diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml index 7af1b6c..6a7c00c 100644 --- a/.github/workflows/master.yaml +++ b/.github/workflows/master.yaml @@ -28,7 +28,7 @@ jobs: config: ct-master.yaml - name: actions-k3s - uses: debianmaster/actions-k3s@v1.0.0 + uses: debianmaster/actions-k3s@v1.0.1 id: k3s with: version: v1.18.2-k3s1 diff --git a/.github/workflows/non-master.yaml b/.github/workflows/non-master.yaml index eded209..76e33fb 100644 --- a/.github/workflows/non-master.yaml +++ b/.github/workflows/non-master.yaml @@ -31,7 +31,7 @@ jobs: config: ct-master.yaml - name: actions-k3s - uses: debianmaster/actions-k3s@v1.0.0 + uses: debianmaster/actions-k3s@v1.0.1 id: k3s with: version: v1.18.2-k3s1 diff --git a/charts/cass-operator/Chart.yaml b/charts/cass-operator/Chart.yaml index f944edd..964b7e5 100644 --- a/charts/cass-operator/Chart.yaml +++ b/charts/cass-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: cass-operator -version: 1.4.1 +version: 1.5.0 description: Helm chart for Cass Operator. -appVersion: 1.4.1 +appVersion: 1.5.0 home: https://github.com/datastax/cass-operator maintainers: - name: Cassandra Operator Team diff --git a/charts/cass-operator/templates/clusterrole.yaml b/charts/cass-operator/templates/clusterrole.yaml index 5066043..8ebf277 100644 --- a/charts/cass-operator/templates/clusterrole.yaml +++ b/charts/cass-operator/templates/clusterrole.yaml @@ -7,6 +7,7 @@ rules: - "" resources: - nodes + - persistentvolumes verbs: - get - list diff --git a/charts/cass-operator/templates/customresourcedefinition.yaml b/charts/cass-operator/templates/customresourcedefinition.yaml index 7482231..73d52e9 100644 --- a/charts/cass-operator/templates/customresourcedefinition.yaml +++ b/charts/cass-operator/templates/customresourcedefinition.yaml @@ -48,6 +48,12 @@ spec: description: Indicates that configuration and container image changes should only be pushed to the first rack of the datacenter type: boolean + canaryUpgradeCount: + description: The number of nodes that will be updated when CanaryUpgrade + is true. Note that the value is either 0 or greater than the rack + size, then all nodes in the rack will get updated. + format: int32 + type: integer clusterName: description: The name by which CQL clients and instances will know the cluster. If the same cluster name is shared by multiple Datacenters @@ -85,6 +91,13 @@ spec: value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object + disableSystemLoggerSidecar: + description: Configuration for disabling the simple log tailing sidecar + container. Our default is to have it enabled. + type: boolean + dockerImageRunsAsCassandra: + description: Does the Server Docker image run as the Cassandra user? + type: boolean dseWorkloads: properties: analyticsEnabled: @@ -1369,14 +1382,6 @@ spec: - containerPort type: object type: array - {{- if semverCompare ">= 1.16-0" .Capabilities.KubeVersion.GitVersion }} - x-kubernetes-list-map-keys: - - containerPort - {{- if semverCompare "< 1.18-0" .Capabilities.KubeVersion.GitVersion }} - - protocol - {{- end }} - x-kubernetes-list-type: map - {{- end }} readinessProbe: description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if @@ -3705,14 +3710,6 @@ spec: - containerPort type: object type: array - {{- if semverCompare ">= 1.16-0" .Capabilities.KubeVersion.GitVersion }} - x-kubernetes-list-map-keys: - - containerPort - {{- if semverCompare "< 1.18-0" .Capabilities.KubeVersion.GitVersion }} - - protocol - {{- end }} - x-kubernetes-list-type: map - {{- end }} readinessProbe: description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if @@ -4643,12 +4640,6 @@ spec: - whenUnsatisfiable type: object type: array - {{- if semverCompare ">= 1.16-0" .Capabilities.KubeVersion.GitVersion }} - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - {{- end }} volumes: description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' @@ -6033,14 +6024,7 @@ spec: serverVersion: description: Version string for config builder, used to generate Cassandra server configuration - enum: - - 6.8.0 - - 6.8.1 - - 6.8.2 - - 6.8.3 - - 3.11.6 - - 3.11.7 - - 4.0.0 + pattern: (6\.8\.\d+)|(3\.11\.\d+)|(4\.0\.