From 38f57baafdf507abb6062ded0c9e661fddad53cf Mon Sep 17 00:00:00 2001 From: eliranb Date: Sun, 25 May 2025 15:28:06 +0300 Subject: [PATCH 1/4] Add imagePullPolicy to initContainer configuration --- api/v1beta/lightrunjavaagent_types.go | 3 + charts/lightrun-agents/README.md | 5 + .../templates/java-agent-cr.yaml | 1 + charts/lightrun-agents/values.yaml | 4 + docs/custom_resource.md | 2 + internal/controller/patch_funcs.go | 173 +++++++++--------- 6 files changed, 105 insertions(+), 83 deletions(-) diff --git a/api/v1beta/lightrunjavaagent_types.go b/api/v1beta/lightrunjavaagent_types.go index bef29df..0a096f3 100644 --- a/api/v1beta/lightrunjavaagent_types.go +++ b/api/v1beta/lightrunjavaagent_types.go @@ -17,6 +17,7 @@ limitations under the License. package v1beta import ( + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -41,6 +42,8 @@ type InitContainer struct { SharedVolumeMountPath string `json:"sharedVolumeMountPath"` // Image of the init container. Image name and tag will define platform and version of the agent Image string `json:"image"` + // Pull policy of the init container. Can be one of: Always, IfNotPresent, or Never. + ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy"` } // LightrunJavaAgentSpec defines the desired state of LightrunJavaAgent diff --git a/charts/lightrun-agents/README.md b/charts/lightrun-agents/README.md index c44a619..84ee551 100644 --- a/charts/lightrun-agents/README.md +++ b/charts/lightrun-agents/README.md @@ -33,6 +33,7 @@ The values.yaml file includes the following configurable parameters for each Jav | `javaAgents[].containerSelector` | Selector for containers within the deployment to inject the Lightrun Java Agent. | Required | | `javaAgents[].deploymentName` | Name of the Kubernetes deployment to attach the Lightrun Java Agent. | Required | | `javaAgents[].initContainer.image` | Image for the Lightrun Java Agent init container. | Required | +| `javaAgents[].initContainer.imagePullPolicy` | Image pull policy for the init container. Can be one of: Always, IfNotPresent, or Never. | Optional (if not provided, defaults to `"IfNotPresent"`) | | `javaAgents[].initContainer.sharedVolumeMountPath` | Mount path for the shared volume in the init container. | Optional (if not provided, defaults to `"/lightrun"`" | | `javaAgents[].initContainer.sharedVolumeName` | Name of the shared volume for the init container. | Optional (if not provided, defaults to `"lightrun-agent-init"`" | | `javaAgents[].name` | Name of the Lightrun Java Agent custom resource. | Required | @@ -91,6 +92,7 @@ javaAgents: serverHostname: 'lightrun.example.com' initContainer: image: "lightruncom/k8s-operator-init-java-agent-linux:latest" + imagePullPolicy: "IfNotPresent" agentPoolCredentials: existingSecret: "" apiKey: "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" @@ -104,6 +106,7 @@ javaAgents: namespace: 'my-namespace-2' initContainer: image: "lightruncom/k8s-operator-init-java-agent-linux:latest" + imagePullPolicy: "IfNotPresent" deploymentName: "my-deployment-2" containerSelector: - my-container-2 @@ -139,6 +142,7 @@ javaAgents: agentCliFlags: "--lightrun_extra_class_path=:,lightrun_init_wait_time_ms" initContainer: image: "lightruncom/k8s-operator-init-java-agent-linux:latest" + imagePullPolicy: "IfNotPresent" sharedVolumeName: 'my-shared-volume' sharedVolumeMountPath: '/mypath' agentPoolCredentials: @@ -154,6 +158,7 @@ javaAgents: namespace: 'my-namespace-2' initContainer: image: "lightruncom/k8s-operator-init-java-agent-linux:latest" + imagePullPolicy: "IfNotPresent" sharedVolumeName: 'my-shared-volume' sharedVolumeMountPath: '/mypath' deploymentName: "my-deployment-2" diff --git a/charts/lightrun-agents/templates/java-agent-cr.yaml b/charts/lightrun-agents/templates/java-agent-cr.yaml index b53808e..0eef615 100644 --- a/charts/lightrun-agents/templates/java-agent-cr.yaml +++ b/charts/lightrun-agents/templates/java-agent-cr.yaml @@ -8,6 +8,7 @@ metadata: spec: initContainer: image: {{ .initContainer.image }} + imagePullPolicy: {{ .initContainer.imagePullPolicy | default "IfNotPresent" }} sharedVolumeName: {{ .initContainer.sharedVolumeName | default "lightrun-agent-init" }} sharedVolumeMountPath: {{ .initContainer.sharedVolumeMountPath | default "/lightrun" }} deploymentName: {{ .deploymentName }} diff --git a/charts/lightrun-agents/values.yaml b/charts/lightrun-agents/values.yaml index 62386bf..b9f2cde 100644 --- a/charts/lightrun-agents/values.yaml +++ b/charts/lightrun-agents/values.yaml @@ -17,6 +17,7 @@ javaAgents: [] # serverHostname: 'lightrun.example.com' # initContainer: # image: "lightruncom/k8s-operator-init-java-agent-linux:latest" +# imagePullPolicy: "IfNotPresent" # agentPoolCredentials: # existingSecret: "" # apiKey: "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" @@ -30,6 +31,7 @@ javaAgents: [] # namespace: 'my-namespace-2' # initContainer: # image: "lightruncom/k8s-operator-init-java-agent-linux:latest" +# imagePullPolicy: "IfNotPresent" # deploymentName: "my-deployment-2" # containerSelector: # - my-container-2 @@ -63,6 +65,7 @@ javaAgents: [] # agentCliFlags: "--lightrun_extra_class_path=:,lightrun_init_wait_time_ms" # initContainer: # image: "lightruncom/k8s-operator-init-java-agent-linux:latest" +# imagePullPolicy: "IfNotPresent" # sharedVolumeName: 'my-shared-volume' # sharedVolumeMountPath: '/mypath' # agentPoolCredentials: @@ -78,6 +81,7 @@ javaAgents: [] # namespace: 'my-namespace-2' # initContainer: # image: "lightruncom/k8s-operator-init-java-agent-linux:latest" +# imagePullPolicy: "IfNotPresent" # sharedVolumeName: 'my-shared-volume' # sharedVolumeMountPath: '/mypath' # deploymentName: "my-deployment-2" diff --git a/docs/custom_resource.md b/docs/custom_resource.md index 872b54f..040698b 100644 --- a/docs/custom_resource.md +++ b/docs/custom_resource.md @@ -11,6 +11,8 @@ spec: # agent version - first part of the tag (1.7.0) # init container sub-version - last part of the tag (init.0) image: "lightruncom/k8s-operator-init-java-agent-linux:1.7.0-init.0" + # imagePullPolicy of the init container. Can be one of: Always, IfNotPresent, or Never. + imagePullPolicy: "IfNotPresent" # Volume name in case you have some convention in the names sharedVolumeName: lightrun-agent-init # Mount path where volume will be parked. Various distributions may have it's limitations. diff --git a/internal/controller/patch_funcs.go b/internal/controller/patch_funcs.go index 68365a7..202088f 100644 --- a/internal/controller/patch_funcs.go +++ b/internal/controller/patch_funcs.go @@ -99,54 +99,57 @@ func (r *LightrunJavaAgentReconciler) addVolume(deploymentApplyConfig *appsv1ac. } func (r *LightrunJavaAgentReconciler) addInitContainer(deploymentApplyConfig *appsv1ac.DeploymentApplyConfiguration, lightrunJavaAgent *agentv1beta.LightrunJavaAgent, secret *corev1.Secret) { - - deploymentApplyConfig.Spec.Template.Spec.WithInitContainers( - corev1ac.Container(). - WithName(initContainerName). - WithImage(lightrunJavaAgent.Spec.InitContainer.Image). - WithVolumeMounts( - corev1ac.VolumeMount().WithName(lightrunJavaAgent.Spec.InitContainer.SharedVolumeName).WithMountPath("/tmp/"), - corev1ac.VolumeMount().WithName(cmVolumeName).WithMountPath("/tmp/cm/"), - ).WithEnv( - corev1ac.EnvVar().WithName("LIGHTRUN_KEY").WithValueFrom( - corev1ac.EnvVarSource().WithSecretKeyRef( - corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("lightrun_key"), - ), + spec := lightrunJavaAgent.Spec + isImagePullPolicyConfigured := spec.InitContainer.ImagePullPolicy != "" + initContainerApplyConfig := corev1ac.Container(). + WithName(initContainerName). + WithImage(spec.InitContainer.Image). + WithVolumeMounts( + corev1ac.VolumeMount().WithName(spec.InitContainer.SharedVolumeName).WithMountPath("/tmp/"), + corev1ac.VolumeMount().WithName(cmVolumeName).WithMountPath("/tmp/cm/"), + ).WithEnv( + corev1ac.EnvVar().WithName("LIGHTRUN_KEY").WithValueFrom( + corev1ac.EnvVarSource().WithSecretKeyRef( + corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("lightrun_key"), ), - corev1ac.EnvVar().WithName("PINNED_CERT").WithValueFrom( - corev1ac.EnvVarSource().WithSecretKeyRef( - corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("pinned_cert_hash"), - ), + ), + corev1ac.EnvVar().WithName("PINNED_CERT").WithValueFrom( + corev1ac.EnvVarSource().WithSecretKeyRef( + corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("pinned_cert_hash"), ), - corev1ac.EnvVar().WithName("LIGHTRUN_SERVER").WithValue(lightrunJavaAgent.Spec.ServerHostname), - ). - WithResources( - corev1ac.ResourceRequirements(). - WithLimits( - corev1.ResourceList{ - corev1.ResourceCPU: *resource.NewMilliQuantity(int64(50), resource.BinarySI), - corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), // 500 * 10^6 = 500M - }, - ).WithRequests( + ), + corev1ac.EnvVar().WithName("LIGHTRUN_SERVER").WithValue(spec.ServerHostname), + ). + WithResources( + corev1ac.ResourceRequirements(). + WithLimits( corev1.ResourceList{ corev1.ResourceCPU: *resource.NewMilliQuantity(int64(50), resource.BinarySI), - corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), + corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), // 500 * 10^6 = 500M }, - ), - ). - WithSecurityContext( - corev1ac.SecurityContext(). - WithCapabilities( - corev1ac.Capabilities().WithDrop(corev1.Capability("ALL")), - ). - WithAllowPrivilegeEscalation(false). - WithRunAsNonRoot(true). - WithSeccompProfile( - corev1ac.SeccompProfile(). - WithType(corev1.SeccompProfileTypeRuntimeDefault), - ), + ).WithRequests( + corev1.ResourceList{ + corev1.ResourceCPU: *resource.NewMilliQuantity(int64(50), resource.BinarySI), + corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), + }, ), - ) + ). + WithSecurityContext( + corev1ac.SecurityContext(). + WithCapabilities( + corev1ac.Capabilities().WithDrop(corev1.Capability("ALL")), + ). + WithAllowPrivilegeEscalation(false). + WithRunAsNonRoot(true). + WithSeccompProfile( + corev1ac.SeccompProfile(). + WithType(corev1.SeccompProfileTypeRuntimeDefault), + ), + ) + if isImagePullPolicyConfigured { + initContainerApplyConfig.WithImagePullPolicy(spec.InitContainer.ImagePullPolicy) + } + deploymentApplyConfig.Spec.Template.Spec.WithInitContainers(initContainerApplyConfig) } func (r *LightrunJavaAgentReconciler) patchAppContainers(lightrunJavaAgent *agentv1beta.LightrunJavaAgent, origDeployment *appsv1.Deployment, deploymentApplyConfig *appsv1ac.DeploymentApplyConfiguration) error { @@ -275,53 +278,57 @@ func (r *LightrunJavaAgentReconciler) addVolumeToStatefulSet(statefulSetApplyCon } func (r *LightrunJavaAgentReconciler) addInitContainerToStatefulSet(statefulSetApplyConfig *appsv1ac.StatefulSetApplyConfiguration, lightrunJavaAgent *agentv1beta.LightrunJavaAgent, secret *corev1.Secret) { - statefulSetApplyConfig.Spec.Template.Spec.WithInitContainers( - corev1ac.Container(). - WithName(initContainerName). - WithImage(lightrunJavaAgent.Spec.InitContainer.Image). - WithVolumeMounts( - corev1ac.VolumeMount().WithName(lightrunJavaAgent.Spec.InitContainer.SharedVolumeName).WithMountPath("/tmp/"), - corev1ac.VolumeMount().WithName(cmVolumeName).WithMountPath("/tmp/cm/"), - ).WithEnv( - corev1ac.EnvVar().WithName("LIGHTRUN_KEY").WithValueFrom( - corev1ac.EnvVarSource().WithSecretKeyRef( - corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("lightrun_key"), - ), + spec := lightrunJavaAgent.Spec + isImagePullPolicyConfigured := spec.InitContainer.ImagePullPolicy != "" + initContainerApplyConfig := corev1ac.Container(). + WithName(initContainerName). + WithImage(spec.InitContainer.Image). + WithVolumeMounts( + corev1ac.VolumeMount().WithName(spec.InitContainer.SharedVolumeName).WithMountPath("/tmp/"), + corev1ac.VolumeMount().WithName(cmVolumeName).WithMountPath("/tmp/cm/"), + ).WithEnv( + corev1ac.EnvVar().WithName("LIGHTRUN_KEY").WithValueFrom( + corev1ac.EnvVarSource().WithSecretKeyRef( + corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("lightrun_key"), ), - corev1ac.EnvVar().WithName("PINNED_CERT").WithValueFrom( - corev1ac.EnvVarSource().WithSecretKeyRef( - corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("pinned_cert_hash"), - ), + ), + corev1ac.EnvVar().WithName("PINNED_CERT").WithValueFrom( + corev1ac.EnvVarSource().WithSecretKeyRef( + corev1ac.SecretKeySelector().WithName(secret.Name).WithKey("pinned_cert_hash"), ), - corev1ac.EnvVar().WithName("LIGHTRUN_SERVER").WithValue(lightrunJavaAgent.Spec.ServerHostname), - ). - WithResources( - corev1ac.ResourceRequirements(). - WithLimits( - corev1.ResourceList{ - corev1.ResourceCPU: *resource.NewMilliQuantity(int64(50), resource.BinarySI), - corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), // 64M - }, - ).WithRequests( + ), + corev1ac.EnvVar().WithName("LIGHTRUN_SERVER").WithValue(spec.ServerHostname), + ). + WithResources( + corev1ac.ResourceRequirements(). + WithLimits( corev1.ResourceList{ corev1.ResourceCPU: *resource.NewMilliQuantity(int64(50), resource.BinarySI), - corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), + corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), // 64M }, - ), - ). - WithSecurityContext( - corev1ac.SecurityContext(). - WithCapabilities( - corev1ac.Capabilities().WithDrop(corev1.Capability("ALL")), - ). - WithAllowPrivilegeEscalation(false). - WithRunAsNonRoot(true). - WithSeccompProfile( - corev1ac.SeccompProfile(). - WithType(corev1.SeccompProfileTypeRuntimeDefault), - ), + ).WithRequests( + corev1.ResourceList{ + corev1.ResourceCPU: *resource.NewMilliQuantity(int64(50), resource.BinarySI), + corev1.ResourceMemory: *resource.NewScaledQuantity(int64(64), resource.Scale(6)), + }, ), - ) + ). + WithSecurityContext( + corev1ac.SecurityContext(). + WithCapabilities( + corev1ac.Capabilities().WithDrop(corev1.Capability("ALL")), + ). + WithAllowPrivilegeEscalation(false). + WithRunAsNonRoot(true). + WithSeccompProfile( + corev1ac.SeccompProfile(). + WithType(corev1.SeccompProfileTypeRuntimeDefault), + ), + ) + if