woodpecker-ci · qwerty287 · Jun 3, 2024 · Apr 12, 2024 · Jun 2, 2024 · Jun 2, 2024
diff --git a/pipeline/backend/kubernetes/flags.go b/pipeline/backend/kubernetes/flags.go
@@ -55,6 +55,12 @@ var Flags = []cli.Flag{
 		Usage:   "backend k8s additional worker pod annotations",
 		Value:   "",
 	},
+	&cli.StringFlag{
+		EnvVars: []string{"WOODPECKER_BACKEND_K8S_POD_NODE_SELECTOR"},
+		Name:    "backend-k8s-pod-node-selector",
+		Usage:   "backend k8s worker pod node selector",
+		Value:   "",
+	},
 	&cli.BoolFlag{
 		EnvVars: []string{"WOODPECKER_BACKEND_K8S_SECCTX_NONROOT"},
 		Name:    "backend-k8s-secctx-nonroot",

diff --git a/pipeline/backend/kubernetes/kubernetes.go b/pipeline/backend/kubernetes/kubernetes.go
@@ -61,6 +61,7 @@ type config struct {
 	StorageRwx           bool
 	PodLabels            map[string]string
 	PodAnnotations       map[string]string
+	PodNodeSelector      map[string]string
 	ImagePullSecretNames []string
 	SecurityContext      SecurityContextConfig
 }
@@ -88,6 +89,7 @@ func configFromCliContext(ctx context.Context) (*config, error) {
 				StorageRwx:           c.Bool("backend-k8s-storage-rwx"),
 				PodLabels:            make(map[string]string), // just init empty map to prevent nil panic
 				PodAnnotations:       make(map[string]string), // just init empty map to prevent nil panic
+				PodNodeSelector:      make(map[string]string), // just init empty map to prevent nil panic
 				ImagePullSecretNames: c.StringSlice("backend-k8s-pod-image-pull-secret-names"),
 				SecurityContext: SecurityContextConfig{
 					RunAsNonRoot: c.Bool("backend-k8s-secctx-nonroot"),
@@ -110,6 +112,12 @@ func configFromCliContext(ctx context.Context) (*config, error) {
 					return nil, err
 				}
 			}
+			if nodeSelector := c.String("backend-k8s-pod-node-selector"); nodeSelector != "" {
+				if err := yaml.Unmarshal([]byte(nodeSelector), &config.PodNodeSelector); err != nil {
+					log.Error().Err(err).Msgf("could not unmarshal pod node selector '%s'", nodeSelector)
+					return nil, err
+				}
+			}
 			return &config, nil
 		}
 	}
@@ -170,6 +178,7 @@ func (e *kube) getConfig() *config {
 	c := *e.config
 	c.PodLabels = maps.Clone(e.config.PodLabels)
 	c.PodAnnotations = maps.Clone(e.config.PodAnnotations)
+	c.PodNodeSelector = maps.Clone(e.config.PodNodeSelector)
 	c.ImagePullSecretNames = slices.Clone(e.config.ImagePullSecretNames)
 	return &c
 }

diff --git a/pipeline/backend/kubernetes/pod.go b/pipeline/backend/kubernetes/pod.go
@@ -121,7 +121,7 @@ func podSpec(step *types.Step, config *config, options BackendOptions) (v1.PodSp
 		ServiceAccountName: options.ServiceAccountName,
 		ImagePullSecrets:   imagePullSecretsReferences(config.ImagePullSecretNames),
 		HostAliases:        hostAliases(step.ExtraHosts),
-		NodeSelector:       nodeSelector(options.NodeSelector, step.Environment["CI_SYSTEM_PLATFORM"]),
+		NodeSelector:       nodeSelector(options.NodeSelector, config.PodNodeSelector, step.Environment["CI_SYSTEM_PLATFORM"]),
 		Tolerations:        tolerations(options.Tolerations),
 		SecurityContext:    podSecurityContext(options.SecurityContext, config.SecurityContext, step.Privileged),
 	}
@@ -299,7 +299,7 @@ func resourceList(resources map[string]string) (v1.ResourceList, error) {
 	return requestResources, nil
 }
 
-func nodeSelector(backendNodeSelector map[string]string, platform string) map[string]string {
+func nodeSelector(backendNodeSelector map[string]string, configNodeSelector map[string]string, platform string) map[string]string {
 	nodeSelector := make(map[string]string)
 
 	if platform != "" {
@@ -308,6 +308,11 @@ func nodeSelector(backendNodeSelector map[string]string, platform string) map[st
 		log.Trace().Msgf("using the node selector from the Agent's platform: %v", nodeSelector)
 	}
 
+	if len(configNodeSelector) > 0 {
+		log.Trace().Msgf("appending labels to the node selector from the configuration: %v", configNodeSelector)
+		maps.Copy(nodeSelector, configNodeSelector)
+	}
+
 	if len(backendNodeSelector) > 0 {
 		log.Trace().Msgf("appending labels to the node selector from the backend options: %v", backendNodeSelector)
 		maps.Copy(nodeSelector, backendNodeSelector)

diff --git a/pipeline/backend/kubernetes/pod_test.go b/pipeline/backend/kubernetes/pod_test.go
@@ -243,7 +243,8 @@ func TestFullPod(t *testing.T) {
 			],
 			"restartPolicy": "Never",
 			"nodeSelector": {
-				"storage": "ssd"
+				"storage": "ssd",
+				"topology.kubernetes.io/region": "eu-central-1"
 			},
 			"runtimeClassName": "runc",
 			"serviceAccountName": "wp-svc-acc",
@@ -332,6 +333,7 @@ func TestFullPod(t *testing.T) {
 		ImagePullSecretNames: []string{"regcred", "another-pull-secret"},
 		PodLabels:            map[string]string{"app": "test"},
 		PodAnnotations:       map[string]string{"apps.kubernetes.io/pod-index": "0"},
+		PodNodeSelector:      map[string]string{"topology.kubernetes.io/region": "eu-central-1"},
 		SecurityContext:      SecurityContextConfig{RunAsNonRoot: false},
 	}, "wp-01he8bebctabr3kgk0qj36d2me-0", "linux/amd64", BackendOptions{
 		NodeSelector:       map[string]string{"storage": "ssd"},