✨ Run task pod as AnyUser. (#755) #756
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![konveyor-ci-bot[bot]](https://avatars.githubusercontent.com/in/819470?s=60&v=4){kind=small}
jortel
added
cherry-pick/release-0.5
jortel
approved these changes
Oct 10, 2024
|
The change in PR/backport looks good, but it is probably needed update From a quick look, I'd suspect https://github.com/konveyor/tackle2-hub/blob/release-0.5/.github/workflows/main.yml#L24-L26 (go version, that is different to main branch) |
dymurray
force-pushed
the
cherry-pick-pr755-release-0.5
branch
from
6e7f1dd
to
72fd8df
Compare
Signed-off-by: Jeff Ortel <[email protected]>
When inserting a new record, GORM will also attempt to insert records into tables refered to by many-to-many relationships on the inserted record. This commit attempts to ensure that associations are omitted when inserting records, and then the associations are added to the join tables separately. Also fixes some spots where the Transaction handler was in the wrong spot in the chain or missing entirely. Fixes #727 --------- Signed-off-by: Sam Lucidi <[email protected]>
Needs konveyor/ci#54 Signed-off-by: David Zager <[email protected]>
Extends the use of the JSON serializer to the rest of the models. Signed-off-by: Sam Lucidi <[email protected]>
Support multiple DB connections. Using a custom sqlite driver that is a wrapper around the [_standard_](https://pkg.go.dev/github.com/mattn/go-sqlite3) driver but with a mutex around driver.TX and driver.Stmt as needed. --------- Signed-off-by: Jeff Ortel <[email protected]>
Support pod retention settings. The current policy is to delete pods as soon as completed (succeed or failed). Tackle users and support are used to troubleshooting by `oc debug` of the task pods. To support this, the task manager can terminate containers in pods as needed and defer to the reaper to delete the pods. This would be controlled new settings. By default succeeded tasks would be retained their pods for 1 minute; failed tasks for 72 hours. In all cases, failure to terminate running container will fallback to deleting the pod immediately. The retention is best effort. Running containers are terminated by `kill -p 1` This will only work for linux containers. --------- Signed-off-by: Jeff Ortel <[email protected]>
Seems the underlying sqlite driver keeps the lock until the connection is closed. The `Conn` acquires the mutex and holds it until the connection is closed. The `Tx` and `Stmt` are no longer necessary. --------- Signed-off-by: Jeff Ortel <[email protected]>
Signed-off-by: Jeff Ortel <[email protected]>
Generate primary keys instead of GORM. This fixes the issue of GORM reusing the highest key after the model with that ID is deleted. When the PK is 0, GORM assigns the next (highest) ID. This approach is to assign the ID ahead of time using a pool managed by tackle. --------- Signed-off-by: Jeff Ortel <[email protected]>
Add `/services/` endpoint. Add `/services/kai/*` endpoint reverse-proxy to route defined in KAI_URL. Add auth scopes. Related: konveyor/operator#376 --------- Signed-off-by: Jeff Ortel <[email protected]>
Post a _manifest_ file instead of separate multi-part form files. Much simpler and more easily supports the addon staging the issues and deps files on disk rather than streaming. The more atomic approach will prevent transaction deadlock which can more easily occur when the addon-analyzer builder reported an error (which it should never do). The uploaded file contains markers used to delimited the documents. `^]` = `\x1D` = GS (group separator). ``` ^]BEGIN-MAIN^] --- commit: 1234 ^]END-MAIN^] ^]BEGIN-ISSUES^] --- ruleset: ruleset-1 rule: rule-1 incidents: ... ^]END-ISSUES^] ^]BEGIN-DEPS^] --- name: github.com/jboss version: 4.0 labels: - konveyor.io/language=java - konveyor.io/otherA=dog ^]END-DEPS^] ``` Flow: 1. post (upload) manifest.yaml file. 2. post `ref` to the manifest file. 3. delete manifest file. Orphaned files will be reaped. --- The binding client needed to be updated to handle different file encoding (MIME). --------- Signed-off-by: Jeff Ortel <[email protected]>
Signed-off-by: David Zager <[email protected]>
Signed-off-by: David Zager <[email protected]>
To support running the task pods as _AnyUser_ instead of root: - The task manager needs to no longer RunAs user root. - The /addon directory needs to be an _EmptyDir_. This is because the addon-analyzer Dockerfile cannot create the /addon directory as owned by the _AnyUser_. Signed-off-by: Jeff Ortel <[email protected]>
Fixes: https://issues.redhat.com/browse/MTA-4007 --------- Signed-off-by: Jeff Ortel <[email protected]>
dymurray
force-pushed
the
cherry-pick-pr755-release-0.5
branch
from
72fd8df
to
29deafe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To support running the task pods as AnyUser instead of root:
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the AnyUser.
Signed-off-by: Jeff Ortel [email protected]
Signed-off-by: Cherry Picker [email protected]