This repository has been archived by the owner on Jul 18, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathjob.go
181 lines (170 loc) · 5.09 KB
/
job.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
package k8s
import (
"context"
"fmt"
"log"
batchv1 "k8s.io/api/batch/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
)
const (
// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
PullAlways v1.PullPolicy = "Always"
// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
PullNever v1.PullPolicy = "Never"
// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
PullIfNotPresent v1.PullPolicy = "IfNotPresent"
)
type AssumeJobSpec struct {
AccountId string
JobName string
JobNamespace string
ServiceAccountName string
CredsVolName string
CredsVolPath string
OutputVolName string
OutputVolPath string
AssumeName string
AssumeImage string
AssumeCmd []string
AssumeArgs []string
InventoryName string
InventoryImage string
InventoryCmd []string
InventoryArgs []string
UploadName string
UploadImage string
UploadCmd []string
UploadArgs []string
}
func CreateJob(assumeJobSpec *AssumeJobSpec) {
// creates the in-cluster config
config, err := rest.InClusterConfig()
if err != nil {
panic(err.Error())
}
// creates the clientset
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
panic(err.Error())
}
// get jobs collection in the inventory namespace
jobs := clientset.BatchV1().Jobs(assumeJobSpec.JobNamespace)
var backOffLimit int32 = 0
// Clean up finished jobs immediately after they are finished:
// https://kubernetes.io/docs/concepts/workloads/controllers/job/#ttl-mechanism-for-finished-jobs
var ttl int32 = 0
// create new job spec
//var runAsUser int64 = 999
jobSpec := &batchv1.Job{
ObjectMeta: metav1.ObjectMeta{
GenerateName: fmt.Sprintf("%s-", assumeJobSpec.JobName),
Namespace: assumeJobSpec.JobNamespace,
},
Spec: batchv1.JobSpec{
TTLSecondsAfterFinished: &ttl,
Template: v1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{
"app": "inventory",
"component": "runner",
"cloud": "aws",
},
},
Spec: v1.PodSpec{
//SecurityContext: &v1.PodSecurityContext{
// RunAsUser: &runAsUser, // psp
// SeccompProfile: &v1.SeccompProfile{
// Type: "RuntimeDefault", // psp
// },
//},
Volumes: []v1.Volume{
{
Name: assumeJobSpec.CredsVolName,
VolumeSource: v1.VolumeSource{
EmptyDir: &v1.EmptyDirVolumeSource{},
},
},
{
Name: assumeJobSpec.OutputVolName,
VolumeSource: v1.VolumeSource{
EmptyDir: &v1.EmptyDirVolumeSource{},
},
},
},
InitContainers: []v1.Container{
{
Name: assumeJobSpec.AssumeName,
Image: assumeJobSpec.AssumeImage,
ImagePullPolicy: PullAlways,
Command: assumeJobSpec.AssumeCmd,
Args: assumeJobSpec.AssumeArgs,
VolumeMounts: []v1.VolumeMount{
{
Name: assumeJobSpec.CredsVolName,
MountPath: assumeJobSpec.CredsVolPath,
},
},
},
{
Name: assumeJobSpec.InventoryName,
Image: assumeJobSpec.InventoryImage,
ImagePullPolicy: PullAlways,
Command: assumeJobSpec.InventoryCmd,
Args: assumeJobSpec.InventoryArgs,
VolumeMounts: []v1.VolumeMount{
{
Name: assumeJobSpec.CredsVolName,
MountPath: assumeJobSpec.CredsVolPath,
},
{
Name: assumeJobSpec.OutputVolName,
MountPath: assumeJobSpec.OutputVolPath,
},
},
Env: []v1.EnvVar{
{
Name: "AWS_SHARED_CREDENTIALS_FILE",
Value: assumeJobSpec.CredsVolPath + "/creds",
},
{
// Clear the web indentity token
// so the mounted AWS profile is used
// instead of IRSA
Name: "AWS_WEB_IDENTITY_TOKEN_FILE",
Value: "",
},
},
},
},
Containers: []v1.Container{
{
Name: assumeJobSpec.UploadName,
Image: assumeJobSpec.UploadImage,
ImagePullPolicy: PullAlways,
Command: assumeJobSpec.UploadCmd,
Args: assumeJobSpec.UploadArgs,
VolumeMounts: []v1.VolumeMount{
{
Name: assumeJobSpec.OutputVolName,
MountPath: assumeJobSpec.OutputVolPath,
},
},
},
},
RestartPolicy: v1.RestartPolicyNever,
ServiceAccountName: assumeJobSpec.ServiceAccountName,
},
},
BackoffLimit: &backOffLimit,
},
}
job, err := jobs.Create(context.TODO(), jobSpec, metav1.CreateOptions{})
if err != nil {
log.Fatalf("Failed to create K8s job. Error: %v\n", err)
}
//print job details
fmt.Printf("Job \"%s\" created successfully\n", job.ObjectMeta.Name)
}