chore(volumes): do not allow RWO vols on daemonsets (#739)

stavros-k · Mar 9, 2024 · fc65524 · fc65524
1 parent 46d02b3
commit fc65524
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 1 deletion.
diff --git a/library/common-test/tests/pod/volume_pvc_test.yaml b/library/common-test/tests/pod/volume_pvc_test.yaml
@@ -53,3 +53,44 @@ tests:
             name: pvc-vol
             persistentVolumeClaim:
               claimName: some-existing-claim
+
+  # Failures
+  - it: should fail when DaemonSet and RWO volume from fallback
+    set:
+      fallbackDefaults:
+        accessModes:
+          - ReadWriteOnce
+      workload:
+        workload-name1:
+          enabled: true
+          primary: true
+          type: DaemonSet
+          podSpec: {}
+      persistence:
+        pvc-vol:
+          enabled: true
+          type: pvc
+    asserts:
+      - failedTemplate:
+          errorMessage: Expected [accessMode] to not be [ReadWriteOnce] when used on a [DaemonSet]
+
+  - it: should fail when DaemonSet and RWO volume from persistence
+    set:
+      fallbackDefaults:
+        accessModes:
+          - ReadWriteMany
+      workload:
+        workload-name1:
+          enabled: true
+          primary: true
+          type: DaemonSet
+          podSpec: {}
+      persistence:
+        pvc-vol:
+          enabled: true
+          accessModes:
+            - ReadWriteOnce
+          type: pvc
+    asserts:
+      - failedTemplate:
+          errorMessage: Expected [accessMode] to not be [ReadWriteOnce] when used on a [DaemonSet]
diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml
@@ -15,7 +15,7 @@ maintainers:
 name: common
 sources: null
 type: library
-version: 19.0.2
+version: 19.0.3
 annotations:
   artifacthub.io/category: "integration-delivery"
   artifacthub.io/license: "BUSL-1.1"

diff --git a/library/common/templates/lib/pod/_volumes.tpl b/library/common/templates/lib/pod/_volumes.tpl
@@ -51,6 +51,20 @@ objectData: The object data to be used to render the Pod.
         {{/* Define the volume based on type */}}
         {{- $type := ($persistence.type | default $rootCtx.Values.fallbackDefaults.persistenceType) -}}
 
+        {{- if eq $objectData.type "DaemonSet" -}}
+          {{/* Only check accessModes if persistence is one of those types */}}
+          {{- $typesWithAccessMode := (list "pvc") -}}
+          {{- if (mustHas $type $typesWithAccessMode) -}}
+            {{- $modes := include "tc.v1.common.lib.pvc.accessModes" (dict "rootCtx" $rootCtx "objectData" $persistence "caller" "Volumes") | fromYamlArray -}}
+
+            {{- range $m := $modes -}}
+              {{- if eq $m "ReadWriteOnce" -}}
+                {{- fail "Expected [accessMode] to not be [ReadWriteOnce] when used on a [DaemonSet]" -}}
+              {{- end -}}
+            {{- end -}}
+          {{- end -}}
+        {{- end -}}
+
         {{- if eq "pvc" $type -}}
           {{- include "tc.v1.common.lib.pod.volume.pvc" (dict "rootCtx" $rootCtx "objectData" $persistence) | trim | nindent 0 -}}
         {{- else if eq "hostPath" $type -}}