public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #39 from akram/externalize-hardcoded-image-uid 

Externalize hardcoded image uid and pod Security Context and removes default Command
This commit is contained in:
Tomasz Sęk 2019-06-28 07:37:15 +02:00 committed by GitHub
parent 84eb4575e1 4150b6c767
commit 3573b9acd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml
View File

@ -4,9 +4,14 @@ metadata:
name: example name: example
spec: spec:
master: master:
securityContext:
runAsUser: 1001
containers: containers:
- name: jenkins-master - name: jenkins-master
image: jenkins/jenkins:lts image: jenkins/jenkins:lts
command:
- bash
- "/var/jenkins/scripts/init.sh"
imagePullPolicy: Always imagePullPolicy: Always
livenessProbe: livenessProbe:
failureThreshold: 12 failureThreshold: 12

16
openshit-jenkins.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: jenkins.io/v1alpha2
kind: Jenkins
metadata:
name: jenkins
spec:
master:
containers:
- name: jenkins-master
image: quay.io/openshift/origin-jenkins:latest
resources:
limits:
cpu: 1500m
memory: 3Gi
requests:
cpu: "1"
memory: 500Mi

7
pkg/apis/jenkins/v1alpha2/jenkins_types.go
View File

@ -155,6 +155,13 @@ type JenkinsMaster struct {
// +optional // +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"` NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// SecurityContext that applies to all the containers of the Jenkins
// Master. As per kubernetes specification, it can be overidden
// for each container individually.
// +optional
// Defaults to: nil
SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
// List of containers belonging to the pod. // List of containers belonging to the pod.
// Containers cannot currently be added or removed. // Containers cannot currently be added or removed.
// There must be at least one container in a Pod. // There must be at least one container in a Pod.

4
pkg/controller/jenkins/configuration/base/reconcile.go
View File

@ -572,10 +572,10 @@ func (r *ReconcileJenkinsBaseConfiguration) compareContainers(expected corev1.Co
r.logger.Info(fmt.Sprintf("Resources have changed to '%+v' in container '%s', recreating pod", expected.Resources, expected.Name)) r.logger.Info(fmt.Sprintf("Resources have changed to '%+v' in container '%s', recreating pod", expected.Resources, expected.Name))
return true return true
} }
if !reflect.DeepEqual(expected.SecurityContext, actual.SecurityContext) { /* if !reflect.DeepEqual(expected.SecurityContext, actual.SecurityContext) {
r.logger.Info(fmt.Sprintf("Security context has changed to '%+v' in container '%s', recreating pod", expected.SecurityContext, expected.Name)) r.logger.Info(fmt.Sprintf("Security context has changed to '%+v' in container '%s', recreating pod", expected.SecurityContext, expected.Name))
return true return true
} }*/
if !reflect.DeepEqual(expected.WorkingDir, actual.WorkingDir) { if !reflect.DeepEqual(expected.WorkingDir, actual.WorkingDir) {
r.logger.Info(fmt.Sprintf("Working directory has changed to '%+v' in container '%s', recreating pod", expected.WorkingDir, expected.Name)) r.logger.Info(fmt.Sprintf("Working directory has changed to '%+v' in container '%s', recreating pod", expected.WorkingDir, expected.Name))
return true return true

23
pkg/controller/jenkins/configuration/base/resources/pod.go
View File

@ -46,8 +46,6 @@ const (
slavePortName = "slavelistener" slavePortName = "slavelistener"
// HTTPPortInt defines Jenkins master HTTP port // HTTPPortInt defines Jenkins master HTTP port
HTTPPortInt = 8080 HTTPPortInt = 8080
jenkinsUserUID = int64(1000) // build in Docker image jenkins user UID
) )
func buildPodTypeMeta() metav1.TypeMeta { func buildPodTypeMeta() metav1.TypeMeta {
@ -202,12 +200,9 @@ func NewJenkinsMasterContainer(jenkins *v1alpha2.Jenkins) corev1.Container {
Name: JenkinsMasterContainerName, Name: JenkinsMasterContainerName,
Image: jenkinsContainer.Image, Image: jenkinsContainer.Image,
ImagePullPolicy: jenkinsContainer.ImagePullPolicy, ImagePullPolicy: jenkinsContainer.ImagePullPolicy,
Command: []string{ Command: jenkinsContainer.Command,
"bash", LivenessProbe: jenkinsContainer.LivenessProbe,
fmt.Sprintf("%s/%s", jenkinsScriptsVolumePath, initScriptName), ReadinessProbe: jenkinsContainer.ReadinessProbe,
},
LivenessProbe: jenkinsContainer.LivenessProbe,
ReadinessProbe: jenkinsContainer.ReadinessProbe,
Ports: []corev1.ContainerPort{ Ports: []corev1.ContainerPort{
{ {
Name: httpPortName, Name: httpPortName,
@ -264,7 +259,6 @@ func GetJenkinsMasterPodName(jenkins v1alpha2.Jenkins) string {
// NewJenkinsMasterPod builds Jenkins Master Kubernetes Pod resource // NewJenkinsMasterPod builds Jenkins Master Kubernetes Pod resource
func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins) *corev1.Pod { func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins) *corev1.Pod {
runAsUser := jenkinsUserUID
serviceAccountName := objectMeta.Name serviceAccountName := objectMeta.Name
objectMeta.Annotations = jenkins.Spec.Master.Annotations objectMeta.Annotations = jenkins.Spec.Master.Annotations
@ -276,13 +270,10 @@ func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins
Spec: corev1.PodSpec{ Spec: corev1.PodSpec{
ServiceAccountName: serviceAccountName, ServiceAccountName: serviceAccountName,
RestartPolicy: corev1.RestartPolicyNever, RestartPolicy: corev1.RestartPolicyNever,
SecurityContext: &corev1.PodSecurityContext{ SecurityContext: jenkins.Spec.Master.SecurityContext,
RunAsUser: &runAsUser, NodeSelector: jenkins.Spec.Master.NodeSelector,
RunAsGroup: &runAsUser, Containers: newContainers(jenkins),
}, Volumes: append(GetJenkinsMasterPodBaseVolumes(jenkins), jenkins.Spec.Master.Volumes...),
NodeSelector: jenkins.Spec.Master.NodeSelector,
Containers: newContainers(jenkins),
Volumes: append(GetJenkinsMasterPodBaseVolumes(jenkins), jenkins.Spec.Master.Volumes...),
}, },
} }
} }