-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pod-scaler: add labels to Build Pods via admission
We need labels on Pods to associate individual executions with their semantic category. Today, we label Builds (as that's what we create) but the Build subsystem does not carry those labels forward to the Pods that implement the Build. This patch adds a new mutating admission webhook server that will add the labels where necessary. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
- Loading branch information
1 parent
cf9a81d
commit 8a61d19
Showing
6 changed files
with
653 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
package main | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"net/http" | ||
|
||
"github.com/sirupsen/logrus" | ||
|
||
corev1 "k8s.io/api/core/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"k8s.io/client-go/rest" | ||
"k8s.io/test-infra/prow/interrupts" | ||
"sigs.k8s.io/controller-runtime/pkg/manager" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" | ||
|
||
buildv1 "github.com/openshift/api/build/v1" | ||
buildclientset "github.com/openshift/client-go/build/clientset/versioned/typed/build/v1" | ||
buildclientv1 "github.com/openshift/client-go/build/clientset/versioned/typed/build/v1" | ||
|
||
"github.com/openshift/ci-tools/pkg/steps" | ||
) | ||
|
||
func admit(port int) { | ||
logger := logrus.WithField("component", "admission") | ||
restConfig, err := rest.InClusterConfig() | ||
if err != nil { | ||
logrus.WithError(err).Fatal("Failed to load in-cluster config.") | ||
} | ||
client, err := buildclientset.NewForConfig(restConfig) | ||
if err != nil { | ||
logrus.WithError(err).Fatal("Failed to construct client.") | ||
} | ||
mgr, err := manager.New(restConfig, manager.Options{Port: port}) | ||
if err != nil { | ||
logrus.WithError(err).Fatal("Could not start manager.") | ||
} | ||
server := mgr.GetWebhookServer() | ||
server.Register("/pods", &webhook.Admission{Handler: &podMutator{logger: logger, client: client}}) | ||
if err := mgr.Start(interrupts.Context()); err != nil { | ||
logrus.WithError(err).Error("Failed to serve admission responses.") | ||
} | ||
logger.Debug("Ready to serve HTTP requests.") | ||
} | ||
|
||
type podMutator struct { | ||
logger *logrus.Entry | ||
client buildclientv1.BuildV1Interface | ||
decoder *admission.Decoder | ||
} | ||
|
||
func (m *podMutator) Handle(ctx context.Context, req admission.Request) admission.Response { | ||
pod := &corev1.Pod{} | ||
|
||
err := m.decoder.Decode(req, pod) | ||
if err != nil { | ||
return admission.Errored(http.StatusBadRequest, err) | ||
} | ||
buildName, isBuildPod := pod.Labels[buildv1.BuildLabel] | ||
if !isBuildPod { | ||
return admission.Allowed("Not a Pod implementing a Build.") | ||
} | ||
logger := m.logger.WithField("build", buildName) | ||
logger.Debug("Handling labels on Pod created for a Build.") | ||
build, err := m.client.Builds(pod.Namespace).Get(ctx, buildName, metav1.GetOptions{}) | ||
if err != nil { | ||
logger.WithError(err).Error("Could not get Build for Pod.") | ||
return admission.Allowed("Could not get Build for Pod, ignoring.") | ||
} | ||
if pod.Labels == nil { | ||
pod.Labels = map[string]string{} | ||
} | ||
for _, label := range []string{steps.LabelMetadataOrg, steps.LabelMetadataRepo, steps.LabelMetadataBranch, steps.LabelMetadataVariant, steps.LabelMetadataTarget, steps.LabelMetadataStep} { | ||
buildValue, buildHas := build.Labels[label] | ||
_, podHas := pod.Labels[label] | ||
if buildHas && !podHas { | ||
pod.Labels[label] = buildValue | ||
} | ||
} | ||
|
||
marshaledPod, err := json.Marshal(pod) | ||
if err != nil { | ||
return admission.Errored(http.StatusInternalServerError, err) | ||
} | ||
|
||
return admission.PatchResponseFromRaw(req.Object.Raw, marshaledPod) | ||
} | ||
|
||
//nolint:unparam | ||
func (m *podMutator) InjectDecoder(d *admission.Decoder) error { | ||
m.decoder = d | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
...er/testdata/zz_fixture_TestMutatePods_pod_associated_with_a_build_that_has_no_labels.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"response":{"uid":"705ab4f5-6393-11e8-b7cc-42010a800002","allowed":true}} |
1 change: 1 addition & 0 deletions
1
...od-scaler/testdata/zz_fixture_TestMutatePods_pod_associated_with_a_build_with_labels.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"response":{"uid":"705ab4f5-6393-11e8-b7cc-42010a800002","allowed":true,"patch":"eyJtZXRhZGF0YSI6eyJsYWJlbHMiOnsiY2kub3BlbnNoaWZ0LmlvL21ldGFkYXRhLmJyYW5jaCI6ImJyYW5jaCIsImNpLm9wZW5zaGlmdC5pby9tZXRhZGF0YS5vcmciOiJvcmciLCJjaS5vcGVuc2hpZnQuaW8vbWV0YWRhdGEucmVwbyI6InJlcG8iLCJjaS5vcGVuc2hpZnQuaW8vbWV0YWRhdGEuc3RlcCI6InN0ZXAiLCJjaS5vcGVuc2hpZnQuaW8vbWV0YWRhdGEudGFyZ2V0IjoidGFyZ2V0IiwiY2kub3BlbnNoaWZ0LmlvL21ldGFkYXRhLnZhcmlhbnQiOiJ2YXJpYW50In19fQ==","patchType":"JSONPatch"}} |
1 change: 1 addition & 0 deletions
1
cmd/pod-scaler/testdata/zz_fixture_TestMutatePods_pod_not_associated_with_a_build.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"response":{"uid":"705ab4f5-6393-11e8-b7cc-42010a800002","allowed":true}} |
Oops, something went wrong.