Documentation
¶
Index ¶
- Constants
- Variables
- func PrepareVolumeMounts(ctrSpec []corev1.Container) []corev1.Container
- func StringToInterposer(from, to reflect.Type, data any) (any, error)
- type AgentConfig
- func (a *AgentConfig) ApplyToAgentStart(ctr *corev1.Container)
- func (a *AgentConfig) ApplyToCheckout(ctr *corev1.Container)
- func (a *AgentConfig) ApplyToCommand(ctr *corev1.Container)
- func (a *AgentConfig) ApplyVolumesTo(podSpec *corev1.PodSpec)
- func (a *AgentConfig) ControllerOptions() []agentcore.ControllerOption
- type CheckoutParams
- type CommandParams
- type Config
- type GitMirrorsParams
- type Interposer
- type Metadata
- type ResourceClass
- type SidecarParams
Constants ¶
View Source
const ( UUIDLabel = "buildkite.com/job-uuid" ControllerIDLabel = "buildkite.com/controller-id" BuildURLAnnotation = "buildkite.com/build-url" BuildBranchAnnotation = "buildkite.com/build-branch" JobURLAnnotation = "buildkite.com/job-url" PriorityAnnotation = "buildkite.com/job-priority" DefaultNamespace = "default" DefaultImagePullBackOffGracePeriod = 30 * time.Second DefaultJobCancelCheckerPollInterval = 5 * time.Second DefaultEmptyJobGracePeriod = 30 * time.Second DefaultJobCreationConcurrency = 25 DefaultK8sClientRateLimiterQPS = 10 DefaultK8sClientRateLimiterBurst = 20 DefaultPaginationPageSize = 1000 DefaultPaginationDepthLimit = 2 DefaultQueryResetInterval = 10 * time.Second DefaultWorkQueueLimit = 1_000_000 DefaultImageCheckContainerCPULimit = "200m" DefaultImageCheckContainerMemoryLimit = "128Mi" )
Variables ¶
View Source
var AllowedInterposers = []Interposer{ "", InterposerBuildkite, InterposerVector, InterposerLegacy, }
Accepted values for Interposer.
View Source
var DefaultAgentImage = "ghcr.io/buildkite/agent:" + version.Version()
Functions ¶
func PrepareVolumeMounts ¶
Iterates over Containers in PodSpec to deduplicate VolumeMounts
Types ¶
type AgentConfig ¶
type AgentConfig struct {
// Applies to agents within the k8s controller and within the pod
Endpoint *string `json:"endpoint,omitempty"` // BUILDKITE_AGENT_ENDPOINT
NoHTTP2 *bool `json:"no-http2,omitempty"` // BUILDKITE_NO_HTTP2
// Only applies to agents within the pod
Experiments []string `json:"experiment,omitempty"` // BUILDKITE_AGENT_EXPERIMENT
Shell *string `json:"shell,omitempty"` // BUILDKITE_SHELL
NoColor *bool `json:"no-color,omitempty"` // BUILDKITE_AGENT_NO_COLOR
StrictSingleHooks *bool `json:"strict-single-hooks,omitempty"` // BUILDKITE_STRICT_SINGLE_HOOKS
NoMultipartArtifactUpload *bool `json:"no-multipart-artifact-upload,omitempty"` // BUILDKITE_NO_MULTIPART_ARTIFACT_UPLOAD
TraceContextEncoding *string `json:"trace-context-encoding,omitempty"` // BUILDKITE_TRACE_CONTEXT_ENCODING
DisableWarningsFor []string `json:"disable-warnings-for,omitempty"` // BUILDKITE_AGENT_DISABLE_WARNINGS_FOR
DebugSigning *bool `json:"debug-signing,omitempty"` // BUILDKITE_AGENT_DEBUG_SIGNING
// Applies differently depending on the container
// // agent start / bootstrap
NoPTY *bool `json:"no-pty,omitempty"` // BUILDKITE_NO_PTY / BUILDKITE_PTY
NoCommandEval *bool `json:"no-command-eval,omitempty"` // BUILDKITE_NO_COMMAND_EVAL / BUILDKITE_COMMAND_EVAL
NoLocalHooks *bool `json:"no-local-hooks,omitempty"` // BUILDKITE_NO_LOCAL_HOOKS / BUILDKITE_LOCAL_HOOKS_ENABLED
NoPlugins *bool `json:"no-plugins,omitempty"` // BUILDKITE_NO_PLUGINS / BUILDKITE_PLUGINS_ENABLED
PluginValidation *bool `json:"plugin-validation,omitempty"` // BUILDKITE_NO_PLUGIN_VALIDATION / BUILDKITE_PLUGIN_VALIDATION
// Like the above, but signing keys can be supplied directly to the command container.
