Skip to content
Snippets Groups Projects
Verified Commit 2946b8e7 authored by Nicholas Colbert's avatar Nicholas Colbert Committed by Tomasz Maczukin
Browse files

Refactor to clean up code

parent ea0d95ca
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
common/config.go
+ 42
43
View file @ 2946b8e7
......@@ -158,49 +158,48 @@ func (p KubernetesPullPolicy) Get() (KubernetesPullPolicy, error) {
}
type KubernetesConfig struct {
Host string `toml:"host" json:"host" long:"host" env:"KUBERNETES_HOST" description:"Optional Kubernetes master host URL (auto-discovery attempted if not specified)"`
CertFile string `toml:"cert_file,omitempty" json:"cert_file" long:"cert-file" env:"KUBERNETES_CERT_FILE" description:"Optional Kubernetes master auth certificate"`
KeyFile string `toml:"key_file,omitempty" json:"key_file" long:"key-file" env:"KUBERNETES_KEY_FILE" description:"Optional Kubernetes master auth private key"`
CAFile string `toml:"ca_file,omitempty" json:"ca_file" long:"ca-file" env:"KUBERNETES_CA_FILE" description:"Optional Kubernetes master auth ca certificate"`
BearerTokenOverwriteAllowed bool `toml:"bearer_token_overwrite_allowed" json:"bearer_token_overwrite_allowed" long:"bearer_token_overwrite_allowed" env:"KUBERNETES_BEARER_TOKEN_OVERWRITE_ALLOWED" description:"Bool to authorize builds to specify their own bearer token for creation."`
BearerToken string `toml:"bearer_token,omitempty" json:"bearer_token" long:"bearer_token" env:"KUBERNETES_BEARER_TOKEN" description:"Optional Kubernetes service account token used to start build pods."`
Image string `toml:"image" json:"image" long:"image" env:"KUBERNETES_IMAGE" description:"Default docker image to use for builds when none is specified"`
Namespace string `toml:"namespace" json:"namespace" long:"namespace" env:"KUBERNETES_NAMESPACE" description:"Namespace to run Kubernetes jobs in"`
NamespaceOverwriteAllowed string `toml:"namespace_overwrite_allowed" json:"namespace_overwrite_allowed" long:"namespace_overwrite_allowed" env:"KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_NAMESPACE_OVERWRITE' value"`
Privileged bool `toml:"privileged,omitzero" json:"privileged" long:"privileged" env:"KUBERNETES_PRIVILEGED" description:"Run all containers with the privileged flag enabled"`
CPULimit string `toml:"cpu_limit,omitempty" json:"cpu_limit" long:"cpu-limit" env:"KUBERNETES_CPU_LIMIT" description:"The CPU allocation given to build containers"`
MemoryLimit string `toml:"memory_limit,omitempty" json:"memory_limit" long:"memory-limit" env:"KUBERNETES_MEMORY_LIMIT" description:"The amount of memory allocated to build containers"`
ServiceCPULimit string `toml:"service_cpu_limit,omitempty" json:"service_cpu_limit" long:"service-cpu-limit" env:"KUBERNETES_SERVICE_CPU_LIMIT" description:"The CPU allocation given to build service containers"`
ServiceMemoryLimit string `toml:"service_memory_limit,omitempty" json:"service_memory_limit" long:"service-memory-limit" env:"KUBERNETES_SERVICE_MEMORY_LIMIT" description:"The amount of memory allocated to build service containers"`
HelperCPULimit string `toml:"helper_cpu_limit,omitempty" json:"helper_cpu_limit" long:"helper-cpu-limit" env:"KUBERNETES_HELPER_CPU_LIMIT" description:"The CPU allocation given to build helper containers"`
HelperMemoryLimit string `toml:"helper_memory_limit,omitempty" json:"helper_memory_limit" long:"helper-memory-limit" env:"KUBERNETES_HELPER_MEMORY_LIMIT" description:"The amount of memory allocated to build helper containers"`
CPURequest string `toml:"cpu_request,omitempty" json:"cpu_request" long:"cpu-request" env:"KUBERNETES_CPU_REQUEST" description:"The CPU allocation requested for build containers"`
MemoryRequest string `toml:"memory_request,omitempty" json:"memory_request" long:"memory-request" env:"KUBERNETES_MEMORY_REQUEST" description:"The amount of memory requested from build containers"`
ServiceCPURequest string `toml:"service_cpu_request,omitempty" json:"service_cpu_request" long:"service-cpu-request" env:"KUBERNETES_SERVICE_CPU_REQUEST" description:"The CPU allocation requested for build service containers"`
ServiceMemoryRequest string `toml:"service_memory_request,omitempty" json:"service_memory_request" long:"service-memory-request" env:"KUBERNETES_SERVICE_MEMORY_REQUEST" description:"The amount of memory requested for build service containers"`
