diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 7f52ac3..df98059 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -17,6 +17,7 @@ spec: capabilities: drop: - "ALL" + readOnlyRootFilesystem: true runAsNonRoot: true image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 args: diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 968b8d2..cc3bd28 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -15,4 +15,5 @@ spec: capabilities: drop: - "ALL" + readOnlyRootFilesystem: true runAsNonRoot: true diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index fa8c9c5..ce72c87 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -79,6 +79,7 @@ spec: capabilities: drop: - "ALL" + readOnlyRootFilesystem: true runAsNonRoot: true livenessProbe: httpGet: diff --git a/pkg/k8sutil/haProxy.go b/pkg/k8sutil/haProxy.go index fbcc19d..e80bbb9 100644 --- a/pkg/k8sutil/haProxy.go +++ b/pkg/k8sutil/haProxy.go @@ -434,8 +434,8 @@ func calculateHash(data map[string]string) string { // Iterate over the sorted keys and write key-value pairs to the hash for _, k := range keys { - hash.Write([]byte(k)) - hash.Write([]byte(data[k])) + _, _ = hash.Write([]byte(k)) + _, _ = hash.Write([]byte(data[k])) } // Get the final hash and convert to hexadecimal string diff --git a/pkg/k8sutil/marklogicServer.go b/pkg/k8sutil/marklogicServer.go index 1342431..e659ac8 100644 --- a/pkg/k8sutil/marklogicServer.go +++ b/pkg/k8sutil/marklogicServer.go @@ -187,12 +187,13 @@ func (cc *ClusterContext) ReconsileMarklogicCluster() (reconcile.Result, error) err = cc.Client.Create(ctx, markLogicGroupDef) if err != nil { logger.Error(err, "Failed to create markLogicCluster") + return result.Error(err).Output() } logger.Info("Created new MarkLogic Server resource") - _, _ = result.Done().Output() } else { logger.Error(err, "Failed to get MarkLogicGroup resource") + return result.Error(err).Output() } } else { patchDiff, err := patch.DefaultPatchMaker.Calculate(currentMlg, markLogicGroupDef, diff --git a/pkg/k8sutil/statefulset.go b/pkg/k8sutil/statefulset.go index e879bca..b06bd02 100644 --- a/pkg/k8sutil/statefulset.go +++ b/pkg/k8sutil/statefulset.go @@ -543,7 +543,12 @@ func generatePVCTemplate(persistence *marklogicv1.Persistence) corev1.Persistent pvcTemplate := corev1.PersistentVolumeClaim{} pvcTemplate.CreationTimestamp = metav1.Time{} pvcTemplate.ObjectMeta.Name = "datadir" - if persistence != nil && persistence.StorageClassName != "" { + + if persistence == nil { + return pvcTemplate + } + + if persistence.StorageClassName != "" { pvcTemplate.Spec.StorageClassName = &persistence.StorageClassName } pvcTemplate.Spec.AccessModes = persistence.AccessModes @@ -557,8 +562,12 @@ func generatePVCTemplate(persistence *marklogicv1.Persistence) corev1.Persistent func getEnvironmentVariables(containerParams containerParameters) []corev1.EnvVar { envVars := []corev1.EnvVar{} groupName := "Default" - if containerParams.GroupConfig != nil && containerParams.GroupConfig.Name != "" { - groupName = containerParams.GroupConfig.Name + enableXdqpSsl := false + if containerParams.GroupConfig != nil { + if containerParams.GroupConfig.Name != "" { + groupName = containerParams.GroupConfig.Name + } + enableXdqpSsl = containerParams.GroupConfig.EnableXdqpSsl } envVars = append(envVars, corev1.EnvVar{ Name: "MARKLOGIC_ADMIN_USERNAME_FILE", @@ -580,7 +589,7 @@ func getEnvironmentVariables(containerParams containerParameters) []corev1.EnvVa Value: groupName, }, corev1.EnvVar{ Name: "XDQP_SSL_ENABLED", - Value: strconv.FormatBool(containerParams.GroupConfig.EnableXdqpSsl), + Value: strconv.FormatBool(enableXdqpSsl), }, corev1.EnvVar{ Name: "MARKLOGIC_CLUSTER_TYPE", Value: "bootstrap",