Examples with SecurityProfile - com.netflix.titus.api.jobmanager.model.job.SecurityProfile

Example 1 with SecurityProfile

use of com.netflix.titus.api.jobmanager.model.job.SecurityProfile in project titus-control-plane by Netflix.

the class V1SpecPodFactory method createV1SchemaPodAnnotations.

Map<String, String> createV1SchemaPodAnnotations(Job<?> job, Task task) {
    com.netflix.titus.api.jobmanager.model.job.JobDescriptor<?> jobDescriptor = job.getJobDescriptor();
    Container container = jobDescriptor.getContainer();
    Map<String, String> annotations = new HashMap<>();
    annotations.put(POD_SCHEMA_VERSION, "1");
    annotations.put(JOB_ID, job.getId());
    annotations.put(JOB_TYPE, getJobType(job).name());
    JobGroupInfo jobGroupInfo = jobDescriptor.getJobGroupInfo();
    annotations.put(WORKLOAD_NAME, jobDescriptor.getApplicationName());
    annotations.put(WORKLOAD_STACK, jobGroupInfo.getStack());
    annotations.put(WORKLOAD_DETAIL, jobGroupInfo.getDetail());
    annotations.put(WORKLOAD_SEQUENCE, jobGroupInfo.getSequence());
    annotations.put(WORKLOAD_OWNER_EMAIL, jobDescriptor.getOwner().getTeamEmail());
    Optional<JobStatus> jobStatus = JobFunctions.findJobStatus(job, JobState.Accepted);
    if (jobStatus.isPresent()) {
        String jobAcceptedTimestamp = String.valueOf(jobStatus.get().getTimestamp());
        annotations.put(JOB_ACCEPTED_TIMESTAMP_MS, jobAcceptedTimestamp);
    }
    ContainerResources containerResources = container.getContainerResources();
    String networkBandwidth = containerResources.getNetworkMbps() + "M";
    annotations.put(EGRESS_BANDWIDTH, networkBandwidth);
    annotations.put(INGRESS_BANDWIDTH, networkBandwidth);
    SecurityProfile securityProfile = container.getSecurityProfile();
    String securityGroups = StringExt.concatenate(securityProfile.getSecurityGroups(), ",");
    annotations.put(NETWORK_SECURITY_GROUPS, securityGroups);
    annotations.put(IAM_ROLE, securityProfile.getIamRole());
    Evaluators.acceptNotNull(securityProfile.getAttributes().get(ATTRIBUTE_NETFLIX_APP_METADATA), appMetadata -> annotations.put(SECURITY_APP_METADATA, appMetadata));
    Evaluators.acceptNotNull(securityProfile.getAttributes().get(ATTRIBUTE_NETFLIX_APP_METADATA_SIG), appMetadataSignature -> annotations.put(SECURITY_APP_METADATA_SIG, appMetadataSignature));
    Evaluators.acceptNotNull(job.getJobDescriptor().getAttributes().get(JobAttributes.JOB_ATTRIBUTES_RUNTIME_PREDICTION_SEC), runtimeInSec -> annotations.put(KubeConstants.JOB_RUNTIME_PREDICTION, runtimeInSec + "s"));
    Evaluators.acceptNotNull(task.getTaskContext().get(TaskAttributes.TASK_ATTRIBUTES_IP_ALLOCATION_ID), id -> annotations.put(KubeConstants.STATIC_IP_ALLOCATION_ID, id));
    Evaluators.acceptNotNull(job.getJobDescriptor().getNetworkConfiguration().getNetworkModeName(), modeName -> annotations.put(KubeConstants.NETWORK_MODE, modeName));
    // convert container attributes into annotations
    container.getAttributes().forEach((k, v) -> {
        if (StringExt.isEmpty(k) || StringExt.isEmpty(v) || !k.startsWith(TITUS_PARAMETER_AGENT_PREFIX)) {
            return;
        }
        switch(k) {
            case JOB_PARAMETER_ATTRIBUTES_ALLOW_CPU_BURSTING:
                annotations.put(POD_CPU_BURSTING_ENABLED, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_ALLOW_NETWORK_BURSTING:
                annotations.put(NETWORK_BURSTING_ENABLED, v);
                break;
            case JOB_PARAMETER_ATTRIBUTE_EIP_POOL:
                annotations.put(NETWORK_ELASTIC_IP_POOL, v);
                break;
            case JOB_PARAMETER_ATTRIBUTE_EIPS:
                annotations.put(NETWORK_ELASTIC_IPS, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_SCHED_BATCH:
                annotations.put(POD_SCHED_POLICY, "batch");
                break;
            case JOB_CONTAINER_ATTRIBUTE_SUBNETS:
                annotations.put(NETWORK_SUBNET_IDS, v);
                break;
            case JOB_CONTAINER_ATTRIBUTE_ACCOUNT_ID:
                annotations.put(NETWORK_ACCOUNT_ID, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_HOSTNAME_STYLE:
                annotations.put(POD_HOSTNAME_STYLE, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_ALLOW_NETWORK_JUMBO:
                annotations.put(NETWORK_JUMBO_FRAMES_ENABLED, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_FUSE_ENABLED:
                annotations.put(POD_FUSE_ENABLED, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_ASSIGN_IPV6_ADDRESS:
                annotations.put(NETWORK_ASSIGN_IVP6_ADDRESS, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_LOG_UPLOAD_CHECK_INTERVAL:
                annotations.put(LOG_UPLOAD_CHECK_INTERVAL, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_LOG_STDIO_CHECK_INTERVAL:
                annotations.put(LOG_STDIO_CHECK_INTERVAL, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_LOG_UPLOAD_THRESHOLD_TIME:
                annotations.put(LOG_UPLOAD_THRESHOLD_TIME, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_LOG_KEEP_LOCAL_FILE_AFTER_UPLOAD:
                annotations.put(LOG_KEEP_LOCAL_FILE, v);
                break;
            case JOB_PARAMETER_ATTRIBUTES_LOG_UPLOAD_REGEXP:
                annotations.put(LOG_UPLOAD_REGEXP, v);
                break;
            case JOB_CONTAINER_ATTRIBUTE_S3_PATH_PREFIX:
                annotations.put(LOG_S3_PATH_PREFIX, v);
                break;
            case JOB_CONTAINER_ATTRIBUTE_SECCOMP_AGENT_PERF_ENABLED:
                annotations.put(POD_SECCOMP_AGENT_PERF_ENABLED, v);
                break;
            case JOB_CONTAINER_ATTRIBUTE_SECCOMP_AGENT_NET_ENABLED:
                annotations.put(POD_SECCOMP_AGENT_NET_ENABLED, v);
                break;
            case JOB_CONTAINER_ATTRIBUTE_IMDS_REQUIRE_TOKEN:
                annotations.put(NETWORK_IMDS_REQUIRE_TOKEN, v);
                break;
            default:
                annotations.put(k, v);
                break;
        }
    });
    appendS3WriterRole(annotations, job, task);
    annotations.putAll(createEbsPodAnnotations(job, task));
    annotations.putAll(PerformanceToolUtil.toAnnotations(job));
    annotations.putAll(createPlatformSidecarAnnotations(job));
    return annotations;
}

