Skip to content

Commit

Permalink
feat: active deadline seconds support (#272)
Browse files Browse the repository at this point in the history
Signed-off-by: chenk <hen.keinan@gmail.com>
  • Loading branch information
chen-keinan authored Dec 25, 2023
1 parent e41a770 commit 0ba3a57
Show file tree
Hide file tree
Showing 8 changed files with 42 additions and 15 deletions.
6 changes: 3 additions & 3 deletions examples/trivy.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (

"go.uber.org/zap"
corev1 "k8s.io/api/core/v1"
"k8s.io/utils/pointer"
"k8s.io/utils/ptr"

"context"
)
Expand Down Expand Up @@ -100,13 +100,13 @@ func main() {
Effect: corev1.TaintEffectNoExecute,
Key: "node.kubernetes.io/not-ready",
Operator: corev1.TolerationOperator(corev1.NodeSelectorOpExists),
TolerationSeconds: pointer.Int64(300),
TolerationSeconds: ptr.To[int64](300),
},
{
Effect: corev1.TaintEffectNoExecute,
Key: "node.kubernetes.io/unreachable",
Operator: corev1.TolerationOperator(corev1.NodeSelectorOpExists),
TolerationSeconds: pointer.Int64(300),
TolerationSeconds: ptr.To[int64](300),
},
}

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ require (
k8s.io/client-go v0.28.4
k8s.io/klog/v2 v2.110.1
k8s.io/kubectl v0.28.4
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
k8s.io/utils v0.0.0-20231127182322-b307cd553661
sigs.k8s.io/yaml v1.4.0
)

Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -252,8 +252,8 @@ k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5Ohx
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
k8s.io/kubectl v0.28.4 h1:gWpUXW/T7aFne+rchYeHkyB8eVDl5UZce8G4X//kjUQ=
k8s.io/kubectl v0.28.4/go.mod h1:CKOccVx3l+3MmDbkXtIUtibq93nN2hkDR99XDCn7c/c=
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=
k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0=
Expand Down
12 changes: 12 additions & 0 deletions pkg/jobs/builder.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
package jobs

import (
"time"

batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/utils/ptr"
"sigs.k8s.io/yaml"
)

Expand Down Expand Up @@ -100,6 +103,11 @@ func WithResourceRequirements(rr *corev1.ResourceRequirements) JobOption {
j.resourceRequirements = rr
}
}
func WithJobTimeout(timeout time.Duration) JobOption {
return func(j *JobBuilder) {
j.timeout = timeout
}
}

func GetJob(opts ...JobOption) (*batchv1.Job, error) {
jb := &JobBuilder{}
Expand All @@ -126,6 +134,7 @@ type JobBuilder struct {
volumeMounts []corev1.VolumeMount
imagePullSecrets []corev1.LocalObjectReference
resourceRequirements *corev1.ResourceRequirements
timeout time.Duration
}

func (b *JobBuilder) build() (*batchv1.Job, error) {
Expand Down Expand Up @@ -177,6 +186,9 @@ func (b *JobBuilder) build() (*batchv1.Job, error) {
if b.podSecurityContext != nil {
job.Spec.Template.Spec.SecurityContext = b.podSecurityContext
}
if b.timeout > 0 {
job.Spec.ActiveDeadlineSeconds = ptr.To[int64](int64(b.timeout.Seconds()))
}
if b.securityContext != nil {
job.Spec.Template.Spec.Containers[0].SecurityContext = b.securityContext
}
Expand Down
17 changes: 10 additions & 7 deletions pkg/jobs/builder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/pointer"
"k8s.io/utils/ptr"
)

