diff --git a/build.gradle b/build.gradle index 1f73df1..ee3c68b 100644 --- a/build.gradle +++ b/build.gradle @@ -35,16 +35,18 @@ dependencies { // developmentOnly 'org.springframework.boot:spring-boot-devtools:3.2.0' implementation 'org.springframework.boot:spring-boot-starter-actuator:3.3.0' implementation 'org.springframework.boot:spring-boot-starter-web:3.3.0' - implementation 'io.javaoperatorsdk:operator-framework-spring-boot-starter:5.4.1' + implementation 'io.javaoperatorsdk:operator-framework-spring-boot-starter:5.5.0' implementation 'org.bouncycastle:bcpkix-jdk15on:1.70' // required for the fabric8 k8s client to grok k3d certificates annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor:3.3.0' compileOnly 'org.projectlombok:lombok' testCompileOnly 'org.projectlombok:lombok' annotationProcessor 'org.projectlombok:lombok' - annotationProcessor 'io.fabric8:crd-generator-apt:6.9.2' + annotationProcessor 'io.fabric8:crd-generator-apt:6.13.0' + testImplementation 'org.junit.jupiter:junit-jupiter:5.9.2' + testRuntimeOnly 'org.junit.platform:junit-platform-launcher' testImplementation 'org.springframework.boot:spring-boot-starter-test:3.3.0' - testImplementation 'io.javaoperatorsdk:operator-framework-spring-boot-starter-test:5.4.1' + testImplementation 'io.javaoperatorsdk:operator-framework-spring-boot-starter-test:5.5.0' } tasks.named('test') { diff --git a/charts/cmcc-operator/templates/crd.yaml b/charts/cmcc-operator/templates/crd.yaml index 7d9b520..0125118 100644 --- a/charts/cmcc-operator/templates/crd.yaml +++ b/charts/cmcc-operator/templates/crd.yaml @@ -175,6 +175,13 @@ spec: podSecurityContext: description: Security context for a pod properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object fsGroup: type: integer fsGroupChangePolicy: @@ -253,6 +260,13 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object capabilities: properties: add: @@ -398,6 +412,13 @@ spec: podSecurityContext: description: Default security context for a pod properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object fsGroup: type: integer fsGroupChangePolicy: @@ -474,6 +495,13 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object capabilities: properties: add: diff --git a/k8s/cmcc-crd.yaml b/k8s/cmcc-crd.yaml index 58020fd..ac09a06 100644 --- a/k8s/cmcc-crd.yaml +++ b/k8s/cmcc-crd.yaml @@ -174,6 +174,13 @@ spec: podSecurityContext: description: Security context for a pod properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object fsGroup: type: integer fsGroupChangePolicy: @@ -252,6 +259,13 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object capabilities: properties: add: @@ -397,6 +411,13 @@ spec: podSecurityContext: description: Default security context for a pod properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object fsGroup: type: integer fsGroupChangePolicy: @@ -473,6 +494,13 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object capabilities: properties: add: diff --git a/src/main/java/com/tsystemsmms/cmcc/cmccoperator/components/AbstractComponent.java b/src/main/java/com/tsystemsmms/cmcc/cmccoperator/components/AbstractComponent.java index feda2b1..56a6ac5 100644 --- a/src/main/java/com/tsystemsmms/cmcc/cmccoperator/components/AbstractComponent.java +++ b/src/main/java/com/tsystemsmms/cmcc/cmccoperator/components/AbstractComponent.java @@ -323,7 +323,7 @@ public PersistentVolumeClaim getPersistentVolumeClaim(String name, Quantity size .withMetadata(getResourceMetadataForName(name)) .withSpec(new PersistentVolumeClaimSpecBuilder() .withAccessModes("ReadWriteOnce") - .withResources(new ResourceRequirementsBuilder() + .withResources(new VolumeResourceRequirementsBuilder() .withRequests(Map.of("storage", size)) .build()) .withStorageClassName(sc)