From be03712fcbbd31111d7e486f42b6c630ccca69c9 Mon Sep 17 00:00:00 2001 From: Tosone Date: Thu, 19 Sep 2024 00:30:31 +0800 Subject: [PATCH] :sparkles: Update service account (#399) --- conf/config-dev.yaml | 2 +- conf/config-full.yaml | 2 +- conf/config.yaml | 2 +- deploy/sigma/templates/configmap.yaml | 7 ++++++ .../templates/distribution/deployment.yaml | 1 + deploy/sigma/templates/distribution/hpa.yaml | 1 + .../sigma/templates/distribution/service.yaml | 1 + deploy/sigma/templates/ingress.yaml | 1 + deploy/sigma/templates/namespace.yaml | 8 ++++++ deploy/sigma/templates/server/deployment.yaml | 1 + deploy/sigma/templates/server/hpa.yaml | 1 + deploy/sigma/templates/server/service.yaml | 1 + deploy/sigma/templates/serviceaccount.yaml | 25 ++++++------------- deploy/sigma/templates/web/deployment.yaml | 1 + deploy/sigma/templates/web/hpa.yaml | 1 + deploy/sigma/templates/web/service.yaml | 1 + deploy/sigma/templates/worker/deployment.yaml | 1 + deploy/sigma/templates/worker/hpa.yaml | 1 + deploy/sigma/templates/worker/service.yaml | 1 + deploy/sigma/values.yaml | 13 ++++++++-- docs/docs/configuration.mdx | 2 +- pkg/builder/kubernetes/informer.go | 3 +++ pkg/builder/kubernetes/k8s.go | 9 ++++--- 23 files changed, 60 insertions(+), 26 deletions(-) create mode 100644 deploy/sigma/templates/namespace.yaml diff --git a/conf/config-dev.yaml b/conf/config-dev.yaml index 8e2bccdb..e5a87844 100644 --- a/conf/config-dev.yaml +++ b/conf/config-dev.yaml @@ -136,7 +136,7 @@ daemon: network: sigma kubernetes: kubeconfig: - namespace: default + namespace: sigma-builder podman: uri: unix:///run/podman/podman.sock diff --git a/conf/config-full.yaml b/conf/config-full.yaml index bf0f23d2..9ca08d3c 100644 --- a/conf/config-full.yaml +++ b/conf/config-full.yaml @@ -140,7 +140,7 @@ daemon: network: sigma kubernetes: kubeconfig: - namespace: default + namespace: sigma-builder podman: uri: unix:///run/podman/podman.sock diff --git a/conf/config.yaml b/conf/config.yaml index d9c5249d..e694399f 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -136,7 +136,7 @@ daemon: network: sigma kubernetes: kubeconfig: - namespace: default + namespace: sigma-builder podman: uri: unix:///run/podman/podman.sock diff --git a/deploy/sigma/templates/configmap.yaml b/deploy/sigma/templates/configmap.yaml index 6c7fd159..b1b4db5c 100644 --- a/deploy/sigma/templates/configmap.yaml +++ b/deploy/sigma/templates/configmap.yaml @@ -41,6 +41,13 @@ data: server: 0.0.0.0:{{.Values.service.server.port}} worker: 0.0.0.0:{{.Values.service.worker.port}} daemon: + builder: + enabled: {{ .Values.config.daemon.builder.enabled }} + image: "{{ .Values.image.registry }}/{{ .Values.config.daemon.builder.image.repository }}:{{ .Values.config.daemon.builder.image.tag | default .Chart.AppVersion }}" + type: {{ .Values.config.daemon.builder.type | quote }} + kubernetes: + kubeconfig: "" + namespace: {{ .Values.config.daemon.builder.kubernetes.namespace | quote }} gc: # if blob not associate with artifact retention: 72h diff --git a/deploy/sigma/templates/distribution/deployment.yaml b/deploy/sigma/templates/distribution/deployment.yaml index c9898a1d..68c3060a 100644 --- a/deploy/sigma/templates/distribution/deployment.yaml +++ b/deploy/sigma/templates/distribution/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "sigma.distribution" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.distribution.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/distribution/hpa.yaml b/deploy/sigma/templates/distribution/hpa.yaml index 8c203066..ee0c1dbb 100644 --- a/deploy/sigma/templates/distribution/hpa.yaml +++ b/deploy/sigma/templates/distribution/hpa.yaml @@ -3,6 +3,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: {{ include "sigma.distribution" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.distribution.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/distribution/service.yaml b/deploy/sigma/templates/distribution/service.yaml index a78a3970..822e16f0 100644 --- a/deploy/sigma/templates/distribution/service.yaml +++ b/deploy/sigma/templates/distribution/service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "sigma.distribution" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.distribution.