✨ Run task pod as AnyUser. (#755) #756
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![konveyor-ci-bot[bot]](https://avatars.githubusercontent.com/in/819470?s=60&v=4){kind=small}
jortel
added
cherry-pick/release-0.5
jortel
approved these changes
Oct 10, 2024
|
The change in PR/backport looks good, but it is probably needed update From a quick look, I'd suspect https://github.com/konveyor/tackle2-hub/blob/release-0.5/.github/workflows/main.yml#L24-L26 (go version, that is different to main branch) |
dymurray
force-pushed
the
cherry-pick-pr755-release-0.5
branch
from
6e7f1dd to
72fd8df
Compare
Signed-off-by: Jeff Ortel <jortel@redhat.com>
When inserting a new record, GORM will also attempt to insert records into tables refered to by many-to-many relationships on the inserted record. This commit attempts to ensure that associations are omitted when inserting records, and then the associations are added to the join tables separately. Also fixes some spots where the Transaction handler was in the wrong spot in the chain or missing entirely. Fixes #727 --------- Signed-off-by: Sam Lucidi <slucidi@redhat.com>
Needs konveyor/ci#54 Signed-off-by: David Zager <dzager@redhat.com>
Extends the use of the JSON serializer to the rest of the models. Signed-off-by: Sam Lucidi <slucidi@redhat.com>
Support multiple DB connections. Using a custom sqlite driver that is a wrapper around the [_standard_](https://pkg.go.dev/github.com/mattn/go-sqlite3) driver but with a mutex around driver.TX and driver.Stmt as needed. --------- Signed-off-by: Jeff Ortel <jortel@redhat.com>
Support pod retention settings. The current policy is to delete pods as soon as completed (succeed or failed). Tackle users and support are used to troubleshooting by `oc debug` of the task pods. To support this, the task manager can terminate containers in pods as needed and defer to the reaper to delete the pods. This would be controlled new settings. By default succeeded tasks would be retained their pods for 1 minute; failed tasks for 72 hours. In all cases, failure to terminate running container will fallback to deleting the pod immediately. The retention is best effort. Running containers are terminated by `kill -p 1` This will only work for linux containers. --------- Signed-off-by: Jeff Ortel <jortel@redhat.com>
Seems the underlying sqlite driver keeps the lock until the connection is closed. The `Conn` acquires the mutex and holds it until the connection is closed. The `Tx` and `Stmt` are no longer necessary. --------- Signed-off-by: Jeff Ortel <jortel@redhat.com>
Signed-off-by: Jeff Ortel <jortel@redhat.com>
Generate primary keys instead of GORM. This fixes the issue of GORM reusing the highest key after the model with that ID is deleted. When the PK is 0, GORM assigns the next (highest) ID. This approach is to assign the ID ahead of time using a pool managed by tackle. --------- Signed-off-by: Jeff Ortel <jortel@redhat.com>
Add `/services/` endpoint. Add `/services/kai/*` endpoint reverse-proxy to route defined in KAI_URL. Add auth scopes. Related: konveyor/operator#376 --------- Signed-off-by: Jeff Ortel <jortel@redhat.com>
Post a _manifest_ file instead of separate multi-part form files. Much simpler and more easily supports the addon staging the issues and deps files on disk rather than streaming. The more atomic approach will prevent transaction deadlock which can more easily occur when the addon-analyzer builder reported an error (which it should never do). The uploaded file contains markers used to delimited the documents. `^]` = `\x1D` = GS (group separator). ``` ^]BEGIN-MAIN^] --- commit: 1234 ^]END-MAIN^] ^]BEGIN-ISSUES^] --- ruleset: ruleset-1 rule: rule-1 incidents: ... ^]END-ISSUES^] ^]BEGIN-DEPS^] --- name: github.com/jboss version: 4.0 labels: - konveyor.io/language=java - konveyor.io/otherA=dog ^]END-DEPS^] ``` Flow: 1. post (upload) manifest.yaml file. 2. post `ref` to the manifest file. 3. delete manifest file. Orphaned files will be reaped. --- The binding client needed to be updated to handle different file encoding (MIME). --------- Signed-off-by: Jeff Ortel <jortel@redhat.com>
Signed-off-by: David Zager <dzager@redhat.com>
Signed-off-by: David Zager <dzager@redhat.com>
To support running the task pods as _AnyUser_ instead of root: - The task manager needs to no longer RunAs user root. - The /addon directory needs to be an _EmptyDir_. This is because the addon-analyzer Dockerfile cannot create the /addon directory as owned by the _AnyUser_. Signed-off-by: Jeff Ortel <jortel@redhat.com>
Fixes: https://issues.redhat.com/browse/MTA-4007 --------- Signed-off-by: Jeff Ortel <jortel@redhat.com>
dymurray
force-pushed
the
cherry-pick-pr755-release-0.5
branch
from
72fd8df to
29deafe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To support running the task pods as AnyUser instead of root:
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the AnyUser.
Signed-off-by: Jeff Ortel jortel@redhat.com
Signed-off-by: Cherry Picker noreply@github.com