Example 1 with SecretVolumeSource
use of io.fabric8.kubernetes.api.model.SecretVolumeSource in project devspaces-images by redhat-developer.
the class CertificateProvisionerTest method verifyVolumeIsPresent.
private void verifyVolumeIsPresent(Pod pod) {
List<Volume> podVolumes = pod.getSpec().getVolumes();
assertEquals(podVolumes.size(), 1);
Volume certVolume = podVolumes.get(0);
assertEquals(certVolume.getName(), CHE_SELF_SIGNED_CERT_VOLUME);
SecretVolumeSource volumeSecret = certVolume.getSecret();
assertNotNull(volumeSecret);
assertEquals(volumeSecret.getSecretName(), EXPECTED_CERT_NAME);
}
Also used :
Volume(io.fabric8.kubernetes.api.model.Volume)
SecretVolumeSource(io.fabric8.kubernetes.api.model.SecretVolumeSource)
Example 2 with SecretVolumeSource
use of io.fabric8.kubernetes.api.model.SecretVolumeSource in project styx by spotify.
the class KubernetesDockerRunnerTest method shouldEnsureAndMountServiceAccountSecret.
@Test
public void shouldEnsureAndMountServiceAccountSecret() throws IOException {
when(serviceAccountSecretManager.ensureServiceAccountKeySecret(WORKFLOW_INSTANCE.workflowId().toString(), SERVICE_ACCOUNT)).thenReturn(SERVICE_ACCOUNT_SECRET);
kdr.start(RUN_STATE, RUN_SPEC_WITH_SA);
verify(serviceAccountSecretManager).ensureServiceAccountKeySecret(WORKFLOW_INSTANCE.workflowId().toString(), SERVICE_ACCOUNT);
verify(k8sClient).createPod(podCaptor.capture());
final Pod pod = podCaptor.getValue();
final Optional<SecretVolumeSource> serviceAccountSecretVolume = pod.getSpec().getVolumes().stream().map(Volume::getSecret).filter(Objects::nonNull).filter(v -> SERVICE_ACCOUNT_SECRET.equals(v.getSecretName())).findAny();
assertThat(serviceAccountSecretVolume.isPresent(), is(true));
}
Also used :
Quantity(io.fabric8.kubernetes.api.model.Quantity)
PodDeletionDecision(com.spotify.styx.docker.KubernetesDockerRunner.PodDeletionDecision)
Time(com.spotify.styx.util.Time)
PodStatusBuilder(io.fabric8.kubernetes.api.model.PodStatusBuilder)
StateData(com.spotify.styx.state.StateData)
StatusBuilder(io.fabric8.kubernetes.api.model.StatusBuilder)
QuietDeterministicScheduler(com.spotify.styx.QuietDeterministicScheduler)
WorkflowInstance(com.spotify.styx.model.WorkflowInstance)
Watcher(io.fabric8.kubernetes.client.Watcher)
KubernetesPodEventTranslatorTest.terminated(com.spotify.styx.docker.KubernetesPodEventTranslatorTest.terminated)
Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions)
Try(javaslang.control.Try)
Mockito.doThrow(org.mockito.Mockito.doThrow)
MockitoAnnotations(org.mockito.MockitoAnnotations)
ListMeta(io.fabric8.kubernetes.api.model.ListMeta)
ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements)
MAIN_CONTAINER_NAME(com.spotify.styx.docker.KubernetesDockerRunner.MAIN_CONTAINER_NAME)
Mockito.verifyNoMoreInteractions(org.mockito.Mockito.verifyNoMoreInteractions)
RunState(com.spotify.styx.state.RunState)
PodBuilder(io.fabric8.kubernetes.api.model.PodBuilder)
Matchers.nullValue(org.hamcrest.Matchers.nullValue)
Duration(java.time.Duration)
Map(java.util.Map)
After(org.junit.After)
ContainerStatus(io.fabric8.kubernetes.api.model.ContainerStatus)
JUnitParamsRunner(junitparams.JUnitParamsRunner)
KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException)
State(com.spotify.styx.state.RunState.State)
Debug(com.spotify.styx.util.Debug)
KubernetesPodEventTranslatorTest.podStatusNoContainer(com.spotify.styx.docker.KubernetesPodEventTranslatorTest.podStatusNoContainer)
Mockito.atLeastOnce(org.mockito.Mockito.atLeastOnce)
StateTransitionConflictException(com.spotify.styx.state.StateTransitionConflictException)
Instant(java.time.Instant)
Objects(java.util.Objects)
List(java.util.List)
ContainerStateTerminated(io.fabric8.kubernetes.api.model.ContainerStateTerminated)
Optional(java.util.Optional)
Matchers.is(org.hamcrest.Matchers.is)
KubernetesSecretSpec(com.spotify.styx.docker.KubernetesDockerRunner.KubernetesSecretSpec)
Mockito.mock(org.mockito.Mockito.mock)
Parameters(junitparams.Parameters)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
ContainerState(io.fabric8.kubernetes.api.model.ContainerState)
ArgumentMatchers.anyLong(org.mockito.ArgumentMatchers.anyLong)
Container(io.fabric8.kubernetes.api.model.Container)
KubernetesPodEventTranslatorTest.setTerminated(com.spotify.styx.docker.KubernetesPodEventTranslatorTest.setTerminated)
Mock(org.mockito.Mock)
Assert.assertThrows(org.junit.Assert.assertThrows)
RunWith(org.junit.runner.RunWith)
Watch(io.fabric8.kubernetes.client.Watch)
HashMap(java.util.HashMap)
ArgumentMatchers.anyBoolean(org.mockito.ArgumentMatchers.anyBoolean)
Mockito.spy(org.mockito.Mockito.spy)
Captor(org.mockito.Captor)
Action(io.fabric8.kubernetes.client.Watcher.Action)
StateManager(com.spotify.styx.state.StateManager)
KubernetesPodEventTranslatorTest.setRunning(com.spotify.styx.docker.KubernetesPodEventTranslatorTest.setRunning)
Json(com.spotify.styx.serialization.Json)
ArgumentCaptor(org.mockito.ArgumentCaptor)
KEEPALIVE_CONTAINER_NAME(com.spotify.styx.docker.KubernetesDockerRunner.KEEPALIVE_CONTAINER_NAME)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
KubernetesPodEventTranslatorTest.terminatedContainerState(com.spotify.styx.docker.KubernetesPodEventTranslatorTest.terminatedContainerState)
Stats(com.spotify.styx.monitoring.Stats)
TestData(com.spotify.styx.testdata.TestData)
Volume(io.fabric8.kubernetes.api.model.Volume)
Before(org.junit.Before)
Matchers.empty(org.hamcrest.Matchers.empty)
PodStatus(io.fabric8.kubernetes.api.model.PodStatus)
RunSpec(com.spotify.styx.docker.DockerRunner.RunSpec)
Event(com.spotify.styx.model.Event)
CounterCapacityException(com.spotify.styx.util.CounterCapacityException)
ContainerStatusBuilder(io.fabric8.kubernetes.api.model.ContainerStatusBuilder)
SecretVolumeSource(io.fabric8.kubernetes.api.model.SecretVolumeSource)
Pod(io.fabric8.kubernetes.api.model.Pod)
Mockito.times(org.mockito.Mockito.times)
IOException(java.io.IOException)
Test(org.junit.Test)
Mockito.when(org.mockito.Mockito.when)
Mockito.verify(org.mockito.Mockito.verify)
TimeUnit(java.util.concurrent.TimeUnit)
Mockito(org.mockito.Mockito)
Mockito.never(org.mockito.Mockito.never)
PodList(io.fabric8.kubernetes.api.model.PodList)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
KubernetesPodEventTranslatorTest.setWaiting(com.spotify.styx.docker.KubernetesPodEventTranslatorTest.setWaiting)
Collections(java.util.Collections)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Pod(io.fabric8.kubernetes.api.model.Pod)
SecretVolumeSource(io.fabric8.kubernetes.api.model.SecretVolumeSource)
Objects(java.util.Objects)
Test(org.junit.Test)
Example 3 with SecretVolumeSource
use of io.fabric8.kubernetes.api.model.SecretVolumeSource in project styx by spotify.
the class KubernetesDockerRunner method createPod.
@VisibleForTesting
static Pod createPod(WorkflowInstance workflowInstance, RunSpec runSpec, KubernetesSecretSpec secretSpec, String styxEnvironment, PodMutator podMutator, final Map<String, String> executionEnvVars) {
final String imageWithTag = runSpec.imageName().contains(":") ? runSpec.imageName() : runSpec.imageName() + ":latest";
final String executionId = runSpec.executionId();
final PodBuilder podBuilder = new PodBuilder().withNewMetadata().withName(executionId).addToAnnotations(STYX_WORKFLOW_INSTANCE_ANNOTATION, workflowInstance.toKey()).addToAnnotations(DOCKER_TERMINATION_LOGGING_ANNOTATION, String.valueOf(runSpec.terminationLogging())).addToLabels(tryBuildLabels(workflowInstance, runSpec, styxEnvironment)).endMetadata();
final PodSpecBuilder specBuilder = new PodSpecBuilder().withRestartPolicy("Never");
final ResourceRequirementsBuilder resourceRequirements = new ResourceRequirementsBuilder();
runSpec.memRequest().ifPresent(s -> resourceRequirements.addToRequests("memory", new Quantity(s)));
runSpec.memLimit().ifPresent(s -> resourceRequirements.addToLimits("memory", new Quantity(s)));
final ContainerBuilder mainContainerBuilder = new ContainerBuilder().withName(MAIN_CONTAINER_NAME).withImage(imageWithTag).withArgs(runSpec.args()).withEnv(buildEnv(workflowInstance, runSpec, styxEnvironment, executionEnvVars)).withResources(resourceRequirements.build());
secretSpec.serviceAccountSecret().ifPresent(serviceAccountSecret -> {
final SecretVolumeSource saVolumeSource = new SecretVolumeSourceBuilder().withSecretName(serviceAccountSecret).build();
final Volume saVolume = new VolumeBuilder().withName(STYX_WORKFLOW_SA_SECRET_NAME).withSecret(saVolumeSource).build();
specBuilder.addToVolumes(saVolume);
final VolumeMount saMount = new VolumeMountBuilder().withMountPath(STYX_WORKFLOW_SA_SECRET_MOUNT_PATH).withName(saVolume.getName()).withReadOnly(true).build();
mainContainerBuilder.addToVolumeMounts(saMount);
mainContainerBuilder.addToEnv(envVar(STYX_WORKFLOW_SA_ENV_VARIABLE, saMount.getMountPath() + STYX_WORKFLOW_SA_JSON_KEY));
});
specBuilder.addToContainers(mainContainerBuilder.build());
specBuilder.addToContainers(keepaliveContainer());
podBuilder.withSpec(specBuilder.build());
return podMutator.mutate(workflowInstance, runSpec, styxEnvironment, podBuilder.build());
}
Also used :
PodSpecBuilder(io.fabric8.kubernetes.api.model.PodSpecBuilder)
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder)
Volume(io.fabric8.kubernetes.api.model.Volume)
PodBuilder(io.fabric8.kubernetes.api.model.PodBuilder)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
SecretVolumeSource(io.fabric8.kubernetes.api.model.SecretVolumeSource)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
VolumeMountBuilder(io.fabric8.kubernetes.api.model.VolumeMountBuilder)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Example 4 with SecretVolumeSource
use of io.fabric8.kubernetes.api.model.SecretVolumeSource in project strimzi by strimzi.
the class VolumeUtils method createSecretVolume.
