add kerberos envs

smiletan · smiletan · commit 344881f923c0 · 2025-05-29T15:30:55.000+08:00
diff --git a/pkg/common/utils/resource/pod.go b/pkg/common/utils/resource/pod.go
@@ -562,23 +562,37 @@ func buildKerberosEnv(info *v1.KerberosInfo, config map[string]interface{}, comp
 		return nil
 	}
 
+	return buildKerberosEnvUseSecretMountPath(info.KeytabPath, config, string(componentType))
+}
+
+func BuildKerberosEnvForDDC(info *dv1.KerberosInfo, config map[string]interface{}, componentType dv1.DisaggregatedComponentType)[]corev1.EnvVar {
+	if info == nil {
+		return nil
+	}
+
+	return  buildKerberosEnvUseSecretMountPath(info.KeytabPath, config, string(componentType))
+}
+
+func buildKerberosEnvUseSecretMountPath(keytabPath string, config map[string]interface{}, componentType string) []corev1.EnvVar {
 	var krb5ConfPath string
 	switch componentType {
-	case v1.Component_FE:
+	case string(v1.Component_FE), string(dv1.DisaggregatedFE):
 		krb5ConfPath = kerberos.GetKrb5ConfFromJavaOpts(config)
-	case v1.Component_BE, v1.Component_CN:
+	case string(v1.Component_BE), string(v1.Component_CN), string(dv1.DisaggregatedBE):
 		// be config krb5.conf file must set 'kerberos_krb5_conf_path' in be.conf
 		// https://doris.apache.org/docs/3.0/lakehouse/datalake-analytics/hive?_highlight=kerberos_krb5_conf_path#connect-to-kerberos-enabled-hive
 		if value, exists := config["kerberos_krb5_conf_path"]; exists {
 			krb5ConfPath = value.(string)
 		} else {
 			krb5ConfPath = kerberos.KRB5_DEFAULT_CONFIG
 		}
+	default:
+		klog.Errorf("BuildKerberosEnvUseSecretMountPath, componentType %s not supported.", componentType)
 	}
 
 	keytabFinalUsedPath := keytab_default_mount_path
-	if info.KeytabPath != "" {
-		keytabFinalUsedPath = info.KeytabPath
+	if keytabPath != "" {
+		keytabFinalUsedPath = keytabPath
 	}
 
 	return []corev1.EnvVar{
diff --git a/pkg/controller/sub_controller/disaggregated_cluster/computegroups/statefulset.go b/pkg/controller/sub_controller/disaggregated_cluster/computegroups/statefulset.go
@@ -116,7 +116,7 @@ func (dcgs *DisaggregatedComputeGroupsController) NewPodTemplateSpec(ddc *dv1.Do
 	}
 
 	//add last supplementary spec. if add new config in ddc spec and the config need add in pod, use the follow function to add.
-	dcgs.DisaggregatedSubDefaultController.AddClusterSpecForPodTemplate(dv1.DisaggregatedBE, &ddc.Spec, &pts)
+	dcgs.DisaggregatedSubDefaultController.AddClusterSpecForPodTemplate(dv1.DisaggregatedBE, cvs, &ddc.Spec, &pts)
 	cgUniqueId := selector[dv1.DorisDisaggregatedComputeGroupUniqueId]
 	pts.Spec.Affinity = dcgs.ConstructDefaultAffinity(dv1.DorisDisaggregatedComputeGroupUniqueId, cgUniqueId, pts.Spec.Affinity)
 
diff --git a/pkg/controller/sub_controller/disaggregated_cluster/disaggregated_fe/statefulset.go b/pkg/controller/sub_controller/disaggregated_cluster/disaggregated_fe/statefulset.go
@@ -61,7 +61,7 @@ func (dfc *DisaggregatedFEController) NewStatefulset(ddc *v1.DorisDisaggregatedC
 	_, _, vcts := dfc.BuildVolumesVolumeMountsAndPVCs(confMap, v1.DisaggregatedFE, &spec.CommonSpec)
 	pts := dfc.NewPodTemplateSpec(ddc, confMap)
 	//add last supplementary spec. if add new config in ddc spec and the config need add in pod, use the follow function to add.
-	dfc.DisaggregatedSubDefaultController.AddClusterSpecForPodTemplate(v1.DisaggregatedFE, &ddc.Spec, &pts)
+	dfc.DisaggregatedSubDefaultController.AddClusterSpecForPodTemplate(v1.DisaggregatedFE,confMap, &ddc.Spec, &pts)
 	st := dfc.NewDefaultStatefulset(ddc)
 	//metadata
 	func() {
diff --git a/pkg/controller/sub_controller/disaggregated_subcontroller.go b/pkg/controller/sub_controller/disaggregated_subcontroller.go
@@ -295,8 +295,7 @@ func (d *DisaggregatedSubDefaultController) GetManagementAdminUserAndPWD(ctx con
 }
 
 // add cluster specification on container spec. this is useful to add common spec on different type pods, example: kerberos volume for fe and be.
-func(d *DisaggregatedSubDefaultController) AddClusterSpecForPodTemplate(componentType v1.DisaggregatedComponentType, spec *v1.DorisDisaggregatedClusterSpec, pts *corev1.PodTemplateSpec){
-	//TODO: realize the kerberos volumeMounts added.
+func(d *DisaggregatedSubDefaultController) AddClusterSpecForPodTemplate(componentType v1.DisaggregatedComponentType, configMap map[string]interface{}, spec *v1.DorisDisaggregatedClusterSpec, pts *corev1.PodTemplateSpec){
 	var c *corev1.Container
 	switch componentType {
 	case v1.DisaggregatedFE:
@@ -319,6 +318,12 @@ func(d *DisaggregatedSubDefaultController) AddClusterSpecForPodTemplate(componen
 		return
 	}
 
+	//add pod envs
+	envs := resource.BuildKerberosEnvForDDC(spec.KerberosInfo, configMap, componentType)
+	if len(envs) != 0 {
+		c.Env = append(c.Env, envs...)
+	}
+
 	//add kerberos volumeMounts and volumes
 	volumes, volumeMounts := resource.GetDv1KerberosVolumeAndVolumeMount(spec.KerberosInfo)
 	if len(volumeMounts) != 0 {

Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@ func (dcgs DisaggregatedComputeGroupsController) NewPodTemplateSpec(ddc dv1.Do`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`//add last supplementary spec. if add new config in ddc spec and the config need add in pod, use the follow function to add.`
`119`		`- dcgs.DisaggregatedSubDefaultController.AddClusterSpecForPodTemplate(dv1.DisaggregatedBE, &ddc.Spec, &pts)`
	`119`	`+ dcgs.DisaggregatedSubDefaultController.AddClusterSpecForPodTemplate(dv1.DisaggregatedBE, cvs, &ddc.Spec, &pts)`
`120`	`120`	`cgUniqueId := selector[dv1.DorisDisaggregatedComputeGroupUniqueId]`
`121`	`121`	`pts.Spec.Affinity = dcgs.ConstructDefaultAffinity(dv1.DorisDisaggregatedComputeGroupUniqueId, cgUniqueId, pts.Spec.Affinity)`
`122`	`122`