Add a PodTemplate field for PipelineRun and TaskRun #1004
Conversation
tekton-robot
added
the
do-not-merge/work-in-progress
|
@vdemeester: GitHub didn't allow me to request PR reviews from the following users: dicarlo2. Note that only tektoncd members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
googlebot
added
the
cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
approved
vdemeester
force-pushed
the
714-carry-podtemplate
branch
from
5766738 to
0bd16ce
Compare
|
/test pull-tekton-pipeline-go-coverage |
|
Vincent mentioned this on the working group call today looking for feedback, I think this is a great idea, we've used pod templates here before and I'm a fan. Node affinity and PSPs are useful to be able to support at this layer (e.g. for supporting other platforms and running in more locked down environments). I'd expect to see docs and potentially an example as the next logical step and I'll be happy to take a look. Are there any really specific use cases we're thinking of as well e.g. running with and without PSPs to cover? How about a runAsNonRoot example? When you mention a test for combining, that's just to make sure this podTemplate gets precedence right? And that we're OK for being backwards compatible? |
vdemeester
force-pushed
the
714-carry-podtemplate
branch
2 times, most recently
from
ed47f87 to
6b5c228
Compare
bobcatfish
changed the title
tekton-robot
removed
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
Your approach looks good to me! I agree with how you have only exposed a subset of the Pod fields - especially since it would be easier to add more fields later v.s. remove fields we discover are problematic :)
Before we merge this I hope we can add some docs and tests 😇 🙏 😅 (which I think you were planning to do anyway!!)
This is done in a backward compatibility way.
could you create an issue in the backlog to make sure we make the backwards incompatible change in a later release? (unless you did already! ❤️ )
pkg/apis/pipeline/v1alpha1/pod.go
Outdated
| @@ -0,0 +1,56 @@ | |||
| /* | |||
| Copyright 2018 The Tekton Authors. | |||
vdemeester
force-pushed
the
714-carry-podtemplate
branch
3 times, most recently
from
c50040e to
9fb8275
Compare
|
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: no
and removed
cla: yes
vdemeester
force-pushed
the
714-carry-podtemplate
branch
from
9fb8275 to
00bff40
Compare
vdemeester
added
cla: yes
googlebot
removed
the
cla: yes
|
|
vdemeester
force-pushed
the
714-carry-podtemplate
branch
from
00bff40 to
0a834d3
Compare
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: yes
|
@bobcatfish added some documentation and on test (I need to add some e2e tests also). And the CLA is all good now 🎉 |
vdemeester
force-pushed
the
714-carry-podtemplate
branch
from
0a834d3 to
4a7cb8a
Compare
vdemeester
force-pushed
the
714-carry-podtemplate
branch
3 times, most recently
from
9e49bc0 to
5b20131
Compare
|
/hold |
tekton-robot
added
the
do-not-merge/hold
| PodAffinity: &corev1.PodAffinity{}, | ||
| }, | ||
| } | ||
| // Same as template above |
There was a problem hiding this comment.
i'm a bit confused! wouldn't we want "banana": "chocolat", etc. to show up in the expected (got) template?
There was a problem hiding this comment.
I should change the names of the variable to make it clearer, good point. So affinity, nodeSelector and tolerations are coming from the deprecated fields, so PodTemplate takes precedence over them. I choose to not merge NodSelector and Tolerations to make it simpler (especially as those deprecated field are going away rather shortly anyway) ; that's why "banana": "chocolat" is not in the got template 👼
There was a problem hiding this comment.
OOOOOOOOH okay i get it, the point is to override them - maybe we should include a deprecated field we don't override as well in one of the tests? (to make sure they can be combined - unless it's supposed to be all or nothing, all depcreated or all new)
There was a problem hiding this comment.
Ah right, I see what you mean, yeah I'll update the tests
| Affinity: pr.Spec.Affinity, | ||
| }, | ||
| } | ||
| PodTemplate: podTemplate, |
|
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
vdemeester
force-pushed
the
714-carry-podtemplate
branch
from
5b20131 to
2eb4a63
Compare
This allows to group and add `PodSpec` customizations to PipelineRun and TaskRun and share the field with both of them. - We are still putting field by hand compared to PodSpec as PodSpec has a large number of fields, including `InitContainers` and `Containers` and we don't want people to be able to add random containers to the `Task` pod. - This adds SecurityContext in addition to the current `PodSpec` specific fields. - This adds Volumes in addition to the current `PodSpec` specific fields. This is done in a backward compatibility way. The old field are still there, but `PodTemplate` takes precedence over it (depending on which field are present). These fields will be remove when we bump the API to `v1beta1`. Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
vdemeester
force-pushed
the
714-carry-podtemplate
branch
from
2eb4a63 to
69b3e7e
Compare
| // Same as template above | ||
| want := v1alpha1.PodTemplate{ | ||
| NodeSelector: map[string]string{ | ||
| "banana": "chocolat", |
| corev1 "k8s.io/api/core/v1" | ||
| ) | ||
|
|
||
| func TestCombinedPodTemplateTakesPrecedence(t *testing.T) { |
|
/hold cancel |
tekton-robot
removed
the
do-not-merge/hold
Changes
This allows to group and add
PodSpeccustomizations to PipelineRunand TaskRun and share the field with both of them.
has a large number of fields, including
InitContainersandContainersand we don't want people to be able to add randomcontainers to the
Taskpod.PodSpecspecific fields.
This is done in a backward compatibility way. The old field are still
there, but
PodTemplatetakes precedence over it (depending on whichfield are present). These fields will be remove when we bump the API
to
v1beta1.Putting this as wip because :
Closes #714
/cc @bobcatfish @dicarlo2 @chmouel
Signed-off-by: Vincent Demeester vdemeest@redhat.com
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide
for more details.
Release Notes