From c8cdba98c990d6fd0ecf5783be659165881b04a0 Mon Sep 17 00:00:00 2001 From: Alex Lourie Date: Sat, 27 Jul 2019 00:48:38 +0930 Subject: [PATCH 1/8] Initial work for clouds secrets and user-defined configmap Signed-off-by: Alex Lourie --- ...ator_v1alpha1_cassandradatacenter_crd.yaml | 4 ++++ examples/go/example-datacenter.yaml | 4 +++- .../v1alpha1/cassandradatacenter.go | 21 +++++++++--------- .../v1alpha1/zz_generated.openapi.go | 13 ++++++++++- .../cassandradatacenter/configmap.go | 1 + .../cassandradatacenter/statefulset.go | 22 +++++++++++++++---- 6 files changed, 48 insertions(+), 17 deletions(-) diff --git a/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml b/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml index 1e0bf76a..528b78e1 100644 --- a/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml +++ b/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml @@ -27,6 +27,10 @@ spec: type: object spec: properties: + backupSecrets: + type: string + cassandraConfig: + type: object cassandraImage: type: string cluster: diff --git a/examples/go/example-datacenter.yaml b/examples/go/example-datacenter.yaml index 8b3a5921..585800f9 100644 --- a/examples/go/example-datacenter.yaml +++ b/examples/go/example-datacenter.yaml @@ -8,8 +8,10 @@ spec: cluster: "test-cluster" nodes: 3 cassandraImage: "gcr.io/cassandra-operator/cassandra:3.11.3" - sidecarImage: "gcr.io/cassandra-operator/cassandra-sidecar:latest" + sidecarImage: "192.168.56.104:5000/cassandra-sidecar:latest" imagePullPolicy: IfNotPresent + imagePullSecrets: [{name: regcred}] + backupSecrets: backup-secret resources: limits: memory: 1Gi diff --git a/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go b/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go index 9f358ef1..9c946932 100644 --- a/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go +++ b/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go @@ -10,18 +10,17 @@ import ( type CassandraDataCenterSpec struct { // Cluster is either a string or v1.LocalObjectReference //Cluster interface{} `json:"cluster,omitempty"` - Cluster string `json:"cluster,omitempty"` - Nodes int32 `json:"nodes"` - CassandraImage string `json:"cassandraImage"` - SidecarImage string `json:"sidecarImage"` - ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy"` - ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` - - Resources v1.ResourceRequirements `json:"resources"` - + Cluster string `json:"cluster,omitempty"` + Nodes int32 `json:"nodes"` + CassandraImage string `json:"cassandraImage"` + SidecarImage string `json:"sidecarImage"` + ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy"` + ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + BackupSecrets string `json:"backupSecrets,omitempty"` + UserConfigMap v1.ConfigMapVolumeSource `json:"userConfigMap,omitempty"` + Resources v1.ResourceRequirements `json:"resources"` DataVolumeClaimSpec v1.PersistentVolumeClaimSpec `json:"dataVolumeClaimSpec"` - - PrometheusSupport bool `json:"prometheusSupport"` + PrometheusSupport bool `json:"prometheusSupport"` } // CassandraDataCenterStatus defines the observed state of CassandraDataCenter diff --git a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go index 69a1a88e..67f21b33 100644 --- a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go +++ b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go @@ -311,6 +311,17 @@ func schema_pkg_apis_cassandraoperator_v1alpha1_CassandraDataCenterSpec(ref comm }, }, }, + "backupSecrets": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "cassandraConfig": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/api/core/v1.ConfigMap"), + }, + }, "resources": { SchemaProps: spec.SchemaProps{ Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), @@ -332,7 +343,7 @@ func schema_pkg_apis_cassandraoperator_v1alpha1_CassandraDataCenterSpec(ref comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "k8s.io/api/core/v1.ResourceRequirements"}, + "k8s.io/api/core/v1.ConfigMap", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "k8s.io/api/core/v1.ResourceRequirements"}, } } diff --git a/pkg/controller/cassandradatacenter/configmap.go b/pkg/controller/cassandradatacenter/configmap.go index 40e704ad..558eab11 100644 --- a/pkg/controller/cassandradatacenter/configmap.go +++ b/pkg/controller/cassandradatacenter/configmap.go @@ -37,6 +37,7 @@ func createOrUpdateOperatorConfigMap(rctx *reconciliationRequestContext, seedNod addPrometheusSupport(rctx.cdc, addFileFn) + if err := controllerutil.SetControllerReference(rctx.cdc, configMap, rctx.scheme); err != nil { return err } diff --git a/pkg/controller/cassandradatacenter/statefulset.go b/pkg/controller/cassandradatacenter/statefulset.go index 26617690..c0028d94 100644 --- a/pkg/controller/cassandradatacenter/statefulset.go +++ b/pkg/controller/cassandradatacenter/statefulset.go @@ -39,7 +39,6 @@ func createOrUpdateStatefulSet(rctx *reconciliationRequestContext, configVolume } dataVolumeClaim := newDataVolumeClaim(&rctx.cdc.Spec.DataVolumeClaimSpec) - podInfoVolume := newPodInfoVolume() cassandraContainer := newCassandraContainer(rctx.cdc, dataVolumeClaim, configVolume) @@ -101,13 +100,16 @@ func newPodSpec(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, volumes []co } func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dataVolumeClaim *corev1.PersistentVolumeClaim, configVolume *corev1.Volume) *corev1.Container { - const OperatorConfigVolumeMountPath = "/tmp/operator-config" + const ( + OperatorConfigVolumeMountPath = "/tmp/operator-config" + UserConfigVolumePath = "/etc/cassandra/cassandra.yaml.d/003-user-overrides.yaml" + ) container := &corev1.Container{ Name: "cassandra", Image: cdc.Spec.CassandraImage, ImagePullPolicy: cdc.Spec.ImagePullPolicy, - Args: []string{OperatorConfigVolumeMountPath}, + Args: []string{OperatorConfigVolumeMountPath, UserConfigVolumePath}, Ports: []corev1.ContainerPort{ {Name: "internode", ContainerPort: 7000}, {Name: "cql", ContainerPort: 9042}, @@ -137,6 +139,10 @@ func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, d }, } + if cdc.Spec.UserConfigMap.Size() != 0 { + container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{Name: cdc.Spec.UserConfigMap.Name, MountPath: UserConfigVolumePath}) + } + if cdc.Spec.PrometheusSupport == true { container.Ports = append(container.Ports, corev1.ContainerPort{Name: "promql", ContainerPort: 9500}) } @@ -145,7 +151,7 @@ func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, d } func newSidecarContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dataVolumeClaim *corev1.PersistentVolumeClaim, podInfoVolume *corev1.Volume) *corev1.Container { - return &corev1.Container{ + container := &corev1.Container{ Name: "sidecar", Image: cdc.Spec.SidecarImage, ImagePullPolicy: cdc.Spec.ImagePullPolicy, @@ -157,6 +163,14 @@ func newSidecarContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dat {Name: podInfoVolume.Name, MountPath: "/etc/pod-info"}, }, } + + if len(cdc.Spec.BackupSecrets) != 0 { + container.EnvFrom = []corev1.EnvFromSource{ + {SecretRef: &corev1.SecretEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: cdc.Spec.BackupSecrets}}}, + } + } + + return container } func newSysctlLimitsContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter) *corev1.Container { From 9f8b2239ede521e6251ff875da5a220074ac691b Mon Sep 17 00:00:00 2001 From: Alex Lourie Date: Thu, 1 Aug 2019 01:16:34 +0930 Subject: [PATCH 2/8] PR comments fixes Fixes #213 Fixes #208 * Fixed some comments from PR review * Added Env to CRD to allow specifying environment for containers (exists in java version) * Added userConfigMap handling (#213) * Restored PrivelegedSupported handling (#208) * Backup secret volume allows providing GOOGLE_APPLICATION_CREDENTIALS in a secret * Cloud providers creds can be set using Env field in CRD Signed-off-by: Alex Lourie --- ...ator_v1alpha1_cassandradatacenter_crd.yaml | 12 ++- examples/go/example-datacenter.yaml | 24 ++++- .../v1alpha1/cassandradatacenter.go | 24 ++--- .../v1alpha1/zz_generated.deepcopy.go | 32 ++++++- .../v1alpha1/zz_generated.openapi.go | 29 ++++-- .../cassandradatacenter/statefulset.go | 93 +++++++++++++++---- 6 files changed, 172 insertions(+), 42 deletions(-) diff --git a/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml b/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml index 528b78e1..83251998 100644 --- a/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml +++ b/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml @@ -27,9 +27,7 @@ spec: type: object spec: properties: - backupSecrets: - type: string - cassandraConfig: + backupSecretVolume: type: object cassandraImage: type: string @@ -39,6 +37,10 @@ spec: type: string dataVolumeClaimSpec: type: object + env: + items: + type: object + type: array imagePullPolicy: type: string imagePullSecrets: @@ -48,12 +50,16 @@ spec: nodes: format: int32 type: integer + privilegedSupported: + type: boolean prometheusSupport: type: boolean resources: type: object sidecarImage: type: string + userConfigMapVolumeSource: + type: object required: - nodes - cassandraImage diff --git a/examples/go/example-datacenter.yaml b/examples/go/example-datacenter.yaml index 585800f9..f91dc92e 100644 --- a/examples/go/example-datacenter.yaml +++ b/examples/go/example-datacenter.yaml @@ -7,11 +7,29 @@ metadata: spec: cluster: "test-cluster" nodes: 3 + racks: 3 cassandraImage: "gcr.io/cassandra-operator/cassandra:3.11.3" - sidecarImage: "192.168.56.104:5000/cassandra-sidecar:latest" + sidecarImage: "gcr.io/cassandra-operator/cassandra-sidecar:latest" imagePullPolicy: IfNotPresent - imagePullSecrets: [{name: regcred}] - backupSecrets: backup-secret + imagePullSecrets: + - name: regcred + backupSecretVolume: + secretName: backup-secret + # type is a workaround for https://github.com/kubernetes/kubernetes/issues/68466 + type: array + items: + - key: creds.json + path: creds.json + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/google/creds.json" + userConfigMapVolumeSource: + name: concurrent-data + # type is a workaround for https://github.com/kubernetes/kubernetes/issues/68466 + type: array + items: + - key: "concurrent.yaml" + path: "cassandra.yaml.d/100-user.yaml" resources: limits: memory: 1Gi diff --git a/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go b/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go index 9c946932..18f667cb 100644 --- a/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go +++ b/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go @@ -10,17 +10,19 @@ import ( type CassandraDataCenterSpec struct { // Cluster is either a string or v1.LocalObjectReference //Cluster interface{} `json:"cluster,omitempty"` - Cluster string `json:"cluster,omitempty"` - Nodes int32 `json:"nodes"` - CassandraImage string `json:"cassandraImage"` - SidecarImage string `json:"sidecarImage"` - ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy"` - ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` - BackupSecrets string `json:"backupSecrets,omitempty"` - UserConfigMap v1.ConfigMapVolumeSource `json:"userConfigMap,omitempty"` - Resources v1.ResourceRequirements `json:"resources"` - DataVolumeClaimSpec v1.PersistentVolumeClaimSpec `json:"dataVolumeClaimSpec"` - PrometheusSupport bool `json:"prometheusSupport"` + Cluster string `json:"cluster,omitempty"` + Nodes int32 `json:"nodes"` + CassandraImage string `json:"cassandraImage"` + SidecarImage string `json:"sidecarImage"` + ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy"` + ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + BackupSecretVolume v1.SecretVolumeSource `json:"backupSecretVolume,omitempty"` + UserConfigMapVolumeSource v1.ConfigMapVolumeSource `json:"userConfigMapVolumeSource,omitempty"` + Resources v1.ResourceRequirements `json:"resources"` + DataVolumeClaimSpec v1.PersistentVolumeClaimSpec `json:"dataVolumeClaimSpec"` + PrivilegedSupported bool `json:"privilegedSupported,omitempty"` + PrometheusSupport bool `json:"prometheusSupport"` + Env []v1.EnvVar `json:"env,omitempty"` } // CassandraDataCenterStatus defines the observed state of CassandraDataCenter diff --git a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.deepcopy.go index 8e254cef..9d759b42 100644 --- a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.deepcopy.go @@ -14,8 +14,22 @@ func (in *CassandraBackup) DeepCopyInto(out *CassandraBackup) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status + in.Spec.DeepCopyInto(&out.Spec) + if in.Status != nil { + in, out := &in.Status, &out.Status + *out = make(map[string]*CassandraBackupStatus, len(*in)) + for key, val := range *in { + var outVal *CassandraBackupStatus + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = new(CassandraBackupStatus) + **out = **in + } + (*out)[key] = outVal + } + } return } @@ -73,6 +87,11 @@ func (in *CassandraBackupList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CassandraBackupSpec) DeepCopyInto(out *CassandraBackupSpec) { *out = *in + if in.Keyspaces != nil { + in, out := &in.Keyspaces, &out.Keyspaces + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -264,8 +283,17 @@ func (in *CassandraDataCenterSpec) DeepCopyInto(out *CassandraDataCenterSpec) { *out = make([]v1.LocalObjectReference, len(*in)) copy(*out, *in) } + in.BackupSecretVolume.DeepCopyInto(&out.BackupSecretVolume) + in.UserConfigMapVolumeSource.DeepCopyInto(&out.UserConfigMapVolumeSource) in.Resources.DeepCopyInto(&out.Resources) in.DataVolumeClaimSpec.DeepCopyInto(&out.DataVolumeClaimSpec) + if in.Env != nil { + in, out := &in.Env, &out.Env + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } diff --git a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go index 67f21b33..280325e9 100644 --- a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go +++ b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go @@ -311,15 +311,14 @@ func schema_pkg_apis_cassandraoperator_v1alpha1_CassandraDataCenterSpec(ref comm }, }, }, - "backupSecrets": { + "backupSecretVolume": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), }, }, - "cassandraConfig": { + "userConfigMapVolumeSource": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/api/core/v1.ConfigMap"), + Ref: ref("k8s.io/api/core/v1.ConfigMapVolumeSource"), }, }, "resources": { @@ -332,18 +331,36 @@ func schema_pkg_apis_cassandraoperator_v1alpha1_CassandraDataCenterSpec(ref comm Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimSpec"), }, }, + "privilegedSupported": { + SchemaProps: spec.SchemaProps{ + Type: []string{"boolean"}, + Format: "", + }, + }, "prometheusSupport": { SchemaProps: spec.SchemaProps{ Type: []string{"boolean"}, Format: "", }, }, + "env": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/api/core/v1.EnvVar"), + }, + }, + }, + }, + }, }, Required: []string{"nodes", "cassandraImage", "sidecarImage", "imagePullPolicy", "resources", "dataVolumeClaimSpec", "prometheusSupport"}, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ConfigMap", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "k8s.io/api/core/v1.ResourceRequirements"}, + "k8s.io/api/core/v1.ConfigMapVolumeSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecretVolumeSource"}, } } diff --git a/pkg/controller/cassandradatacenter/statefulset.go b/pkg/controller/cassandradatacenter/statefulset.go index c0028d94..1f521fe5 100644 --- a/pkg/controller/cassandradatacenter/statefulset.go +++ b/pkg/controller/cassandradatacenter/statefulset.go @@ -12,21 +12,32 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" + "path" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "strings" "sync" ) -const DataVolumeMountPath = "/var/lib/cassandra" +const ( + DataVolumeMountPath = "/var/lib/cassandra" + OperatorConfigVolumeMountPath = "/tmp/operator-config" + UserConfigVolumeMountPath = "/tmp/user-config" +) const SidecarApiPort = 4567 +const GOOGLE_APPLICATION_CREDENTIALS = "GOOGLE_APPLICATION_CREDENTIALS" + var sidecarClientOptions = sidecar.ClientOptions{ Port: SidecarApiPort, Secure: false, } +func boolRef(b bool) *bool { + return &b +} + func createOrUpdateStatefulSet(rctx *reconciliationRequestContext, configVolume *corev1.Volume) (*v1beta2.StatefulSet, error) { statefulSet := &v1beta2.StatefulSet{ObjectMeta: DataCenterResourceMetadata(rctx.cdc)} @@ -40,9 +51,11 @@ func createOrUpdateStatefulSet(rctx *reconciliationRequestContext, configVolume dataVolumeClaim := newDataVolumeClaim(&rctx.cdc.Spec.DataVolumeClaimSpec) podInfoVolume := newPodInfoVolume() + backupSecretVolume := newBackupSecretVolume(rctx) + userConfigVolume := newUserConfigVolume(rctx) - cassandraContainer := newCassandraContainer(rctx.cdc, dataVolumeClaim, configVolume) - sidecarContainer := newSidecarContainer(rctx.cdc, dataVolumeClaim, podInfoVolume) + cassandraContainer := newCassandraContainer(rctx.cdc, dataVolumeClaim, configVolume, userConfigVolume) + sidecarContainer := newSidecarContainer(rctx.cdc, dataVolumeClaim, podInfoVolume, backupSecretVolume) sysctlLimitsContainer := newSysctlLimitsContainer(rctx.cdc) @@ -51,6 +64,14 @@ func createOrUpdateStatefulSet(rctx *reconciliationRequestContext, configVolume []corev1.Container{*cassandraContainer, *sidecarContainer}, []corev1.Container{*sysctlLimitsContainer}) + if backupSecretVolume != nil { + podSpec.Volumes = append(podSpec.Volumes, *backupSecretVolume) + } + + if userConfigVolume != nil { + podSpec.Volumes = append(podSpec.Volumes, *userConfigVolume) + } + statefulSetSpec := newStatefulSetSpec(rctx.cdc, podSpec, dataVolumeClaim) if statefulSet.CreationTimestamp.IsZero() { @@ -99,17 +120,12 @@ func newPodSpec(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, volumes []co return podSpec } -func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dataVolumeClaim *corev1.PersistentVolumeClaim, configVolume *corev1.Volume) *corev1.Container { - const ( - OperatorConfigVolumeMountPath = "/tmp/operator-config" - UserConfigVolumePath = "/etc/cassandra/cassandra.yaml.d/003-user-overrides.yaml" - ) - +func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dataVolumeClaim *corev1.PersistentVolumeClaim, configVolume *corev1.Volume, userConfigVolume *corev1.Volume) *corev1.Container { container := &corev1.Container{ Name: "cassandra", Image: cdc.Spec.CassandraImage, ImagePullPolicy: cdc.Spec.ImagePullPolicy, - Args: []string{OperatorConfigVolumeMountPath, UserConfigVolumePath}, + Args: []string{OperatorConfigVolumeMountPath}, Ports: []corev1.ContainerPort{ {Name: "internode", ContainerPort: 7000}, {Name: "cql", ContainerPort: 9042}, @@ -139,8 +155,9 @@ func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, d }, } - if cdc.Spec.UserConfigMap.Size() != 0 { - container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{Name: cdc.Spec.UserConfigMap.Name, MountPath: UserConfigVolumePath}) + if userConfigVolume != nil { + container.Args = append(container.Args, UserConfigVolumeMountPath) + container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{Name: userConfigVolume.Name, MountPath: UserConfigVolumeMountPath}) } if cdc.Spec.PrometheusSupport == true { @@ -150,7 +167,7 @@ func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, d return container } -func newSidecarContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dataVolumeClaim *corev1.PersistentVolumeClaim, podInfoVolume *corev1.Volume) *corev1.Container { +func newSidecarContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dataVolumeClaim *corev1.PersistentVolumeClaim, podInfoVolume *corev1.Volume, backupSecretVolume *corev1.Volume) *corev1.Container { container := &corev1.Container{ Name: "sidecar", Image: cdc.Spec.SidecarImage, @@ -164,10 +181,26 @@ func newSidecarContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dat }, } - if len(cdc.Spec.BackupSecrets) != 0 { - container.EnvFrom = []corev1.EnvFromSource{ - {SecretRef: &corev1.SecretEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: cdc.Spec.BackupSecrets}}}, + if len(cdc.Spec.Env) > 0 { + container.Env = cdc.Spec.Env + } + + if backupSecretVolume != nil { + // find GOOGLE_APPLICATION_CREDENTIALS in env: + google_creds_path := "/etc/gcp" + for _, env := range cdc.Spec.Env { + if env.Name == GOOGLE_APPLICATION_CREDENTIALS { + google_creds_path = path.Dir(env.Value) + } + } + + if google_creds_path == "/etc/gcp" { + // environment not set, log it, but it may be not an issue + log.Info("Warning: backupSecretVolume is set, but GOOGLE_APPLICATION_CREDENTIALS env is missing") } + + // Use it for the mount + container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{Name: backupSecretVolume.Name, MountPath: google_creds_path}) } return container @@ -179,7 +212,7 @@ func newSysctlLimitsContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter Image: cdc.Spec.CassandraImage, ImagePullPolicy: cdc.Spec.ImagePullPolicy, SecurityContext: &corev1.SecurityContext{ - Privileged: func() *bool { b := true; return &b }(), + Privileged: boolRef(cdc.Spec.PrivilegedSupported), }, Command: []string{"bash", "-xuec"}, Args: []string{ @@ -188,6 +221,32 @@ func newSysctlLimitsContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter } } +func newUserConfigVolume(rctx *reconciliationRequestContext) *corev1.Volume { + + // check if set + if len(rctx.cdc.Spec.UserConfigMapVolumeSource.Name) == 0 { + return nil + } + + return &corev1.Volume{ + Name: rctx.cdc.Spec.UserConfigMapVolumeSource.Name, + VolumeSource: corev1.VolumeSource{ConfigMap: &rctx.cdc.Spec.UserConfigMapVolumeSource}, + } +} + +func newBackupSecretVolume(rctx *reconciliationRequestContext) *corev1.Volume { + + // check if set + if len(rctx.cdc.Spec.BackupSecretVolume.SecretName) == 0 { + return nil + } + + return &corev1.Volume{ + Name: rctx.cdc.Spec.BackupSecretVolume.SecretName, + VolumeSource: corev1.VolumeSource{Secret: &rctx.cdc.Spec.BackupSecretVolume}, + } +} + func newPodInfoVolume() *corev1.Volume { return &corev1.Volume{ Name: "pod-info", From e7109f6b3f876a7dfc6c93decbc9a93abb578350 Mon Sep 17 00:00:00 2001 From: Alex Lourie Date: Fri, 2 Aug 2019 15:37:14 +0930 Subject: [PATCH 3/8] Support TLS certificates for internal communication Signed-off-by: Alex Lourie --- ...ator_v1alpha1_cassandradatacenter_crd.yaml | 2 ++ examples/go/example-datacenter.yaml | 13 ++++++--- .../v1alpha1/cassandradatacenter.go | 1 + .../v1alpha1/zz_generated.deepcopy.go | 1 + .../v1alpha1/zz_generated.openapi.go | 5 ++++ .../cassandradatacenter/statefulset.go | 28 +++++++++++++++++-- 6 files changed, 44 insertions(+), 6 deletions(-) diff --git a/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml b/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml index 83251998..32a04c11 100644 --- a/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml +++ b/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml @@ -60,6 +60,8 @@ spec: type: string userConfigMapVolumeSource: type: object + userSecretVolume: + type: object required: - nodes - cassandraImage diff --git a/examples/go/example-datacenter.yaml b/examples/go/example-datacenter.yaml index f91dc92e..a1784c94 100644 --- a/examples/go/example-datacenter.yaml +++ b/examples/go/example-datacenter.yaml @@ -7,7 +7,6 @@ metadata: spec: cluster: "test-cluster" nodes: 3 - racks: 3 cassandraImage: "gcr.io/cassandra-operator/cassandra:3.11.3" sidecarImage: "gcr.io/cassandra-operator/cassandra-sidecar:latest" imagePullPolicy: IfNotPresent @@ -23,13 +22,19 @@ spec: env: - name: GOOGLE_APPLICATION_CREDENTIALS value: "/etc/google/creds.json" + userSecretVolume: + secretName: dc1-user-secret userConfigMapVolumeSource: - name: concurrent-data + name: dc1-user-config # type is a workaround for https://github.com/kubernetes/kubernetes/issues/68466 type: array items: - - key: "concurrent.yaml" - path: "cassandra.yaml.d/100-user.yaml" + - key: cassandra_ssl + path: cassandra.yaml.d/003-ssl.yaml + - key: cqlshrc + path: cqlshrc + - key: install_cqlshrc + path: cassandra-env.sh.d/003-install-cqlshrc.sh resources: limits: memory: 1Gi diff --git a/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go b/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go index 18f667cb..517be71a 100644 --- a/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go +++ b/pkg/apis/cassandraoperator/v1alpha1/cassandradatacenter.go @@ -17,6 +17,7 @@ type CassandraDataCenterSpec struct { ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy"` ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` BackupSecretVolume v1.SecretVolumeSource `json:"backupSecretVolume,omitempty"` + UserSecretVolume v1.SecretVolumeSource `json:"userSecretVolume,omitempty"` UserConfigMapVolumeSource v1.ConfigMapVolumeSource `json:"userConfigMapVolumeSource,omitempty"` Resources v1.ResourceRequirements `json:"resources"` DataVolumeClaimSpec v1.PersistentVolumeClaimSpec `json:"dataVolumeClaimSpec"` diff --git a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.deepcopy.go index 9d759b42..8e9f2f5a 100644 --- a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.deepcopy.go @@ -284,6 +284,7 @@ func (in *CassandraDataCenterSpec) DeepCopyInto(out *CassandraDataCenterSpec) { copy(*out, *in) } in.BackupSecretVolume.DeepCopyInto(&out.BackupSecretVolume) + in.UserSecretVolume.DeepCopyInto(&out.UserSecretVolume) in.UserConfigMapVolumeSource.DeepCopyInto(&out.UserConfigMapVolumeSource) in.Resources.DeepCopyInto(&out.Resources) in.DataVolumeClaimSpec.DeepCopyInto(&out.DataVolumeClaimSpec) diff --git a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go index 280325e9..7c568a4f 100644 --- a/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go +++ b/pkg/apis/cassandraoperator/v1alpha1/zz_generated.openapi.go @@ -316,6 +316,11 @@ func schema_pkg_apis_cassandraoperator_v1alpha1_CassandraDataCenterSpec(ref comm Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), }, }, + "userSecretVolume": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), + }, + }, "userConfigMapVolumeSource": { SchemaProps: spec.SchemaProps{ Ref: ref("k8s.io/api/core/v1.ConfigMapVolumeSource"), diff --git a/pkg/controller/cassandradatacenter/statefulset.go b/pkg/controller/cassandradatacenter/statefulset.go index 1f521fe5..a7eb586d 100644 --- a/pkg/controller/cassandradatacenter/statefulset.go +++ b/pkg/controller/cassandradatacenter/statefulset.go @@ -23,6 +23,7 @@ const ( DataVolumeMountPath = "/var/lib/cassandra" OperatorConfigVolumeMountPath = "/tmp/operator-config" UserConfigVolumeMountPath = "/tmp/user-config" + UserSecretVolumeMountPath = "/tmp/user-secret-config" ) const SidecarApiPort = 4567 @@ -52,9 +53,10 @@ func createOrUpdateStatefulSet(rctx *reconciliationRequestContext, configVolume dataVolumeClaim := newDataVolumeClaim(&rctx.cdc.Spec.DataVolumeClaimSpec) podInfoVolume := newPodInfoVolume() backupSecretVolume := newBackupSecretVolume(rctx) + userSecretVolume := newUserSecretVolume(rctx) userConfigVolume := newUserConfigVolume(rctx) - cassandraContainer := newCassandraContainer(rctx.cdc, dataVolumeClaim, configVolume, userConfigVolume) + cassandraContainer := newCassandraContainer(rctx.cdc, dataVolumeClaim, configVolume, userSecretVolume, userConfigVolume) sidecarContainer := newSidecarContainer(rctx.cdc, dataVolumeClaim, podInfoVolume, backupSecretVolume) sysctlLimitsContainer := newSysctlLimitsContainer(rctx.cdc) @@ -68,6 +70,10 @@ func createOrUpdateStatefulSet(rctx *reconciliationRequestContext, configVolume podSpec.Volumes = append(podSpec.Volumes, *backupSecretVolume) } + if userSecretVolume != nil { + podSpec.Volumes = append(podSpec.Volumes, *userSecretVolume) + } + if userConfigVolume != nil { podSpec.Volumes = append(podSpec.Volumes, *userConfigVolume) } @@ -120,7 +126,7 @@ func newPodSpec(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, volumes []co return podSpec } -func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dataVolumeClaim *corev1.PersistentVolumeClaim, configVolume *corev1.Volume, userConfigVolume *corev1.Volume) *corev1.Container { +func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dataVolumeClaim *corev1.PersistentVolumeClaim, configVolume *corev1.Volume, userSecretVolume, userConfigVolume *corev1.Volume) *corev1.Container { container := &corev1.Container{ Name: "cassandra", Image: cdc.Spec.CassandraImage, @@ -128,6 +134,7 @@ func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, d Args: []string{OperatorConfigVolumeMountPath}, Ports: []corev1.ContainerPort{ {Name: "internode", ContainerPort: 7000}, + {Name: "internode-ssl", ContainerPort: 7001}, {Name: "cql", ContainerPort: 9042}, {Name: "jmx", ContainerPort: 7199}, }, @@ -160,6 +167,10 @@ func newCassandraContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, d container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{Name: userConfigVolume.Name, MountPath: UserConfigVolumeMountPath}) } + if userSecretVolume != nil { + container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{Name: userSecretVolume.Name, MountPath: UserSecretVolumeMountPath}) + } + if cdc.Spec.PrometheusSupport == true { container.Ports = append(container.Ports, corev1.ContainerPort{Name: "promql", ContainerPort: 9500}) } @@ -234,6 +245,19 @@ func newUserConfigVolume(rctx *reconciliationRequestContext) *corev1.Volume { } } +func newUserSecretVolume(rctx *reconciliationRequestContext) *corev1.Volume { + + // check if set + if len(rctx.cdc.Spec.UserSecretVolume.SecretName) == 0 { + return nil + } + + return &corev1.Volume{ + Name: rctx.cdc.Spec.UserSecretVolume.SecretName, + VolumeSource: corev1.VolumeSource{Secret: &rctx.cdc.Spec.UserSecretVolume}, + } +} + func newBackupSecretVolume(rctx *reconciliationRequestContext) *corev1.Volume { // check if set From f3f49bb2a3f079176994b6f35e29bdb93817b5a2 Mon Sep 17 00:00:00 2001 From: Alex Lourie Date: Tue, 6 Aug 2019 01:16:47 +0930 Subject: [PATCH 4/8] PR comments, docs updates Signed-off-by: Alex Lourie --- ...ator_v1alpha1_cassandradatacenter_crd.yaml | 16 ++- doc/backup_restore.md | 13 +- doc/tls-encryption.md | 120 ++++++++++++++++++ docker/cassandra/entry-point | 8 ++ examples/go/example-datacenter.yaml | 19 +-- .../v1alpha1/cassandradatacenter.go | 9 +- .../v1alpha1/zz_generated.deepcopy.go | 29 ++++- .../v1alpha1/zz_generated.openapi.go | 18 ++- .../cassandradatacenter/statefulset.go | 52 ++------ 9 files changed, 214 insertions(+), 70 deletions(-) create mode 100644 doc/tls-encryption.md diff --git a/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml b/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml index 32a04c11..ed14ae7e 100644 --- a/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml +++ b/deploy/crds/cassandraoperator_v1alpha1_cassandradatacenter_crd.yaml @@ -27,8 +27,12 @@ spec: type: object spec: properties: - backupSecretVolume: + backupSecretVolumeSource: type: object + cassandraEnv: + items: + type: object + type: array cassandraImage: type: string cluster: @@ -37,10 +41,6 @@ spec: type: string dataVolumeClaimSpec: type: object - env: - items: - type: object - type: array imagePullPolicy: type: string imagePullSecrets: @@ -56,11 +56,15 @@ spec: type: boolean resources: type: object + sidecarEnv: + items: + type: object + type: array sidecarImage: type: string userConfigMapVolumeSource: type: object - userSecretVolume: + userSecretVolumeSource: type: object required: - nodes diff --git a/doc/backup_restore.md b/doc/backup_restore.md index 97fc7ab5..5107be52 100644 --- a/doc/backup_restore.md +++ b/doc/backup_restore.md @@ -22,7 +22,7 @@ You can inspect the secret created via `kubectl describe secrets/awsbackuptest` Create a `CassandraDataCenter` CRD that injects the secret as environment variables that matches the AWS client libraries expected env variables: ```yaml - env: + sidecarEnv: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -65,7 +65,7 @@ spec: resources: requests: storage: 100Mi - env: + sidecarEnv: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -85,6 +85,9 @@ spec: To create a cluster using this yaml file use `kubectl apply -f myBackupCluster.yaml` ## Configuring GCP Object Storage via environment variables +The backup credentials will be added to the sidecar container at the `/tmp/backup-creds` location. +Use this location to set GOOGLE_APPLICATION_CREDENTIALS environment variable to the key json file stored in the secret. + First create a secret in kubernetes to hold a Google service account token/file (assuming they are stored in files named access and secret respectively). `kubectl create secret generic gcp-auth-reference --from-file=my_service_key.json` @@ -118,14 +121,14 @@ spec: resources: requests: storage: 100Mi - userSecretSource: + backupSecretVolumeSource: name: gcp-auth-reference items: - key: my_service_key.json path: my_service_key.json - env: + sidecarEnv: - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/tmp/user-secret/my_service_key.json" + value: "/tmp/backup-creds/my_service_key.json" - name: GOOGLE_CLOUD_PROJECT value: "cassandra-operator" - name: BUCKET_NAME diff --git a/doc/tls-encryption.md b/doc/tls-encryption.md new file mode 100644 index 00000000..10ec41ff --- /dev/null +++ b/doc/tls-encryption.md @@ -0,0 +1,120 @@ +### SSL encryption + +This is an example for running cassandra with ssl encryption using the operator. +Assuming you already have [generated keys](https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureSSLCertWithCA.html) : +* keystore.jks +* trustore.jks +* cacert.pem (containing the root certificate) + +Create a secret with those files : +```bash +kubectl create secret generic dc1-user-secret \ + --from-file=keystore.jks \ + --from-file=truststore.jks \ + --from-file=cacert.pem +``` + +Create a config map with 2 entries: +* a cassandra yaml fragment for configuring node-to-node and client-to-node encryption +* `cqlshrc` to make cqlsh work with ssl + +For instance : +```bash +kubectl apply -f - < 0 { - container.Env = cdc.Spec.Env - } - if backupSecretVolume != nil { - // find GOOGLE_APPLICATION_CREDENTIALS in env: - google_creds_path := "/etc/gcp" - for _, env := range cdc.Spec.Env { - if env.Name == GOOGLE_APPLICATION_CREDENTIALS { - google_creds_path = path.Dir(env.Value) - } - } - - if google_creds_path == "/etc/gcp" { - // environment not set, log it, but it may be not an issue - log.Info("Warning: backupSecretVolume is set, but GOOGLE_APPLICATION_CREDENTIALS env is missing") - } - - // Use it for the mount - container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{Name: backupSecretVolume.Name, MountPath: google_creds_path}) + container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{Name: backupSecretVolume.Name, MountPath: BackupSecretVolumeMountPath}) } return container @@ -223,7 +207,7 @@ func newSysctlLimitsContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter Image: cdc.Spec.CassandraImage, ImagePullPolicy: cdc.Spec.ImagePullPolicy, SecurityContext: &corev1.SecurityContext{ - Privileged: boolRef(cdc.Spec.PrivilegedSupported), + Privileged: &cdc.Spec.PrivilegedSupported, }, Command: []string{"bash", "-xuec"}, Args: []string{ @@ -233,41 +217,33 @@ func newSysctlLimitsContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter } func newUserConfigVolume(rctx *reconciliationRequestContext) *corev1.Volume { - - // check if set - if len(rctx.cdc.Spec.UserConfigMapVolumeSource.Name) == 0 { + if rctx.cdc.Spec.UserConfigMapVolumeSource == nil { return nil } return &corev1.Volume{ Name: rctx.cdc.Spec.UserConfigMapVolumeSource.Name, - VolumeSource: corev1.VolumeSource{ConfigMap: &rctx.cdc.Spec.UserConfigMapVolumeSource}, + VolumeSource: corev1.VolumeSource{ConfigMap: rctx.cdc.Spec.UserConfigMapVolumeSource}, } } func newUserSecretVolume(rctx *reconciliationRequestContext) *corev1.Volume { - - // check if set - if len(rctx.cdc.Spec.UserSecretVolume.SecretName) == 0 { + if rctx.cdc.Spec.UserSecretVolumeSource == nil { return nil } - return &corev1.Volume{ - Name: rctx.cdc.Spec.UserSecretVolume.SecretName, - VolumeSource: corev1.VolumeSource{Secret: &rctx.cdc.Spec.UserSecretVolume}, + Name: rctx.cdc.Spec.UserSecretVolumeSource.SecretName, + VolumeSource: corev1.VolumeSource{Secret: rctx.cdc.Spec.UserSecretVolumeSource}, } } func newBackupSecretVolume(rctx *reconciliationRequestContext) *corev1.Volume { - - // check if set - if len(rctx.cdc.Spec.BackupSecretVolume.SecretName) == 0 { + if rctx.cdc.Spec.BackupSecretVolumeSource == nil { return nil } - return &corev1.Volume{ - Name: rctx.cdc.Spec.BackupSecretVolume.SecretName, - VolumeSource: corev1.VolumeSource{Secret: &rctx.cdc.Spec.BackupSecretVolume}, + Name: rctx.cdc.Spec.BackupSecretVolumeSource.SecretName, + VolumeSource: corev1.VolumeSource{Secret: rctx.cdc.Spec.BackupSecretVolumeSource}, } } From a38eb32f37d6bd161b08f2341dd4d206f3d13b2d Mon Sep 17 00:00:00 2001 From: Alex Lourie Date: Tue, 6 Aug 2019 01:24:25 +0930 Subject: [PATCH 5/8] Cleanups Signed-off-by: Alex Lourie --- pkg/controller/cassandradatacenter/statefulset.go | 15 +-------------- pkg/sidecar/client.go | 2 +- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/pkg/controller/cassandradatacenter/statefulset.go b/pkg/controller/cassandradatacenter/statefulset.go index f35d3ec4..0eb113e8 100644 --- a/pkg/controller/cassandradatacenter/statefulset.go +++ b/pkg/controller/cassandradatacenter/statefulset.go @@ -26,19 +26,6 @@ const ( BackupSecretVolumeMountPath = "/tmp/backup-secret" ) -const SidecarApiPort = 4567 - -const GOOGLE_APPLICATION_CREDENTIALS = "GOOGLE_APPLICATION_CREDENTIALS" - -var sidecarClientOptions = sidecar.ClientOptions{ - Port: SidecarApiPort, - Secure: false, -} - -func boolRef(b bool) *bool { - return &b -} - func createOrUpdateStatefulSet(rctx *reconciliationRequestContext, configVolume *corev1.Volume) (*v1beta2.StatefulSet, error) { statefulSet := &v1beta2.StatefulSet{ObjectMeta: DataCenterResourceMetadata(rctx.cdc)} @@ -185,7 +172,7 @@ func newSidecarContainer(cdc *cassandraoperatorv1alpha1.CassandraDataCenter, dat Image: cdc.Spec.SidecarImage, ImagePullPolicy: cdc.Spec.ImagePullPolicy, Ports: []corev1.ContainerPort{ - {Name: "http", ContainerPort: SidecarApiPort}, + {Name: "http", ContainerPort: sidecar.DefaultSidecarClientOptions.Port}, }, Env: cdc.Spec.SidecarEnv, VolumeMounts: []corev1.VolumeMount{ diff --git a/pkg/sidecar/client.go b/pkg/sidecar/client.go index a7520e81..8568ded5 100644 --- a/pkg/sidecar/client.go +++ b/pkg/sidecar/client.go @@ -37,7 +37,7 @@ type Client struct { type ClientOptions struct { Secure bool HttpMode bool - Port int + Port int32 Timeout time.Duration } From 1af32c3be0af68f48b97f0e53e240a9e2c6ec964 Mon Sep 17 00:00:00 2001 From: Alex Lourie Date: Tue, 6 Aug 2019 13:26:45 +0930 Subject: [PATCH 6/8] Path naming update Signed-off-by: Alex Lourie --- pkg/controller/cassandradatacenter/statefulset.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/cassandradatacenter/statefulset.go b/pkg/controller/cassandradatacenter/statefulset.go index 0eb113e8..59c691e2 100644 --- a/pkg/controller/cassandradatacenter/statefulset.go +++ b/pkg/controller/cassandradatacenter/statefulset.go @@ -22,7 +22,7 @@ const ( DataVolumeMountPath = "/var/lib/cassandra" OperatorConfigVolumeMountPath = "/tmp/operator-config" UserConfigVolumeMountPath = "/tmp/user-config" - UserSecretVolumeMountPath = "/tmp/user-secret-config" + UserSecretVolumeMountPath = "/tmp/user-secret" BackupSecretVolumeMountPath = "/tmp/backup-secret" ) From fa47f90814094b716dc318f9d82ae3005b3db6ba Mon Sep 17 00:00:00 2001 From: Alex Lourie Date: Tue, 20 Aug 2019 15:24:41 +0930 Subject: [PATCH 7/8] Cleanups --- doc/tls-encryption.md | 120 ---------------------------- docker/cassandra/entry-point | 8 -- examples/go/example-datacenter.yaml | 19 ++--- 3 files changed, 7 insertions(+), 140 deletions(-) delete mode 100644 doc/tls-encryption.md diff --git a/doc/tls-encryption.md b/doc/tls-encryption.md deleted file mode 100644 index 10ec41ff..00000000 --- a/doc/tls-encryption.md +++ /dev/null @@ -1,120 +0,0 @@ -### SSL encryption - -This is an example for running cassandra with ssl encryption using the operator. -Assuming you already have [generated keys](https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureSSLCertWithCA.html) : -* keystore.jks -* trustore.jks -* cacert.pem (containing the root certificate) - -Create a secret with those files : -```bash -kubectl create secret generic dc1-user-secret \ - --from-file=keystore.jks \ - --from-file=truststore.jks \ - --from-file=cacert.pem -``` - -Create a config map with 2 entries: -* a cassandra yaml fragment for configuring node-to-node and client-to-node encryption -* `cqlshrc` to make cqlsh work with ssl - -For instance : -```bash -kubectl apply -f - < file paths (relative to /etc/cassandra) items: - - key: cassandra_ssl - path: cassandra.yaml.d/003-ssl.yaml - - key: cqlshrc - path: cqlshrc + - key: 100-concurrent-yaml + path: cassandra.yaml.d/100-concurrent.yaml resources: limits: memory: 1Gi From aff1123cde5909888d43a0c956c9a1095cdb7458 Mon Sep 17 00:00:00 2001 From: Alex Lourie Date: Tue, 20 Aug 2019 23:45:48 +0930 Subject: [PATCH 8/8] go fmt Signed-off-by: Alex Lourie --- pkg/controller/cassandradatacenter/statefulset.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/controller/cassandradatacenter/statefulset.go b/pkg/controller/cassandradatacenter/statefulset.go index a2e823f5..2a0aa2eb 100644 --- a/pkg/controller/cassandradatacenter/statefulset.go +++ b/pkg/controller/cassandradatacenter/statefulset.go @@ -20,7 +20,7 @@ import ( ) const ( - DataVolumeMountPath = "/var/lib/cassandra" + DataVolumeMountPath = "/var/lib/cassandra" OperatorConfigVolumeMountPath = "/tmp/operator-config" UserConfigVolumeMountPath = "/tmp/user-config" UserSecretVolumeMountPath = "/tmp/user-secret" @@ -211,7 +211,7 @@ func newUserConfigVolume(rctx *reconciliationRequestContext) *corev1.Volume { } return &corev1.Volume{ - Name: rctx.cdc.Spec.UserConfigMapVolumeSource.Name, + Name: rctx.cdc.Spec.UserConfigMapVolumeSource.Name, VolumeSource: corev1.VolumeSource{ConfigMap: rctx.cdc.Spec.UserConfigMapVolumeSource}, } } @@ -221,7 +221,7 @@ func newUserSecretVolume(rctx *reconciliationRequestContext) *corev1.Volume { return nil } return &corev1.Volume{ - Name: rctx.cdc.Spec.UserSecretVolumeSource.SecretName, + Name: rctx.cdc.Spec.UserSecretVolumeSource.SecretName, VolumeSource: corev1.VolumeSource{Secret: rctx.cdc.Spec.UserSecretVolumeSource}, } } @@ -231,7 +231,7 @@ func newBackupSecretVolume(rctx *reconciliationRequestContext) *corev1.Volume { return nil } return &corev1.Volume{ - Name: rctx.cdc.Spec.BackupSecretVolumeSource.SecretName, + Name: rctx.cdc.Spec.BackupSecretVolumeSource.SecretName, VolumeSource: corev1.VolumeSource{Secret: rctx.cdc.Spec.BackupSecretVolumeSource}, } }