Switch from a Deployment to a Job and create permanent nginx Deployment

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
2025-05-31 11:05:10 +00:00 · 2022-12-07 15:58:47 +02:00 · 2022-12-07 15:58:47 +02:00 · 44a48d7890
commit 44a48d7890
parent 658b816c1d
10 changed files with 92 additions and 114 deletions
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@ -16,6 +16,7 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
 - ../nginx
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@ -1,6 +1,8 @@
 resources:
 - manager.yaml
 namespace: system
 generatorOptions:
  disableNameSuffixHash: true
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@ -1,15 +1,7 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  labels:
    control-plane: controller-manager
  name: system
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: controller-manager
  namespace: system
  labels:
    control-plane: controller-manager
 spec:
--- a/config/nginx/deployment.yaml
+++ b/config/nginx/deployment.yaml
@ -0,0 +1,41 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: nginx-public
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: nginx
  labels:
    app.kubernetes.io/name: osbuilder-nginx
 spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: osbuilder-nginx
  replicas: 1
  template:
    metadata:
      labels:
        app.kubernetes.io/name: osbuilder-nginx
    spec:
      containers:
      - image: nginx
        name: nginx
        volumeMounts:
          - mountPath: "/usr/share/nginx/html"
            name: nginx-public
        ports:
          - containerPort: 80
      serviceAccountName: controller-manager
      terminationGracePeriodSeconds: 10
      volumes:
        - name: nginx-public
          persistentVolumeClaim:
            claimName: nginx-public
--- a/config/nginx/kustomization.yaml
+++ b/config/nginx/kustomization.yaml
@ -0,0 +1,3 @@
 resources:
 - deployment.yaml
 - service.yaml
--- a/config/nginx/service.yaml
+++ b/config/nginx/service.yaml
@ -0,0 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: osbuilder-nginx
 spec:
  type: NodePort
  selector:
    app.kubernetes.io/name: osbuilder-nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
--- a/config/rbac/role_custom.yaml
+++ b/config/rbac/role_custom.yaml
@ -47,9 +47,9 @@ rules:
  - create
  - update
 - apiGroups:
-  - "apps"
+  - "batch"
  resources:
-  - deployments
+  - jobs
  verbs:
  - get
  - create
--- a/controllers/deployment.go
+++ b/controllers/deployment.go
@ -20,13 +20,13 @@ import (
 	"fmt"
 	buildv1alpha1 "github.com/kairos-io/osbuilder/api/v1alpha1"
-	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
-func genDeploymentLabel(s string) map[string]string {
+func genJobLabel(s string) map[string]string {
 	return map[string]string{
 		"osbuild": "workload" + s,
 	}
@ -64,7 +64,7 @@ func createImageContainer(containerImage string, pushOptions buildv1alpha1.Push)
 		Command:         []string{"/bin/bash", "-cxe"},
 		Args: []string{
 			fmt.Sprintf(
-				"tar -czvpf test.tar -C /rootfs . && luet util pack %s test.tar image.tar && mv image.tar /public",
+				"tar -czvpf test.tar -C /rootfs . && luet util pack %s test.tar image.tar && mv image.tar /artifacts",
 				pushOptions.ImageName,
 			),
 		},
@ -74,8 +74,8 @@ func createImageContainer(containerImage string, pushOptions buildv1alpha1.Push)
 				MountPath: "/rootfs",
 			},
 			{
-				Name:      "public",
+				Name:      "artifacts",
-				MountPath: "/public",
+				MountPath: "/artifacts",
 			},
 		},
 	}
@ -104,8 +104,7 @@ func osReleaseContainer(containerImage string) v1.Container {
 	}
 }
-func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact, svc *v1.Service) *appsv1.Deployment {
+func (r *OSArtifactReconciler) genJob(artifact buildv1alpha1.OSArtifact) *batchv1.Job {
 	// TODO: svc is unused, but could be used in the future to generate the Netboot URL
 	objMeta := metav1.ObjectMeta{
 		Name:            artifact.Name,
 		Namespace:       artifact.Namespace,
@ -118,14 +117,14 @@ func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact,
 	serviceAccount := false
 	cmd := fmt.Sprintf(
-		"/entrypoint.sh --debug --name %s build-iso --date=false --output /public dir:/rootfs",
+		"/entrypoint.sh --debug --name %s build-iso --date=false --output /artifacts dir:/rootfs",
 		artifact.Name,
 	)
 	volumeMounts := []v1.VolumeMount{
 		{
-			Name:      "public",
+			Name:      "artifacts",
-			MountPath: "/public",
+			MountPath: "/artifacts",
 		},
 		{
 			Name:      "rootfs",
@ -142,7 +141,7 @@ func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact,
 	}
 	cloudImgCmd := fmt.Sprintf(
-		"/raw-images.sh /rootfs /public/%s.raw",
+		"/raw-images.sh /rootfs /artifacts/%s.raw",
 		artifact.Name,
 	)
@ -158,7 +157,7 @@ func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact,
 	if artifact.Spec.CloudConfig != "" || artifact.Spec.GRUBConfig != "" {
 		cmd = fmt.Sprintf(
-			"/entrypoint.sh --debug --name %s build-iso --date=false --overlay-iso /iso/iso-overlay --output /public dir:/rootfs",
+			"/entrypoint.sh --debug --name %s build-iso --date=false --overlay-iso /iso/iso-overlay --output /artifacts dir:/rootfs",
 			artifact.Name,
 		)
 	}
@ -207,7 +206,7 @@ func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact,
 		}},
 		Args: []string{
 			fmt.Sprintf(
-				"/netboot.sh /public/%s.iso /public/%s",
+				"/netboot.sh /artifacts/%s.iso /artifacts/%s",
 				artifact.Name,
 				artifact.Name,
 			),
@ -223,7 +222,7 @@ func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact,
 		Command:         []string{"/bin/bash", "-cxe"},
 		Args: []string{
 			fmt.Sprintf(
-				"/azure.sh /public/%s.raw /public/%s.vhd",
+				"/azure.sh /artifacts/%s.raw /artifacts/%s.vhd",
 				artifact.Name,
 				artifact.Name,
 			),
@ -239,7 +238,7 @@ func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact,
 		Command:         []string{"/bin/bash", "-cxe"},
 		Args: []string{
 			fmt.Sprintf(
-				"/gce.sh /public/%s.raw /public/%s.gce.raw",
+				"/gce.sh /artifacts/%s.raw /artifacts/%s.gce.raw",
 				artifact.Name,
 				artifact.Name,
 			),
@ -247,20 +246,6 @@ func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact,
 		VolumeMounts: volumeMounts,
 	}
 	servingContainer := v1.Container{
 		ImagePullPolicy: v1.PullAlways,
 		SecurityContext: &v1.SecurityContext{Privileged: &privileged},
 		Name:            "serve",
 		Ports:           []v1.ContainerPort{v1.ContainerPort{Name: "http", ContainerPort: 80}},
 		Image:           r.ServingImage,
 		VolumeMounts: []v1.VolumeMount{
 			{
 				Name:      "public",
 				MountPath: "/usr/share/nginx/html",
 			},
 		},
 	}
 	pod := v1.PodSpec{
 		AutomountServiceAccountToken: &serviceAccount,
 		Volumes: []v1.Volume{
@ -313,26 +298,25 @@ func (r *OSArtifactReconciler) genDeployment(artifact buildv1alpha1.OSArtifact,
 	}
 	if pushImage {
-		pod.InitContainers = append(pod.InitContainers, createImageContainer(r.ToolImage, artifact.Spec.PushOptions))
+		pod.Containers = []v1.Container{
 			createImageContainer(r.ToolImage, artifact.Spec.PushOptions),
 		}
 	}