Also used : HashMap(java.util.HashMap) SecurityProfile(com.netflix.titus.api.jobmanager.model.job.SecurityProfile) JobStatus(com.netflix.titus.api.jobmanager.model.job.JobStatus) V1Container(io.kubernetes.client.openapi.models.V1Container) BasicContainer(com.netflix.titus.api.jobmanager.model.job.BasicContainer) Container(com.netflix.titus.api.jobmanager.model.job.Container) JobGroupInfo(com.netflix.titus.api.jobmanager.model.job.JobGroupInfo) ContainerResources(com.netflix.titus.api.jobmanager.model.job.ContainerResources)

Aggregations

BasicContainer (com.netflix.titus.api.jobmanager.model.job.BasicContainer)1 Container (com.netflix.titus.api.jobmanager.model.job.Container)1 ContainerResources (com.netflix.titus.api.jobmanager.model.job.ContainerResources)1 JobGroupInfo (com.netflix.titus.api.jobmanager.model.job.JobGroupInfo)1 JobStatus (com.netflix.titus.api.jobmanager.model.job.JobStatus)1 SecurityProfile (com.netflix.titus.api.jobmanager.model.job.SecurityProfile)1 V1Container (io.kubernetes.client.openapi.models.V1Container)1 HashMap (java.util.HashMap)1