func TestLoadBuilder(t *testing.T) {
Expand All @@ -27,14 +27,17 @@ func TestLoadBuilder(t *testing.T) {
},
ObjectMeta: v1.ObjectMeta{Name: "node-collector"},
Spec: batchv1.JobSpec{
ActiveDeadlineSeconds: ptr.To[int64](300),
BackoffLimit: ptr.To[int32](0),
Completions: ptr.To[int32](1),
Template: corev1.PodTemplateSpec{
ObjectMeta: v1.ObjectMeta{Labels: map[string]string{"app": "node-collector"}},
Spec: corev1.PodSpec{
DNSPolicy: corev1.DNSClusterFirst,
AutomountServiceAccountToken: pointer.Bool(true),
AutomountServiceAccountToken: ptr.To[bool](true),
SecurityContext: &corev1.PodSecurityContext{
RunAsGroup: pointer.Int64(0),
RunAsUser: pointer.Int64(0),
RunAsGroup: ptr.To[int64](0),
RunAsUser: ptr.To[int64](0),
SeccompProfile: &corev1.SeccompProfile{
Type: corev1.SeccompProfileTypeRuntimeDefault,
},
Expand All @@ -53,14 +56,14 @@ func TestLoadBuilder(t *testing.T) {
},
},
SecurityContext: &corev1.SecurityContext{
AllowPrivilegeEscalation: pointer.Bool(false),
AllowPrivilegeEscalation: ptr.To[bool](false),
Capabilities: &corev1.Capabilities{
Drop: []corev1.Capability{
"all",
},
},
Privileged: pointer.Bool(false),
ReadOnlyRootFilesystem: pointer.Bool(true),
Privileged: ptr.To[bool](false),
ReadOnlyRootFilesystem: ptr.To[bool](true),
},
Name: "node-collector",
Image: "ghcr.io/aquasecurity/node-collector:0.1.1",
Expand Down
9 changes: 9 additions & 0 deletions pkg/jobs/collector.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ type jobCollector struct {
volumes []corev1.Volume
volumeMounts []corev1.VolumeMount
imagePullSecrets []corev1.LocalObjectReference
collectorTimeout time.Duration
resourceRequirements *corev1.ResourceRequirements
}

Expand Down Expand Up @@ -154,6 +155,12 @@ func WithPodImagePullSecrets(imagePullSecrets []corev1.LocalObjectReference) Col
}
}

func WithCollectorTimeout(timeout time.Duration) CollectorOption {
return func(jc *jobCollector) {
jc.collectorTimeout = timeout
}
}

func NewCollector(
cluster k8s.Cluster,
opts ...CollectorOption,
Expand Down Expand Up @@ -220,6 +227,7 @@ func (jb *jobCollector) ApplyAndCollect(ctx context.Context, nodeName string) (s
WithAnnotation(jb.annotation),
WithJobServiceAccount(serviceAccount),
WithLabels(jb.labels),
WithJobTimeout(jb.timeout),
withSecurityContext(jb.securityContext),
withPodSecurityContext(jb.podSecurityContext),
WithNodeCollectorImageRef(jb.imageRef),
Expand Down Expand Up @@ -283,6 +291,7 @@ func (jb *jobCollector) Apply(ctx context.Context, nodeName string) (*batchv1.Jo
WithTolerations(jb.tolerations),
WithJobServiceAccount(jb.serviceAccount),
WithNodeSelector(nodeName),
WithJobTimeout(jb.timeout),
WithNodeCollectorImageRef(jb.imageRef),
WithAnnotation(jb.annotation),
WithTemplate(jb.templateName),
Expand Down
4 changes: 2 additions & 2 deletions pkg/jobs/runnable_job.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/cache"
"k8s.io/klog/v2"
"k8s.io/utils/pointer"
"k8s.io/utils/ptr"
)

var defaultResyncDuration = 30 * time.Minute
Expand Down Expand Up @@ -126,7 +126,7 @@ func (r *runnableJob) logTerminatedContainersErrors(ctx context.Context) {

func GetActiveDeadlineSeconds(d time.Duration) *int64 {
if d > 0 {
return pointer.Int64(int64(d.Seconds()))
return ptr.To[int64](int64(d.Seconds()))
}
return nil
}
3 changes: 3 additions & 0 deletions pkg/jobs/template/node-collector.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ kind: Job
metadata:
name: node-collector
spec:
activeDeadlineSeconds: 300
backoffLimit: 0
completions: 1
template:
metadata:
labels:
Expand Down

0 comments on commit 0ba3a57

Please sign in to comment.