// // agent start / pipeline upload or agent tool sign
SigningJWKSFile *string `json:"signing-jwks-file,omitempty"` // BUILDKITE_AGENT_SIGNING_JWKS_FILE / BUILDKITE_AGENT_JWKS_FILE
SigningJWKSKeyID *string `json:"signing-jwks-key-id,omitempty"` // BUILDKITE_AGENT_SIGNING_JWKS_KEY_ID / BUILDKITE_AGENT_JWKS_KEY_ID
SigningJWKSVolume *corev1.Volume `json:"signingJWKSVolume,omitempty"`
// Hooks and plugins can be supplied with a volume source.
HooksPath *string `json:"hooks-path,omitempty"` // BUILDKITE_HOOKS_PATH
HooksVolume *corev1.Volume `json:"hooksVolume,omitempty"`
PluginsPath *string `json:"plugins-path,omitempty"` // BUILDKITE_PLUGINS_PATH
PluginsVolume *corev1.Volume `json:"pluginsVolume,omitempty"`
// Applies only to the "buildkite-agent start" container.
// Keys can be supplied with a volume.
VerificationJWKSFile *string `json:"verification-jwks-file,omitempty"` // BUILDKITE_AGENT_VERIFICATION_JWKS_FILE
VerificationFailureBehavior *string `json:"verification-failure-behavior,omitempty"` // BUILDKITE_AGENT_JOB_VERIFICATION_NO_SIGNATURE_BEHAVIOR
VerificationJWKSVolume *corev1.Volume `json:"verificationJWKSVolume,omitempty"`
}
AgentConfig stores shared parameters for things that run buildkite-agent in one form or another. They should correspond to the flags for `buildkite-agent start`. Note that not all agent flags make sense as config options for agents running within a pod.
func (*AgentConfig) ApplyToAgentStart ¶
func (a *AgentConfig) ApplyToAgentStart(ctr *corev1.Container)
ApplyToAgentStart adds env vars assuming ctr is the agent "server" container.
func (*AgentConfig) ApplyToCheckout ¶
func (a *AgentConfig) ApplyToCheckout(ctr *corev1.Container)
func (*AgentConfig) ApplyToCommand ¶
func (a *AgentConfig) ApplyToCommand(ctr *corev1.Container)
func (*AgentConfig) ApplyVolumesTo ¶
func (a *AgentConfig) ApplyVolumesTo(podSpec *corev1.PodSpec)
ApplyVolumesTo adds volumes based on the agent config to the podSpec.
func (*AgentConfig) ControllerOptions ¶
func (a *AgentConfig) ControllerOptions() []agentcore.ControllerOption
type CheckoutParams ¶
type CheckoutParams struct {
Skip *bool `json:"skip,omitempty"`
CheckoutFlags *string `json:"checkoutFlags,omitempty"`
CleanFlags *string `json:"cleanFlags,omitempty"`
CloneFlags *string `json:"cloneFlags,omitempty"`
FetchFlags *string `json:"fetchFlags,omitempty"`
NoSubmodules *bool `json:"noSubmodules,omitempty"`
SubmoduleCloneConfig []string `json:"submoduleCloneConfig,omitempty"`
GitMirrors *GitMirrorsParams `json:"gitMirrors,omitempty"`
GitCredentialsSecret *corev1.SecretVolumeSource `json:"gitCredentialsSecret,omitempty"`
EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"`
ExtraVolumeMounts []corev1.VolumeMount `json:"extraVolumeMounts,omitempty"`
}
CheckoutParams contains parameters that provide additional control over the checkout container.
func (*CheckoutParams) ApplyToAgentStart ¶
func (co *CheckoutParams) ApplyToAgentStart(ctr *corev1.Container)
ApplyToAgentStart send checkout params's env variables to Agent container Agent container will propogate these env variables to command and other containers when they do `kubernetes-bootstrap`. NOTE: It's worthnoting that only some checkout params get passed in this way, many other params are still applied directly to checkout container. Basically any k8s construct needs to be passed directly to checkout container
func (*CheckoutParams) ApplyToCheckout ¶
func (co *CheckoutParams) ApplyToCheckout(podSpec *corev1.PodSpec, ctr *corev1.Container)
Any k8s related config things need to be passed to checkout container directly. "kubernetes-bootstrap" won't work for those for obvious reason: they are passed k8s pod lifecycle.