HelperCPURequest string `toml:"helper_cpu_request,omitempty" json:"helper_cpu_request" long:"helper-cpu-request" env:"KUBERNETES_HELPER_CPU_REQUEST" description:"The CPU allocation requested for build helper containers"`
HelperMemoryRequest string `toml:"helper_memory_request,omitempty" json:"helper_memory_request" long:"helper-memory-request" env:"KUBERNETES_HELPER_MEMORY_REQUEST" description:"The amount of memory requested for build helper containers"`
PullPolicy KubernetesPullPolicy `toml:"pull_policy,omitempty" json:"pull_policy" long:"pull-policy" env:"KUBERNETES_PULL_POLICY" description:"Policy for if/when to pull a container image (never, if-not-present, always). The cluster default will be used if not set"`
NodeSelector map[string]string `toml:"node_selector,omitempty" json:"node_selector" long:"node-selector" env:"KUBERNETES_NODE_SELECTOR" description:"A toml table/json object of key=value. Value is expected to be a string. When set this will create pods on k8s nodes that match all the key=value pairs."`
NodeTolerations map[string]string `toml:"node_tolerations,omitempty" json:"node_tolerations" long:"node-tolerations" env:"KUBERNETES_NODE_TOLERATIONS" description:"A toml table/json object of key=value:effect. Value and effect are expected to be strings. When set, pods will tolerate the given taints. Only one toleration is supported through environment variable configuration."`
ImagePullSecrets []string `toml:"image_pull_secrets,omitempty" json:"image_pull_secrets" long:"image-pull-secrets" env:"KUBERNETES_IMAGE_PULL_SECRETS" description:"A list of image pull secrets that are used for pulling docker image"`
HelperImage string `toml:"helper_image,omitempty" json:"helper_image" long:"helper-image" env:"KUBERNETES_HELPER_IMAGE" description:"[ADVANCED] Override the default helper image used to clone repos and upload artifacts"`
TerminationGracePeriodSeconds int64 `toml:"terminationGracePeriodSeconds,omitzero" json:"terminationGracePeriodSeconds" long:"terminationGracePeriodSeconds" env:"KUBERNETES_TERMINATIONGRACEPERIODSECONDS" description:"Duration after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal."`
PollInterval int `toml:"poll_interval,omitzero" json:"poll_interval" long:"poll-interval" env:"KUBERNETES_POLL_INTERVAL" description:"How frequently, in seconds, the runner will poll the Kubernetes pod it has just created to check its status"`
PollTimeout int `toml:"poll_timeout,omitzero" json:"poll_timeout" long:"poll-timeout" env:"KUBERNETES_POLL_TIMEOUT" description:"The total amount of time, in seconds, that needs to pass before the runner will timeout attempting to connect to the pod it has just created (useful for queueing more builds that the cluster can handle at a time)"`
PodLabels map[string]string `toml:"pod_labels,omitempty" json:"pod_labels" long:"pod-labels" description:"A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given pod labels. Environment variables will be substituted for values here."`
ServiceAccount string `toml:"service_account,omitempty" json:"service_account" long:"service-account" env:"KUBERNETES_SERVICE_ACCOUNT" description:"Executor pods will use this Service Account to talk to kubernetes API"`
ServiceAccountOverwriteAllowed string `toml:"service_account_overwrite_allowed" json:"service_account_overwrite_allowed" long:"service_account_overwrite_allowed" env:"KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_SERVICE_ACCOUNT' value"`
PodAnnotations map[string]string `toml:"pod_annotations,omitempty" json:"pod_annotations" long:"pod-annotations" description:"A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given annotations. Can be overwritten in build with KUBERNETES_POD_ANNOTATION_* variables"`
PodAnnotationsOverwriteAllowed string `toml:"pod_annotations_overwrite_allowed" json:"pod_annotations_overwrite_allowed" long:"pod_annotations_overwrite_allowed" env:"KUBERNETES_POD_ANNOTATIONS_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_POD_ANNOTATIONS_*' values"`
PodSecurityContext KubernetesPodSecurityContext `toml:"pod_security_context,omitempty" namespace:"pod-security-context" description:"A security context attached to each build pod"`
Volumes KubernetesVolumes `toml:"volumes"`
