Commit graph

22 commits

Author SHA1 Message Date
Patrick Schratz
560eab96f0
Kubernetes | Docker: Add support for rootless images (#4151) 2024-11-02 18:07:27 +01:00
Andrew Melnick
b52b021acb
Implement registries for Kubernetes backend (#4092)
According to [the documentation](https://woodpecker-ci.org/docs/administration/backends/kubernetes#images-from-private-registries), per-organization and per-pipeline registries are currently unsupported for the Kubernetes backend.

This patch implements this missing functionality by creating and deleting a matching secret for each pod with a matched registry, using the same name, labels, and annotations as the pod, and appending it to its `imagePullSecrets` list.

This patch adds tests for the new functionality, and has been manually end-to-end-tested in KinD by using a private image hosted in the matching gitea instance.

This will require updating the matching helm charts to add the create/delete permissions to the agent role, which **is already done**.

close  #2987
2024-09-30 01:03:05 +01:00
qwerty287
bcecbbd398
Fix lint (#4032) 2024-08-14 22:37:05 +03:00
Thomas Anderson
ca41540151
Switched to profile-based AppArmor configuration (#4008)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-06 19:05:04 +02:00
Thomas Anderson
7bc38a1d8b
K8s secrets reference from step (#3655) 2024-06-23 18:20:21 +02:00
Thomas Anderson
065eebd306
Agent-wide node selector (#3608)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-06-03 17:25:28 +02:00
Anbraten
f6904d6662
Fix privileged steps in kubernetes (#3711) 2024-05-30 18:53:03 +02:00
Thomas Anderson
ae72102503
Ability to set pod annotations and labels from step (#3609)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-05-11 11:45:29 +02:00
qwerty287
225ddb586d
Rework entrypoints (#3269)
Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
Co-authored-by: 6543 <m.huber@kithara.com>
2024-05-02 14:52:01 +02:00
YR Chen
e1b574a4bc
Add runtimeClassName in Kubernetes backend options (#3474)
Resolves #3473

---------

Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
2024-03-29 10:29:07 +01:00
Anbraten
9db9c7116f
Improve security context handling (#3482) 2024-03-13 22:41:13 +01:00
Elias
bffc9c8ff8
fix: can't run multiple services on k8s (#3395)
Fix Issue: https://github.com/woodpecker-ci/woodpecker/issues/3288

The way the pod service starts up makes it impossible to run two or more
pipelines at the same time when we have a service section.

The idea is to set the name of the service in the same way we did for
the pod name.

Pipeline: 

```yaml

services:
  mydb:
    image: mysql
    environment:
      - MYSQL_DATABASE=test
      - MYSQL_ROOT_PASSWORD=example
    ports:
      - 3306/tcp
steps:
  get-version:
    image: ubuntu
    commands:
      - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null
      - sleep 30s # need to wait for mysql-server init
      - echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hmydb test -pexample
```

Running more than one pipeline result:


![image](https://github.com/woodpecker-ci/woodpecker/assets/22245125/e512309f-0d1e-4125-bab9-2357a710fedd)

---------

Co-authored-by: elias.souza <elias.souza@quintoandar.com.br>
2024-02-17 12:30:06 +01:00
qwerty287
6892a9ca57
Parse backend options in backend (#3227)
Currently, backend options are parsed in the yaml parser.
This has some issues:
- backend specific code should be in the backend folders
- it is not possible to add backend options for backends added via
addons
2024-02-08 18:39:32 +01:00
Thomas Anderson
e5c83190c7
Sanitize pod's step label (#3275)
Closes #3272
2024-01-26 13:42:21 +01:00
qwerty287
d1d2e9723d
Support custom steps entrypoint (#2985)
Closes https://github.com/woodpecker-ci/woodpecker/issues/278

---------

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 05:34:02 +01:00
qwerty287
b9f6f3f9fb
Replace goimports with gci (#3202)
`gci` seems to be much more strict.
2024-01-14 18:22:06 +01:00
Thomas Anderson
0611fa9b32
Added protocol in port configuration (#2993)
Closes  #2727
2024-01-12 23:57:24 +01:00
Thomas Anderson
9bbc446009
Kubernetes AppArmor and seccomp (#3123)
Closes #2545

seccomp
https://kubernetes.io/docs/tutorials/security/seccomp/

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/135-seccomp/README.md

AppArmor
https://kubernetes.io/docs/tutorials/security/apparmor/

fddcbb9cbf/keps/sig-node/24-apparmor/README.md
Went ahead and implemented API from KEP-24 above.
2024-01-12 23:32:24 +01:00
6543
d1fe86b7be
Use UUID as podName and cleanup arguments for Kubernetes backend (#3135)
to much args are just horrible to maintain. And we already have it nice
structured stored as step.
2024-01-11 16:32:37 +01:00
Thomas Anderson
c0fc4828ff
Flexible image pull secret reference (#3016)
Co-authored-by: pat-s <patrick.schratz@gmail.com>
2024-01-05 08:33:56 +01:00
Thomas Anderson
253d702bc7
Fix IPv6 host aliases for kubernetes (#2992)
Closes #2991


[Tests](https://github.com/woodpecker-ci/woodpecker/pull/2993#issuecomment-1868048169)

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-12-23 00:42:30 +01:00
Thomas Anderson
01a955ed0e
Kubernetes refactor (#2794)
Kubernetes backend refactoring and tests

---------
Co-authored-by: 6543 <6543@obermui.de>
2023-12-19 04:53:52 +01:00