Skip to content

Commit

Permalink
Support runtimeClassName in pod templates
Browse files Browse the repository at this point in the history
This change adds support for the Kubernetes 1.12+ runtime class
(https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/runtime-class.md)
feature by adding the runtimeClassName field to pod templates and
propagating that to the underlying pod spec.
  • Loading branch information
impl committed Sep 29, 2019
1 parent 2bf801e commit b5f4615
Show file tree
Hide file tree
Showing 6 changed files with 76 additions and 1 deletion.
3 changes: 3 additions & 0 deletions docs/pipelineruns.md
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,9 @@ allows to customize some Pod specific field per `Task` execution, aka
- `volumes`: list of volumes that can be mounted by containers
belonging to the pod. This lets the user of a Task define which type
of volume to use for a Task `volumeMount`
- `runtimeClassName`: the name of a
[runtime class](https://kubernetes.io/docs/concepts/containers/runtime-class/)
to use to run the pod.

In the following example, the Task is defined with a `volumeMount`
(`my-cache`), that is provided by the PipelineRun, using a
Expand Down
5 changes: 4 additions & 1 deletion docs/taskruns.md
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,10 @@ allows to customize some Pod specific field per `Task` execution, aka
- `volumes`: list of volumes that can be mounted by containers
belonging to the pod. This lets the user of a Task define which type
of volume to use for a Task `volumeMount`

- `runtimeClassName`: the name of a
[runtime class](https://kubernetes.io/docs/concepts/containers/runtime-class/)
to use to run the pod.

In the following example, the Task is defined with a `volumeMount`
(`my-cache`), that is provided by the TaskRun, using a
PersistenceVolumeClaim. The Pod will also run as a non-root user.
Expand Down
10 changes: 10 additions & 0 deletions pkg/apis/pipeline/v1alpha1/pod.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,14 @@ type PodTemplate struct {
// More info: https://kubernetes.io/docs/concepts/storage/volumes
// +optional
Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"`

// RuntimeClassName refers to a RuntimeClass object in the node.k8s.io
// group, which should be used to run this pod. If no RuntimeClass resource
// matches the named class, the pod will not be run. If unset or empty, the
// "legacy" RuntimeClass will be used, which is an implicit class with an
// empty definition that uses the default runtime handler.
// More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
// This is a beta feature as of Kubernetes v1.14.
// +optional
RuntimeClassName *string `json:"runtimeClassName,omitempty" protobuf:"bytes,2,opt,name=runtimeClassName"`
}
5 changes: 5 additions & 0 deletions pkg/apis/pipeline/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pkg/reconciler/taskrun/resources/pod.go
Original file line number Diff line number Diff line change
Expand Up @@ -362,6 +362,7 @@ func MakePod(taskRun *v1alpha1.TaskRun, taskSpec v1alpha1.TaskSpec, kubeclient k
Tolerations: taskRun.Spec.PodTemplate.Tolerations,
Affinity: taskRun.Spec.PodTemplate.Affinity,
SecurityContext: taskRun.Spec.PodTemplate.SecurityContext,
RuntimeClassName: taskRun.Spec.PodTemplate.RuntimeClassName,
},
}, nil
}
Expand Down
53 changes: 53 additions & 0 deletions pkg/reconciler/taskrun/resources/pod_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@ func TestMakePod(t *testing.T) {
VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: "multi-creds"}},
})

runtimeClassName := "gvisor"

randReader = strings.NewReader(strings.Repeat("a", 10000))
defer func() { randReader = rand.Reader }()

Expand Down Expand Up @@ -207,6 +209,57 @@ func TestMakePod(t *testing.T) {
}},
Volumes: implicitVolumesWithSecrets,
},
}, {
desc: "with-pod-template",
ts: v1alpha1.TaskSpec{
Steps: []v1alpha1.Step{{Container: corev1.Container{
Name: "name",
Image: "image",
}}},
},
trs: v1alpha1.TaskRunSpec{
PodTemplate: v1alpha1.PodTemplate{
SecurityContext: &corev1.PodSecurityContext{
Sysctls: []corev1.Sysctl{
{Name: "net.ipv4.tcp_syncookies", Value: "1"},
},
},
RuntimeClassName: &runtimeClassName,
},
},
want: &corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
InitContainers: []corev1.Container{{
Name: containerPrefix + credsInit + "-9l9zj",
Image: *credsImage,
Command: []string{"/ko-app/creds-init"},
Args: []string{},
Env: implicitEnvVars,
VolumeMounts: implicitVolumeMounts,
WorkingDir: workspaceDir,
}},
Containers: []corev1.Container{{
Name: "step-name",
Image: "image",
Env: implicitEnvVars,
VolumeMounts: implicitVolumeMounts,
WorkingDir: workspaceDir,
Resources: corev1.ResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceCPU: resource.MustParse("0"),
corev1.ResourceMemory: resource.MustParse("0"),
corev1.ResourceEphemeralStorage: resource.MustParse("0"),
},
},
}},
Volumes: implicitVolumes,
SecurityContext: &corev1.PodSecurityContext{
Sysctls: []corev1.Sysctl{
{Name: "net.ipv4.tcp_syncookies", Value: "1"},
},
},
RuntimeClassName: &runtimeClassName,
},
}, {
desc: "very-long-step-name",
ts: v1alpha1.TaskSpec{
Expand Down

0 comments on commit b5f4615

Please sign in to comment.