Services []Service `toml:"services,omitempty" json:"services" long:"services" description:"Add service that is started with container"`
CPULimitOverwriteMaxAllowed string `toml:"cpu_limit_overwrite_max_allowed,omitempty" json:"cpu_limit_overwrite_max_allowed" long:"cpu-limit-overwrite-max-allowed" env:"KUBERNETES_CPU_LIMIT_OVERWRITE_MAX_ALLOWED" description:"If set, the max amount the cpu limit can be set to. Used with the KUBERNETES_CPU_LIMIT variable in the build."`
MemoryLimitOverwriteMaxAllowed string `toml:"memory_limit_overwrite_max_allowed,omitempty" json:"memory_limit_overwrite_max_allowed" long:"memory-limit-overwrite-max-allowed" env:"KUBERNETES_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED" description:"If set, the max amount the memory limit can be set to. Used with the KUBERNETES_MEMORY_LIMIT variable in the build."`
CPURequestOverwriteMaxAllowed string `toml:"cpu_request_overwrite_max_allowed,omitempty" json:"cpu_request_overwrite_max_allowed" long:"cpu-request-overwrite-max-allowed" env:"KUBERNETES_CPU_REQUEST_OVERWRITE_MAX_ALLOWED" description:"If set, the max amount the cpu request can be set to. Used with the KUBERNETES_CPU_REQUEST variable in the build."`
MemoryRequestOverwriteMaxAllowed string `toml:"memory_request_overwrite_max_allowed,omitempty" json:"memory_request_overwrite_max_allowed" long:"memory-request-overwrite-max-allowed" env:"KUBERNETES_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED" description:"If set, the max amount the memory request can be set to. Used with the KUBERNETES_MEMORY_REQUEST variable in the build."`
Host string `toml:"host" json:"host" long:"host" env:"KUBERNETES_HOST" description:"Optional Kubernetes master host URL (auto-discovery attempted if not specified)"`
CertFile string `toml:"cert_file,omitempty" json:"cert_file" long:"cert-file" env:"KUBERNETES_CERT_FILE" description:"Optional Kubernetes master auth certificate"`
KeyFile string `toml:"key_file,omitempty" json:"key_file" long:"key-file" env:"KUBERNETES_KEY_FILE" description:"Optional Kubernetes master auth private key"`
CAFile string `toml:"ca_file,omitempty" json:"ca_file" long:"ca-file" env:"KUBERNETES_CA_FILE" description:"Optional Kubernetes master auth ca certificate"`
BearerTokenOverwriteAllowed bool `toml:"bearer_token_overwrite_allowed" json:"bearer_token_overwrite_allowed" long:"bearer_token_overwrite_allowed" env:"KUBERNETES_BEARER_TOKEN_OVERWRITE_ALLOWED" description:"Bool to authorize builds to specify their own bearer token for creation."`
BearerToken string `toml:"bearer_token,omitempty" json:"bearer_token" long:"bearer_token" env:"KUBERNETES_BEARER_TOKEN" description:"Optional Kubernetes service account token used to start build pods."`
Image string `toml:"image" json:"image" long:"image" env:"KUBERNETES_IMAGE" description:"Default docker image to use for builds when none is specified"`
Namespace string `toml:"namespace" json:"namespace" long:"namespace" env:"KUBERNETES_NAMESPACE" description:"Namespace to run Kubernetes jobs in"`
NamespaceOverwriteAllowed string `toml:"namespace_overwrite_allowed" json:"namespace_overwrite_allowed" long:"namespace_overwrite_allowed" env:"KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_NAMESPACE_OVERWRITE' value"`
Privileged bool `toml:"privileged,omitzero" json:"privileged" long:"privileged" env:"KUBERNETES_PRIVILEGED" description:"Run all containers with the privileged flag enabled"`
CPULimit string `toml:"cpu_limit,omitempty" json:"cpu_limit" long:"cpu-limit" env:"KUBERNETES_CPU_LIMIT" description:"The CPU allocation given to build containers"`
CPULimitOverwriteMaxAllowed string `toml:"cpu_limit_overwrite_max_allowed,omitempty" json:"cpu_limit_overwrite_max_allowed" long:"cpu-limit-overwrite-max-allowed" env:"KUBERNETES_CPU_LIMIT_OVERWRITE_MAX_ALLOWED" description:"If set, the max amount the cpu limit can be set to. Used with the KUBERNETES_CPU_LIMIT variable in the build."`
MemoryLimit string `toml:"memory_limit,omitempty" json:"memory_limit" long:"memory-limit" env:"KUBERNETES_MEMORY_LIMIT" description:"The amount of memory allocated to build containers"`
