion("1.15.0") >= 0 {
var fsgroup *int64
if platform == version.PlatformKubernetes {
var tp int64 = 1001
fsgroup = &tp
}

if cr.Spec.Sharding.Mongos.ContainerSecurityContext == nil {
tvar := true
cr.Spec.Sharding.Mongos.ContainerSecurityContext = &corev1.SecurityContext{
RunAsNonRoot: &tvar,
RunAsUser: fsgroup,
}
}

if cr.Spec.Sharding.Mongos.PodSecurityContext == nil {
cr.Spec.Sharding.Mongos.PodSecurityContext = &corev1.PodSecurityContext{
FSGroup: fsgroup,
}
}
}
cr.Spec.Sharding.ConfigsvrReplSet.Name = ConfigReplSetName

if cr.Spec.Sharding.Mongos.Port == 0 {
Expand Down

0 comments on commit d02ce1f

Please sign in to comment.