Azure
/
orkestra
зеркало из https://github.com/Azure/orkestra.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Make workflow pod serviceAccount configurable (#55) 

Fixes #50

Create ENV variable for workflow's job pod serviceAccount

Signed-off-by: Nitish Malhotra <nitishm@microsoft.com>

Co-authored-by: Nitish Malhotra <nitishm@microsoft.com>
This commit is contained in:
Nitish Malhotra 2021-02-08 21:39:16 -08:00 коммит произвёл GitHub
Родитель 1a639d0bf8
Коммит bea4df2f59
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
4 изменённых файлов: 56 добавлений и 125 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
chart/orkestra/templates/deployment.yaml
Просмотреть файл

@ -41,6 +41,8 @@ spec:
env:
- name: WORKFLOW_NAMESPACE
value: orkestra
- name: SERVICE_ACCOUNT_NAME
value: {{ include "orkestra.serviceAccountName" . }}
# ports:
# - name: http
# containerPort: 80

16
config/crd/bases/orkestra.azure.microsoft.com_applicationgroups.yaml
Просмотреть файл

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: applicationgroups.orkestra.azure.microsoft.com
spec:
@ -22,14 +22,10 @@ spec:
description: ApplicationGroup is the Schema for the applicationgroups API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@ -60,8 +56,7 @@ spec:
description: ApplicationStatus defines the observed state of Application
properties:
application:
description: ChartStatus denotes the current status of the Application
Reconciliation
description: ChartStatus denotes the current status of the Application Reconciliation
properties:
error:
type: string
@ -76,8 +71,7 @@ spec:
type: string
subcharts:
additionalProperties:
description: ChartStatus denotes the current status of the
Application Reconciliation
description: ChartStatus denotes the current status of the Application Reconciliation
properties:
error:
type: string

142
config/crd/bases/orkestra.azure.microsoft.com_applications.yaml
Просмотреть файл

