Skip to content

Commit

Permalink
Merge branch 'main' into buildstatus
Browse files Browse the repository at this point in the history
  • Loading branch information
shreddedbacon authored Nov 7, 2022
2 parents c293945 + 11a1772 commit 3920379
Show file tree
Hide file tree
Showing 3 changed files with 189 additions and 220 deletions.
8 changes: 6 additions & 2 deletions .github/workflows/remote-controller.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,16 @@ jobs:
matrix:
kindest_node_version: [v1.21.12, v1.22.9]
harbor: ["1.5.6", "1.9.0"]
lagoon_build_image: ["uselagoon/build-deploy-image:latest"]
lagoon_build_image: ["uselagoon/build-deploy-image:main"]
experimental: [false]
include:
- kindest_node_version: v1.23.6
harbor: "1.9.0"
lagoon_build_image: "uselagoon/build-deploy-image:latest"
lagoon_build_image: "uselagoon/build-deploy-image:main"
experimental: true
- kindest_node_version: v1.24.7
harbor: "1.9.0"
lagoon_build_image: "uselagoon/build-deploy-image:main"
experimental: true
steps:
- name: Checkout
Expand Down
79 changes: 43 additions & 36 deletions controllers/v1beta1/build_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -424,6 +424,7 @@ func (r *LagoonBuildReconciler) processBuild(ctx context.Context, opLog logr.Log
if r.EnableDebug {
opLog.Info(fmt.Sprintf("Checking `lagoon-deployer` Token exists: %s", lagoonBuild.ObjectMeta.Name))
}

var serviceaccountTokenSecret string
for _, secret := range serviceAccount.Secrets {
match, _ := regexp.MatchString("^lagoon-deployer-token", secret.Name)
Expand All @@ -432,9 +433,6 @@ func (r *LagoonBuildReconciler) processBuild(ctx context.Context, opLog logr.Log
break
}
}
if serviceaccountTokenSecret == "" {
return fmt.Errorf("Could not find token secret for ServiceAccount lagoon-deployer")
}

// create the Pod that will do the work
podEnvs := []corev1.EnvVar{
Expand Down Expand Up @@ -804,6 +802,44 @@ func (r *LagoonBuildReconciler) processBuild(ctx context.Context, opLog logr.Log
// otherwise if the build spec contains an image definition, use it instead.
buildImage = lagoonBuild.Spec.Build.Image
}
volumes := []corev1.Volume{
{
Name: "lagoon-sshkey",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: "lagoon-sshkey",
DefaultMode: helpers.IntPtr(420),
},
},
},
}
volumeMounts := []corev1.VolumeMount{
{
Name: "lagoon-sshkey",
ReadOnly: true,
MountPath: "/var/run/secrets/lagoon/ssh",
},
}

// if the existing token exists, mount it
if serviceaccountTokenSecret != "" {
volumes = append(volumes, corev1.Volume{
Name: serviceaccountTokenSecret,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: serviceaccountTokenSecret,
DefaultMode: helpers.IntPtr(420),
},
},
})
// legacy tokens are mounted /var/run/secrets/lagoon/deployer
// new tokens using volume projection are mounted /var/run/secrets/kubernetes.io/serviceaccount/token
volumeMounts = append(volumeMounts, corev1.VolumeMount{
Name: serviceaccountTokenSecret,
ReadOnly: true,
MountPath: "/var/run/secrets/lagoon/deployer",
})
}
newPod := &corev1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: lagoonBuild.ObjectMeta.Name,
Expand All @@ -825,27 +861,9 @@ func (r *LagoonBuildReconciler) processBuild(ctx context.Context, opLog logr.Log
},
},
Spec: corev1.PodSpec{
RestartPolicy: "Never",
Volumes: []corev1.Volume{
{
Name: serviceaccountTokenSecret,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: serviceaccountTokenSecret,
DefaultMode: helpers.IntPtr(420),
},
},
},
{
Name: "lagoon-sshkey",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: "lagoon-sshkey",
DefaultMode: helpers.IntPtr(420),
},
},
},
},
ServiceAccountName: "lagoon-deployer",
RestartPolicy: "Never",
Volumes: volumes,
Tolerations: []corev1.Toleration{
{
Key: "lagoon/build",
Expand Down Expand Up @@ -874,18 +892,7 @@ func (r *LagoonBuildReconciler) processBuild(ctx context.Context, opLog logr.Log
Image: buildImage,
ImagePullPolicy: "Always",
Env: podEnvs,
VolumeMounts: []corev1.VolumeMount{
{
Name: serviceaccountTokenSecret,
ReadOnly: true,
MountPath: "/var/run/secrets/lagoon/deployer",
},
{
Name: "lagoon-sshkey",
ReadOnly: true,
MountPath: "/var/run/secrets/lagoon/ssh",
},
},
VolumeMounts: volumeMounts,
},
},
},
Expand Down
Loading

0 comments on commit 3920379

Please sign in to comment.