add some missing config to pkg/install daemonset, deployment

Signed-off-by: Steve Kriss <krisss@vmware.com>
2019-04-15 13:02:51 -06:00 · 2019-04-15 13:02:51 -06:00 · 66c6d7a026
parent 3ed97db550
commit 66c6d7a026
4 changed files with 52 additions and 5 deletions
--- a/pkg/install/daemonset.go
+++ b/pkg/install/daemonset.go
@ -40,6 +40,9 @@ func DaemonSet(namespace string, opts ...podTemplateOption) *appsv1.DaemonSet {

 	}

+	userID := int64(0)
+	mountPropagationMode := corev1.MountPropagationHostToContainer
+
 	daemonSet := &appsv1.DaemonSet{
 		ObjectMeta: objectMeta(namespace, "restic"),
 		TypeMeta: metav1.TypeMeta{
@ -60,6 +63,9 @@ func DaemonSet(namespace string, opts ...podTemplateOption) *appsv1.DaemonSet {
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: "velero",
+					SecurityContext: &corev1.PodSecurityContext{
+						RunAsUser: &userID,
+					},
 					Volumes: []corev1.Volume{
 						{
 							Name: "host-pods",
@ -69,6 +75,12 @@ func DaemonSet(namespace string, opts ...podTemplateOption) *appsv1.DaemonSet {
 								},
 							},
 						},
+						{
+							Name: "scratch",
+							VolumeSource: corev1.VolumeSource{
+								EmptyDir: new(corev1.EmptyDirVolumeSource),
+							},
+						},
 					},
 					Containers: []corev1.Container{
 						{
@ -79,6 +91,11 @@ func DaemonSet(namespace string, opts ...podTemplateOption) *appsv1.DaemonSet {
 								{
 									Name:             "host-pods",
 									MountPath:        "/host_pods",
+									MountPropagation: &mountPropagationMode,
+								},
+								{
+									Name:      "scratch",
+									MountPath: "/scratch",
 								},
 							},
 							Env: []corev1.EnvVar{
@ -98,6 +115,14 @@ func DaemonSet(namespace string, opts ...podTemplateOption) *appsv1.DaemonSet {
 										},
 									},
 								},
+								{
+									Name:  "VELERO_SCRATCH_DIR",
+									Value: "/scratch",
+								},
+								{
+									Name:  "AZURE_CREDENTIALS_FILE",
+									Value: "/credentials/cloud",
+								},
 								{
 									Name:  "GOOGLE_APPLICATION_CREDENTIALS",
 									Value: "/credentials/cloud",
@ -126,6 +151,14 @@ func DaemonSet(namespace string, opts ...podTemplateOption) *appsv1.DaemonSet {
 				},
 			},
 		)
+
+		daemonSet.Spec.Template.Spec.Containers[0].VolumeMounts = append(
+			daemonSet.Spec.Template.Spec.Containers[0].VolumeMounts,
+			corev1.VolumeMount{
+				Name:      "cloud-credentials",
+				MountPath: "/credentials",
+			},
+		)
 	}

 	daemonSet.Spec.Template.Spec.Containers[0].Env = append(daemonSet.Spec.Template.Spec.Containers[0].Env, c.envVars...)
--- a/pkg/install/daemonset_test.go
+++ b/pkg/install/daemonset_test.go
@ -30,7 +30,7 @@ func TestDaemonSet(t *testing.T) {
 	assert.Equal(t, "velero", ds.ObjectMeta.Namespace)

 	ds = DaemonSet("velero", WithoutCredentialsVolume())
-	assert.Equal(t, 1, len(ds.Spec.Template.Spec.Volumes))
+	assert.Equal(t, 2, len(ds.Spec.Template.Spec.Volumes))

 	ds = DaemonSet("velero", WithImage("gcr.io/heptio-images/velero:v0.11"))
 	assert.Equal(t, "gcr.io/heptio-images/velero:v0.11", ds.Spec.Template.Spec.Containers[0].Image)
--- a/pkg/install/deployment.go
+++ b/pkg/install/deployment.go
@ -116,8 +116,16 @@ func Deployment(namespace string, opts ...podTemplateOption) *appsv1beta1.Deploy
 									Name:      "plugins",
 									MountPath: "/plugins",
 								},
+								{
+									Name:      "scratch",
+									MountPath: "/scratch",
+								},
 							},
 							Env: []corev1.EnvVar{
+								{
+									Name:  "VELERO_SCRATCH_DIR",
+									Value: "/scratch",
+								},
 								{
 									Name:  "GOOGLE_APPLICATION_CREDENTIALS",
 									Value: "/credentials/cloud",
@ -136,6 +144,12 @@ func Deployment(namespace string, opts ...podTemplateOption) *appsv1beta1.Deploy
 								EmptyDir: &corev1.EmptyDirVolumeSource{},
 							},
 						},
+						{
+							Name: "scratch",
+							VolumeSource: corev1.VolumeSource{
+								EmptyDir: new(corev1.EmptyDirVolumeSource),
+							},
+						},
 					},
 				},
 			},
--- a/pkg/install/deployment_test.go
+++ b/pkg/install/deployment_test.go
@ -32,13 +32,13 @@ func TestDeployment(t *testing.T) {
 	assert.Equal(t, "--restore-only", deploy.Spec.Template.Spec.Containers[0].Args[1])

 	deploy = Deployment("velero", WithEnvFromSecretKey("my-var", "my-secret", "my-key"))
-	envSecret := deploy.Spec.Template.Spec.Containers[0].Env[2]
+	envSecret := deploy.Spec.Template.Spec.Containers[0].Env[3]
 	assert.Equal(t, "my-var", envSecret.Name)
 	assert.Equal(t, "my-secret", envSecret.ValueFrom.SecretKeyRef.LocalObjectReference.Name)
 	assert.Equal(t, "my-key", envSecret.ValueFrom.SecretKeyRef.Key)

 	deploy = Deployment("velero", WithoutCredentialsVolume())
-	assert.Equal(t, 1, len(deploy.Spec.Template.Spec.Volumes))
+	assert.Equal(t, 2, len(deploy.Spec.Template.Spec.Volumes))

 	deploy = Deployment("velero", WithImage("gcr.io/heptio-images/velero:v0.11"))
 	assert.Equal(t, "gcr.io/heptio-images/velero:v0.11", deploy.Spec.Template.Spec.Containers[0].Image)