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: applications.orkestra.azure.microsoft.com
spec:
@ -22,14 +22,10 @@ spec:
description: Application is the Schema for the applications API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@ -39,9 +35,7 @@ spec:
chart:
properties:
chartPullSecret:
description: ChartPullSecret holds the reference to the authentication
secret for accessing the Helm repository using HTTPS basic auth.
NOT IMPLEMENTED!
description: ChartPullSecret holds the reference to the authentication secret for accessing the Helm repository using HTTPS basic auth. NOT IMPLEMENTED!
properties:
name:
type: string
@ -49,29 +43,22 @@ spec:
- name
type: object
git:
description: Git URL is the URL of the Git repository, e.g. `git@github.com:org/repo`,
`http://github.com/org/repo`, or `ssh://git@example.com:2222/org/repo.git`.
description: Git URL is the URL of the Git repository, e.g. `git@github.com:org/repo`, `http://github.com/org/repo`, or `ssh://git@example.com:2222/org/repo.git`.
type: string
name:
description: Name is the name of the Helm chart _without_ an alias,
e.g. redis (for `helm upgrade [flags] stable/redis`).
description: Name is the name of the Helm chart _without_ an alias, e.g. redis (for `helm upgrade [flags] stable/redis`).
type: string
path:
description: Path is the path to the chart relative to the repository
root.
description: Path is the path to the chart relative to the repository root.
type: string
ref:
description: Ref is the Git branch (or other reference) to use.
Defaults to 'master', or the configured default Git ref.
description: Ref is the Git branch (or other reference) to use. Defaults to 'master', or the configured default Git ref.
type: string
repository:
description: RepoURL is the URL of the Helm repository, e.g. `https://kubernetes-charts.storage.googleapis.com`
or `https://charts.example.com`.
description: RepoURL is the URL of the Helm repository, e.g. `https://kubernetes-charts.storage.googleapis.com` or `https://charts.example.com`.
type: string
secretRef:
description: SecretRef holds the authentication secret for accessing
the Git repository (over HTTPS). The credentials will be added
to an HTTPS GitURL before the mirror is started.
description: SecretRef holds the authentication secret for accessing the Git repository (over HTTPS). The credentials will be added to an HTTPS GitURL before the mirror is started.
properties:
name:
type: string
@ -81,36 +68,28 @@ spec:
- name
type: object
skipDepUpdate:
description: SkipDepUpdate will tell the operator to skip running
'helm dep update' before installing or upgrading the chart,
the chart dependencies _must_ be present for this to succeed.
description: SkipDepUpdate will tell the operator to skip running 'helm dep update' before installing or upgrading the chart, the chart dependencies _must_ be present for this to succeed.
type: boolean
version:
description: Version is the targeted Helm chart version, e.g.
7.0.1.
description: Version is the targeted Helm chart version, e.g. 7.0.1.
type: string
type: object
disableOpenAPIValidation:
description: DisableOpenAPIValidation controls whether OpenAPI validation
is enforced.
description: DisableOpenAPIValidation controls whether OpenAPI validation is enforced.
type: boolean
forceUpgrade:
description: Force will mark this Helm release to `--force` upgrades.
This forces the resource updates through delete/recreate if needed.
description: Force will mark this Helm release to `--force` upgrades. This forces the resource updates through delete/recreate if needed.
type: boolean
groupID:
type: string
helmVersion:
description: 'HelmVersion is the version of Helm to target. If not
supplied, the lowest _enabled Helm version_ will be targeted. Valid
HelmVersion values are: "v2", "v3"'
description: 'HelmVersion is the version of Helm to target. If not supplied, the lowest _enabled Helm version_ will be targeted. Valid HelmVersion values are: "v2", "v3"'
enum:
- v2
- v3
type: string
maxHistory:
description: MaxHistory is the maximum amount of revisions to keep
for the Helm release. If not supplied, it defaults to 10.
description: MaxHistory is the maximum amount of revisions to keep for the Helm release. If not supplied, it defaults to 10.
type: integer
namespace:
description: Namespace to which the HelmRelease object will be deployed
@ -119,63 +98,46 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
releaseName:
description: ReleaseName is the name of the The Helm release. If not
supplied, it will be generated by affixing the namespace to the
resource name.
description: ReleaseName is the name of the The Helm release. If not supplied, it will be generated by affixing the namespace to the resource name.
type: string
repo:
description: ChartRepoNickname is used to lookup the repository config
in the registries config map
description: ChartRepoNickname is used to lookup the repository config in the registries config map
type: string
resetValues:
description: ResetValues will mark this Helm release to reset the
values to the defaults of the targeted chart before performing an
upgrade. Not explicitly setting this to `false` equals to `true`
due to the declarative nature of the operator.
description: ResetValues will mark this Helm release to reset the values to the defaults of the targeted chart before performing an upgrade. Not explicitly setting this to `false` equals to `true` due to the declarative nature of the operator.
type: boolean
rollback:
description: The rollback settings for this Helm release.
properties:
disableHooks:
description: DisableHooks will mark this Helm release to prevent
hooks from running during the rollback.
description: DisableHooks will mark this Helm release to prevent hooks from running during the rollback.
type: boolean
enable:
description: Enable will mark this Helm release for rollbacks.
type: boolean
force:
description: Force will mark this Helm release to `--force` rollbacks.
This forces the resource updates through delete/recreate if
needed.
description: Force will mark this Helm release to `--force` rollbacks. This forces the resource updates through delete/recreate if needed.
type: boolean
maxRetries:
description: MaxRetries is the maximum amount of upgrade retries
the operator should make before bailing.
description: MaxRetries is the maximum amount of upgrade retries the operator should make before bailing.
format: int64
type: integer
recreate:
description: Recreate will mark this Helm release to `--recreate-pods`
for if applicable. This performs pod restarts.
description: Recreate will mark this Helm release to `--recreate-pods` for if applicable. This performs pod restarts.
type: boolean
retry:
description: Retry will mark this Helm release for upgrade retries
after a rollback.
description: Retry will mark this Helm release for upgrade retries after a rollback.
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes
operation (like Jobs for hooks) during rollback.
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during rollback.
format: int64
type: integer
wait:
description: Wait will mark this Helm release to wait until all
Pods, PVCs, Services, and minimum number of Pods of a Deployment,
StatefulSet, or ReplicaSet are in a ready state before marking
the release as successful.
description: Wait will mark this Helm release to wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful.
type: boolean
type: object
skipCRDs:
description: SkipCRDs will mark this Helm release to skip the creation
of CRDs during a Helm 3 installation.
description: SkipCRDs will mark this Helm release to skip the creation of CRDs during a Helm 3 installation.
type: boolean
subcharts:
items:
@ -189,40 +151,31 @@ spec:
type: object
type: array
targetNamespace:
description: TargetNamespace overrides the targeted namespace for
the Helm release. The default namespace equals to the namespace
of the HelmRelease resource.
description: TargetNamespace overrides the targeted namespace for the Helm release. The default namespace equals to the namespace of the HelmRelease resource.
type: string
test:
description: The test settings for this Helm release.
properties:
cleanup:
description: Cleanup, when targeting Helm 2, determines whether
to delete test pods between each test run initiated by the Helm
Operator.
description: Cleanup, when targeting Helm 2, determines whether to delete test pods between each test run initiated by the Helm Operator.
type: boolean
enable:
description: Enable will mark this Helm release for tests.
type: boolean
ignoreFailures:
description: IgnoreFailures will cause a Helm release to be rolled
back if it fails otherwise it will be left in a released state
description: IgnoreFailures will cause a Helm release to be rolled back if it fails otherwise it will be left in a released state
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes
operation (like Jobs for hooks) during test.
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during test.
format: int64
type: integer
type: object
timeout:
description: Timeout is the time to wait for any individual Kubernetes
operation (like Jobs for hooks) during installation and upgrade
operations.
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during installation and upgrade operations.
format: int64
type: integer
valueFileSecrets:
description: ValueFileSecrets holds the local name references to secrets.
DEPRECATED, use ValuesFrom.secretKeyRef instead.
description: ValueFileSecrets holds the local name references to secrets. DEPRECATED, use ValuesFrom.secretKeyRef instead.
items:
properties:
name:
@ -238,17 +191,13 @@ spec:
items:
properties:
chartFileRef:
description: The reference to a local chart file with release
values.
description: The reference to a local chart file with release values.
properties:
optional:
description: Optional will mark this ChartFileSelector as
optional. The result of this are that operations are permitted
without the source, due to it e.g. being temporarily unavailable.
description: Optional will mark this ChartFileSelector as optional. The result of this are that operations are permitted without the source, due to it e.g. being temporarily unavailable.
type: boolean
path:
description: Path is the file path to the source relative
to the chart root.
description: Path is the file path to the source relative to the chart root.
type: string
required:
- path
@ -268,14 +217,10 @@ spec:
- name
type: object
externalSourceRef:
description: The reference to an external source with release
values.
description: The reference to an external source with release values.
properties:
optional:
description: Optional will mark this ExternalSourceSelector
as optional. The result of this are that operations are
permitted without the source, due to it e.g. being temporarily
unavailable.
description: Optional will mark this ExternalSourceSelector as optional. The result of this are that operations are permitted without the source, due to it e.g. being temporarily unavailable.
type: boolean
url:
description: URL is the URL of the external source.
@ -300,10 +245,7 @@ spec:
type: object
type: array
wait:
description: Wait will mark this Helm release to wait until all Pods,
PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet,
or ReplicaSet are in a ready state before marking the release as
successful.
description: Wait will mark this Helm release to wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful.
type: boolean
required:
- chart
@ -312,8 +254,7 @@ spec:
description: ApplicationStatus defines the observed state of Application
properties:
application:
description: ChartStatus denotes the current status of the Application
Reconciliation
description: ChartStatus denotes the current status of the Application Reconciliation
properties:
error:
type: string
@ -328,8 +269,7 @@ spec:
type: string
subcharts:
additionalProperties:
description: ChartStatus denotes the current status of the Application
Reconciliation
description: ChartStatus denotes the current status of the Application Reconciliation
properties:
error:
type: string

