Fix empty capabilities (#1380)

* helm chart remove 1.6.0 archive from 1.6.0 archive * empty pod capabilities should be nil
2021-02-22 17:27:32 +01:00 · 2021-02-22 17:27:32 +01:00 · ca968ca150
parent 648d663dbb
commit ca968ca150
4 changed files with 14 additions and 11 deletions
--- a/charts/postgres-operator-ui/postgres-operator-ui-1.6.0.tgz
+++ b/charts/postgres-operator-ui/postgres-operator-ui-1.6.0.tgz
--- a/charts/postgres-operator/postgres-operator-1.6.0.tgz
+++ b/charts/postgres-operator/postgres-operator-1.6.0.tgz
--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@ -320,14 +320,17 @@ func getLocalAndBoostrapPostgreSQLParameters(parameters map[string]string) (loca
 	return
 }
-func generateCapabilities(capabilities []string) v1.Capabilities {
+func generateCapabilities(capabilities []string) *v1.Capabilities {
 	additionalCapabilities := make([]v1.Capability, 0, len(capabilities))
 	for _, capability := range capabilities {
 		additionalCapabilities = append(additionalCapabilities, v1.Capability(strings.ToUpper(capability)))
 	}
-	return v1.Capabilities{
+	if len(additionalCapabilities) > 0 {
-		Add: additionalCapabilities,
+		return &v1.Capabilities{
 			Add: additionalCapabilities,
 		}
 	}
 	return nil
 }
 func nodeAffinity(nodeReadinessLabel map[string]string, nodeAffinity *v1.NodeAffinity) *v1.Affinity {
@ -440,7 +443,7 @@ func generateContainer(
 	envVars []v1.EnvVar,
 	volumeMounts []v1.VolumeMount,
 	privilegedMode bool,
-	additionalPodCapabilities v1.Capabilities,
+	additionalPodCapabilities *v1.Capabilities,
 ) *v1.Container {
 	return &v1.Container{
 		Name:            name,
@ -467,7 +470,7 @@ func generateContainer(
 			AllowPrivilegeEscalation: &privilegedMode,
 			Privileged:               &privilegedMode,
 			ReadOnlyRootFilesystem:   util.False(),
-			Capabilities:             &additionalPodCapabilities,
+			Capabilities:             additionalPodCapabilities,
 		},
 	}
 }
@ -1914,7 +1917,7 @@ func (c *Cluster) generateLogicalBackupJob() (*batchv1beta1.CronJob, error) {
 		envVars,
 		[]v1.VolumeMount{},
 		c.OpConfig.SpiloPrivileged, // use same value as for normal DB pods
-		v1.Capabilities{},
+		nil,
 	)
 	labels := map[string]string{
--- a/pkg/cluster/k8sres_test.go
+++ b/pkg/cluster/k8sres_test.go
@ -1496,25 +1496,25 @@ func TestGenerateCapabilities(t *testing.T) {
 	tests := []struct {
 		subTest      string
 		configured   []string
-		capabilities v1.Capabilities
+		capabilities *v1.Capabilities
 		err          error
 	}{
 		{
 			subTest:      "no capabilities",
 			configured:   nil,
-			capabilities: v1.Capabilities{Add: []v1.Capability{}},
+			capabilities: nil,
 			err:          fmt.Errorf("could not parse capabilities configuration of nil"),
 		},
 		{
 			subTest:      "empty capabilities",
 			configured:   []string{},
-			capabilities: v1.Capabilities{Add: []v1.Capability{}},
+			capabilities: nil,
 			err:          fmt.Errorf("could not parse empty capabilities configuration"),
 		},
 		{
 			subTest:    "configured capability",
 			configured: []string{"SYS_NICE"},
-			capabilities: v1.Capabilities{
+			capabilities: &v1.Capabilities{
 				Add: []v1.Capability{"SYS_NICE"},
 			},
 			err: fmt.Errorf("could not generate one configured capability"),
@ -1522,7 +1522,7 @@ func TestGenerateCapabilities(t *testing.T) {
 		{
 			subTest:    "configured capabilities",
 			configured: []string{"SYS_NICE", "CHOWN"},
-			capabilities: v1.Capabilities{
+			capabilities: &v1.Capabilities{
 				Add: []v1.Capability{"SYS_NICE", "CHOWN"},
 			},
 			err: fmt.Errorf("could not generate multiple configured capabilities"),