Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

K8SPSMDB-958 fix mongos metrics #1289

Merged
merged 13 commits into from
Aug 30, 2023
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -166,7 +169,8 @@ spec:
restartPolicy: Always
runtimeClassName: container-rc
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: some-name-mongodb-keyfile
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -166,7 +169,8 @@ spec:
restartPolicy: Always
runtimeClassName: container-rc
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: some-name-mongodb-keyfile
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,8 @@ spec:
imagePullPolicy: Always
name: mongos-sidecar-1
resources: {}
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -166,7 +169,8 @@ spec:
restartPolicy: Always
runtimeClassName: container-rc
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: some-name-mongodb-keyfile
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,8 @@ spec:
requests:
cpu: 300m
memory: 500M
securityContext:
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,9 @@ spec:
requests:
cpu: 300m
memory: 500M
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -295,7 +298,8 @@ spec:
name: bin
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: monitoring-mongodb-keyfile
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,9 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand Down Expand Up @@ -163,7 +166,8 @@ spec:
restartPolicy: Always
runtimeClassName: container-rc
schedulerName: default-scheduler
securityContext: {}
securityContext:
fsGroup: 1001
terminationGracePeriodSeconds: 30
volumes:
- name: some-name-mongodb-keyfile
Expand Down
11 changes: 4 additions & 7 deletions e2e-tests/serviceless-external-nodes/run
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,8 @@ set -o xtrace
test_dir=$(realpath "$(dirname "$0")")
. "${test_dir}/../functions"

if [[ ${IMAGE_MONGOD} == *"percona-server-mongodb-operator"* ]]; then
MONGO_VER=$(echo -n "${IMAGE_MONGOD}" | $sed -r 's/.*([0-9].[0-9])$/\1/')
else
MONGO_VER=$(echo -n "${IMAGE_MONGOD}" | $sed -r 's/.*:([0-9]+\.[0-9]+).*$/\1/')
fi
FULL_VER=$(get_mongod_ver_from_image ${IMAGE_MONGOD})
MONGO_VER=${FULL_VER:0:3}
unset OPERATOR_NS

desc "Create main cluster"
Expand Down Expand Up @@ -59,8 +56,8 @@ cat "${test_dir}/compare/rs.txt" \

diff $tmp_dir/rs-expected.txt "$tmp_dir/rs.txt"

destroy "$namespace" "true"

kubectl_bin -n ${replica_namespace} delete psmdb/${cluster}
destroy $replica_namespace "true"
destroy $namespace "true"

desc "test passed"
20 changes: 20 additions & 0 deletions pkg/apis/psmdb/v1/psmdb_defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,26 @@ func (cr *PerconaServerMongoDB) CheckNSetDefaults(platform version.Platform, log
}
}

var fsgroup *int64
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to set it only for >- 1.15

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree.

if platform == version.PlatformKubernetes {
var tp int64 = 1001
fsgroup = &tp
}

if cr.Spec.Sharding.Mongos.ContainerSecurityContext == nil {
tvar := true
cr.Spec.Sharding.Mongos.ContainerSecurityContext = &corev1.SecurityContext{
RunAsNonRoot: &tvar,
RunAsUser: fsgroup,
}
}

if cr.Spec.Sharding.Mongos.PodSecurityContext == nil {
cr.Spec.Sharding.Mongos.PodSecurityContext = &corev1.PodSecurityContext{
FSGroup: fsgroup,
}
}

cr.Spec.Sharding.ConfigsvrReplSet.Name = ConfigReplSetName

if cr.Spec.Sharding.Mongos.Port == 0 {
Expand Down