Commit graph

170 commits

Author SHA1 Message Date
Patrick Schratz
560eab96f0
Kubernetes | Docker: Add support for rootless images (#4151) 2024-11-02 18:07:27 +01:00
Andrew Melnick
b52b021acb
Implement registries for Kubernetes backend (#4092)
According to [the documentation](https://woodpecker-ci.org/docs/administration/backends/kubernetes#images-from-private-registries), per-organization and per-pipeline registries are currently unsupported for the Kubernetes backend.

This patch implements this missing functionality by creating and deleting a matching secret for each pod with a matched registry, using the same name, labels, and annotations as the pod, and appending it to its `imagePullSecrets` list.

This patch adds tests for the new functionality, and has been manually end-to-end-tested in KinD by using a private image hosted in the matching gitea instance.

This will require updating the matching helm charts to add the create/delete permissions to the agent role, which **is already done**.

close  #2987
2024-09-30 01:03:05 +01:00
6543
6ad20ced5b
Move docker resource limit settings from server to agent (#3174)
so you can set it per agent and not per server
2024-09-26 16:56:59 +01:00
qwerty287
bcecbbd398
Fix lint (#4032) 2024-08-14 22:37:05 +03:00
qwerty287
c0b1d6aaa4
Allow using args in container (#4011) 2024-08-07 21:11:55 +02:00
Thomas Anderson
6c9469f610
Improved Local backend detection (#4006)
Co-authored-by: 6543 <6543@obermui.de>
2024-08-07 12:04:10 +02:00
Thomas Anderson
ca41540151
Switched to profile-based AppArmor configuration (#4008)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-06 19:05:04 +02:00
Thomas Anderson
dc10fb95ad
Removed Kubernetes default image pull secret name (#4005)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-06 18:47:31 +02:00
Thomas Anderson
c5746ccb50
Fail on InvalidImageName (#4007) 2024-08-06 17:07:07 +02:00
qwerty287
123c4ae03e
Update docker to v27 (#3972) 2024-07-25 00:43:21 +02:00
renovate[bot]
251129a29c
fix(deps): update golang-packages (#3958)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <qwerty287@posteo.de>
2024-07-22 18:18:26 +02:00
6543
b2970dbf0d
Refactor docker backend and add more test coverage (#2700)
collection of some smal nit's and additions of tests
2024-07-21 21:28:10 +02:00
6543
cd5f6f71a2
Migrate to github.com/urfave/cli/v3 (#2951) 2024-07-18 01:26:35 +02:00
qwerty287
a076393561
Exclude dummy backend in production (#3877) 2024-07-08 16:29:43 +02:00
6543
daeab8d3c7
Add dummy backend (#3820)
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
2024-06-30 23:06:07 -07:00
Thomas Anderson
7bc38a1d8b
K8s secrets reference from step (#3655) 2024-06-23 18:20:21 +02:00
qwerty287
044c3a6dd5
Respect cli argument when checking docker backend availability (#3770)
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
2024-06-10 12:51:38 +02:00
Thomas Anderson
065eebd306
Agent-wide node selector (#3608)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-06-03 17:25:28 +02:00
Anbraten
f6904d6662
Fix privileged steps in kubernetes (#3711) 2024-05-30 18:53:03 +02:00
6543
42f2734308
cspell lint go code (#3706) 2024-05-24 22:35:04 +02:00
renovate[bot]
37ea906958
fix(deps): update golang-packages (#3713)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <qwerty287@posteo.de>
2024-05-23 17:37:21 +02:00
Robert Kaussow
89e100cfd1
Add godot linter to harmonitze toplevel comments (#3650) 2024-05-13 22:58:21 +02:00
Thomas Anderson
ae72102503
Ability to set pod annotations and labels from step (#3609)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-05-11 11:45:29 +02:00
qwerty287
225ddb586d
Rework entrypoints (#3269)
Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
Co-authored-by: 6543 <m.huber@kithara.com>
2024-05-02 14:52:01 +02:00
Elias
f211a780f3
Handle ImagePullBackOff pod status (#3580)
close: https://github.com/woodpecker-ci/woodpecker/issues/3555

Put the same logic from `waitStep` and call the function
`isImagePullBackOffState` in the `tailStep` function.

---------

Co-authored-by: elias.souza <elias.souza@quintoandar.com.br>
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
2024-04-15 09:08:13 +02:00
qwerty287
c9a3bfb321
Fix spellcheck and enable more dirs (#3603) 2024-04-09 09:04:53 +02:00
YR Chen
e1b574a4bc
Add runtimeClassName in Kubernetes backend options (#3474)
Resolves #3473

---------

Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
2024-03-29 10:29:07 +01:00
qwerty287
2029813fc2
Remove unused cache properties (#3567) 2024-03-29 09:48:28 +01:00
Robert Kaussow
a779eed3df
Enable golangci linter gomnd (#3171) 2024-03-15 18:00:25 +01:00
zowhoey
ad507d8ee4
Move generic agent flags to cmd/agent/core (#3484) 2024-03-15 11:31:35 +01:00
Anbraten
9db9c7116f
Improve security context handling (#3482) 2024-03-13 22:41:13 +01:00
Elias
bffc9c8ff8
fix: can't run multiple services on k8s (#3395)
Fix Issue: https://github.com/woodpecker-ci/woodpecker/issues/3288

The way the pod service starts up makes it impossible to run two or more
pipelines at the same time when we have a service section.