MemoryLimitOverwriteMaxAllowed string `toml:"memory_limit_overwrite_max_allowed,omitempty" json:"memory_limit_overwrite_max_allowed" long:"memory-limit-overwrite-max-allowed" env:"KUBERNETES_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED" description:"If set, the max amount the memory limit can be set to. Used with the KUBERNETES_MEMORY_LIMIT variable in the build."`
ServiceCPULimit string `toml:"service_cpu_limit,omitempty" json:"service_cpu_limit" long:"service-cpu-limit" env:"KUBERNETES_SERVICE_CPU_LIMIT" description:"The CPU allocation given to build service containers"`
ServiceMemoryLimit string `toml:"service_memory_limit,omitempty" json:"service_memory_limit" long:"service-memory-limit" env:"KUBERNETES_SERVICE_MEMORY_LIMIT" description:"The amount of memory allocated to build service containers"`
HelperCPULimit string `toml:"helper_cpu_limit,omitempty" json:"helper_cpu_limit" long:"helper-cpu-limit" env:"KUBERNETES_HELPER_CPU_LIMIT" description:"The CPU allocation given to build helper containers"`
HelperMemoryLimit string `toml:"helper_memory_limit,omitempty" json:"helper_memory_limit" long:"helper-memory-limit" env:"KUBERNETES_HELPER_MEMORY_LIMIT" description:"The amount of memory allocated to build helper containers"`
CPURequest string `toml:"cpu_request,omitempty" json:"cpu_request" long:"cpu-request" env:"KUBERNETES_CPU_REQUEST" description:"The CPU allocation requested for build containers"`
CPURequestOverwriteMaxAllowed string `toml:"cpu_request_overwrite_max_allowed,omitempty" json:"cpu_request_overwrite_max_allowed" long:"cpu-request-overwrite-max-allowed" env:"KUBERNETES_CPU_REQUEST_OVERWRITE_MAX_ALLOWED" description:"If set, the max amount the cpu request can be set to. Used with the KUBERNETES_CPU_REQUEST variable in the build."`
MemoryRequest string `toml:"memory_request,omitempty" json:"memory_request" long:"memory-request" env:"KUBERNETES_MEMORY_REQUEST" description:"The amount of memory requested from build containers"`
MemoryRequestOverwriteMaxAllowed string `toml:"memory_request_overwrite_max_allowed,omitempty" json:"memory_request_overwrite_max_allowed" long:"memory-request-overwrite-max-allowed" env:"KUBERNETES_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED" description:"If set, the max amount the memory request can be set to. Used with the KUBERNETES_MEMORY_REQUEST variable in the build."`
ServiceCPURequest string `toml:"service_cpu_request,omitempty" json:"service_cpu_request" long:"service-cpu-request" env:"KUBERNETES_SERVICE_CPU_REQUEST" description:"The CPU allocation requested for build service containers"`
ServiceMemoryRequest string `toml:"service_memory_request,omitempty" json:"service_memory_request" long:"service-memory-request" env:"KUBERNETES_SERVICE_MEMORY_REQUEST" description:"The amount of memory requested for build service containers"`
HelperCPURequest string `toml:"helper_cpu_request,omitempty" json:"helper_cpu_request" long:"helper-cpu-request" env:"KUBERNETES_HELPER_CPU_REQUEST" description:"The CPU allocation requested for build helper containers"`
HelperMemoryRequest string `toml:"helper_memory_request,omitempty" json:"helper_memory_request" long:"helper-memory-request" env:"KUBERNETES_HELPER_MEMORY_REQUEST" description:"The amount of memory requested for build helper containers"`
PullPolicy KubernetesPullPolicy `toml:"pull_policy,omitempty" json:"pull_policy" long:"pull-policy" env:"KUBERNETES_PULL_POLICY" description:"Policy for if/when to pull a container image (never, if-not-present, always). The cluster default will be used if not set"`
NodeSelector map[string]string `toml:"node_selector,omitempty" json:"node_selector" long:"node-selector" env:"KUBERNETES_NODE_SELECTOR" description:"A toml table/json object of key=value. Value is expected to be a string. When set this will create pods on k8s nodes that match all the key=value pairs."`
NodeTolerations map[string]string `toml:"node_tolerations,omitempty" json:"node_tolerations" long:"node-tolerations" env:"KUBERNETES_NODE_TOLERATIONS" description:"A toml table/json object of key=value:effect. Value and effect are expected to be strings. When set, pods will tolerate the given taints. Only one toleration is supported through environment variable configuration."`
ImagePullSecrets []string `toml:"image_pull_secrets,omitempty" json:"image_pull_secrets" long:"image-pull-secrets" env:"KUBERNETES_IMAGE_PULL_SECRETS" description:"A list of image pull secrets that are used for pulling docker image"`