\d+) type: string serviceAccount: description: The k8s service account to use for the server pods @@ -6188,6 +6172,9 @@ spec: description: This secret defines the username and password for the Cassandra server superuser. If it is omitted, we will generate a secret instead. type: string + systemLoggerImage: + description: Container image for the log tailing sidecar container. + type: string systemLoggerResources: description: Kubernetes resource requests and limits per system logger container. @@ -6247,11 +6234,17 @@ spec: lastTransitionTime: format: date-time type: string + message: + type: string + reason: + type: string status: type: string type: type: string required: + - message + - reason - status - type type: object @@ -6294,9 +6287,7 @@ spec: type: string type: object type: object - {{- if semverCompare ">= 1.15-0" .Capabilities.KubeVersion.GitVersion }} x-kubernetes-preserve-unknown-fields: true - {{- end }} version: v1beta1 versions: - name: v1beta1 diff --git a/charts/cass-operator/templates/deployment.yaml b/charts/cass-operator/templates/deployment.yaml index e5a9199..a950e2a 100644 --- a/charts/cass-operator/templates/deployment.yaml +++ b/charts/cass-operator/templates/deployment.yaml @@ -13,6 +13,19 @@ spec: name: cass-operator spec: serviceAccountName: {{ .Values.serviceAccountName }} + {{- $imagePullSecrets := list -}} + {{- if .Values.imagePullSecret }} + {{- $imagePullSecrets = append $imagePullSecrets .Values.imagePullSecret }} + {{- end }} + {{- if .Values.registryUsername }} + {{- $imagePullSecrets = append $imagePullSecrets "cass-operator-registry-override-regcred" }} + {{- end }} + {{- if empty $imagePullSecrets | not }} + imagePullSecrets: + {{- range $imagePullSecrets }} + - name: {{ . | quote }} + {{- end }} + {{- end }} volumes: - name: tmpconfig-volume emptyDir: @@ -22,7 +35,13 @@ spec: secretName: cass-operator-webhook-config containers: - name: cass-operator + {{- if .Values.image }} image: {{ .Values.image }} + {{- else if .Values.registryName }} + image: {{ printf "%s/%s" .Values.registryName .Values.defaultImage }} + {{- else }} + image: {{ .Values.defaultImage }} + {{- end }} imagePullPolicy: {{ .Values.imagePullPolicy }} volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs @@ -59,6 +78,14 @@ spec: - name: ENABLE_VMWARE_PSP value: "true" {{- end }} + {{- if .Values.registryName }} + - name: DEFAULT_CONTAINER_REGISTRY_OVERRIDE + value: {{ .Values.registryName }} + {{- end }} + {{- if .Values.registryUsername }} + - name: DEFAULT_CONTAINER_REGISTRY_OVERRIDE_PULL_SECRETS + value: cass-operator-registry-override-regcred + {{- end }} {{- if .Values.clusterWideInstall }} - name: WATCH_NAMESPACE value: "" diff --git a/charts/cass-operator/templates/registry-secret.yaml b/charts/cass-operator/templates/registry-secret.yaml new file mode 100644 index 0000000..ca440dd --- /dev/null +++ b/charts/cass-operator/templates/registry-secret.yaml @@ -0,0 +1,9 @@ +{{ if .Values.registryUsername }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/dockerconfigjson +metadata: + name: cass-operator-registry-override-regcred +data: + .dockerconfigjson: {{ printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.registryName (printf "%s:%s" .Values.registryUsername .Values.registryPassword | b64enc) | b64enc }} +{{- end }} diff --git a/charts/cass-operator/templates/role.yaml b/charts/cass-operator/templates/role.yaml index 5525577..afe12c9 100644 --- a/charts/cass-operator/templates/role.yaml +++ b/charts/cass-operator/templates/role.yaml @@ -70,7 +70,19 @@ rules: - '*' verbs: - '*' - +{{- if .Values.vmwarePSPEnabled }} +- apiGroups: + - "networking.k8s.io" + resources: + - networkpolicies + verbs: + - get + - create + - update + - patch + - delete + - list +{{- end }} {{- else }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -143,4 +155,17 @@ rules: - '*' verbs: - '*' +{{- if .Values.vmwarePSPEnabled }} +- apiGroups: + - "networking.k8s.io" + resources: + - networkpolicies + verbs: + - get + - create + - update + - patch + - delete + - list +{{- end }} {{- end }} diff --git a/charts/cass-operator/templates/validatingwebhookconfiguration.yaml b/charts/cass-operator/templates/validatingwebhookconfiguration.yaml index dbeb5bb..5b43c5e 100644 --- a/charts/cass-operator/templates/validatingwebhookconfiguration.yaml +++ b/charts/cass-operator/templates/validatingwebhookconfiguration.yaml @@ -9,20 +9,14 @@ webhooks: apiVersions: ["v1beta1"] operations: ["CREATE", "UPDATE"] resources: ["cassandradatacenters"] - {{- if semverCompare ">= 1.14-0" .Capabilities.KubeVersion.GitVersion }} scope: "*" - {{- end }} clientConfig: service: name: "cassandradatacenter-webhook-service" namespace: {{ .Release.Namespace }} path: /validate-cassandra-datastax-com-v1beta1-cassandradatacenter - {{- if semverCompare ">= 1.14-0" .Capabilities.KubeVersion.GitVersion }} admissionReviewVersions: ["v1beta1"] timeoutSeconds: 10 - {{- end }} failurePolicy: "Ignore" - {{- if semverCompare ">= 1.15-0" .Capabilities.KubeVersion.GitVersion }} matchPolicy: "Equivalent" - {{- end }} sideEffects: None diff --git a/charts/cass-operator/values.yaml b/charts/cass-operator/values.yaml index c7966df..18cf89e 100644 --- a/charts/cass-operator/values.yaml +++ b/charts/cass-operator/values.yaml @@ -9,5 +9,6 @@ webhookClusterRoleName: cass-operator-webhook webhookClusterRoleBindingName: cass-operator-webhook deploymentName: cass-operator deploymentReplicas: 1 -image: "datastax/cass-operator:1.4.1" +defaultImage: "datastax/cass-operator:1.5.0" imagePullPolicy: IfNotPresent +imagePullSecret: ""