isImagePullPolicyConfigured { + initContainerApplyConfig.WithImagePullPolicy(spec.InitContainer.ImagePullPolicy) + } + statefulSetApplyConfig.Spec.Template.Spec.WithInitContainers(initContainerApplyConfig) } func (r *LightrunJavaAgentReconciler) patchStatefulSetAppContainers(lightrunJavaAgent *agentv1beta.LightrunJavaAgent, origStatefulSet *appsv1.StatefulSet, statefulSetApplyConfig *appsv1ac.StatefulSetApplyConfiguration) error { From 91cf9c53ecbff74af14fc07a78689fcd6b654b4d Mon Sep 17 00:00:00 2001 From: eliranb Date: Sun, 25 May 2025 15:32:33 +0300 Subject: [PATCH 2/4] Make imagePullPolicy field optional in InitContainer configuration --- api/v1beta/lightrunjavaagent_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/v1beta/lightrunjavaagent_types.go b/api/v1beta/lightrunjavaagent_types.go index 0a096f3..73140d5 100644 --- a/api/v1beta/lightrunjavaagent_types.go +++ b/api/v1beta/lightrunjavaagent_types.go @@ -43,7 +43,7 @@ type InitContainer struct { // Image of the init container. Image name and tag will define platform and version of the agent Image string `json:"image"` // Pull policy of the init container. Can be one of: Always, IfNotPresent, or Never. - ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy"` + ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"` } // LightrunJavaAgentSpec defines the desired state of LightrunJavaAgent From c18e7e8d9a19b5bb3802c6227234bda25e62c7bf Mon Sep 17 00:00:00 2001 From: eliranb Date: Sun, 25 May 2025 15:34:45 +0300 Subject: [PATCH 3/4] update crd --- charts/lightrun-operator/crds/lightrunjavaagent_crd.yaml | 4 ++++ config/crd/bases/agents.lightrun.com_lightrunjavaagents.yaml | 4 ++++ config/samples/operator.yaml | 4 ++++ examples/operator.yaml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/charts/lightrun-operator/crds/lightrunjavaagent_crd.yaml b/charts/lightrun-operator/crds/lightrunjavaagent_crd.yaml index d748749..04a3629 100644 --- a/charts/lightrun-operator/crds/lightrunjavaagent_crd.yaml +++ b/charts/lightrun-operator/crds/lightrunjavaagent_crd.yaml @@ -98,6 +98,10 @@ spec: description: Image of the init container. Image name and tag will define platform and version of the agent type: string + imagePullPolicy: + description: 'Pull policy of the init container. Can be one of: + Always, IfNotPresent, or Never.' + type: string sharedVolumeMountPath: description: Path in the app container where volume with agent will be mounted diff --git a/config/crd/bases/agents.lightrun.com_lightrunjavaagents.yaml b/config/crd/bases/agents.lightrun.com_lightrunjavaagents.yaml index 9ca3b13..096cbb6 100644 --- a/config/crd/bases/agents.lightrun.com_lightrunjavaagents.yaml +++ b/config/crd/bases/agents.lightrun.com_lightrunjavaagents.yaml @@ -99,6 +99,10 @@ spec: description: Image of the init container. Image name and tag will define platform and version of the agent type: string + imagePullPolicy: + description: 'Pull policy of the init container. Can be one of: + Always, IfNotPresent, or Never.' + type: string sharedVolumeMountPath: description: Path in the app container where volume with agent will be mounted diff --git a/config/samples/operator.yaml b/config/samples/operator.yaml index b8c65a9..230b38d 100644 --- a/config/samples/operator.yaml +++ b/config/samples/operator.yaml @@ -110,6 +110,10 @@ spec: description: Image of the init container. Image name and tag will define platform and version of the agent type: string + imagePullPolicy: + description: 'Pull policy of the init container. Can be one of: + Always, IfNotPresent, or Never.' + type: string sharedVolumeMountPath: description: Path in the app container where volume with agent will be mounted diff --git a/examples/operator.yaml b/examples/operator.yaml index 000dfc3..0c0d456 100644 --- a/examples/operator.yaml +++ b/examples/operator.yaml @@ -100,6 +100,10 @@ spec: description: Image of the init container. Image name and tag will define platform and version of the agent type: string + imagePullPolicy: + description: 'Pull policy of the init container. Can be one of: + Always, IfNotPresent, or Never.' + type: string sharedVolumeMountPath: description: Path in the app container where volume with agent will be mounted From 4931a6bf7aceed7a284cabc2109719bae4320927 Mon Sep 17 00:00:00 2001 From: eliranb Date: Tue, 3 Jun 2025 12:54:06 +0300 Subject: [PATCH 4/4] fix PR comments --- charts/lightrun-agents/README.md | 2 +- charts/lightrun-agents/templates/java-agent-cr.yaml | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/lightrun-agents/README.md b/charts/lightrun-agents/README.md index 84ee551..ca406e1 100644 --- a/charts/lightrun-agents/README.md +++ b/charts/lightrun-agents/README.md @@ -33,7 +33,7 @@ The values.yaml file includes the following configurable parameters for each Jav | `javaAgents[].containerSelector` | Selector for containers within the deployment to inject the Lightrun Java Agent. | Required | | `javaAgents[].deploymentName` | Name of the Kubernetes deployment to attach the Lightrun Java Agent. | Required | | `javaAgents[].initContainer.image` | Image for the Lightrun Java Agent init container. | Required | -| `javaAgents[].initContainer.imagePullPolicy` | Image pull policy for the init container. Can be one of: Always, IfNotPresent, or Never. | Optional (if not provided, defaults to `"IfNotPresent"`) | +| `javaAgents[].initContainer.imagePullPolicy` | Image pull policy for the init container. Can be one of: Always, IfNotPresent, or Never. | Optional (if not provided, defaults according to [Kubernetes Default Image Pull Policy](https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting)) | | `javaAgents[].initContainer.sharedVolumeMountPath` | Mount path for the shared volume in the init container. | Optional (if not provided, defaults to `"/lightrun"`" | | `javaAgents[].initContainer.sharedVolumeName` | Name of the shared volume for the init container. | Optional (if not provided, defaults to `"lightrun-agent-init"`" | | `javaAgents[].name` | Name of the Lightrun Java Agent custom resource. | Required | diff --git a/charts/lightrun-agents/templates/java-agent-cr.yaml b/charts/lightrun-agents/templates/java-agent-cr.yaml index 0eef615..b597153 100644 --- a/charts/lightrun-agents/templates/java-agent-cr.yaml +++ b/charts/lightrun-agents/templates/java-agent-cr.yaml @@ -8,7 +8,9 @@ metadata: spec: initContainer: image: {{ .initContainer.image }} - imagePullPolicy: {{ .initContainer.imagePullPolicy | default "IfNotPresent" }} + {{- if .initContainer.imagePullPolicy }} + imagePullPolicy: {{ .initContainer.imagePullPolicy }} + {{- end }} sharedVolumeName: {{ .initContainer.sharedVolumeName | default "lightrun-agent-init" }} sharedVolumeMountPath: {{ .initContainer.sharedVolumeMountPath | default "/lightrun" }} deploymentName: {{ .deploymentName }}