HelperImage string `toml:"helper_image,omitempty" json:"helper_image" long:"helper-image" env:"KUBERNETES_HELPER_IMAGE" description:"[ADVANCED] Override the default helper image used to clone repos and upload artifacts"`
TerminationGracePeriodSeconds int64 `toml:"terminationGracePeriodSeconds,omitzero" json:"terminationGracePeriodSeconds" long:"terminationGracePeriodSeconds" env:"KUBERNETES_TERMINATIONGRACEPERIODSECONDS" description:"Duration after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal."`
PollInterval int `toml:"poll_interval,omitzero" json:"poll_interval" long:"poll-interval" env:"KUBERNETES_POLL_INTERVAL" description:"How frequently, in seconds, the runner will poll the Kubernetes pod it has just created to check its status"`
PollTimeout int `toml:"poll_timeout,omitzero" json:"poll_timeout" long:"poll-timeout" env:"KUBERNETES_POLL_TIMEOUT" description:"The total amount of time, in seconds, that needs to pass before the runner will timeout attempting to connect to the pod it has just created (useful for queueing more builds that the cluster can handle at a time)"`
PodLabels map[string]string `toml:"pod_labels,omitempty" json:"pod_labels" long:"pod-labels" description:"A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given pod labels. Environment variables will be substituted for values here."`
ServiceAccount string `toml:"service_account,omitempty" json:"service_account" long:"service-account" env:"KUBERNETES_SERVICE_ACCOUNT" description:"Executor pods will use this Service Account to talk to kubernetes API"`
ServiceAccountOverwriteAllowed string `toml:"service_account_overwrite_allowed" json:"service_account_overwrite_allowed" long:"service_account_overwrite_allowed" env:"KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_SERVICE_ACCOUNT' value"`
PodAnnotations map[string]string `toml:"pod_annotations,omitempty" json:"pod_annotations" long:"pod-annotations" description:"A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given annotations. Can be overwritten in build with KUBERNETES_POD_ANNOTATION_* variables"`
PodAnnotationsOverwriteAllowed string `toml:"pod_annotations_overwrite_allowed" json:"pod_annotations_overwrite_allowed" long:"pod_annotations_overwrite_allowed" env:"KUBERNETES_POD_ANNOTATIONS_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_POD_ANNOTATIONS_*' values"`
PodSecurityContext KubernetesPodSecurityContext `toml:"pod_security_context,omitempty" namespace:"pod-security-context" description:"A security context attached to each build pod"`
Volumes KubernetesVolumes `toml:"volumes"`
Services []Service `toml:"services,omitempty" json:"services" long:"services" description:"Add service that is started with container"`
}
type KubernetesVolumes struct {
......
docs/executors/kubernetes.md
+ 6
14
View file @ 2946b8e7
......@@ -172,22 +172,13 @@ variables:
NOTE: **Note:**
You must specify [`pod_annotations_overwrite_allowed`](#the-keywords) to override pod annotations via the `.gitlab-ci.yml` file.
### Overwriting Build Resources
Additionally, Kubernetes CPU and memory allocations for requests and limits can be overwritten on the `.gitlab-ci.yml` file with the following variables:
``` yaml
variables:
KUBERNETES_CPU_REQUEST: 3
KUBERNETES_CPU_LIMIT: 5
KUBERNETES_MEMORY_REQUEST: 2Gi
KUBERNETES_MEMORY_LIMIT: 4Gi
```
The values for these variables are restriced to what the max overwrite for that resource has been set to.
### Overwriting Build Resources
Additionally, Kubernetes CPU and memory allocations for requests and limits can be overwritten on the `.gitlab-ci.yml` file with the following variables:
Additionally, Kubernetes CPU and memory allocations for requests and
limits can be overwritten on the `.gitlab-ci.yml` file with the
following variables:
``` yaml
variables:
KUBERNETES_CPU_REQUEST: 3
......@@ -195,8 +186,9 @@ Additionally, Kubernetes CPU and memory allocations for requests and limits can
KUBERNETES_MEMORY_REQUEST: 2Gi
KUBERNETES_MEMORY_LIMIT: 4Gi
```
The values for these variables are restriced to what the max overwrite for that resource has been set to.
The values for these variables are restricted to what the max overwrite
for that resource has been set to.
## Define keywords in the config toml
......
executors/kubernetes/executor_kubernetes.go
+ 10
12
View file @ 2946b8e7
......@@ -84,7 +84,6 @@ type serviceCreateResponse struct {
func (s *executor) setupResources() error {
var err error
// Overwrites
if s.buildLimits, err = limits(s.configurationOverwrites.cpuLimit, s.configurationOverwrites.memoryLimit); err != nil {
return fmt.Errorf("invalid build limits specified: %w", err)
}
......@@ -93,20 +92,18 @@ func (s *executor) setupResources() error {
return fmt.Errorf("invalid build requests specified: %w", err)
}
// Limit
if s.serviceLimits, err = limits(s.Config.Kubernetes.ServiceCPULimit, s.Config.Kubernetes.ServiceMemoryLimit); err != nil {
return fmt.Errorf("invalid service limits specified: %w", err)
}
if s.helperLimits, err = limits(s.Config.Kubernetes.HelperCPULimit, s.Config.Kubernetes.HelperMemoryLimit); err != nil {
return fmt.Errorf("invalid helper limits specified: %w", err)
}
// Requests
if s.serviceRequests, err = limits(s.Config.Kubernetes.ServiceCPURequest, s.Config.Kubernetes.ServiceMemoryRequest); err != nil {
return fmt.Errorf("invalid service requests specified: %w", err)
}
if s.helperLimits, err = limits(s.Config.Kubernetes.HelperCPULimit, s.Config.Kubernetes.HelperMemoryLimit); err != nil {
return fmt.Errorf("invalid helper limits specified: %w", err)
}
if s.helperRequests, err = limits(s.Config.Kubernetes.HelperCPURequest, s.Config.Kubernetes.HelperMemoryRequest); err != nil {
return fmt.Errorf("invalid helper requests specified: %w", err)
}
......@@ -116,7 +113,7 @@ func (s *executor) setupResources() error {
func (s *executor) Prepare(options common.ExecutorPrepareOptions) (err error) {
if err = s.AbstractExecutor.Prepare(options); err != nil {
return err
return fmt.Errorf("AbstractExecutor Prepare() failed with: %w", err)
}
if s.BuildShell.PassFile {
......@@ -124,21 +121,22 @@ func (s *executor) Prepare(options common.ExecutorPrepareOptions) (err error) {
}
if err = s.prepareOverwrites(options.Build.Variables); err != nil {
return err
return fmt.Errorf("couldn't prepare overwrites: %w", err)
}
if err = s.setupResources(); err != nil {
return err
return fmt.Errorf("couldn't setup Kubernetes resources: %w", err)
}
if s.pullPolicy, err = s.Config.Kubernetes.PullPolicy.Get(); err != nil {
return err
return fmt.Errorf("couldn't get pull policy: %w", err)
}
s.prepareOptions(options.Build)
if err = s.checkDefaults(); err != nil {
return err
return fmt.Errorf("check defaults error: %w", err)
}
if s.kubeClient, err = getKubeClient(options.Config.Kubernetes, s.configurationOverwrites); err != nil {
......
executors/kubernetes/overwrites.go
+ 20
17
View file @ 2946b8e7
......@@ -5,8 +5,9 @@ import (
"regexp"
"strings"
"gitlab.com/gitlab-org/gitlab-runner/common"
"k8s.io/apimachinery/pkg/api/resource"
"gitlab.com/gitlab-org/gitlab-runner/common"
)
const (
......@@ -43,19 +44,21 @@ func createOverwrites(config *common.KubernetesConfig, variables common.JobVaria
var err error
o := &overwrites{}
namespaceOverwrite := variables.Expand().Get(NamespaceOverwriteVariableName)
variables = variables.Expand()
namespaceOverwrite := variables.Get(NamespaceOverwriteVariableName)
o.namespace, err = o.evaluateOverwrite("Namespace", config.Namespace, config.NamespaceOverwriteAllowed, namespaceOverwrite, logger)
if err != nil {
return nil, err
}
serviceAccountOverwrite := variables.Expand().Get(ServiceAccountOverwriteVariableName)
serviceAccountOverwrite := variables.Get(ServiceAccountOverwriteVariableName)
o.serviceAccount, err = o.evaluateOverwrite("ServiceAccount", config.ServiceAccount, config.ServiceAccountOverwriteAllowed, serviceAccountOverwrite, logger)
if err != nil {
return nil, err
}
bearerTokenOverwrite := variables.Expand().Get(BearerTokenOverwriteVariableValue)
bearerTokenOverwrite := variables.Get(BearerTokenOverwriteVariableValue)
o.bearerToken, err = o.evaluateBoolControlledOverwrite("BearerToken", config.BearerToken, config.BearerTokenOverwriteAllowed, bearerTokenOverwrite, logger)
