From 013d64cb7bc8c7a0692a077922ebca52b70c406e Mon Sep 17 00:00:00 2001 From: Jonas Pettersson Date: Thu, 4 Jun 2020 10:39:37 +0200 Subject: [PATCH] Externalize Affinity Assistant image Container images should not be hardcoded. This commit externalize what image should be used for the Affinity Assistant. /kind misc --- cmd/controller/main.go | 6 ++++-- config/controller.yaml | 5 +++++ pkg/apis/pipeline/images.go | 2 ++ pkg/apis/resource/v1alpha1/storage/build_gcs_test.go | 1 + pkg/artifacts/artifact_storage_test.go | 1 + pkg/reconciler/pipelinerun/affinity_assistant.go | 11 +++++------ pkg/reconciler/pipelinerun/affinity_assistant_test.go | 4 ++-- pkg/reconciler/pipelinerun/pipelinerun_test.go | 1 + pkg/reconciler/taskrun/resources/apply_test.go | 1 + .../taskrun/resources/input_resource_test.go | 1 + pkg/reconciler/taskrun/taskrun_test.go | 1 + 11 files changed, 24 insertions(+), 10 deletions(-) diff --git a/cmd/controller/main.go b/cmd/controller/main.go index e8b3e09548c..4febb20e64c 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -36,8 +36,9 @@ const ( var ( entrypointImage = flag.String("entrypoint-image", "override-with-entrypoint:latest", "The container image containing our entrypoint binary.") - nopImage = flag.String("nop-image", "tianon/true", "The container image used to stop sidecars") - gitImage = flag.String("git-image", "override-with-git:latest", + nopImage = flag.String("nop-image", "tianon/true", "The container image used to stop sidecars") + affinityAssistantImage = flag.String("affinity-assistant-image", "nginx", "The container image used for the Affinity Assistant") + gitImage = flag.String("git-image", "override-with-git:latest", "The container image containing our Git binary.") credsImage = flag.String("creds-image", "override-with-creds:latest", "The container image for preparing our Build's credentials.") @@ -60,6 +61,7 @@ func main() { images := pipeline.Images{ EntrypointImage: *entrypointImage, NopImage: *nopImage, + AffinityAssistantImage: *affinityAssistantImage, GitImage: *gitImage, CredsImage: *credsImage, KubeconfigWriterImage: *kubeconfigWriterImage, diff --git a/config/controller.yaml b/config/controller.yaml index 2958ba2472b..0ea463145ac 100644 --- a/config/controller.yaml +++ b/config/controller.yaml @@ -66,6 +66,11 @@ spec: "-pr-image", "github.com/tektoncd/pipeline/cmd/pullrequest-init", "-build-gcs-fetcher-image", "github.com/tektoncd/pipeline/vendor/github.com/GoogleCloudPlatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher", + # This image is used as a placeholder pod, the Affinity Assistant + # TODO(#2640) We may want to create a custom, minimal binary + # As of June 8, 2020, tag 1.19.0 + "-affinity-assistant-image", "nginx@sha256:c870bf53de0357813af37b9500cb1c2ff9fb4c00120d5fe1d75c21591293c34d", + # These images are pulled from Dockerhub, by digest, as of May 19, 2020. # As of May 29, 2020 new sha for nop image "-nop-image", "tianon/true@sha256:009cce421096698832595ce039aa13fa44327d96beedb84282a69d3dbcf5a81b", diff --git a/pkg/apis/pipeline/images.go b/pkg/apis/pipeline/images.go index 899256e47cd..731dbca0dfa 100644 --- a/pkg/apis/pipeline/images.go +++ b/pkg/apis/pipeline/images.go @@ -23,6 +23,8 @@ type Images struct { EntrypointImage string // NopImage is the container image used to kill sidecars. NopImage string + // AffinityAssistantImage is the