Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the ability to set arbitrary annotations on Kubernetes pods #3188

Closed
4 tasks done
dominic-p opened this issue Jan 13, 2024 · 0 comments · Fixed by #3609
Closed
4 tasks done

Add the ability to set arbitrary annotations on Kubernetes pods #3188

dominic-p opened this issue Jan 13, 2024 · 0 comments · Fixed by #3609
Labels
backend/kubernetes enhancement improve existing features

Comments

@dominic-p
Copy link
Contributor

dominic-p commented Jan 13, 2024
edited
Loading

Clear and concise description of the problem

Right now, I don't see a way to set Pod level annotations for pipeline build steps in Kubernetes. I need this to allow Pods in my pipeline to gain access to /dev/fuse. CRI-O includes a handy feature to enable this via annotations described in detail here.

The upshot is that after you have configured CRI-O you just need to add annotations like the following to your Pod and the /dev/fuse device from the host will be passed through:

apiVersion: v1
kind: Pod
metadata:
  annotations:
    my.workload.activation: ""
    io.kubernetes.cri-o.Devices: /dev/fuse

Suggested solution

The ideal solution for me would be to allow arbitrary Pod annotations to be configured in the pipeline like so:

steps:
  test:
    image: alpine
    commands:
      - echo Hello world
    backend_options:
      kubernetes:
        annotations:
          io.kubernetes.cri-o.Devices: /dev/fuse
          another.annotation: ""

Alternative

For this particular issue, I can use another means of passing /dev/fuse into the container. For instance, there is a generic method that uses resources.limits which are already supported. That said, that option requires running a DaemonSet on the cluster referencing a 3rd party image which is not ideal.

It would be a lot cleaner/safer to use the runtime's built in features to do this. Plus, allowing generic annotations will likely enable other features/integrations down the line.

Additional context

This is part of my attempt to get buildah to run on Woodpecker. This should be the last piece of the puzzle now that securityContext and AppArmor and sorted. But, I've said that before.

Validations

  • Checked that the feature isn't part of the next version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]
  • Read the Contributing Guidelines.
  • Read the docs.
  • Check that there isn't already an issue that request the same feature to avoid creating a duplicate.
@dominic-p dominic-p added the feature add new functionality label Jan 13, 2024
@qwerty287 qwerty287 added enhancement improve existing features backend/kubernetes and removed feature add new functionality labels Jan 13, 2024
@zc-devs zc-devs mentioned this issue Apr 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend/kubernetes enhancement improve existing features
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ability to set pod annotations and labels from step zc-devs/woodpecker
2 participants
@dominic-p @qwerty287