Draft: Bug fix

Dockerfile

@@ -23,7 +23,7 @@ RUN cd /app \
   && pip install -r requirements.txt
 
 
-RUN mkdir /pubgrade_temp_files
+RUN mkdir /pubgrade_temp_files && chown -R 1000 /pubgrade_temp_files
 
 USER 1000
 

build-complete-updater/updater.py

@@ -24,6 +24,7 @@
 if os.getenv("BROKER_PORT"):
     BROKER_PORT = os.getenv("BROKER_PORT")
 
+BROKER_URL="https://pubgrade.dyn.cloud.e-infra.cz"
 
 def get_env(env, name):
     for var in env:
@@ -42,8 +43,8 @@ def get_env(env, name):
                     build_name is not None and access_token is not None
                 ):
                     repo_id = build_name[:BUILD_ID_LENGTH]
-                    url = "{}:{}/repositories/{}/builds/{}".format(
-                        BROKER_URL, BROKER_PORT, repo_id, build_name
+                    url = "https://pubgrade.dyn.cloud.e-infra.cz/repositories/{}/builds/{}".format(
+                        BROKER_PORT, repo_id, build_name
                     )
                     payload = json.dumps({"id": build_name})
                     headers = {

deployment/templates/deployment.yaml

@@ -14,10 +14,12 @@ spec:
    spec:
      serviceAccountName: pubgrade
      automountServiceAccountToken: true
+     securityContext:
+        runAsUser: 1000
      containers:
      - name: pubgrade
-       imagePullPolicy: IfNotPresent
-       image: akash7778/pubgrade:test_build
+       imagePullPolicy: Always
+       image: akash7778/pubgrade:test_build_1
        ports:
        - containerPort: 8080
        volumeMounts:
@@ -38,10 +40,7 @@ spec:
         - name: take-data-dir-ownership
           image: alpine:3
           command:
-          - chown
-          - -R
-          - 1000:1000
-          - {{ .Values.volumes.Pubgrade.pathToMountedDir }}
+          - ls
           volumeMounts:
           - name: pubgrade-storage
             mountPath: {{ .Values.volumes.Pubgrade.pathToMountedDir }}

deployment/templates/mongodb/mongodb-deployment.yaml

@@ -14,6 +14,8 @@ spec:
       labels:
         app: db
     spec:
+      securityContext:
+        runAsUser: 999
       containers:
       - name: mongodb
         image: mongo:3.6

deployment/templates/mongodb/mongodb-pvc.yaml

@@ -1,28 +1,28 @@
-{{ if .Values.volumes.mongodb.deployLocalPv }}
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: mongo-pv
- labels:
-   type: local
-spec:
- storageClassName: {{ .Values.volumes.mongodb.storageClass }}
- capacity:
-   storage: {{ .Values.volumes.mongodb.size }}
- accessModes:
-   - ReadWriteOnce
- hostPath:
-   path: {{ .Values.volumes.mongodb.pathToLocalDir }}
-{{ end }}
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: {{ .Values.volumes.mongodb.name }}
-spec:
- storageClassName: {{ .Values.volumes.mongodb.storageClass }}
- accessModes:
-   - ReadWriteOnce
- resources:
-   requests:
-     storage: {{ .Values.volumes.mongodb.size }}
+# {{ if .Values.volumes.mongodb.deployLocalPv }}
+# apiVersion: v1
+# kind: PersistentVolume
+# metadata:
+#  name: mongo-pv
+#  labels:
+#    type: local
+# spec:
+#  storageClassName: {{ .Values.volumes.mongodb.storageClass }}
+#  capacity:
+#    storage: {{ .Values.volumes.mongodb.size }}
+#  accessModes:
+#    - ReadWriteOnce
+#  hostPath:
+#    path: {{ .Values.volumes.mongodb.pathToLocalDir }}
+# {{ end }}
+# ---
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#  name: {{ .Values.volumes.mongodb.name }}
+# spec:
+#  storageClassName: {{ .Values.volumes.mongodb.storageClass }}
+#  accessModes:
+#    - ReadWriteOnce
+#  resources:
+#    requests:
+#      storage: {{ .Values.volumes.mongodb.size }}

