From 903f3b10e2771c5f28646b5d37741936b64e4678 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Fri, 9 Feb 2024 00:11:07 +0000 Subject: [PATCH] Add support for annotations and labels in spec. (#739) ``` stack: webapp-deployer-backend deploy-to: k8s annotations: foo.bar.annot/{name}: baz labels: a.b.c/{name}.blah: "value" ``` Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/739 Co-authored-by: Thomas E Lackey Co-committed-by: Thomas E Lackey --- stack_orchestrator/deploy/k8s/cluster_info.py | 28 +++++++++++++++++-- stack_orchestrator/deploy/spec.py | 12 ++++++++ .../webapp/undeploy_webapp_from_registry.py | 1 + 3 files changed, 39 insertions(+), 2 deletions(-) diff --git a/stack_orchestrator/deploy/k8s/cluster_info.py b/stack_orchestrator/deploy/k8s/cluster_info.py index 17f75651..d4dfb718 100644 --- a/stack_orchestrator/deploy/k8s/cluster_info.py +++ b/stack_orchestrator/deploy/k8s/cluster_info.py @@ -266,7 +266,7 @@ def get_deployment(self, image_pull_policy: str = None): merged_envs = merge_envs( envs_from_compose_file( service_info["environment"]), self.environment_variables.map - ) if "environment" in service_info else self.environment_variables.map + ) if "environment" in service_info else self.environment_variables.map envs = envs_from_environment_variables_map(merged_envs) if opts.o.debug: print(f"Merged envs: {envs}") @@ -281,13 +281,37 @@ def get_deployment(self, image_pull_policy: str = None): env=envs, ports=[client.V1ContainerPort(container_port=port)], volume_mounts=volume_mounts, + security_context=client.V1SecurityContext( + privileged=self.spec.get_privileged(), + capabilities=client.V1Capabilities( + add=self.spec.get_capabilities() + ) if self.spec.get_capabilities() else None + ), resources=to_k8s_resource_requirements(resources), ) containers.append(container) volumes = volumes_for_pod_files(self.parsed_pod_yaml_map, self.spec, self.app_name) image_pull_secrets = [client.V1LocalObjectReference(name="laconic-registry")] + + annotations = None + labels = {"app": self.app_name} + + if self.spec.get_annotations(): + annotations = {} + for key, value in self.spec.get_annotations().items(): + for service_name in services: + annotations[key.replace("{name}", service_name)] = value + + if self.spec.get_labels(): + for key, value in self.spec.get_labels().items(): + for service_name in services: + labels[key.replace("{name}", service_name)] = value + template = client.V1PodTemplateSpec( - metadata=client.V1ObjectMeta(labels={"app": self.app_name}), + metadata=client.V1ObjectMeta( + annotations=annotations, + labels=labels + ), spec=client.V1PodSpec(containers=containers, image_pull_secrets=image_pull_secrets, volumes=volumes), ) spec = client.V1DeploymentSpec( diff --git a/stack_orchestrator/deploy/spec.py b/stack_orchestrator/deploy/spec.py index fa0489e7..7e5ad16b 100644 --- a/stack_orchestrator/deploy/spec.py +++ b/stack_orchestrator/deploy/spec.py @@ -106,3 +106,15 @@ def get_http_proxy(self): if self.obj and constants.network_key in self.obj and constants.http_proxy_key in self.obj[constants.network_key] else None) + + def get_annotations(self): + return self.obj.get("annotations", {}) + + def get_labels(self): + return self.obj.get("labels", {}) + + def get_privileged(self): + return "true" == str(self.obj.get("security", {}).get("privileged", "false")).lower() + + def get_capabilities(self): + return self.obj.get("security", {}).get("capabilities", []) diff --git a/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py b/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py index 4aa2307d..8585283e 100644 --- a/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py +++ b/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py @@ -147,6 +147,7 @@ def command(ctx, laconic_config, deployment_parent_dir, previous_requests = load_known_requests(state_file) requests.sort(key=lambda r: r.createTime) + requests.reverse() # Find deployments. deployments = {}