The idea is to set the name of the service in the same way we did for
the pod name.

Pipeline: 

```yaml

services:
  mydb:
    image: mysql
    environment:
      - MYSQL_DATABASE=test
      - MYSQL_ROOT_PASSWORD=example
    ports:
      - 3306/tcp
steps:
  get-version:
    image: ubuntu
    commands:
      - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null
      - sleep 30s # need to wait for mysql-server init
      - echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hmydb test -pexample
```

Running more than one pipeline result:


![image](https://github.com/woodpecker-ci/woodpecker/assets/22245125/e512309f-0d1e-4125-bab9-2357a710fedd)

---------

Co-authored-by: elias.souza <elias.souza@quintoandar.com.br>
2024-02-17 12:30:06 +01:00
Anbraten
6785806873
Fix backend detection (#3353)
closes #3352
2024-02-09 00:04:43 +01:00
Anbraten
0b91317cde
Fix linter (#3354) 2024-02-08 22:49:07 +01:00
qwerty287
6892a9ca57
Parse backend options in backend (#3227)
Currently, backend options are parsed in the yaml parser.
This has some issues:
- backend specific code should be in the backend folders
- it is not possible to add backend options for backends added via
addons
2024-02-08 18:39:32 +01:00
qwerty287
f92f8b17a3
Make agent usable for external backends (#3270) 2024-02-08 16:33:22 +01:00
Fernando Barbosa
c7467b9828
fix: agent panic when node is terminated during step execution (#3331)
Fixes https://github.com/woodpecker-ci/woodpecker/issues/3330

This adds error handling on the agent's WaitStep function, on two
sections where it could encounter a `panic: runtime error: invalid
memory address or nil pointer dereference` in case it could no longer
access complete information about a specific pod.

This error was found to happen if the node in which the pod was running
was terminated during the step's execution.
spite active pipelines being executed on the node.

Now instead of a panic on the agent's logs and undefined behavior on the
UI it will display a more helpful error message on the UI.

### Additional context

We observed the bug first on v2.1.1, but tested the fix internally on
top of 2.3.0.


![image](https://github.com/woodpecker-ci/woodpecker/assets/7269710/dfbcf089-85f7-4b5d-8102-f21af95c5cda)
2024-02-05 22:46:14 +01:00
Lukas
94b882fb95
Add spellcheck config (#3018)
Part of #738 

```
pnpx cspell lint --gitignore '{**,.*}/{*,.*}'
```

---------

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-27 21:15:10 +01:00
Thomas Anderson
e5c83190c7
Sanitize pod's step label (#3275)
Closes #3272
2024-01-26 13:42:21 +01:00
Elias
1c3159ebb7
fix: bug pod service without label service (#3256) 2024-01-23 07:42:47 +01:00
qwerty287
6925afd83b
Pin prettier version (#3260) 2024-01-22 21:38:47 +02:00
Elias
32a1199519
fix: bug annotations (#3255)
Fix Issue: https://github.com/woodpecker-ci/woodpecker/issues/3254

Co-authored-by: elias.souza <elias.souza@quintoandar.com.br>
2024-01-22 13:39:49 +01:00
qwerty287
5e2f7d81b3
Clean up models (#3228) 2024-01-22 07:56:18 +01:00
Thomas Anderson
072fa29f4a
Fixed Pods creation of WP services (#3236)
Closes #3178
2024-01-21 03:56:37 +01:00
qwerty287
d1d2e9723d
Support custom steps entrypoint (#2985)
Closes https://github.com/woodpecker-ci/woodpecker/issues/278

---------

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 05:34:02 +01:00
Thomas Anderson
10f2e209d6
Secured kubernetes backend configuration (#3204)
Follow up of #3165
2024-01-15 03:59:08 +01:00
qwerty287
001b5639a6
Use assert for test (#3201)
instead of `if`s
2024-01-14 19:33:58 +01:00
qwerty287
b9f6f3f9fb
Replace goimports with gci (#3202)
`gci` seems to be much more strict.
2024-01-14 18:22:06 +01:00
Thomas Anderson
0611fa9b32
Added protocol in port configuration (#2993)
Closes  #2727
2024-01-12 23:57:24 +01:00
Thomas Anderson
9bbc446009
Kubernetes AppArmor and seccomp (#3123)
Closes #2545

seccomp
https://kubernetes.io/docs/tutorials/security/seccomp/

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/135-seccomp/README.md

AppArmor
https://kubernetes.io/docs/tutorials/security/apparmor/

fddcbb9cbf/keps/sig-node/24-apparmor/README.md
Went ahead and implemented API from KEP-24 above.
2024-01-12 23:32:24 +01:00