Add support for overrides for generated pods

This change adds a new field Overrides to both Ironic and IronicDatabase. This field allows advanced operators and downstream consumers to inject containers, annotations, labels and environment variables into the generated deployments/daemon sets. A new feature gate Overrides is added to protect this feature. Signed-off-by: Dmitry Tantsur <dtantsur@protonmail.com>
metal3-io · Nov 27, 2024 · 5112b6a · 5112b6a
1 parent de02d4a
commit 5112b6a
Show file tree

Hide file tree

Showing 13 changed files with 6,336 additions and 9 deletions.
diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go
@@ -1,5 +1,9 @@
 package v1alpha1
 
+import (
+	corev1 "k8s.io/api/core/v1"
+)
+
 type IronicStatusConditionType string
 
 const (
@@ -12,3 +16,42 @@ const (
 
 	IronicOperatorLabel = "metal3.io/ironic-standalone-operator"
 )
+
+type Overrides struct {
+	// Extra annotations to add to each container.
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// Extra containers to add to the deployment or daemon set.
+	// +optional
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	Containers []corev1.Container `json:"containers,omitempty"`
+
+	// Extra environment variables to add to each container.
+	// +optional
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	Env []corev1.EnvVar `json:"env,omitempty"`
+
+	// Extra environment variables (with sources) to add to each container.
+	// +optional
+	// +listType=atomic
+	EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"`
+
+	// Extra init containers to add to the deployment or daemon set.
+	// +optional
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	InitContainers []corev1.Container `json:"initContainers,omitempty"`
+
+	// Extra labels to add to each container.
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+}
diff --git a/api/v1alpha1/features.go b/api/v1alpha1/features.go
@@ -7,11 +7,13 @@ import (
 
 const (
 	FeatureHighAvailability featuregate.Feature = "HighAvailability"
+	FeatureOverrides        featuregate.Feature = "Overrides"
 )
 
 var (
 	availableFeatures = map[featuregate.Feature]featuregate.FeatureSpec{
 		FeatureHighAvailability: {Default: false, PreRelease: featuregate.Alpha},
+		FeatureOverrides:        {Default: false, PreRelease: featuregate.Beta},
 	}
 
 	CurrentFeatureGate = featuregate.NewFeatureGate()

diff --git a/api/v1alpha1/ironic_types.go b/api/v1alpha1/ironic_types.go
@@ -202,6 +202,11 @@ type IronicSpec struct {
 	// +optional
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 
+	// Overrides for the generated Deployment or Daemon Set.
+	// EXPERIMENTAL: requires feature gate Overrides.
+	// +optional
+	Overrides *Overrides `json:"overrides,omitempty"`
+
 	// TLSRef is a reference to the secret with the database TLS certificate.
 	// +optional
 	TLSRef corev1.LocalObjectReference `json:"tlsRef,omitempty"`

diff --git a/api/v1alpha1/ironic_webhook.go b/api/v1alpha1/ironic_webhook.go
@@ -218,5 +218,9 @@ func ValidateIronic(ironic *IronicSpec, old *IronicSpec) error {
 		return errors.New("highly available architecture is disabled via feature gate")
 	}
 
+	if ironic.Overrides != nil && !CurrentFeatureGate.Enabled(FeatureOverrides) {
+		return errors.New("overrides are disabled via feature gate")
+	}
+
 	return nil
 }
diff --git a/api/v1alpha1/ironicdatabase_types.go b/api/v1alpha1/ironicdatabase_types.go
@@ -34,6 +34,11 @@ type IronicDatabaseSpec struct {
 	// +optional
 	Image string `json:"image,omitempty"`
 
+	// Overrides for the generated Deployment or Daemon Set.
+	// EXPERIMENTAL: requires feature gate Overrides.
+	// +optional
+	Overrides *Overrides `json:"overrides,omitempty"`
+
 	// TLSSecretName is a reference to the secret with the database TLS certificate.
 	// +optional
 	TLSRef corev1.LocalObjectReference `json:"tlsRef,omitempty"`

diff --git a/api/v1alpha1/ironicdatabase_webhook.go b/api/v1alpha1/ironicdatabase_webhook.go
@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"errors"
+
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -62,5 +64,9 @@ func (r *IronicDatabase) ValidateDelete() (warnings admission.Warnings, err erro
 }
 
 func validateDatabase(db *IronicDatabaseSpec, old *IronicDatabaseSpec) error {
+	if db.Overrides != nil && !CurrentFeatureGate.Enabled(FeatureOverrides) {
+		return errors.New("overrides are disabled via feature gate")
+	}
+
 	return nil
 }
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go