-	pod.Containers = []v1.Container{servingContainer}
+	jobLabels := genJobLabel(artifact.Name)
-	deploymentLabels := genDeploymentLabel(artifact.Name)
+	job := batchv1.Job{
 	replicas := int32(1)
 	return &appsv1.Deployment{
 		ObjectMeta: objMeta,
-
+		Spec: batchv1.JobSpec{
-		Spec: appsv1.DeploymentSpec{
+			Selector: &metav1.LabelSelector{MatchLabels: jobLabels},
 			Selector: &metav1.LabelSelector{MatchLabels: deploymentLabels},
 			Replicas: &replicas,
 			Template: v1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
-					Labels: deploymentLabels,
+					Labels: jobLabels,
 				},
 				Spec: pod,
 			},
 		},
 	}
 	return &job
 }
--- a/controllers/osartifact_controller.go
+++ b/controllers/osartifact_controller.go
@ -98,34 +98,16 @@ func (r *OSArtifactReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{Requeue: true}, err
 	}
 	desiredService := genService(osbuild)
 	logger.Info(fmt.Sprintf("Checking service %v", osbuild))
 	svc, err := r.clientSet.CoreV1().Services(req.Namespace).Get(ctx, desiredService.Name, v1.GetOptions{})
 	if svc == nil || apierrors.IsNotFound(err) {
 		logger.Info(fmt.Sprintf("Creating service %v", desiredService))
 		svc, err = r.clientSet.CoreV1().Services(req.Namespace).Create(ctx, desiredService, v1.CreateOptions{})
 		if err != nil {
 			logger.Error(err, "Failed while creating svc")
 			return ctrl.Result{}, err
 		}
 		return ctrl.Result{Requeue: true}, err
 	}
 	if err != nil {
 		return ctrl.Result{Requeue: true}, err
 	}
 	logger.Info(fmt.Sprintf("Checking deployment %v", osbuild))
-	desiredDeployment := r.genDeployment(osbuild, svc)
+	desiredJob := r.genJob(osbuild)
-	deployment, err := r.clientSet.AppsV1().Deployments(req.Namespace).Get(ctx, desiredDeployment.Name, v1.GetOptions{})
+	job, err := r.clientSet.BatchV1().Jobs(req.Namespace).Get(ctx, desiredJob.Name, v1.GetOptions{})
-	if deployment == nil || apierrors.IsNotFound(err) {
+	if job == nil || apierrors.IsNotFound(err) {
-		logger.Info(fmt.Sprintf("Creating Deployment %v", deployment))
+		logger.Info(fmt.Sprintf("Creating Job %v", job))
-		deployment, err = r.clientSet.AppsV1().Deployments(req.Namespace).Create(ctx, desiredDeployment, v1.CreateOptions{})
+		job, err = r.clientSet.BatchV1().Jobs(req.Namespace).Create(ctx, desiredJob, v1.CreateOptions{})
 		if err != nil {
-			logger.Error(err, "Failed while creating deployment")
+			logger.Error(err, "Failed while creating job")
 			return ctrl.Result{}, nil
 		}
@ -143,7 +125,7 @@ func (r *OSArtifactReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	if err != nil {
 		return ctrl.Result{}, err
 	}
-	if deployment.Status.ReadyReplicas == deployment.Status.Replicas {
+	if job.Status.Succeeded > 0 {
 		copy.Status.Phase = "Ready"
 	} else if copy.Status.Phase != "Building" {
 		copy.Status.Phase = "Building"
--- a/controllers/service.go
+++ b/controllers/service.go
@ -1,39 +0,0 @@
 /*
 Copyright 2022.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package controllers
 import (
 	buildv1alpha1 "github.com/kairos-io/osbuilder/api/v1alpha1"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 func genService(artifact buildv1alpha1.OSArtifact) *v1.Service {
 	objMeta := metav1.ObjectMeta{
 		Name:            artifact.Name,
 		Namespace:       artifact.Namespace,
 		OwnerReferences: genOwner(artifact),
 	}
 	return &v1.Service{
 		ObjectMeta: objMeta,
 		Spec: v1.ServiceSpec{
 			Type:     v1.ServiceTypeNodePort,
 			Ports:    []v1.ServicePort{{Name: "http", Port: int32(80)}},
 			Selector: genDeploymentLabel(artifact.Name),
 		},
 	}
 }