Merge pull request #942 from oracle/feature/sidecars

Sidecar containers

Author: rjeberhard

docs/domains/Domain.json

@@ -446,32 +446,17 @@
           "description": "Memory and cpu minimum requirements and limits for the server.",
           "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements"
         },
-        "readinessProbe": {
-          "description": "Settings for the readiness probe associated with a server.",
-          "$ref": "#/definitions/ProbeTuning"
-        },
         "annotations": {
           "description": "The annotations to be attached to generated resources.",
           "$ref": "#/definitions/Map"
         },
-        "containerSecurityContext": {
-          "description": "Container-level security attributes. Will override any matching pod-level attributes.",
-          "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
-        },
         "env": {
           "description": "A list of environment variables to add to a server",
           "type": "array",
           "items": {
             "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar"
           }
         },
-        "initContainers": {
-          "description": "Initialization containers",
-          "type": "array",
-          "items": {
-            "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
-          }
-        },
         "nodeSelector": {
           "description": "Selector which must match a node\u0027s labels for the pod to be scheduled on that node.",
           "$ref": "#/definitions/Map"
@@ -486,6 +471,28 @@
         "labels": {
           "description": "The labels to be attached to generated resources. The label names must not start with \u0027weblogic.\u0027.",
           "$ref": "#/definitions/Map"
+        },
+        "readinessProbe": {
+          "description": "Settings for the readiness probe associated with a server.",
+          "$ref": "#/definitions/ProbeTuning"
+        },
+        "containers": {
+          "description": "Additional containers to be included in the server pod.",
+          "type": "array",
+          "items": {
+            "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
+          }
+        },
+        "containerSecurityContext": {
+          "description": "Container-level security attributes. Will override any matching pod-level attributes.",
+          "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
+        },
+        "initContainers": {
+          "description": "Initialization containers",
+          "type": "array",
+          "items": {
+            "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
+          }
         }
       }
     },

docs/domains/Domain.md

@@ -100,6 +100,7 @@ ServerPod describes the configuration for a Kubernetes pod for a server.
 | Name | Type | Description |
 | --- | --- | --- |
 | annotations | Map | The annotations to be attached to generated resources. |
+| containers | array of [Container](k8s1.9.0.md#container) | Additional containers to be included in the server pod. |
 | containerSecurityContext | [Security Context](k8s1.9.0.md#security-context) | Container-level security attributes. Will override any matching pod-level attributes. |
 | env | array of [Env Var](k8s1.9.0.md#env-var) | A list of environment variables to add to a server |
 | initContainers | array of [Container](k8s1.9.0.md#container) | Initialization containers |

docs/domains/index.html

@@ -1366,32 +1366,17 @@
           "description": "Memory and cpu minimum requirements and limits for the server.",
           "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements"
         },
-        "readinessProbe": {
-          "description": "Settings for the readiness probe associated with a server.",
-          "$ref": "#/definitions/ProbeTuning"
-        },
         "annotations": {
           "description": "The annotations to be attached to generated resources.",
           "$ref": "#/definitions/Map"
         },
-        "containerSecurityContext": {
-          "description": "Container-level security attributes. Will override any matching pod-level attributes.",
-          "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
-        },
         "env": {
           "description": "A list of environment variables to add to a server",
           "type": "array",
           "items": {
             "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar"
           }
         },
-        "initContainers": {
-          "description": "Initialization containers",
-          "type": "array",
-          "items": {
-            "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
-          }
-        },
         "nodeSelector": {
           "description": "Selector which must match a node\u0027s labels for the pod to be scheduled on that node.",
           "$ref": "#/definitions/Map"
@@ -1406,6 +1391,28 @@
         "labels": {
           "description": "The labels to be attached to generated resources. The label names must not start with \u0027weblogic.\u0027.",
           "$ref": "#/definitions/Map"
+        },
+        "readinessProbe": {
+          "description": "Settings for the readiness probe associated with a server.",
+          "$ref": "#/definitions/ProbeTuning"
+        },
+        "containers": {
+          "description": "Additional containers to be included in the server pod.",
+          "type": "array",
+          "items": {
+            "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
+          }
+        },
+        "containerSecurityContext": {
+          "description": "Container-level security attributes. Will override any matching pod-level attributes.",
+          "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
+        },
+        "initContainers": {
+          "description": "Initialization containers",
+          "type": "array",
+          "items": {
+            "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
+          }
         }
       }
     },

docs/domains/k8s1.9.0.md

@@ -43,30 +43,6 @@ SecretReference represents a Secret Reference. It has enough information to retr
 | name | string | Name is unique within a namespace to reference a secret resource. |
 | namespace | string | Namespace defines the space within which the secret name must be unique. |
 
-### Security Context
-
-SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
-
-| Name | Type | Description |
-| --- | --- | --- |
-| allowPrivilegeEscalation | boolean | AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN |
-| capabilities | [Capabilities](#capabilities) | The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. |
-| privileged | boolean | Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. |
-| readOnlyRootFilesystem | boolean | Whether this container has a read-only root filesystem. Default is false. |
-| runAsNonRoot | boolean | Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
-| runAsUser | integer | The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
-| seLinuxOptions | [SE Linux Options](#se-linux-options) | The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container.  May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
-
-### Env Var
-
-EnvVar represents an environment variable present in a Container.
-
-| Name | Type | Description |
-| --- | --- | --- |
-| name | string | Name of the environment variable. Must be a C_IDENTIFIER. |
-| value | string | Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". |
-| valueFrom | [Env Var Source](#env-var-source) | Source for the environment variable's value. Cannot be used if value is not empty. |
-
 ### Container
 
