Merge branch 'master' of github.com:zalando/postgres-operator

2021-02-22 17:28:07 +01:00 · 2021-02-22 17:28:07 +01:00 · e438ff5628
parent 29b025765a ca968ca150
commit e438ff5628
2 changed files with 14 additions and 11 deletions
--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@ -320,15 +320,18 @@ func getLocalAndBoostrapPostgreSQLParameters(parameters map[string]string) (loca
 	return
 }

-func generateCapabilities(capabilities []string) v1.Capabilities {
+func generateCapabilities(capabilities []string) *v1.Capabilities {
 	additionalCapabilities := make([]v1.Capability, 0, len(capabilities))
 	for _, capability := range capabilities {
 		additionalCapabilities = append(additionalCapabilities, v1.Capability(strings.ToUpper(capability)))
 	}
-	return v1.Capabilities{
+	if len(additionalCapabilities) > 0 {
+		return &v1.Capabilities{
 			Add: additionalCapabilities,
 		}
 	}
+	return nil
+}

 func nodeAffinity(nodeReadinessLabel map[string]string, nodeAffinity *v1.NodeAffinity) *v1.Affinity {
 	if len(nodeReadinessLabel) == 0 && nodeAffinity == nil {
@ -440,7 +443,7 @@ func generateContainer(
 	envVars []v1.EnvVar,
 	volumeMounts []v1.VolumeMount,
 	privilegedMode bool,
-	additionalPodCapabilities v1.Capabilities,
+	additionalPodCapabilities *v1.Capabilities,
 ) *v1.Container {
 	return &v1.Container{
 		Name:            name,
@ -467,7 +470,7 @@ func generateContainer(
 			AllowPrivilegeEscalation: &privilegedMode,
 			Privileged:               &privilegedMode,
 			ReadOnlyRootFilesystem:   util.False(),
-			Capabilities:             &additionalPodCapabilities,
+			Capabilities:             additionalPodCapabilities,
 		},
 	}
 }
@ -1914,7 +1917,7 @@ func (c *Cluster) generateLogicalBackupJob() (*batchv1beta1.CronJob, error) {
 		envVars,
 		[]v1.VolumeMount{},
 		c.OpConfig.SpiloPrivileged, // use same value as for normal DB pods
-		v1.Capabilities{},
+		nil,
 	)

 	labels := map[string]string{
--- a/pkg/cluster/k8sres_test.go
+++ b/pkg/cluster/k8sres_test.go
@ -1496,25 +1496,25 @@ func TestGenerateCapabilities(t *testing.T) {
 	tests := []struct {
 		subTest      string
 		configured   []string
-		capabilities v1.Capabilities
+		capabilities *v1.Capabilities
 		err          error
 	}{
 		{
 			subTest:      "no capabilities",
 			configured:   nil,
-			capabilities: v1.Capabilities{Add: []v1.Capability{}},
+			capabilities: nil,
 			err:          fmt.Errorf("could not parse capabilities configuration of nil"),
 		},
 		{
 			subTest:      "empty capabilities",
 			configured:   []string{},
-			capabilities: v1.Capabilities{Add: []v1.Capability{}},
+			capabilities: nil,
 			err:          fmt.Errorf("could not parse empty capabilities configuration"),
 		},
 		{
 			subTest:    "configured capability",
 			configured: []string{"SYS_NICE"},
-			capabilities: v1.Capabilities{
+			capabilities: &v1.Capabilities{
 				Add: []v1.Capability{"SYS_NICE"},
 			},
 			err: fmt.Errorf("could not generate one configured capability"),
@ -1522,7 +1522,7 @@ func TestGenerateCapabilities(t *testing.T) {
 		{
 			subTest:    "configured capabilities",
 			configured: []string{"SYS_NICE", "CHOWN"},
-			capabilities: v1.Capabilities{
+			capabilities: &v1.Capabilities{
 				Add: []v1.Capability{"SYS_NICE", "CHOWN"},
 			},
 			err: fmt.Errorf("could not generate multiple configured capabilities"),