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/ingress.yaml b/deploy/sigma/templates/ingress.yaml index ec4dc6b9..c36b7998 100644 --- a/deploy/sigma/templates/ingress.yaml +++ b/deploy/sigma/templates/ingress.yaml @@ -3,6 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "sigma.fullname" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} diff --git a/deploy/sigma/templates/namespace.yaml b/deploy/sigma/templates/namespace.yaml new file mode 100644 index 00000000..d793bd86 --- /dev/null +++ b/deploy/sigma/templates/namespace.yaml @@ -0,0 +1,8 @@ +{{- if and .Values.config.daemon.builder.enabled ( eq .Values.config.daemon.builder.type "kubernetes" ) }} +kind: Namespace +apiVersion: v1 +metadata: + name: {{ .Values.config.daemon.builder.kubernetes.namespace | quote }} + labels: + {{- include "sigma.labels" . | nindent 4 }} +{{- end }} diff --git a/deploy/sigma/templates/server/deployment.yaml b/deploy/sigma/templates/server/deployment.yaml index efe5f920..82582d08 100644 --- a/deploy/sigma/templates/server/deployment.yaml +++ b/deploy/sigma/templates/server/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "sigma.server" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.server.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/server/hpa.yaml b/deploy/sigma/templates/server/hpa.yaml index 99bf6416..be4fd6c2 100644 --- a/deploy/sigma/templates/server/hpa.yaml +++ b/deploy/sigma/templates/server/hpa.yaml @@ -3,6 +3,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: {{ include "sigma.server" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.server.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/server/service.yaml b/deploy/sigma/templates/server/service.yaml index 9c3a2fa7..28a8d403 100644 --- a/deploy/sigma/templates/server/service.yaml +++ b/deploy/sigma/templates/server/service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "sigma.server" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.server.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/serviceaccount.yaml b/deploy/sigma/templates/serviceaccount.yaml index c08c0bc5..3d2ecc60 100644 --- a/deploy/sigma/templates/serviceaccount.yaml +++ b/deploy/sigma/templates/serviceaccount.yaml @@ -1,9 +1,10 @@ +{{- if and .Values.config.daemon.builder.enabled ( eq .Values.config.daemon.builder.type "kubernetes" ) }} --- kind: Role apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} metadata: name: {{ include "sigma.fullname" . | quote }} - namespace: {{ include "common.names.namespace" . | quote }} + namespace: {{ .Values.config.daemon.builder.kubernetes.namespace | quote }} {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.image "chart" .Chart ) ) }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} @@ -14,7 +15,7 @@ rules: - apiGroups: - "" resources: - - configmaps + - pods verbs: - get - list @@ -26,7 +27,7 @@ rules: - apiGroups: - "" resources: - - configmaps/status + - pods/status verbs: - get - update @@ -34,26 +35,15 @@ rules: - apiGroups: - "" resources: - - events + - pods/finalizers verbs: - - create - - apiGroups: - - "coordination.k8s.io" - resources: - - leases - verbs: - - get - - list - - watch - - create - update - - patch - - delete --- kind: RoleBinding apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} metadata: name: {{ include "sigma.fullname" . | quote }} + namespace: {{ .Values.config.daemon.builder.kubernetes.namespace | quote }} {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.image "chart" .Chart ) ) }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} @@ -67,7 +57,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "sigma.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} + namespace: {{ .Release.Namespace | quote }} --- apiVersion: v1 kind: ServiceAccount @@ -82,3 +72,4 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/deploy/sigma/templates/web/deployment.yaml b/deploy/sigma/templates/web/deployment.yaml index 6a52424f..94e5782d 100644 --- a/deploy/sigma/templates/web/deployment.yaml +++ b/deploy/sigma/templates/web/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "sigma.web" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.web.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/web/hpa.yaml b/deploy/sigma/templates/web/hpa.yaml index 6bb1bccd..6b9755f4 100644 --- a/deploy/sigma/templates/web/hpa.yaml +++ b/deploy/sigma/templates/web/hpa.yaml @@ -3,6 +3,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: {{ include "sigma.web" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.web.