mirror of
https://github.com/kairos-io/osbuilder.git
synced 2025-09-07 10:11:10 +00:00
delete default kairos user
This commit is contained in:
Lukasz Zajaczkowski
@@ -7,8 +7,8 @@ stringData:
|
|||||||
config.json: |
|
config.json: |
|
||||||
{
|
{
|
||||||
"auths": {
|
"auths": {
|
||||||
"osbuilder.plrl-dev-aws.onplural.sh": {
|
"https://index.docker.io/v1/": {
|
||||||
"auth": "CHANGE_ME"
|
"auth": "CHANGE ME"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -24,8 +24,8 @@ stringData:
|
|||||||
hostname: plural-edge-{{ trunc 10 .MachineID }}
|
hostname: plural-edge-{{ trunc 10 .MachineID }}
|
||||||
|
|
||||||
users:
|
users:
|
||||||
- name: "kairos"
|
- name: "test"
|
||||||
passwd: kairos
|
passwd: test
|
||||||
groups: [ "admin" ]
|
groups: [ "admin" ]
|
||||||
|
|
||||||
write_files:
|
write_files:
|
||||||
@@ -74,12 +74,13 @@ spec:
|
|||||||
cloudConfigRef:
|
cloudConfigRef:
|
||||||
name: cloud-config
|
name: cloud-config
|
||||||
key: userdata
|
key: userdata
|
||||||
outputImage:
|
exporter:
|
||||||
registry: osbuilder.plrl-dev-aws.onplural.sh
|
registry:
|
||||||
repository: kairos
|
name: index.docker.io
|
||||||
tag: latest
|
image:
|
||||||
username: plural
|
repository: test/kairos
|
||||||
passwordSecretKeyRef:
|
tag: latest
|
||||||
name: registry-config
|
dockerConfigSecretKeyRef:
|
||||||
key: config.json
|
name: registry-config
|
||||||
|
key: config.json
|
||||||
|
|
||||||
|
|||||||
41
controllers/configmap.go
Normal file
41
controllers/configmap.go
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2022.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package controllers
|
||||||
|
|
||||||
|
import (
|
||||||
|
osbuilder "github.com/kairos-io/osbuilder/api/v1alpha2"
|
||||||
|
v1 "k8s.io/api/core/v1"
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
const defaults = `#cloud-config
|
||||||
|
stages:
|
||||||
|
boot:
|
||||||
|
- name: "delete kairos"
|
||||||
|
commands:
|
||||||
|
- deluser --remove-home kairos`
|
||||||
|
|
||||||
|
func (r *OSArtifactReconciler) genConfigMap(artifact *osbuilder.OSArtifact) *v1.ConfigMap {
|
||||||
|
return &v1.ConfigMap{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: artifact.Name,
|
||||||
|
Namespace: artifact.Namespace,
|
||||||
|
},
|
||||||
|
Data: map[string]string{
|
||||||
|
"defaults.yaml": defaults,
|
||||||
|
}}
|
||||||
|
}
|
||||||
@@ -104,6 +104,11 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
|
|||||||
MountPath: "/rootfs",
|
MountPath: "/rootfs",
|
||||||
SubPath: "rootfs",
|
SubPath: "rootfs",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "defaults",
|
||||||
|
MountPath: "/defaults.yaml",
|
||||||
|
SubPath: "defaults.yaml",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if artifact.Spec.CloudConfigRef != nil {
|
if artifact.Spec.CloudConfigRef != nil {
|
||||||
@@ -147,7 +152,7 @@ func (r *OSArtifactReconciler) newBuilderPod(pvcName string, artifact *osbuilder
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "config",
|
Name: "defaults",
|
||||||
VolumeSource: corev1.VolumeSource{
|
VolumeSource: corev1.VolumeSource{
|
||||||
ConfigMap: &corev1.ConfigMapVolumeSource{
|
ConfigMap: &corev1.ConfigMapVolumeSource{
|
||||||
LocalObjectReference: corev1.LocalObjectReference{
|
LocalObjectReference: corev1.LocalObjectReference{
|
||||||
|
|||||||
@@ -161,6 +161,12 @@ func (r *OSArtifactReconciler) createBuilderPod(ctx context.Context, artifact *o
|
|||||||
|
|
||||||
func (r *OSArtifactReconciler) startBuild(ctx context.Context, artifact *osbuilder.OSArtifact) (ctrl.Result, error) {
|
func (r *OSArtifactReconciler) startBuild(ctx context.Context, artifact *osbuilder.OSArtifact) (ctrl.Result, error) {
|
||||||
logger := log.FromContext(ctx)
|
logger := log.FromContext(ctx)
|
||||||
|
|
||||||
|
err := r.CreateConfigMap(ctx, artifact)
|
||||||
|
if err != nil {
|
||||||
|
return ctrl.Result{}, err
|
||||||
|
}
|
||||||
|
|
||||||
if artifact.Spec.CloudConfigRef != nil {
|
if artifact.Spec.CloudConfigRef != nil {
|
||||||
if err := r.Get(ctx, client.ObjectKey{Namespace: artifact.Namespace, Name: artifact.Spec.CloudConfigRef.Name}, &corev1.Secret{}); err != nil {
|
if err := r.Get(ctx, client.ObjectKey{Namespace: artifact.Namespace, Name: artifact.Spec.CloudConfigRef.Name}, &corev1.Secret{}); err != nil {
|
||||||
if errors.IsNotFound(err) {
|
if errors.IsNotFound(err) {
|
||||||
@@ -464,3 +470,20 @@ func (r *OSArtifactReconciler) findOwningArtifact(_ context.Context, obj client.
|
|||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CreateConfigMap generates a configmap required for building a custom image
|
||||||
|
func (r *OSArtifactReconciler) CreateConfigMap(ctx context.Context, artifact *osbuilder.OSArtifact) error {
|
||||||
|
cm := r.genConfigMap(artifact)
|
||||||
|
if cm.Labels == nil {
|
||||||
|
cm.Labels = map[string]string{}
|
||||||
|
}
|
||||||
|
cm.Labels[artifactLabel] = artifact.Name
|
||||||
|
if err := controllerutil.SetOwnerReference(artifact, cm, r.Scheme); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := r.Create(ctx, cm); err != nil && !apierrors.IsAlreadyExists(err) {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user