deployment/templates/pubgrade-pvc.yaml

@@ -1,28 +1,61 @@
-{{ if .Values.volumes.Pubgrade.deployLocalPv }}
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: pubgrade-pv
- labels:
-   type: local
-spec:
- storageClassName: {{ .Values.volumes.Pubgrade.storageClass }}
- capacity:
-   storage: {{ .Values.volumes.Pubgrade.size }}
- accessModes:
-   - ReadWriteOnce
- hostPath:
-   path: {{ .Values.volumes.Pubgrade.pathToLocalDir }}
-{{ end }}
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: {{ .Values.volumes.Pubgrade.name }}
-spec:
- storageClassName: {{ .Values.volumes.Pubgrade.storageClass }}
- accessModes:
-   - ReadWriteOnce
- resources:
-   requests:
-     storage: {{ .Values.volumes.Pubgrade.size }}
+# {{ if .Values.volumes.Pubgrade.deployLocalPv }}
+# apiVersion: v1
+# kind: PersistentVolume
+# metadata:
+#  name: pubgrade-pv
+#  labels:
+#    type: local
+# spec:
+#  storageClassName: {{ .Values.volumes.Pubgrade.storageClass }}
+#  capacity:
+#    storage: {{ .Values.volumes.Pubgrade.size }}
+#  accessModes:
+#    - ReadWriteOnce
+#  hostPath:
+#    path: {{ .Values.volumes.Pubgrade.pathToLocalDir }}
+# {{ end }}
+# ---
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#  name: {{ .Values.volumes.Pubgrade.name }}
+# spec:
+#  storageClassName: {{ .Values.volumes.Pubgrade.storageClass }}
+#  accessModes:
+#    - ReadWriteOnce
+#  resources:
+#    requests:
+#      storage: {{ .Values.volumes.Pubgrade.size }}
+# ---
+# apiVersion: v1
+# items:
+# - apiVersion: v1
+#   kind: PersistentVolumeClaim
+#   metadata:
+#     finalizers:
+#     - kubernetes.io/pvc-protection
+#     name: mongo-pvc
+#   spec:
+#     accessModes:
+#     - ReadWriteOnce
+#     resources:
+#       requests:
+#         storage: 2Gi
+#     storageClassName: standard-rwo
+# - apiVersion: v1
+#   kind: PersistentVolumeClaim
+#   metadata:
+#     finalizers:
+#     - kubernetes.io/pvc-protection
+#     name: pubgrade-pvc
+#   spec:
+#     accessModes:
+#     - ReadWriteOnce
+#     resources:
+#       requests:
+#         storage: 2Gi
+#     storageClassName: standard-rwo
+# kind: List
+# metadata:
+#   resourceVersion: ""
+#   selfLink: ""

deployment/templates/services.yaml

@@ -9,4 +9,4 @@ spec:
   ports:
     - port: 8080
       targetPort: 8080
-      nodePort: 30008
+      nodePort: 30010

deployment/values.yaml

@@ -14,14 +14,14 @@ volumes:
     # In case you are working with minikube or another single-worker solution
     # you can add a peristent volume from a local directory. For fully-distributed
     #clusters you should use a StorageClass already existing in your cluster, so set this to false.
-    deployLocalPv: true
+    deployLocalPv: false
     pathToMountedDir: /pubgrade_temp_files
     pathToLocalDir: /tmp/pubgrade-pv
     name: pubgrade-pvc
     storageClass: manual
     size: 2Gi
   mongodb:
-    deployLocalPv: true
+    deployLocalPv: false
     pathToLocalDir: /tmp/mongo-pv
     name: mongo-pvc
     storageClass: manual

pubgrade/config.yaml

@@ -8,7 +8,7 @@ server:
     use_reloader: True
 
 db:
-    host: mongodb.pubgrade
+    host: mongodb.pubgrade-ns
     port: 27017
     dbs:
         pubgradeStore:

pubgrade/modules/endpoints/builds.py

@@ -24,7 +24,7 @@
 
 logger = logging.getLogger(__name__)
 
-template_file = '/app/pubgrade/pubgrade/endpoints/kaniko/template.yaml'
+template_file = '/app/pubgrade/modules/endpoints/kaniko/template.yaml'
 BASE_DIR = os.getenv("BASE_DIR")
 if BASE_DIR is None:
     BASE_DIR = '/pubgrade_temp_files'
@@ -375,7 +375,7 @@ def create_deployment_YAML(
             data["spec"]["containers"][0]["env"][2]["value"] = "default"
         data["spec"]["containers"][0]["env"][3][
             "value"
-        ] = "http://pubgrade-service.pubgrade"  # PUBGRADE_URL
+        ] = "http://pubgrade-service.pubgrade-ns"  # PUBGRADE_URL
         data["spec"]["containers"][0]["env"][4]["value"] = "8080"  # PORT
         with open(deployment_file_location, "w") as yaml_file:
             yaml_file.write(yaml.dump(data, default_flow_style=False))

pubgrade/modules/endpoints/kaniko/template.yaml

@@ -3,6 +3,8 @@ kind: Pod
 metadata:
   name: kaniko
 spec:
+  securityContext:
+        runAsUser: 0
   containers:
   - args:
     - --dockerfile=/docker_file_path