 A single application container that you want to run within a pod.
@@ -95,6 +71,30 @@ A single application container that you want to run within a pod.
 | volumeMounts | array of [Volume Mount](#volume-mount) | Pod volumes to mount into the container's filesystem. Cannot be updated. |
 | workingDir | string | Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. |
 
+### Security Context
+
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| Name | Type | Description |
+| --- | --- | --- |
+| allowPrivilegeEscalation | boolean | AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN |
+| capabilities | [Capabilities](#capabilities) | The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. |
+| privileged | boolean | Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. |
+| readOnlyRootFilesystem | boolean | Whether this container has a read-only root filesystem. Default is false. |
+| runAsNonRoot | boolean | Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
+| runAsUser | integer | The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
+| seLinuxOptions | [SE Linux Options](#se-linux-options) | The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container.  May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
+
+### Env Var
+
+EnvVar represents an environment variable present in a Container.
+
+| Name | Type | Description |
+| --- | --- | --- |
+| name | string | Name of the environment variable. Must be a C_IDENTIFIER. |
+| value | string | Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". |
+| valueFrom | [Env Var Source](#env-var-source) | Source for the environment variable's value. Cannot be used if value is not empty. |
+
 ### Pod Security Context
 
 PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext.  Field values of container.securityContext take precedence over field values of PodSecurityContext.
@@ -178,62 +178,62 @@ Volume represents a named volume in a pod that may be accessed by any container
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Capabilities
+### Env Var
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### SE Linux Options
+### Env From Source
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Env Var Source
+### Lifecycle
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Env Var
+### Probe
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Env From Source
+### Container Port
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Lifecycle
+### Resource Requirements
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Probe
+### Security Context
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Container Port
+### Volume Device
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Resource Requirements
+### Volume Mount
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Security Context
+### Capabilities
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Volume Device
+### SE Linux Options
 
 | Name | Type | Description |
 | --- | --- | --- |
 
-### Volume Mount
+### Env Var Source
 
 | Name | Type | Description |
 | --- | --- | --- |

model/src/main/java/oracle/kubernetes/weblogic/domain/ClusterConfigurator.java

@@ -88,6 +88,8 @@ ClusterConfigurator withLivenessProbeSettings(
 
   ClusterConfigurator withInitContainer(V1Container initContainer);
 
+  ClusterConfigurator withContainer(V1Container container);
+
   ClusterConfigurator withPodLabel(String name, String value);
 
   ClusterConfigurator withPodAnnotation(String name, String value);

model/src/main/java/oracle/kubernetes/weblogic/domain/DomainConfigurator.java

@@ -203,6 +203,8 @@ protected DomainSpec getDomainSpec() {
 
   public abstract DomainConfigurator withInitContainer(V1Container initContainer);
 
+  public abstract DomainConfigurator withContainer(V1Container container);
+
   public abstract DomainConfigurator withPodLabel(String name, String value);
 
   public abstract DomainConfigurator withPodAnnotation(String name, String value);

model/src/main/java/oracle/kubernetes/weblogic/domain/ServerConfigurator.java

@@ -84,6 +84,8 @@ ServerConfigurator withReadinessProbeSettings(
 
   ServerConfigurator withInitContainer(V1Container initContainer);
 
+  ServerConfigurator withContainer(V1Container container);
+
   ServerConfigurator withPodLabel(String name, String value);
 
   ServerConfigurator withPodAnnotation(String name, String value);

model/src/main/java/oracle/kubernetes/weblogic/domain/model/BaseConfiguration.java

@@ -205,6 +205,10 @@ void addInitContainer(V1Container initContainer) {
     serverPod.addInitContainer(initContainer);
   }
 
+  void addContainer(V1Container container) {
+    serverPod.addContainer(container);
+  }
+
   Map<String, String> getPodLabels() {
     return serverPod.getLabels();
   }
@@ -245,6 +249,10 @@ public List<V1Container> getInitContainers() {
     return serverPod.getInitContainers();
   }
 
+  public List<V1Container> getContainers() {
+    return serverPod.getContainers();
+  }
+
   void addServiceAnnotation(String name, String value) {
     serverService.addAnnotations(name, value);
   }

model/src/main/java/oracle/kubernetes/weblogic/domain/model/ClusterSpec.java

@@ -52,4 +52,14 @@ public abstract class ClusterSpec {
   public List<V1Container> getInitContainers() {
     return Collections.emptyList();
   }
+
+  /**
+   * Returns the list of additional containers.
+   *
+   * @return a list of containers
+   */
+  @Nonnull
+  public List<V1Container> getContainers() {
+    return Collections.emptyList();
+  }
 }

model/src/main/java/oracle/kubernetes/weblogic/domain/model/ClusterSpecCommonImpl.java

@@ -44,4 +44,9 @@ public Map<String, String> getClusterAnnotations() {
   public List<V1Container> getInitContainers() {
     return cluster.getInitContainers();
   }
+
+  @Override
+  public List<V1Container> getContainers() {
+    return cluster.getContainers();
+  }
 }