From 2a21ee7c2c3186d69802feeb36cc9270e1650f83 Mon Sep 17 00:00:00 2001 From: Benjamin Herbert Date: Mon, 5 May 2025 13:21:41 +0200 Subject: [PATCH] feat: allow to ignore volumes during reconciliation --- api/v1alpha2/jenkins_types.go | 4 +++ pkg/configuration/base/reconcile_test.go | 41 ++++++++++++++++++++++++ pkg/configuration/base/reconciler.go | 15 +++++++++ 3 files changed, 60 insertions(+) diff --git a/api/v1alpha2/jenkins_types.go b/api/v1alpha2/jenkins_types.go index f71b32d3..dcd7554f 100644 --- a/api/v1alpha2/jenkins_types.go +++ b/api/v1alpha2/jenkins_types.go @@ -400,6 +400,10 @@ type JenkinsMaster struct { // Defaults to 30 seconds. // +optional TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"` + + // IgnoredVolumes defines the list of volume names that should be excluded from processing or consideration. + // +optional + IgnoredVolumes []string `json:"ignoredVolumes,omitempty"` } // Service defines Kubernetes service attributes diff --git a/pkg/configuration/base/reconcile_test.go b/pkg/configuration/base/reconcile_test.go index 2c39c175..fcbf3b59 100644 --- a/pkg/configuration/base/reconcile_test.go +++ b/pkg/configuration/base/reconcile_test.go @@ -160,6 +160,47 @@ func TestCompareVolumes(t *testing.T) { assert.True(t, got) }) + + t.Run("different - additional workspace identity volume", func(t *testing.T) { + jenkins := &v1alpha2.Jenkins{ + Spec: v1alpha2.JenkinsSpec{ + Master: v1alpha2.JenkinsMaster{}, + }, + } + pod := corev1.Pod{ + Spec: corev1.PodSpec{ + ServiceAccountName: "service-account-name", + Volumes: append(resources.GetJenkinsMasterPodBaseVolumes(jenkins), corev1.Volume{Name: "azure-identity-token"}), + }, + } + reconciler := New(configuration.Configuration{Jenkins: jenkins}, client.JenkinsAPIConnectionSettings{}) + + got := reconciler.compareVolumes(pod) + + assert.False(t, got) + }) + + t.Run("additional workspace identity volume but ignored", func(t *testing.T) { + jenkins := &v1alpha2.Jenkins{ + Spec: v1alpha2.JenkinsSpec{ + Master: v1alpha2.JenkinsMaster{ + IgnoredVolumes: []string{"azure-identity-token"}, + }, + }, + } + pod := corev1.Pod{ + Spec: corev1.PodSpec{ + ServiceAccountName: "service-account-name", + Volumes: append(resources.GetJenkinsMasterPodBaseVolumes(jenkins), corev1.Volume{Name: "azure-identity-token"}), + }, + } + reconciler := New(configuration.Configuration{Jenkins: jenkins}, client.JenkinsAPIConnectionSettings{}) + + got := reconciler.compareVolumes(pod) + + assert.True(t, got) + }) + } func TestJenkinsBaseConfigurationReconciler_verifyPlugins(t *testing.T) { diff --git a/pkg/configuration/base/reconciler.go b/pkg/configuration/base/reconciler.go index e5096513..940e77d0 100644 --- a/pkg/configuration/base/reconciler.go +++ b/pkg/configuration/base/reconciler.go @@ -294,6 +294,11 @@ func CompareContainerVolumeMounts(expected corev1.Container, actual corev1.Conta func (r *JenkinsBaseConfigurationReconciler) compareVolumes(actualPod corev1.Pod) bool { var toCompare []corev1.Volume for _, volume := range actualPod.Spec.Volumes { + + if r.isVolumeIgnored(volume.Name) { + continue + } + // filter out service account if strings.HasPrefix(volume.Name, actualPod.Spec.ServiceAccountName) { continue @@ -421,3 +426,13 @@ func (r *JenkinsBaseConfigurationReconciler) ensureBaseConfiguration(jenkinsClie }) return reconcile.Result{Requeue: requeue}, err } + +// isVolumeIgnored checks if the given volume name is in the list of ignored volumes +func (r *JenkinsBaseConfigurationReconciler) isVolumeIgnored(volumeName string) bool { + for _, ignoredVolume := range r.Jenkins.Spec.Master.IgnoredVolumes { + if ignoredVolume == volumeName { + return true + } + } + return false +}