From d1395d3181f1b6632509d13659a49cf6cd1ad791 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 8 Feb 2024 16:57:57 -0600 Subject: [PATCH 1/5] Add annotations to spec --- stack_orchestrator/deploy/k8s/cluster_info.py | 22 +++++++++++++++++-- stack_orchestrator/deploy/spec.py | 6 +++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/stack_orchestrator/deploy/k8s/cluster_info.py b/stack_orchestrator/deploy/k8s/cluster_info.py index 17f75651..1de1fc76 100644 --- a/stack_orchestrator/deploy/k8s/cluster_info.py +++ b/stack_orchestrator/deploy/k8s/cluster_info.py @@ -266,7 +266,7 @@ class ClusterInfo: merged_envs = merge_envs( envs_from_compose_file( service_info["environment"]), self.environment_variables.map - ) if "environment" in service_info else self.environment_variables.map + ) if "environment" in service_info else self.environment_variables.map envs = envs_from_environment_variables_map(merged_envs) if opts.o.debug: print(f"Merged envs: {envs}") @@ -286,8 +286,26 @@ class ClusterInfo: containers.append(container) volumes = volumes_for_pod_files(self.parsed_pod_yaml_map, self.spec, self.app_name) image_pull_secrets = [client.V1LocalObjectReference(name="laconic-registry")] + + annotations = None + labels = {"app": self.app_name} + + if self.spec.get_annotations(): + annotations = {} + for key, value in self.spec.get_annotations().items(): + for service_name in services: + annotations[key.replace("{name}", service_name)] = value + + if self.spec.get_labels(): + for key, value in self.spec.get_labels().items(): + for service_name in services: + labels[key.replace("{name}", service_name)] = value + template = client.V1PodTemplateSpec( - metadata=client.V1ObjectMeta(labels={"app": self.app_name}), + metadata=client.V1ObjectMeta( + annotations=annotations, + labels=labels + ), spec=client.V1PodSpec(containers=containers, image_pull_secrets=image_pull_secrets, volumes=volumes), ) spec = client.V1DeploymentSpec( diff --git a/stack_orchestrator/deploy/spec.py b/stack_orchestrator/deploy/spec.py index fa0489e7..33a62f0c 100644 --- a/stack_orchestrator/deploy/spec.py +++ b/stack_orchestrator/deploy/spec.py @@ -106,3 +106,9 @@ class Spec: if self.obj and constants.network_key in self.obj and constants.http_proxy_key in self.obj[constants.network_key] else None) + + def get_annotations(self): + return self.obj.get("annotations", {}) + + def get_labels(self): + return self.obj.get("annotations", {}) -- 2.45.2 From dde00b7606272f7c60d811b68fe98ce2a84a0358 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 8 Feb 2024 17:08:43 -0600 Subject: [PATCH 2/5] fix labels --- stack_orchestrator/deploy/spec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_orchestrator/deploy/spec.py b/stack_orchestrator/deploy/spec.py index 33a62f0c..95684f46 100644 --- a/stack_orchestrator/deploy/spec.py +++ b/stack_orchestrator/deploy/spec.py @@ -111,4 +111,4 @@ class Spec: return self.obj.get("annotations", {}) def get_labels(self): - return self.obj.get("annotations", {}) + return self.obj.get("labels", {}) -- 2.45.2 From f7e0148ea0d2eb3cab4df5469544ff3231d1b38d Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 8 Feb 2024 17:21:23 -0600 Subject: [PATCH 3/5] security context --- stack_orchestrator/deploy/k8s/cluster_info.py | 6 ++++++ stack_orchestrator/deploy/spec.py | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/stack_orchestrator/deploy/k8s/cluster_info.py b/stack_orchestrator/deploy/k8s/cluster_info.py index 1de1fc76..d4dfb718 100644 --- a/stack_orchestrator/deploy/k8s/cluster_info.py +++ b/stack_orchestrator/deploy/k8s/cluster_info.py @@ -281,6 +281,12 @@ class ClusterInfo: env=envs, ports=[client.V1ContainerPort(container_port=port)], volume_mounts=volume_mounts, + security_context=client.V1SecurityContext( + privileged=self.spec.get_privileged(), + capabilities=client.V1Capabilities( + add=self.spec.get_capabilities() + ) if self.spec.get_capabilities() else None + ), resources=to_k8s_resource_requirements(resources), ) containers.append(container) diff --git a/stack_orchestrator/deploy/spec.py b/stack_orchestrator/deploy/spec.py index 95684f46..72f1cfb1 100644 --- a/stack_orchestrator/deploy/spec.py +++ b/stack_orchestrator/deploy/spec.py @@ -112,3 +112,9 @@ class Spec: def get_labels(self): return self.obj.get("labels", {}) + + def get_privileged(self): + return "true" == str(self.obj.get("security", {}).get("privileged", "false")).lower() + + def get_capabilities(self): + return self.obj.get("security", {}).get("capabilities", []) \ No newline at end of file -- 2.45.2 From 0b144b973e25e1a90b100633747927aaf521f9a4 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 8 Feb 2024 18:02:40 -0600 Subject: [PATCH 4/5] Newest first --- .../deploy/webapp/undeploy_webapp_from_registry.py | 1 + 1 file changed, 1 insertion(+) diff --git a/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py b/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py index 4aa2307d..8585283e 100644 --- a/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py +++ b/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py @@ -147,6 +147,7 @@ def command(ctx, laconic_config, deployment_parent_dir, previous_requests = load_known_requests(state_file) requests.sort(key=lambda r: r.createTime) + requests.reverse() # Find deployments. deployments = {} -- 2.45.2 From 640cbbbf39a273a7ace24015ec17cb1295595359 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 8 Feb 2024 18:04:17 -0600 Subject: [PATCH 5/5] autopep8 --- stack_orchestrator/deploy/spec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_orchestrator/deploy/spec.py b/stack_orchestrator/deploy/spec.py index 72f1cfb1..7e5ad16b 100644 --- a/stack_orchestrator/deploy/spec.py +++ b/stack_orchestrator/deploy/spec.py @@ -117,4 +117,4 @@ class Spec: return "true" == str(self.obj.get("security", {}).get("privileged", "false")).lower() def get_capabilities(self): - return self.obj.get("security", {}).get("capabilities", []) \ No newline at end of file + return self.obj.get("security", {}).get("capabilities", []) -- 2.45.2