NOTE: despite this is called ApplyToCheckout, it mutate not only the container spec but also the pod spec.
func (*CheckoutParams) GitCredsSecret ¶
func (co *CheckoutParams) GitCredsSecret() *corev1.SecretVolumeSource
type CommandParams ¶
type CommandParams struct {
Interposer Interposer `json:"interposer,omitempty"`
EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"`
ExtraVolumeMounts []corev1.VolumeMount `json:"extraVolumeMounts,omitempty"`
}
CommandParams contains parameters that provide additional control over all command container(s).
func (*CommandParams) ApplyTo ¶
func (cmd *CommandParams) ApplyTo(ctr *corev1.Container)
func (*CommandParams) Command ¶
func (cmd *CommandParams) Command(command, args []string) string
Command interprets the command and args fields of the container into a BUILDKITE_COMMAND value.
type Config ¶
type Config struct {
Debug bool `json:"debug"`
JobTTL time.Duration `json:"job-ttl"`
JobActiveDeadlineSeconds int `json:"job-active-deadline-seconds" validate:"required"`
PollInterval time.Duration `json:"poll-interval"`
JobCreationConcurrency int `json:"job-creation-concurrency" validate:"omitempty"`
AgentTokenSecret string `json:"agent-token-secret" validate:"required"`
Image string `json:"image" validate:"required"`
JobPrefix string `json:"job-prefix" validate:"required"`
MaxInFlight int `json:"max-in-flight" validate:"min=0"`
Namespace string `json:"namespace" validate:"required"`
Tags stringSlice `json:"tags"`
PrometheusPort uint16 `json:"prometheus-port" validate:"omitempty"`
ProfilerAddress string `json:"profiler-address" validate:"omitempty,hostname_port"`
PaginationPageSize int `json:"pagination-page-size" validate:"min=1,max=1000"`
PaginationDepthLimit int `json:"pagination-depth-limit" validate:"min=1,max=20"`
QueryResetInterval time.Duration `json:"query-reset-interval" validate:"omitempty"`
EnableQueuePause bool `json:"enable-queue-pause" validate:"omitempty"`
WorkQueueLimit int `json:"work-queue-limit" validate:"omitempty"`
// ID is an optional uniquely ID string for the controller.
// This is useful when running multiple bk k8s controllers within the same k8s namespace.
// So the controller can target the correct pods.
// By default, if helm is used to install, this will be set as helm release full name.
ID string `json:"id" validate:"omitempty"`
K8sClientRateLimiterQPS int `json:"k8s-client-rate-limiter-qps" validate:"omitempty"`
K8sClientRateLimiterBurst int `json:"k8s-client-rate-limiter-burst" validate:"omitempty"`
AdditionalRedactedVars stringSlice `json:"additional-redacted-vars" validate:"omitempty"`
PodSpecPatch *corev1.PodSpec `json:"pod-spec-patch" validate:"omitempty"`
ImagePullBackOffGracePeriod time.Duration `json:"image-pull-backoff-grace-period" validate:"omitempty"`
JobCancelCheckerPollInterval time.Duration `json:"job-cancel-checker-poll-interval" validate:"omitempty"`
EmptyJobGracePeriod time.Duration `json:"empty-job-grace-period" validate:"omitempty"`
// WorkspaceVolume allows supplying a volume for /workspace. By default
// an EmptyDir volume is created for it.
WorkspaceVolume *corev1.Volume `json:"workspace-volume" validate:"omitempty"`
AgentConfig *AgentConfig `json:"agent-config" validate:"omitempty"`
DefaultCheckoutParams *CheckoutParams `json:"default-checkout-params" validate:"omitempty"`
DefaultCommandParams *CommandParams `json:"default-command-params" validate:"omitempty"`
DefaultSidecarParams *SidecarParams `json:"default-sidecar-params" validate:"omitempty"`
DefaultMetadata Metadata `json:"default-metadata" validate:"omitempty"`
ResourceClasses map[string]*ResourceClass `json:"resource-classes" validate:"omitempty"`
DefaultImagePullPolicy corev1.PullPolicy `json:"default-image-pull-policy" validate:"omitempty"`
DefaultImageCheckPullPolicy corev1.PullPolicy `json:"default-image-check-pull-policy" validate:"omitempty"`
SkipImageCheckContainers bool `json:"skip-image-check-containers" validate:"omitempty"`
ImageCheckContainerCPULimit string `json:"image-check-container-cpu-limit" validate:"omitempty"`
ImageCheckContainerMemoryLimit string `json:"image-check-container-memory-limit" validate:"omitempty"`
// ProhibitKubernetesPlugin can be used to prevent alterations to the pod
// from the job (the kubernetes "plugin" in pipeline.yml). If enabled,
// jobs with a "kubernetes" plugin will fail.
ProhibitKubernetesPlugin bool `json:"prohibit-kubernetes-plugin" validate:"omitempty"`
// AllowPodSpecPatchUnsafeCmdMod can be used to allow podSpecPatch to change
// container commands. Normally this is prevented, because if the
// replacement command does not execute buildkite-agent in the right way,
// then the pod will malfunction.
