From 026bba7a26cbc73502d9a77c13611c431cb32f96 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Fri, 16 Feb 2024 11:01:31 +0000 Subject: [PATCH 1/5] Remove securityContext for OpenShift --- kubernetes.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kubernetes.js b/kubernetes.js index 427a3a5..1f1dc06 100644 --- a/kubernetes.js +++ b/kubernetes.js @@ -318,6 +318,10 @@ const createDeployment = async (project, options) => { localPod.spec.containers[0].env.push({ name: 'NODE_EXTRA_CA_CERTS', value: '/usr/local/ssl-certs/chain.pem' }) } + if (this._cloudProvider === 'openshift') { + localPod.spec.securityContext = {} + } + if (stack.memory && stack.cpu) { localPod.spec.containers[0].resources.requests.memory = `${stack.memory}Mi` localPod.spec.containers[0].resources.limits.memory = `${stack.memory}Mi` @@ -611,6 +615,7 @@ module.exports = { this._k8sRetries = this._app.config.driver.options?.k8sRetries || 10 this._certManagerIssuer = this._app.config.driver.options?.certManagerIssuer this._logPassthrough = this._app.config.driver.options?.logPassthrough || false + this._cloudProvider = this._app.config.driver.options?.cloudProvider const kc = new k8s.KubeConfig() From 07dbdd349893b6385df64234d4fdf1be1c548079 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Fri, 16 Feb 2024 12:39:30 +0000 Subject: [PATCH 2/5] debug openshift --- kubernetes.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kubernetes.js b/kubernetes.js index 1f1dc06..5931f73 100644 --- a/kubernetes.js +++ b/kubernetes.js @@ -337,6 +337,8 @@ const createDeployment = async (project, options) => { project.url = projectURL await project.save() + console.log('BEN', JSON.stringify(localDeployment,null, 2)) + return localDeployment } From 765c9d62154d485423f49b2a3c39efab27401f11 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Mon, 19 Feb 2024 10:54:55 +0000 Subject: [PATCH 3/5] Remove console.log --- kubernetes.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/kubernetes.js b/kubernetes.js index 5931f73..1f1dc06 100644 --- a/kubernetes.js +++ b/kubernetes.js @@ -337,8 +337,6 @@ const createDeployment = async (project, options) => { project.url = projectURL await project.save() - console.log('BEN', JSON.stringify(localDeployment,null, 2)) - return localDeployment } From 2d45e29760c9ec176d1e44f797f968bdfeb6763e Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Wed, 28 Feb 2024 17:46:55 +0000 Subject: [PATCH 4/5] Make it licensed --- kubernetes.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes.js b/kubernetes.js index 1f1dc06..97994cb 100644 --- a/kubernetes.js +++ b/kubernetes.js @@ -318,7 +318,7 @@ const createDeployment = async (project, options) => { localPod.spec.containers[0].env.push({ name: 'NODE_EXTRA_CA_CERTS', value: '/usr/local/ssl-certs/chain.pem' }) } - if (this._cloudProvider === 'openshift') { + if (this._app.license.active() && this._cloudProvider === 'openshift') { localPod.spec.securityContext = {} } From 74813e411f9c397b40759eb599a29532e1db59ac Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Wed, 28 Feb 2024 17:50:00 +0000 Subject: [PATCH 5/5] Add docs --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0a3a980..2e217bb 100644 --- a/README.md +++ b/README.md @@ -27,8 +27,8 @@ driver: - `projectNamespace` the namespace Project pods should run in - `projectSelector` a list of labels that should be used to select which nodes Project Pods should run on -- `cloudProvider` can be left unset for none `aws` deployments. This triggers the adding of -AWS EKS specific annotation for ALB Ingress. +- `cloudProvider` normally not set, but can be `aws` This triggers the adding of +AWS EKS specific annotation for ALB Ingress. or `openshift` to allow running on OpenShift (Enterprise license only) - `privateCA` name of ConfigMap holding PEM CA Cert Bundle (file name `certs.pem`) Optional - `certManagerIssuer` name of the ClusterIssuer to use to create HTTPS certs for instances (default not set) - `k8sRetries` how many times to retry actions against the K8s API