if err != nil {
return nil, err
......@@ -66,26 +69,26 @@ func createOverwrites(config *common.KubernetesConfig, variables common.JobVaria
return nil, err
}
cpuLimitOverwrite := variables.Expand().Get(CPULimitOverwriteVariableValue)
o.cpuLimit, err = o.evaluateResourceOverwrite("CPULimit", config.CPULimit, config.CPULimitOverwriteMaxAllowed, cpuLimitOverwrite, logger)
cpuLimitOverwrite := variables.Get(CPULimitOverwriteVariableValue)
o.cpuLimit, err = o.evaluateMaxResourceOverwrite("CPULimit", config.CPULimit, config.CPULimitOverwriteMaxAllowed, cpuLimitOverwrite, logger)
if err != nil {
return nil, err
}
cpuRequestOverwrite := variables.Expand().Get(CPURequestOverwriteVariableValue)
o.cpuRequest, err = o.evaluateResourceOverwrite("CPURequest", config.CPURequest, config.CPURequestOverwriteMaxAllowed, cpuRequestOverwrite, logger)
cpuRequestOverwrite := variables.Get(CPURequestOverwriteVariableValue)
o.cpuRequest, err = o.evaluateMaxResourceOverwrite("CPURequest", config.CPURequest, config.CPURequestOverwriteMaxAllowed, cpuRequestOverwrite, logger)
if err != nil {
return nil, err
}
memoryLimitOverwrite := variables.Expand().Get(MemoryLimitOverwriteVariableValue)
o.memoryLimit, err = o.evaluateResourceOverwrite("MemoryLimit", config.MemoryLimit, config.MemoryLimitOverwriteMaxAllowed, memoryLimitOverwrite, logger)
memoryLimitOverwrite := variables.Get(MemoryLimitOverwriteVariableValue)
o.memoryLimit, err = o.evaluateMaxResourceOverwrite("MemoryLimit", config.MemoryLimit, config.MemoryLimitOverwriteMaxAllowed, memoryLimitOverwrite, logger)
if err != nil {
return nil, err
}
memoryRequestOverwrite := variables.Expand().Get(MemoryRequestOverwriteVariableValue)
o.memoryRequest, err = o.evaluateResourceOverwrite("MemoryRequest", config.MemoryRequest, config.MemoryRequestOverwriteMaxAllowed, memoryRequestOverwrite, logger)
memoryRequestOverwrite := variables.Get(MemoryRequestOverwriteVariableValue)
o.memoryRequest, err = o.evaluateMaxResourceOverwrite("MemoryRequest", config.MemoryRequest, config.MemoryRequestOverwriteMaxAllowed, memoryRequestOverwrite, logger)
if err != nil {
return nil, err
}
......@@ -175,9 +178,9 @@ func (o *overwrites) evaluateMapOverwrite(fieldName string, values map[string]st
return finalValues, nil
}
func (o *overwrites) evaluateResourceOverwrite(fieldName, value, maxResource, overwriteValue string, logger common.BuildLogger) (string, error) {
func (o *overwrites) evaluateMaxResourceOverwrite(fieldName, value, maxResource, overwriteValue string, logger common.BuildLogger) (string, error) {
if maxResource == "" {
logger.Debugln("resource allowing overrides for", fieldName, "is empty, disabling override.")
logger.Debugln("setting allowing overrides for", fieldName, "is empty, disabling override.")
return value, nil
}
......@@ -189,18 +192,18 @@ func (o *overwrites) evaluateResourceOverwrite(fieldName, value, maxResource, ov
var err error
if rMaxResource, err = resource.ParseQuantity(maxResource); err != nil {
return value, fmt.Errorf("error parsing resource limit: %s", err.Error())
return value, fmt.Errorf("error parsing resource limit: %q", err.Error())
}
if rOverwriteValue, err = resource.ParseQuantity(overwriteValue); err != nil {
return value, fmt.Errorf("error parsing resource limit: %s", err.Error())
return value, fmt.Errorf("error parsing resource limit: %q", err.Error())
}
ov := rOverwriteValue.Value()
mr := rMaxResource.Value()
if ov > mr {
return value, fmt.Errorf("The resource: %s requested by the build: %s does not match or is less than limit allowed: %s", fieldName, overwriteValue, maxResource)
return value, fmt.Errorf("the resource %q requested by the build %q does not match or is less than limit allowed %q", fieldName, overwriteValue, maxResource)
}
logger.Println(fmt.Sprintf("%q overwritten with %q", fieldName, overwriteValue))
......