AllowPodSpecPatchUnsafeCmdMod bool `json:"allow-pod-spec-patch-unsafe-command-modification" validate:"omitempty"`
// Enable job reservation support - this feature is in-progress.
ExperimentalJobReservationSupport bool `json:"experimental-job-reservation-support" validate:"omitempty"`
// These are only used for integration tests.
BuildkiteToken string `json:"buildkite-token" validate:"omitempty"`
GraphQLEndpoint string `json:"graphql-endpoint" validate:"omitempty"`
// FIXME: This is unused. Only keeping here temporarily to ease our transition.
// Once we promote our new version of k8s stack into our own CI, we can remove this line.
Org string `json:"org" validate:"omitempty"`
// Deprecated: ClusterUUID is unused. Only keeping here temporarily to ease our transition.
// Once we promote our new version of k8s stack into our own CI, we can remove this line.
ClusterUUID string `json:"cluster-uuid" validate:"omitempty"`
}
viper requires mapstructure struct tags, but the k8s types only have json struct tags. mapstructure (the module) supports switching the struct tag to "json", viper does not. So we have to have the `mapstructure` tag for viper and the `json` tag is used by the mapstructure!
func (Config) MarshalLogObject ¶
func (c Config) MarshalLogObject(enc zapcore.ObjectEncoder) error
type GitMirrorsParams ¶
type GitMirrorsParams struct {
Path *string `json:"path,omitempty"`
Volume *corev1.Volume `json:"volume,omitempty"`
CloneFlags *string `json:"cloneFlags,omitempty"`
LockTimeout int `json:"lockTimeout,omitempty"`
SkipUpdate *bool `json:"skipUpdate,omitempty"`
}
GitMirrorsParams configures git mirrors functions of the agent.
func (*GitMirrorsParams) ApplyToAgentStart ¶
func (gm *GitMirrorsParams) ApplyToAgentStart(ctr *corev1.Container)
func (*GitMirrorsParams) ApplyToCheckout ¶
func (gm *GitMirrorsParams) ApplyToCheckout(ctr *corev1.Container)
func (*GitMirrorsParams) ApplyToPod ¶
func (gm *GitMirrorsParams) ApplyToPod(podSpec *corev1.PodSpec)
type Interposer ¶
type Interposer string
Interposer is a string-flavoured "enum" of command interposers. These configure the conversion from podSpec/command and podSpec/args into BUILDKITE_COMMAND.
const ( // InterposerBuildkite forms BUILDKITE_COMMAND by joining podSpec/command // with newlines, and appends podSpec/args to the last line joined with // spaces and additional shell quoting as needed. // This is intended to mimic how a pipeline.yaml steps/command works: as a // list of one or more commands. But note that: // 1. this is not "correct" as far as Kubernetes would interpret a pod spec // 2. per the pod spec schema, it must be a list. Unlike pipeline.yaml a // single command string (not within a list) is not accepted. // // Example: // // command: // - echo 'hello world' // - ls -halt // - touch // args: // - example file.txt // // becomes: // // BUILDKITE_COMMAND="echo 'hello world'\nls -halt\ntouch 'example file.txt'" InterposerBuildkite Interposer = "buildkite" // InterposerVector forms BUILDKITE_COMMAND by joining podSpec/command // and podSpec/args with spaces, and adds shell quoting around individual // items as needed. // This is intended to mach how Kubernetes interprets command and args: as // a 'vector' specifying a single command. // // Example: // // command: ['echo'] // args: ['hello world'] // // becomes: // // BUILDKITE_COMMAND="echo 'hello world'" InterposerVector Interposer = "vector" // InterposerLegacy forms BUILDKITE_COMMAND by joining podSpec/command // and podSpec/args directly with spaces and no shell quoting. // This interposer should be avoided, but was the old default, and is // provided as an escape hatch for users with pipelines that stop working on // upgrade to the new default (CmdInterposerBuildkite). // // Example: // // command: ['echo'] // args: ['hello world'] // // becomes: // // BUILDKITE_COMMAND="echo hello world" // // (note the lack of quotes around "hello world" in the output). InterposerLegacy Interposer = "legacy" )
Interposer values.
type Metadata ¶
Metadata contains k8s job metadata to apply when creating pods. It can be set as a default within the config, or per step using the kubernetes plugin.
type ResourceClass ¶
type ResourceClass struct {
Resource *corev1.ResourceRequirements `json:"resource,omitempty"`
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
}
ResourceClass represents a reusable resource configuration. Affinity or Toleration/taint based configuration may come later.
func (*ResourceClass) