feat: add version probe job overrides (#153)

Co-authored-by: Pervakov Grigorii <pervakov.grigory@gmail.com>

Author: ashishch432

Makefile

@@ -394,6 +394,10 @@ $(ACTIONLINT): $(LOCALBIN)
 	$(call go-install-tool,$(ACTIONLINT),github.com/rhysd/actionlint/cmd/actionlint,$(ACTIONLINT_VERSION))
 
 CRD_BASE_REF ?= origin/main
+# Violations from embedded Kubernetes core types (securityContext bools, resource maps, etc.)
+# that are structural to the k8s API, not operator design choices. These are automatically
+# suppressed by ratcheting for existing fields, but appear when adding new fields that embed core types.
+CRD_COMPAT_EMBEDDED_TYPE_RE := (securityContext|windowsOptions)\.|metadata\.(labels|annotations) |resources\.(limits|requests) |nodeSelector
 .PHONY: check-crd-compat
 check-crd-compat: crd-schema-checker ## Check CRD backward compatibility against $(CRD_BASE_REF).
 	@FAILED=0; \
@@ -405,7 +409,11 @@ check-crd-compat: crd-schema-checker ## Check CRD backward compatibility against
 			rm -f "$$BASELINE"; \
 			continue; \
 		fi; \
-		if ! $(CRD_SCHEMA_CHECKER) check-manifests --existing-crd-filename="$$BASELINE" --new-crd-filename="$$crd"; then \
+		ERRORS=$$($(CRD_SCHEMA_CHECKER) check-manifests \
+			--existing-crd-filename="$$BASELINE" --new-crd-filename="$$crd" 2>&1 \
+			| grep -v -E '$(CRD_COMPAT_EMBEDDED_TYPE_RE)' || true); \
+		if [ -n "$$ERRORS" ]; then \
+			echo "$$ERRORS"; \
 			FAILED=1; \
 		fi; \
 		rm -f "$$BASELINE"; \

api/v1alpha1/clickhousecluster_types.go

@@ -76,6 +76,10 @@ type ClickHouseClusterSpec struct {
 	// +optional
 	// +kubebuilder:validation:Pattern=`^(lts|stable|\d+\.\d+)?$`
 	UpgradeChannel string `json:"upgradeChannel,omitempty"`
+
+	// VersionProbeTemplate overrides for the version detection Job.
+	// +optional
+	VersionProbeTemplate *VersionProbeTemplate `json:"versionProbeTemplate,omitempty"`
 }
 
 // WithDefaults sets default values for ClickHouseClusterSpec fields.

api/v1alpha1/common.go

@@ -426,3 +426,91 @@ func formatPodHostname(stsName, serviceName, namespace, domain string) string {
 
 	return fmt.Sprintf("%s-0.%s.%s.svc.%s", stsName, serviceName, namespace, domain)
 }
+
+// TemplateMeta defines supported metadata settings for template objects.
+type TemplateMeta struct {
+	// Labels are labels applied to the template objects.
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+	// Annotations are annotations applied to the template objects.
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// VersionProbeTemplate defines overrides for the version detection Job.
+// The structure mirrors batchv1.JobTemplateSpec, exposing only supported fields.
+type VersionProbeTemplate struct {
+	// Metadata applied to the version probe Job.
+	// +optional
+	Metadata TemplateMeta `json:"metadata,omitempty"`
+
+	// Specification of the desired behavior of the version probe Job.
+	// +optional
+	Spec VersionProbeJobSpec `json:"spec,omitempty"`
+}
+
+// VersionProbeJobSpec defines Job-level overrides for the version probe.
+type VersionProbeJobSpec struct {
+	// TTLSecondsAfterFinished limits the lifetime of a completed Job.
+	// +optional
+	TTLSecondsAfterFinished *int32 `json:"ttlSecondsAfterFinished,omitempty"`
+
+	// Template describes the pod that will be created for the version probe Job.
+	// +optional
+	Template VersionProbePodTemplate `json:"template,omitempty"`
+}
+
+// VersionProbePodTemplate describes overrides for the version probe Pod.
+type VersionProbePodTemplate struct {
+	// Metadata applied to version probe Pods.
+	// +optional
+	Metadata TemplateMeta `json:"metadata,omitempty"`
+
+	// Specification of the desired behavior of the version probe Pod.
+	// +optional
+	Spec VersionProbePodSpec `json:"spec,omitempty"`
+}
+
+// VersionProbePodSpec defines Pod-level overrides for the version probe.
+// Field names and JSON tags match corev1.PodSpec for strategic merge patch compatibility.
+type VersionProbePodSpec struct {
+	// NodeSelector constrains the version probe Pod to nodes with matching labels.
+	// +optional
+	// +mapType=atomic
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+	// Tolerations for the version probe Pod.
+	// +optional
+	// +listType=atomic
+	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+
+	// SecurityContext holds pod-level security attributes for the version probe Pod.
+	// +optional
+	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+
+	// Containers overrides for the version probe Pod.
+	// The name field is optional — the operator fills it with default container.
+	// Additional container with the different name may be specified.
+	// +optional
+	// +listType=map
+	// +listMapKey=name
+	Containers []VersionProbeContainer `json:"containers,omitempty"`
+}
+
+// VersionProbeContainer defines container-level overrides for the version probe.
+// Field names and JSON tags match corev1.Container so that SMP merges by name.
+type VersionProbeContainer struct {
+	// Name of the container. If empty, the operator sets it to the version probe container name.
+	// +kubebuilder:default:=version-probe
+	Name string `json:"name"`
+
+	// Resources are the compute resource requirements for the version probe container.
+	// Deep-merged with operator defaults via SMP.
+	// +optional
+	Resources corev1.ResourceRequirements `json:"resources,omitempty"`
+
+	// SecurityContext defines the security options for the version probe container.
+	// Deep-merged with operator defaults via SMP.
+	// +optional
+	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
+}

api/v1alpha1/defaults.go

@@ -33,4 +33,6 @@ const (
 	// DefaultClusterDomain is the default Kubernetes cluster domain suffix for DNS resolution.
 	DefaultClusterDomain = "cluster.local"
 	DefaultAccessMode    = corev1.ReadWriteOnce
+
+	VersionProbeContainerName = "version-probe"
 )

api/v1alpha1/keepercluster_types.go

@@ -64,6 +64,10 @@ type KeeperClusterSpec struct {
 	// +optional
 	// +kubebuilder:validation:Pattern=`^(lts|stable|\d+\.\d+)?$`
 	UpgradeChannel string `json:"upgradeChannel,omitempty"`
+
+	// VersionProbeTemplate overrides for the version detection Job.
+	// +optional
+	VersionProbeTemplate *VersionProbeTemplate `json:"versionProbeTemplate,omitempty"`
 }
 
 // WithDefaults sets default values for KeeperClusterSpec fields.