executors/kubernetes/overwrites_test.go
+ 34
49
View file @ 2946b8e7
......@@ -10,40 +10,21 @@ import (
"gitlab.com/gitlab-org/gitlab-runner/common"
)
func buildOverwriteVariables(namespace, serviceAccount, bearerToken, cpuLimit, cpuRequest, memoryLimit, memoryRequest string, podAnnotations map[string]string) common.JobVariables {
variables := make(common.JobVariables, 8)
if namespace != "" {
variables = append(variables, common.JobVariable{Key: NamespaceOverwriteVariableName, Value: namespace})
}
if serviceAccount != "" {
variables = append(variables, common.JobVariable{Key: ServiceAccountOverwriteVariableName, Value: serviceAccount})
}
if bearerToken != "" {
variables = append(variables, common.JobVariable{Key: BearerTokenOverwriteVariableValue, Value: bearerToken})
}
type variableOverwrites map[string]string
if cpuLimit != "" {
variables = append(variables, common.JobVariable{Key: CPULimitOverwriteVariableValue, Value: cpuLimit})
}
if cpuRequest != "" {
variables = append(variables, common.JobVariable{Key: CPURequestOverwriteVariableValue, Value: cpuRequest})
}
if memoryLimit != "" {
variables = append(variables, common.JobVariable{Key: MemoryLimitOverwriteVariableValue, Value: memoryLimit})
}
func buildOverwriteVariables(overwrites variableOverwrites, podAnnotations map[string]string) common.JobVariables {
variables := make(common.JobVariables, 8)
if memoryRequest != "" {
variables = append(variables, common.JobVariable{Key: MemoryRequestOverwriteVariableValue, Value: memoryRequest})
for variableKey, overwriteValue := range overwrites {
if overwriteValue != "" {
variables = append(variables, common.JobVariable{Key: variableKey, Value: overwriteValue})
}
}
for k, v := range podAnnotations {
variables = append(variables, common.JobVariable{Key: k, Value: v})
}
return variables
}
......@@ -96,8 +77,8 @@ func TestOverwrites(t *testing.T) {
Expected: &overwrites{},
},
{
Name: "All overwrites allowed",
Config: overwritesAllowedConfig,
Name: "All overwrites allowed",
Config: overwritesAllowedConfig,
NamespaceOverwriteVariableValue: "my_namespace",
ServiceAccountOverwriteVariableValue: "my_service_account",
BearerTokenOverwriteVariableValue: "my_bearer_token",
......@@ -176,7 +157,7 @@ func TestOverwrites(t *testing.T) {
NamespaceOverwriteAllowed: "not-a-match",
},
NamespaceOverwriteVariableValue: "my_namespace",
Error: true,
Error: true,
},
{
Name: "ServiceAccount failure",
......@@ -184,7 +165,7 @@ func TestOverwrites(t *testing.T) {
ServiceAccountOverwriteAllowed: "not-a-match",
},
ServiceAccountOverwriteVariableValue: "my_service_account",
Error: true,
Error: true,
},
{
Name: "PodAnnotations failure",
......@@ -212,7 +193,7 @@ func TestOverwrites(t *testing.T) {
CPULimitOverwriteMaxAllowed: "10",
},
CPULimitOverwriteVariableValue: "12",
Error: true,
Error: true,
},
{
Name: "CPURequest too high",
......@@ -220,7 +201,7 @@ func TestOverwrites(t *testing.T) {
CPURequestOverwriteMaxAllowed: "10",
},
CPURequestOverwriteVariableValue: "12",
Error: true,
Error: true,
},
{
Name: "MemoryLimit too high",
......@@ -228,7 +209,7 @@ func TestOverwrites(t *testing.T) {
MemoryLimitOverwriteMaxAllowed: "2Gi",
},
MemoryLimitOverwriteVariableValue: "10Gi",
Error: true,
Error: true,
},
{
Name: "MemoryRequest too high",
......@@ -236,7 +217,7 @@ func TestOverwrites(t *testing.T) {
MemoryRequestOverwriteMaxAllowed: "2Gi",
},
MemoryRequestOverwriteVariableValue: "10Gi",
Error: true,
Error: true,
},
{
Name: "MemoryRequest too high different suffix",
......@@ -244,31 +225,35 @@ func TestOverwrites(t *testing.T) {
MemoryRequestOverwriteMaxAllowed: "2Gi",
},
MemoryRequestOverwriteVariableValue: "5000Mi",
Error: true,
Error: true,
},
}
for _, test := range tests {
t.Run(test.Name, func(t *testing.T) {
assert := assert.New(t)
variables := buildOverwriteVariables(
test.NamespaceOverwriteVariableValue,
test.ServiceAccountOverwriteVariableValue,
test.BearerTokenOverwriteVariableValue,
test.CPULimitOverwriteVariableValue,
test.CPURequestOverwriteVariableValue,
test.MemoryLimitOverwriteVariableValue,
test.MemoryRequestOverwriteVariableValue,
variableOverwrites{
NamespaceOverwriteVariableName: test.NamespaceOverwriteVariableValue,
ServiceAccountOverwriteVariableName: test.ServiceAccountOverwriteVariableValue,
BearerTokenOverwriteVariableValue: test.BearerTokenOverwriteVariableValue,
CPULimitOverwriteVariableValue: test.CPULimitOverwriteVariableValue,
CPURequestOverwriteVariableValue: test.CPURequestOverwriteVariableValue,
MemoryLimitOverwriteVariableValue: test.MemoryLimitOverwriteVariableValue,
MemoryRequestOverwriteVariableValue: test.MemoryRequestOverwriteVariableValue,
},
test.PodAnnotationsOverwriteValues,
)
values, err := createOverwrites(test.Config, variables, logger)
if test.Error {
assert.Error(err)
assert.Contains(err.Error(), "does not match")
} else {
assert.NoError(err)
assert.Equal(test.Expected, values)
assert.Error(t, err)
assert.Contains(t, err.Error(), "does not match")
return
}
assert.NoError(t, err)
assert.Equal(t, test.Expected, values)
})
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment