Skip to content

Commit

Permalink
Support admission job
Browse files Browse the repository at this point in the history
  • Loading branch information
TommyLike committed May 29, 2019
1 parent 4da8598 commit 77c296f
Show file tree
Hide file tree
Showing 6 changed files with 51 additions and 34 deletions.
13 changes: 1 addition & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -99,17 +99,9 @@ kubernetes API server.
#1. Install helm plugin
helm plugin install installer/chart/plugins/gen-admission-secret
#2. Generate secret within service name
helm gen-admission-secret --service <specified-name>-admission-service --namespace <namespace>
## For eg:
kubectl create namespace volcano-trial
helm gen-admission-secret --service volcano-trial-admission-service --namespace volcano-trial
```

Finally, install helm chart.
Secondly, install helm chart.

```
helm install installer/chart --namespace <namespace> --name <specified-name>
Expand All @@ -119,9 +111,6 @@ helm install installer/chart --namespace volcano-trial --name volcano-trial
```

**NOTE**:The ```<specified-name>``` used in the two commands above should be identical.


To Verify your installation run the following commands:

```
Expand Down
10 changes: 0 additions & 10 deletions hack/run-e2e-kind.sh
Original file line number Diff line number Diff line change
Expand Up @@ -62,16 +62,6 @@ function install-volcano {
kind load docker-image ${IMAGE_PREFIX}-admission:${TAG} ${CLUSTER_CONTEXT}
kind load docker-image ${MPI_EXAMPLE_IMAGE} ${CLUSTER_CONTEXT}

echo "Install volcano plugin into cluster...."
helm plugin install --kubeconfig ${KUBECONFIG} installer/chart/plugins/gen-admission-secret

#If failed to generate secret for admission service, return immediately
helm gen-admission-secret --service ${CLUSTER_NAME}-admission-service --namespace kube-system
if [[ $? != 0 ]]; then
echo "Failed to install secret for admission service, usually we need a retry."
exit 1
fi

echo "Install volcano chart"
helm install installer/chart --namespace kube-system --name ${CLUSTER_NAME} --kubeconfig ${KUBECONFIG} --set basic.image_tag_version=${TAG} --wait
}
Expand Down
7 changes: 0 additions & 7 deletions installer/chart/plugins/gen-admission-secret/plugin.yaml

This file was deleted.

31 changes: 31 additions & 0 deletions installer/chart/templates/admission.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,16 @@ rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["validatingwebhookconfigurations"]
verbs: ["get", "list", "watch", "patch"]
# Rules below is used generate admission service secret
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests/approval"]
verbs: ["create", "update"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "get", "patch"]

---
kind: ClusterRoleBinding
Expand Down Expand Up @@ -98,3 +108,24 @@ spec:
selector:
app: volcano-admission
sessionAffinity: None

---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-admission-init
namespace: {{ .Release.Namespace }}
labels:
app: volcano-admission-init
spec:
backoffLimit: 3
template:
spec:
serviceAccountName: {{ .Release.Name }}-admission
restartPolicy: Never
containers:
- name: main
image: {{.Values.basic.admission_image_name}}:{{.Values.basic.image_tag_version}}
imagePullPolicy: IfNotPresent
command: ["./gen-admission-secret.sh", "--service", "{{ .Release.Name }}-admission-service", "--namespace",
"{{ .Release.Namespace }}", "--secret", "{{.Values.basic.admission_secret_name}}"]
11 changes: 11 additions & 0 deletions installer/dockerfile/admission/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,16 @@

FROM alpine:latest

# Install requirements
ARG KUBE_VERSION="1.13.1"
RUN apk add --update ca-certificates && \
apk add --update openssl && \
apk add --update -t deps curl && \
curl -L https://storage.googleapis.com/kubernetes-release/release/v$KUBE_VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \
chmod +x /usr/local/bin/kubectl && \
apk del --purge deps && \
rm /var/cache/apk/*

ADD vk-admission /vk-admission
ADD gen-admission-secret.sh /gen-admission-secret.sh
ENTRYPOINT ["/vk-admission"]
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/sh
#TODO: this file is used for release, should not place it here
set -e

Expand Down Expand Up @@ -41,16 +41,19 @@ while [[ $# -gt 0 ]]; do
shift
done

if [ -z ${service} ]; then
if [[ -z ${service} ]]; then
echo "'--service' must be specified"
exit 1
fi

if [[ -z ${secret} ]]; then
echo "'--secret' must be specified"
exit 1
fi

[ -z ${secret} ] && secret=volcano-admission-secret
[ -z ${namespace} ] && namespace=default
[[ -z ${namespace} ]] && namespace=default

if [ ! -x "$(command -v openssl)" ]; then
if [[ ! -x "$(command -v openssl)" ]]; then
echo "openssl not found"
exit 1
fi
Expand Down

0 comments on commit 77c296f

Please sign in to comment.