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/web/service.yaml b/deploy/sigma/templates/web/service.yaml index 2a9de4dc..00dab3e8 100644 --- a/deploy/sigma/templates/web/service.yaml +++ b/deploy/sigma/templates/web/service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "sigma.web" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.web.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/worker/deployment.yaml b/deploy/sigma/templates/worker/deployment.yaml index ce8b3730..598789ee 100644 --- a/deploy/sigma/templates/worker/deployment.yaml +++ b/deploy/sigma/templates/worker/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "sigma.worker" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.worker.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/worker/hpa.yaml b/deploy/sigma/templates/worker/hpa.yaml index e0db58c2..ef11195d 100644 --- a/deploy/sigma/templates/worker/hpa.yaml +++ b/deploy/sigma/templates/worker/hpa.yaml @@ -3,6 +3,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: {{ include "sigma.worker" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.worker.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/templates/worker/service.yaml b/deploy/sigma/templates/worker/service.yaml index ad2f21a6..87e7a9a1 100644 --- a/deploy/sigma/templates/worker/service.yaml +++ b/deploy/sigma/templates/worker/service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "sigma.worker" . }} + namespace: "{{ .Release.Namespace }}" labels: {{- include "sigma.worker.labels" . | nindent 4 }} spec: diff --git a/deploy/sigma/values.yaml b/deploy/sigma/values.yaml index 0489a6f3..ce2ab7cc 100644 --- a/deploy/sigma/values.yaml +++ b/deploy/sigma/values.yaml @@ -100,7 +100,7 @@ serviceAccount: ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) annotations: {} ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account - automountServiceAccountToken: false + automountServiceAccountToken: true config: log: @@ -121,7 +121,16 @@ config: type: s3 filesystem: path: / - # Notice: the tag never update after the first pulled from remote registry, unless you delete the image and pull again. + daemon: + builder: + enabled: true + image: + repository: tosone/sigma-builder + tag: latest + type: kubernetes + kubernetes: + kubeconfig: "" + namespace: sigma-builder proxy: enabled: true endpoint: https://registry-1.docker.io diff --git a/docs/docs/configuration.mdx b/docs/docs/configuration.mdx index f5a7c51d..2f07dbc6 100644 --- a/docs/docs/configuration.mdx +++ b/docs/docs/configuration.mdx @@ -136,7 +136,7 @@ daemon: network: sigma kubernetes: kubeconfig: - namespace: default + namespace: sigma-builder podman: uri: unix:///run/podman/podman.sock diff --git a/pkg/builder/kubernetes/informer.go b/pkg/builder/kubernetes/informer.go index cca459aa..d0248740 100644 --- a/pkg/builder/kubernetes/informer.go +++ b/pkg/builder/kubernetes/informer.go @@ -49,4 +49,7 @@ func (i *instance) informer(_ context.Context) { if err != nil { log.Error().Err(err).Msg("Informer add event handler failed") } + + var stopChan = make(chan struct{}) + podInformer.Run(stopChan) } diff --git a/pkg/builder/kubernetes/k8s.go b/pkg/builder/kubernetes/k8s.go index 002eb93f..06aee5d2 100644 --- a/pkg/builder/kubernetes/k8s.go +++ b/pkg/builder/kubernetes/k8s.go @@ -21,6 +21,7 @@ import ( "path" "reflect" "strconv" + "strings" "gopkg.in/yaml.v3" corev1 "k8s.io/api/core/v1" @@ -46,11 +47,13 @@ var _ builder.Factory = factory{} // New returns a new filesystem storage driver func (f factory) New(config configs.Configuration) (builder.Builder, error) { - i := &instance{} + i := &instance{ + config: config, + } var err error var restConfig *restclient.Config - if config.Daemon.Builder.Kubernetes.Kubeconfig != nil { + if strings.TrimSpace(ptr.To(config.Daemon.Builder.Kubernetes.Kubeconfig)) != "" { cfg := clientcmdapi.NewConfig() err := yaml.Unmarshal([]byte(ptr.To(config.Daemon.Builder.Kubernetes.Kubeconfig)), &cfg) if err != nil { @@ -62,7 +65,7 @@ func (f factory) New(config configs.Configuration) (builder.Builder, error) { return nil, fmt.Errorf("Get k8s rest config failed: %v", err) } } else { - restConfig, err = clientcmd.BuildConfigFromFlags("", "") + restConfig, err = restclient.InClusterConfig() if err != nil { return nil, fmt.Errorf("Get k8s client in cluster failed: %v", err) }