added stagingServiceAccountName (#2074)

small refactor of the staging job func
epinio · Feb 9, 2023 · dd8c702 · dd8c702
1 parent 558c502
commit dd8c702
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 38 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -30,7 +30,7 @@ linters-settings:
       severity: warning
   funlen:
     # Checks the number of lines in a function. Default: 60
-    lines: 270
+    lines: 250
     # Checks the number of statements in a function. Default: 40
     statements: 110
 

diff --git a/helm-charts b/helm-charts
diff --git a/internal/api/v1/application/stage.go b/internal/api/v1/application/stage.go
@@ -48,6 +48,7 @@ type stageParam struct {
 	BuilderImage        string
 	DownloadImage       string
 	UnpackImage         string
+	ServiceAccountName  string
 	Environment         models.EnvVariableList
 	Owner               metav1.OwnerReference
 	RegistryURL         string
@@ -218,11 +219,14 @@ func (hc Controller) Stage(c *gin.Context) apierror.APIErrors {
 		}
 	}
 
+	serviceAccountName := viper.GetString("staging-service-account-name")
+
 	params := stageParam{
 		AppRef:              req.App,
 		BuilderImage:        builderImage,
 		DownloadImage:       downloadImage,
 		UnpackImage:         unpackImage,
+		ServiceAccountName:  serviceAccountName,
 		BlobUID:             blobUID,
 		Environment:         environment.List(),
 		Owner:               owner,
@@ -360,11 +364,6 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) {
 	previous := app
 	previous.Stage = models.NewStage(app.PreviousStageID)
 
-	protocol := "http"
-	if app.S3ConnectionDetails.UseSSL {
-		protocol = "https"
-	}
-
 	// TODO: Simplify env setup -- https://github.com/epinio/epinio/issues/1176
 
 	// Note: `source` is required because the mounted files are not executable.
@@ -379,32 +378,19 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) {
 	buildpackScript := fmt.Sprintf(`source /stage-support/%s`, helmchart.EpinioStageBuild)
 
 	// build configuration
-	stageEnv := []corev1.EnvVar{
-		{
-			Name:  "PROTOCOL",
-			Value: protocol,
-		},
-		{
-			Name:  "ENDPOINT",
-			Value: app.S3ConnectionDetails.Endpoint,
-		},
-		{
-			Name:  "BUCKET",
-			Value: app.S3ConnectionDetails.Bucket,
-		},
-		{
-			Name:  "BLOBID",
-			Value: app.BlobUID,
-		},
-		{
-			Name:  "PREIMAGE",
-			Value: previous.ImageURL(previous.RegistryURL),
-		},
-		{
-			Name:  "APPIMAGE",
-			Value: app.ImageURL(app.RegistryURL),
-		},
+	stageEnv := []corev1.EnvVar{}
+
+	protocol := "http"
+	if app.S3ConnectionDetails.UseSSL {
+		protocol = "https"
 	}
+	stageEnv = appendEnvVar(stageEnv, "PROTOCOL", protocol)
+
+	stageEnv = appendEnvVar(stageEnv, "ENDPOINT", app.S3ConnectionDetails.Endpoint)
+	stageEnv = appendEnvVar(stageEnv, "BUCKET", app.S3ConnectionDetails.Bucket)
+	stageEnv = appendEnvVar(stageEnv, "BLOBID", app.BlobUID)
+	stageEnv = appendEnvVar(stageEnv, "PREIMAGE", previous.ImageURL(previous.RegistryURL))
+	stageEnv = appendEnvVar(stageEnv, "APPIMAGE", app.ImageURL(app.RegistryURL))
 
 	volumeMounts := []corev1.VolumeMount{
 		{
@@ -442,11 +428,6 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) {
 		})
 	}
 
-	cacheClaim := &corev1.PersistentVolumeClaimVolumeSource{
-		ClaimName: app.MakePVCName(),
-		ReadOnly:  false,
-	}
-
 	volumes := []corev1.Volume{
 		{
 			Name: "staging",
@@ -472,7 +453,10 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) {
 		{
 			Name: "cache",
 			VolumeSource: corev1.VolumeSource{
-				PersistentVolumeClaim: cacheClaim,
+				PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{
+					ClaimName: app.MakePVCName(),
+					ReadOnly:  false,
+				},
 			},
 		},
 		{
@@ -573,6 +557,7 @@ func newJobRun(app stageParam) (*batchv1.Job, *corev1.Secret) {
 					},
 				},
 				Spec: corev1.PodSpec{
+					ServiceAccountName: app.ServiceAccountName,
 					InitContainers: []corev1.Container{
 						{
 							Name:         "download-s3-blob",
@@ -791,3 +776,7 @@ func mountRegistryCerts(app stageParam, volumes []corev1.Volume, volumeMounts []
 
 	return volumes, volumeMounts
 }
+
+func appendEnvVar(envs []corev1.EnvVar, name, value string) []corev1.EnvVar {
+	return append(envs, corev1.EnvVar{Name: name, Value: value})
+}
diff --git a/internal/cli/server.go b/internal/cli/server.go
@@ -99,6 +99,12 @@ func init() {
 	err = viper.BindEnv("disable-tracking", "DISABLE_TRACKING")
 	checkErr(err)
 
+	flags.String("staging-service-account-name", "", "(STAGING_SERVICE_ACCOUNT_NAME)")
+	err = viper.BindPFlag("staging-service-account-name", flags.Lookup("staging-service-account-name"))
+	checkErr(err)
+	err = viper.BindEnv("staging-service-account-name", "STAGING_SERVICE_ACCOUNT_NAME")
+	checkErr(err)
+
 	flags.String("upgrade-responder-address", upgraderesponder.UpgradeResponderAddress, "(UPGRADE_RESPONDER_ADDRESS) Disable tracking of the running Epinio and Kubernetes versions")
 	err = viper.BindPFlag("upgrade-responder-address", flags.Lookup("upgrade-responder-address"))
 	checkErr(err)