[CDAP-19300] Added Containers Injection, added Dockerfile.test and up…

…dated the README

.github/workflows/go.yml

@@ -21,10 +21,13 @@ jobs:
 
     - name: Install Kubebuilder
       run: |
+        version=2.3.1
         os=$(go env GOOS)
         arch=$(go env GOARCH)
-        curl -L https://go.kubebuilder.io/dl/2.3.1/${os}/${arch} | sudo tar -xz -C /tmp/
-        sudo mv /tmp/kubebuilder_2.3.1_${os}_${arch} /usr/local/kubebuilder
+        curl -L -O "https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${version}/kubebuilder_${version}_${os}_${arch}.tar.gz"
+        tar -zxvf kubebuilder_${version}_${os}_${arch}.tar.gz
+        sudo mv kubebuilder_${version}_${os}_${arch} /usr/local/kubebuilder
+        rm -f kubebuilder_${version}_${os}_${arch}.tar.gz
         sudo find /usr/local/kubebuilder/bin -type f -exec ln -s {} /usr/local/bin \;
     - name: Test
       run: make manifests test

.gitignore

@@ -63,6 +63,7 @@ anaconda-mode/
 *.dylib
 # Test binary, build with 'go test -c'
 *.test
+!Dockerfile.test
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 ### Vim ###

Dockerfile.test

@@ -0,0 +1,25 @@
+# Build the manager binary
+FROM golang:1.16 as tester
+
+ENV version 1.0.8
+ENV arch amd64
+
+# Copy everything in the go src
+WORKDIR /go/src/cdap.io/cdap-operator
+COPY ./ ./
+
+# Install Kubebuilder
+RUN curl -L -O "https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${version}/kubebuilder_${version}_linux_${arch}.tar.gz" && \
+    tar -zxvf kubebuilder_${version}_linux_${arch}.tar.gz && \
+    mv kubebuilder_${version}_linux_${arch} /usr/local/kubebuilder && \
+    cp /usr/local/kubebuilder/bin/* /usr/local/bin
+
+# Install setup-envtest
+RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+
+# download envtest 1.19.x for kubebuilder and to set KUBEBUILDER_ASSETS environment variable
+RUN $(go env GOPATH)/bin/setup-envtest use -p env 1.19.x > /tmp/setup_envtest.sh && \
+    eval `$(go env GOPATH)/bin/setup-envtest use -p env 1.19.x` && \
+    rm /tmp/setup_envtest.sh
+
+CMD make test

README.md

@@ -33,7 +33,7 @@ You can checkout the CDAP Operator source code, build and run locally. To build
    ```
 1. Deploy CDAP CRD to the cluster
    ```
-   kubectl apply -f config/crds
+   kubectl apply -k config/crd
    ```
 1. Edit the sample CDAP CR and deploy to the cluster
    ```
@@ -61,3 +61,35 @@ You can also build a docker image containing the CDAP controller and deploy it t
 ### Using CDAP operator to manage CDAP instances in Kubernetes
 
 A step by step guide of running CDAP in Kubernetes using CDAP operator can be found in the [blog post](https://link.medium.com/hpPbiUYT9X).
+
+### Running Unit Tests
+
+1. Install [kubebuilder](https://book-v1.book.kubebuilder.io/quick_start.html).
+
+2. Install [setup-envtest](https://github.com/kubernetes-sigs/controller-runtime/tree/master/tools/setup-envtest#envtest-binaries-manager) by running:
+```
+go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+```
+
+3. After installing `setup-envtest`, use it to download envtest 1.19.x for kubebuilder and to set your KUBEBUILDER_ASSETS environment variable:
+```bash
+# Downloads envtest v1.19.x and writes the export statement to a temporary file
+$(go env GOPATH)/bin/setup-envtest use -p env 1.19.x > /tmp/setup_envtest.sh
+# Sets the KUBEBUILDER_ASSETS environment variable
+source /tmp/setup_envtest.sh
+# Deletes the temporary file
+rm /tmp/setup_envtest.sh
+```
+
+4. Run `make test`
+
+#### Running Unit Tests in a docker image
+
+From the project root folder build the test image by running the following
+```
+docker build -f Dockerfile.test . -t test
+```
+Execute the image with
+```
+docker run test
+```