21
pkg/workflow/argo.go
Просмотреть файл

@ -3,6 +3,7 @@ package workflow
import (
"context"
"fmt"
"os"
"sort"
"github.com/Azure/Orkestra/api/v1alpha1"
@ -244,8 +245,7 @@ func (a *argo) generateAppDAGTemplates(ctx context.Context, apps []*v1alpha1.App
APIVersion: "helm.fluxcd.io/v1",
},
ObjectMeta: v1.ObjectMeta{
Name: app.Name,
Namespace: app.Spec.TargetNamespace,
Name: app.Name,
},
Spec: app.DeepCopy().Spec.HelmReleaseSpec,
}
@ -256,8 +256,7 @@ func (a *argo) generateAppDAGTemplates(ctx context.Context, apps []*v1alpha1.App
APIVersion: "v1",
},
ObjectMeta: v1.ObjectMeta{
Name: hr.Spec.TargetNamespace,
Namespace: hr.Spec.TargetNamespace,
Name: hr.Spec.TargetNamespace,
},
}
@ -340,8 +339,7 @@ func (a *argo) generateSubchartAndAppDAGTasks(ctx context.Context, app *v1alpha1
APIVersion: "v1",
},
ObjectMeta: v1.ObjectMeta{
Name: hr.Namespace,
Namespace: hr.Namespace,
Name: hr.Spec.TargetNamespace,
},
}
@ -369,8 +367,7 @@ func (a *argo) generateSubchartAndAppDAGTasks(ctx context.Context, app *v1alpha1
APIVersion: "helm.fluxcd.io/v1",
},
ObjectMeta: v1.ObjectMeta{
Name: app.Name,
Namespace: app.Spec.HelmReleaseSpec.TargetNamespace,
Name: app.Name,
},
Spec: app.DeepCopy().Spec.HelmReleaseSpec,
}
@ -384,8 +381,7 @@ func (a *argo) generateSubchartAndAppDAGTasks(ctx context.Context, app *v1alpha1
APIVersion: "v1",
},
ObjectMeta: v1.ObjectMeta{
Name: hr.Namespace,
Namespace: hr.Namespace,
Name: hr.Spec.TargetNamespace,
},
}
@ -437,7 +433,7 @@ func defaultExecutor() v1alpha12.Template {
Name: helmReleaseExecutor,
// FIXME (nitishm) : Hack
// Replace with the actual service account in use
ServiceAccountName: "orkestra",
ServiceAccountName: os.Getenv("SERVICE_ACCOUNT_NAME"),
Inputs: v1alpha12.Inputs{
Parameters: []v1alpha12.Parameter{
{
@ -475,8 +471,7 @@ func generateSubchartHelmRelease(a helmopv1.HelmReleaseSpec, sc, version, repo,
APIVersion: "helm.fluxcd.io/v1",
},
ObjectMeta: v1.ObjectMeta{
Name: sc,
Namespace: targetNS,
Name: sc,
},
Spec: helmopv1.HelmReleaseSpec{
ChartSource: helmopv1.ChartSource{