container image used for the Affinity Assistant. + AffinityAssistantImage string // GitImage is the container image with Git that we use to implement the Git source step. GitImage string // CredsImage is the container image used to initialize credentials before the build runs. diff --git a/pkg/apis/resource/v1alpha1/storage/build_gcs_test.go b/pkg/apis/resource/v1alpha1/storage/build_gcs_test.go index 71c90a35e40..84e2e627ba0 100644 --- a/pkg/apis/resource/v1alpha1/storage/build_gcs_test.go +++ b/pkg/apis/resource/v1alpha1/storage/build_gcs_test.go @@ -33,6 +33,7 @@ import ( var images = pipeline.Images{ EntrypointImage: "override-with-entrypoint:latest", NopImage: "tianon/true", + AffinityAssistantImage: "nginx", GitImage: "override-with-git:latest", CredsImage: "override-with-creds:latest", KubeconfigWriterImage: "override-with-kubeconfig-writer:latest", diff --git a/pkg/artifacts/artifact_storage_test.go b/pkg/artifacts/artifact_storage_test.go index c39b0658a94..99dd9099af4 100644 --- a/pkg/artifacts/artifact_storage_test.go +++ b/pkg/artifacts/artifact_storage_test.go @@ -39,6 +39,7 @@ var ( images = pipeline.Images{ EntrypointImage: "override-with-entrypoint:latest", NopImage: "tianon/true", + AffinityAssistantImage: "nginx", GitImage: "override-with-git:latest", CredsImage: "override-with-creds:latest", KubeconfigWriterImage: "override-with-kubeconfig-writer:latest", diff --git a/pkg/reconciler/pipelinerun/affinity_assistant.go b/pkg/reconciler/pipelinerun/affinity_assistant.go index b6920b9cc43..363a2335150 100644 --- a/pkg/reconciler/pipelinerun/affinity_assistant.go +++ b/pkg/reconciler/pipelinerun/affinity_assistant.go @@ -56,7 +56,8 @@ func (c *Reconciler) createAffinityAssistants(wb []v1alpha1.WorkspaceBinding, pr claimName := getClaimName(w, pr.GetOwnerReference()) switch { case apierrors.IsNotFound(err): - _, err := c.KubeClientSet.AppsV1().StatefulSets(namespace).Create(affinityAssistantStatefulSet(affinityAssistantName, pr, claimName)) + affinityAssistantStatefulSet := affinityAssistantStatefulSet(affinityAssistantName, pr, claimName, c.Images.AffinityAssistantImage) + _, err := c.KubeClientSet.AppsV1().StatefulSets(namespace).Create(affinityAssistantStatefulSet) if err != nil { errs = append(errs, fmt.Errorf("failed to create StatefulSet %s: %s", affinityAssistantName, err)) } @@ -113,7 +114,7 @@ func getStatefulSetLabels(pr *v1beta1.PipelineRun, affinityAssistantName string) return labels } -func affinityAssistantStatefulSet(name string, pr *v1beta1.PipelineRun, claimName string) *appsv1.StatefulSet { +func affinityAssistantStatefulSet(name string, pr *v1beta1.PipelineRun, claimName string, affinityAssistantImage string) *appsv1.StatefulSet { // We want a singleton pod replicas := int32(1) @@ -130,10 +131,8 @@ func affinityAssistantStatefulSet(name string, pr *v1beta1.PipelineRun, claimNam } containers := []corev1.Container{{ - Name: "affinity-assistant", - - //TODO(#2640) We may want to create a custom, minimal binary - Image: "nginx", + Name: "affinity-assistant", + Image: affinityAssistantImage, // Set requests == limits to get QoS class _Guaranteed_. // See https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed diff --git a/pkg/reconciler/pipelinerun/affinity_assistant_test.go b/pkg/reconciler/pipelinerun/affinity_assistant_test.go index b499fe3ea35..dff5f21a678 100644 --- a/pkg/reconciler/pipelinerun/affinity_assistant_test.go +++ b/pkg/reconciler/pipelinerun/affinity_assistant_test.go @@ -105,7 +105,7 @@ func TestThatCustomTolerationsAndNodeSelectorArePropagatedToAffinityAssistant(t }, } - stsWithTolerationsAndNodeSelector := affinityAssistantStatefulSet("test-assistant", prWithCustomPodTemplate, "mypvc") + stsWithTolerationsAndNodeSelector := affinityAssistantStatefulSet("test-assistant", prWithCustomPodTemplate, "mypvc", "nginx") if len(stsWithTolerationsAndNodeSelector.Spec.Template.Spec.Tolerations) != 1 { t.Errorf("expected Tolerations in the StatefulSet") @@ -125,7 +125,7 @@ func TestThatTheAffinityAssistantIsWithoutNodeSelectorAndTolerations(t *testing. Spec: v1beta1.PipelineRunSpec{}, } - stsWithoutTolerationsAndNodeSelector := affinityAssistantStatefulSet("test-assistant", prWithoutCustomPodTemplate, "mypvc") + stsWithoutTolerationsAndNodeSelector := affinityAssistantStatefulSet("test-assistant", prWithoutCustomPodTemplate, "mypvc", "nginx") if len(stsWithoutTolerationsAndNodeSelector.Spec.Template.Spec.Tolerations) != 0 { t.Errorf("unexpected Tolerations in the StatefulSet") diff --git a/pkg/reconciler/pipelinerun/pipelinerun_test.go b/pkg/reconciler/pipelinerun/pipelinerun_test.go index 42d7f7e65c4..d3b14529c69 100644 --- a/pkg/reconciler/pipelinerun/pipelinerun_test.go +++ b/pkg/reconciler/pipelinerun/pipelinerun_test.go @@ -58,6 +58,7 @@ var ( images = pipeline.Images{ EntrypointImage: "override-with-entrypoint:latest", NopImage: "tianon/true", + AffinityAssistantImage: "nginx", GitImage: "override-with-git:latest", CredsImage: "override-with-creds:latest", KubeconfigWriterImage: "override-with-kubeconfig-writer:latest", diff --git a/pkg/reconciler/taskrun/resources/apply_test.go b/pkg/reconciler/taskrun/resources/apply_test.go index b51ecbbdb54..974d61d6625 100644 --- a/pkg/reconciler/taskrun/resources/apply_test.go +++ b/pkg/reconciler/taskrun/resources/apply_test.go @@ -36,6 +36,7 @@ var ( images = pipeline.Images{ EntrypointImage: "override-with-entrypoint:latest", NopImage: "tianon/true", + AffinityAssistantImage: "nginx", GitImage: "override-with-git:latest", CredsImage: "override-with-creds:latest", KubeconfigWriterImage: "override-with-kubeconfig-writer-image:latest", diff --git a/pkg/reconciler/taskrun/resources/input_resource_test.go b/pkg/reconciler/taskrun/resources/input_resource_test.go index 49e2baac206..587025429cd 100644 --- a/pkg/reconciler/taskrun/resources/input_resource_test.go +++ b/pkg/reconciler/taskrun/resources/input_resource_test.go @@ -38,6 +38,7 @@ var ( images = pipeline.Images{ EntrypointImage: "override-with-entrypoint:latest", NopImage: "tianon/true", + AffinityAssistantImage: "nginx", GitImage: "override-with-git:latest", CredsImage: "override-with-creds:latest", KubeconfigWriterImage: "override-with-kubeconfig-writer:latest", diff --git a/pkg/reconciler/taskrun/taskrun_test.go b/pkg/reconciler/taskrun/taskrun_test.go index 7f7cc95f281..c3f23c4d26a 100644 --- a/pkg/reconciler/taskrun/taskrun_test.go +++ b/pkg/reconciler/taskrun/taskrun_test.go @@ -67,6 +67,7 @@ var ( images = pipeline.Images{ EntrypointImage: "override-with-entrypoint:latest", NopImage: "tianon/true", + AffinityAssistantImage: "nginx", GitImage: "override-with-git:latest", CredsImage: "override-with-creds:latest", KubeconfigWriterImage: "override-with-kubeconfig-writer:latest",