api/v1alpha1/cdapmaster_types.go

@@ -42,6 +42,8 @@ type CDAPMasterSpec struct {
 	SecuritySecret string `json:"securitySecret,omitempty"`
 	// ServiceAccountName is the service account for all the service pods.
 	ServiceAccountName string `json:"serviceAccountName,omitempty"`
+	// Env is a list of environment variables for the all service containers.
+	Env []corev1.EnvVar `json:"env,omitempty"`
 	// LocationURI is an URI specifying an object storage for CDAP.
 	LocationURI string `json:"locationURI"`
 	// Config is a set of configurations that goes into cdap-site.xml.
@@ -76,6 +78,21 @@ type CDAPMasterSpec struct {
 	Router RouterSpec `json:"router,omitempty"`
 	// UserInterface is specification for the CDAP UI service.
 	UserInterface UserInterfaceSpec `json:"userInterface,omitempty"`
+	// SupportBundle is specification for the CDAP support-bundle service.
+	// This is an optional service and may not be required for CDAP to be operational.
+	// To disable this service: either omit or set the field to nil
+	// To enable this service: set it to a pointer to a SupportBundleSpec struct (can be an empty struct)
+	SupportBundle *SupportBundleSpec `json:"supportBundle,omitempty"`
+	// TetheringAgent is specification for the CDAP Tethering Agent service.
+	// This is an optional service and may not be required for CDAP to be operational.
+	// To disable this service: either omit or set the field to nil
+	// To enable this service: set it to a pointer to a TetheringAgentSpec struct (can be an empty struct)
+	TetheringAgent *TetheringAgentSpec `json:"tetheringAgent,omitempty"`
+	// ArtifactCache is specification for the CDAP Artifact Cache service.
+	// This is an optional service and may not be required for CDAP to be operational.
+	// To disable this service: either omit or set the field to nil
+	// To enable this service: set it to a pointer to a ArtifactCacheSpec struct (can be an empty struct)
+	ArtifactCache *ArtifactCacheSpec `json:"artifactCache,omitempty"`
 	// Runtime is specification for the CDAP runtime service.
 	// This is an optional service and may not be required for CDAP to be operational.
 	// To disable this service: either omit or set the field to nil
@@ -86,6 +103,22 @@ type CDAPMasterSpec struct {
 	// To disable this service: either omit or set the field to nil
 	// To enable this service: set it to a pointer to a AuthenticationSpec struct (can be an empty struct)
 	Authentication *AuthenticationSpec `json:"authentication,omitempty"`
+	// SystemMetricsExporter is specification for the CDAP SystemMetricsExporter service.
+	// This is an optional service and may not be required for CDAP to be operational.
+	// To disable this service: either omit or set the field to nil
+	// To enable this service: set it to a pointer to a SystemMetricsExporterSpec struct (can be an empty struct).
+	// CDAPServiceSpec.EnableSystemMetrics field also needs to be set to true for stateful services which require
+	// collection of system metrics. Services which have CDAPServiceSpec.EnableSystemMetrics as nil, missing or set to false,
+	// will have metrics sidecar container disabled.
+	SystemMetricsExporter *SystemMetricExporterSpec `json:"systemMetricsExporter,omitempty"`
+	// SecurityContext defines the security context for all pods for all services.
+	SecurityContext *SecurityContext `json:"securityContext,omitempty"`
+	// AdditionalVolumes defines a list of additional volumes for all services.
+	// For information on supported volume types, see https://kubernetes.io/docs/concepts/storage/volumes/.
+	AdditionalVolumes []corev1.Volume `json:"additionalVolumes,omitempty"`
+	// AdditionalVolumeMounts defines a list of additional volume mounts for all services.
+	// For information on suported volume mount types, see https://kubernetes.io/docs/concepts/storage/volumes/.
+	AdditionalVolumeMounts []corev1.VolumeMount `json:"additionalVolumeMounts,omitempty"`
 }
 
 // CDAPServiceSpec defines the base set of specifications applicable to all master services.
@@ -115,13 +148,34 @@ type CDAPServiceSpec struct {
 	// Key is the secret object name. Value is the mount path.
 	// This adds Secret data to the directory specified by the volume mount path.
 	SecretVolumes map[string]string `json:"secretVolumes,omitempty"`
+	// AdditionalVolumes defines a list of additional volumes to mount to the service.
+	// For information on supported volume types, see https://kubernetes.io/docs/concepts/storage/volumes/.
+	AdditionalVolumes []corev1.Volume `json:"additionalVolumes,omitempty"`
+	// AdditionalVolumeMounts defines a list of additional volume mounts for the service.
+	// For information on suported volume mount types, see https://kubernetes.io/docs/concepts/storage/volumes/.
+	AdditionalVolumeMounts []corev1.VolumeMount `json:"additionalVolumeMounts,omitempty"`
+	// SecurityContext overrides the security context for the service pods.
+	SecurityContext *SecurityContext `json:"securityContext,omitempty"`
+	// EnableSystemMetrics is an optional field that is considered along with CDAPMasterSpec.SystemMetricsExporter
+	// to start a metrics collection container in statefulsets. SystemMetricsExporter is a global setting in CDAPMasterSpec.
+	// When SystemMetricsExporter is absent, it disables metrics collection for all stateful services.
+	// When SystemMetricsExporter is present, this value should also be set to true for services which require system metrics
+	// collection.
+	EnableSystemMetrics *bool `json:"enableSystemMetrics,omitempty"`
+	// Lifecycle is to specify Container Lifecycle hooks provided by Kubernetes for containers.
+	// This will not be applied to the init containers as init containers do not support lifecycle.
+	Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"`
 }
 
 // CDAPScalableServiceSpec defines the base specification for master services that can have more than one instance.
 type CDAPScalableServiceSpec struct {
 	CDAPServiceSpec `json:",inline"`
 	// Replicas is number of replicas for the service.
 	Replicas *int32 `json:"replicas,omitempty"`
+	// Containers define any additional containers a service has
+	// This is a list of containers and can be left blank
+	// A typical use is to add sidecars for a deployment
+	Containers []*corev1.Container `json:"containers,omitempty"`
 }
 
 // CDAPExternalServiceSpec defines the base specification for master services that expose to outside of the cluster.
@@ -144,6 +198,10 @@ type CDAPStatefulServiceSpec struct {
 	StorageSize string `json:"storageSize,omitempty"`
 	// StorageClassName is the name of the StorageClass for the persistent volume used by the service.
 	StorageClassName *string `json:"storageClassName,omitempty"`
+	// Containers define any additional containers a service has
+	// This is a list of containers and can be left blank
+	// A typical use is to add sidecars for a stateful set
+	Containers []*corev1.Container `json:"containers,omitempty"`
 }
 
 // AppFabricSpec defines the specification for the AppFabric service.
@@ -196,6 +254,26 @@ type UserInterfaceSpec struct {
 	CDAPExternalServiceSpec `json:",inline"`
 }
 
+// SupportBundleSpec defines the specification for the SupportBundle service.
+type SupportBundleSpec struct {
+	CDAPStatefulServiceSpec `json:",inline"`
+}
+
+// TetheringAgentSpec defines the specification for the TetheringAgent service.
+type TetheringAgentSpec struct {
+	CDAPStatefulServiceSpec `json:",inline"`
+}
+
+// ArtifactCacheSpec defines the specification for the ArtifactCache service.
+type ArtifactCacheSpec struct {
+	CDAPStatefulServiceSpec `json:",inline"`
+}
+
+//  SystemMetricExporterSpec defines the specification for the SystemMetricsExporter service.
+type SystemMetricExporterSpec struct {
+	CDAPServiceSpec `json:",inline"`
+}
+
 // CDAPMasterStatus defines the observed state of CDAPMaster
 type CDAPMasterStatus struct {
 	status.Meta          `json:",inline"`
@@ -230,6 +308,32 @@ type CDAPMasterList struct {
 	Items           []CDAPMaster `json:"items"`
 }
 
+// SecurityContext defines fields for setting corev1.SecurityContext for containers and
+// corev1.PodSecurityContext for pods.
+// For additional information, see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.
+type SecurityContext struct {
+	// RunAsUser runs the pod as the specified user ID. It is applied at the pod level.
+	RunAsUser *int64 `json:"runAsUser,omitempty"`
+	// RunAsGroup runs the pod as the specified group ID. It is applied at the pod level.
+	RunAsGroup *int64 `json:"runAsGroup,omitempty"`
+	// FSGroup mounts volumes as the specified group ID and gives the primary user access
+	// to that group. It is applied at the pod level.
+	FSGroup *int64 `json:"fsGroup,omitempty"`
+	// AllowPrivilegeEscalation prevents the container process from running SUID binaries.
+	// It is applied at the container level.
+	AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty"`
+	// RunAsNonRoot indicates that the container must run as a non-root user.
+	// If true, the Kubelet will validate the image at runtime to ensure that it
+	// does not run as UID 0 (root) and fail to start the container if it does.
+	RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"`
+	// Privileged runs container in privileged mode. It is applied at the container level.
+	// Processes in privileged containers are essentially equivalent to root on the host.
+	Privileged *bool `json:"privileged,omitempty"`
+	// ReadOnlyRootFilesystem specifies whether the container's root filesystem is read-only.
+	// It is applied at the container level.
+	ReadOnlyRootFilesystem *bool `json:"readOnlyRootFilesystem,omitempty"`
+}
+
 func init() {
 	SchemeBuilder.Register(&CDAPMaster{}, &CDAPMasterList{})
 }