/**
* Creates a secret volume with given items
*
* @param name Name of the Volume
* @param secretName Name of the Secret
* @param items contents of the Secret
* @param isOpenshift true if underlying cluster OpenShift
* @return The Volume created
*/
public static Volume createSecretVolume(String name, String secretName, Map<String, String> items, boolean isOpenshift) {
String validName = getValidVolumeName(name);
int mode = 0444;
if (isOpenshift) {
mode = 0440;
}
List<KeyToPath> keysPaths = new ArrayList<>();
for (Map.Entry<String, String> item : items.entrySet()) {
KeyToPath keyPath = new KeyToPathBuilder().withKey(item.getKey()).withPath(item.getValue()).build();
keysPaths.add(keyPath);
}
SecretVolumeSource secretVolumeSource = new SecretVolumeSourceBuilder().withDefaultMode(mode).withSecretName(secretName).withItems(keysPaths).build();
Volume volume = new VolumeBuilder().withName(validName).withSecret(secretVolumeSource).build();
return volume;
}
Also used :
KeyToPath(io.fabric8.kubernetes.api.model.KeyToPath)
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
Volume(io.fabric8.kubernetes.api.model.Volume)
KeyToPathBuilder(io.fabric8.kubernetes.api.model.KeyToPathBuilder)
SecretVolumeSource(io.fabric8.kubernetes.api.model.SecretVolumeSource)
ArrayList(java.util.ArrayList)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 5 with SecretVolumeSource
use of io.fabric8.kubernetes.api.model.SecretVolumeSource in project strimzi by strimzi.
the class VolumeUtils method createSecretVolume.
/**
* Creates a secret volume
*
* @param name Name of the Volume
* @param secretName Name of the Secret
* @param isOpenshift true if underlying cluster OpenShift
* @return The Volume created
*/
public static Volume createSecretVolume(String name, String secretName, boolean isOpenshift) {
String validName = getValidVolumeName(name);
int mode = 0444;
if (isOpenshift) {
mode = 0440;
}
SecretVolumeSource secretVolumeSource = new SecretVolumeSourceBuilder().withDefaultMode(mode).withSecretName(secretName).build();
Volume volume = new VolumeBuilder().withName(validName).withSecret(secretVolumeSource).build();
return volume;
}
Also used :
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
Volume(io.fabric8.kubernetes.api.model.Volume)
SecretVolumeSource(io.fabric8.kubernetes.api.model.SecretVolumeSource)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
Aggregations
SecretVolumeSource (io.fabric8.kubernetes.api.model.SecretVolumeSource)12
Volume (io.fabric8.kubernetes.api.model.Volume)11
VolumeBuilder (io.fabric8.kubernetes.api.model.VolumeBuilder)8
SecretVolumeSourceBuilder (io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)6
PodBuilder (io.fabric8.kubernetes.api.model.PodBuilder)3
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
Map (java.util.Map)3
ConfigMapVolumeSource (io.fabric8.kubernetes.api.model.ConfigMapVolumeSource)2
Quantity (io.fabric8.kubernetes.api.model.Quantity)2
ExternalConfigurationVolumeSource (io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSource)2
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
QuietDeterministicScheduler (com.spotify.styx.QuietDeterministicScheduler)1
RunSpec (com.spotify.styx.docker.DockerRunner.RunSpec)1
KEEPALIVE_CONTAINER_NAME (com.spotify.styx.docker.KubernetesDockerRunner.KEEPALIVE_CONTAINER_NAME)1
KubernetesSecretSpec (com.spotify.styx.docker.KubernetesDockerRunner.KubernetesSecretSpec)1
MAIN_CONTAINER_NAME (com.spotify.styx.docker.KubernetesDockerRunner.MAIN_CONTAINER_NAME)1
PodDeletionDecision (com.spotify.styx.docker.KubernetesDockerRunner.PodDeletionDecision)1
KubernetesPodEventTranslatorTest.podStatusNoContainer (com.spotify.styx.docker.KubernetesPodEventTranslatorTest.podStatusNoContainer)1
KubernetesPodEventTranslatorTest.setRunning (com.spotify.styx.docker.KubernetesPodEventTranslatorTest.setRunning)1
