From 4d16c3ae44a2b8b2919e251220e92eb45359bb94 Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Wed, 8 Feb 2023 18:32:54 +0100 Subject: [PATCH] added stagingServiceAccountName small refactor of the staging job func --- .golangci.yml | 2 +- helm-charts | 2 +- internal/api/v1/application/stage.go | 61 ++++++++++++---------------- internal/cli/server.go | 6 +++ 4 files changed, 33 insertions(+), 38 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b20b2bed9cb..1c6cc372162 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -30,7 +30,7 @@ linters-settings: severity: warning funlen: # Checks the number of lines in a function. Default: 60 - lines: 270 + lines: 250 # Checks the number of statements in a function. Default: 40 statements: 110 diff --git a/helm-charts b/helm-charts index cb6ebc878da..79337a0e7d5 160000 --- a/helm-charts +++ b/helm-charts @@ -1 +1 @@ -Subproject commit cb6ebc878da0a7d0fc71aa1b57cab0d30d2786a3 +Subproject commit 79337a0e7d5c8cfb39798ca445a33a9932245365 diff --git a/internal/api/v1/application/stage.go b/internal/api/v1/application/stage.go index 34fd9cbfeef..c9952bd014c 100644 --- a/internal/api/v1/application/stage.go +++ b/internal/api/v1/application/stage.go @@ -48,6 +48,7 @@ type stageParam struct { BuilderImage string DownloadImage string UnpackImage string + ServiceAccountName string Environment models.EnvVariableList Owner metav1.OwnerReference RegistryURL string @@ -218,11 +219,14 @@ func (hc Controller) Stage(c *gin.Context) apierror.APIErrors { } } + serviceAccountName := viper.GetString("staging-service-account-name") + params := stageParam{ AppRef: req.App, BuilderImage: builderImage, DownloadImage: downloadImage, UnpackImage: unpackImage, + ServiceAccountName: serviceAccountName, BlobUID: blobUID, Environment: environment.List(), Owner: owner, @@ -360,11 +364,6 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) { previous := app previous.Stage = models.NewStage(app.PreviousStageID) - protocol := "http" - if app.S3ConnectionDetails.UseSSL { - protocol = "https" - } - // TODO: Simplify env setup -- https://github.com/epinio/epinio/issues/1176 // Note: `source` is required because the mounted files are not executable. @@ -379,32 +378,19 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) { buildpackScript := fmt.Sprintf(`source /stage-support/%s`, helmchart.EpinioStageBuild) // build configuration - stageEnv := []corev1.EnvVar{ - { - Name: "PROTOCOL", - Value: protocol, - }, - { - Name: "ENDPOINT", - Value: app.S3ConnectionDetails.Endpoint, - }, - { - Name: "BUCKET", - Value: app.S3ConnectionDetails.Bucket, - }, - { - Name: "BLOBID", - Value: app.BlobUID, - }, - { - Name: "PREIMAGE", - Value: previous.ImageURL(previous.RegistryURL), - }, - { - Name: "APPIMAGE", - Value: app.ImageURL(app.RegistryURL), - }, + stageEnv := []corev1.EnvVar{} + + protocol := "http" + if app.S3ConnectionDetails.UseSSL { + protocol = "https" } + stageEnv = appendEnvVar(stageEnv, "PROTOCOL", protocol) + + stageEnv = appendEnvVar(stageEnv, "ENDPOINT", app.S3ConnectionDetails.Endpoint) + stageEnv = appendEnvVar(stageEnv, "BUCKET", app.S3ConnectionDetails.Bucket) + stageEnv = appendEnvVar(stageEnv, "BLOBID", app.BlobUID) + stageEnv = appendEnvVar(stageEnv, "PREIMAGE", previous.ImageURL(previous.RegistryURL)) + stageEnv = appendEnvVar(stageEnv, "APPIMAGE", app.ImageURL(app.RegistryURL)) volumeMounts := []corev1.VolumeMount{ { @@ -442,11 +428,6 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) { }) } - cacheClaim := &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: app.MakePVCName(), - ReadOnly: false, - } - volumes := []corev1.Volume{ { Name: "staging", @@ -472,7 +453,10 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) { { Name: "cache", VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: cacheClaim, + PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ + ClaimName: app.MakePVCName(), + ReadOnly: false, + }, }, }, { @@ -573,6 +557,7 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) { }, }, Spec: corev1.PodSpec{ + ServiceAccountName: app.ServiceAccountName, InitContainers: []corev1.Container{ { Name: "download-s3-blob", @@ -791,3 +776,7 @@ func mountRegistryCerts(app stageParam, volumes []corev1.Volume, volumeMounts [] return volumes, volumeMounts } + +func appendEnvVar(envs []corev1.EnvVar, name, value string) []corev1.EnvVar { + return append(envs, corev1.EnvVar{Name: name, Value: value}) +} diff --git a/internal/cli/server.go b/internal/cli/server.go index d5b9e76e481..cbb9b4c804c 100644 --- a/internal/cli/server.go +++ b/internal/cli/server.go @@ -99,6 +99,12 @@ func init() { err = viper.BindEnv("disable-tracking", "DISABLE_TRACKING") checkErr(err) + flags.String("staging-service-account-name", "", "(STAGING_SERVICE_ACCOUNT_NAME)") + err = viper.BindPFlag("staging-service-account-name", flags.Lookup("staging-service-account-name")) + checkErr(err) + err = viper.BindEnv("staging-service-account-name", "STAGING_SERVICE_ACCOUNT_NAME") + checkErr(err) + flags.String("upgrade-responder-address", upgraderesponder.UpgradeResponderAddress, "(UPGRADE_RESPONDER_ADDRESS) Disable tracking of the running Epinio and Kubernetes versions") err = viper.BindPFlag("upgrade-responder-address", flags.Lookup("upgrade-responder-address")) checkErr(err)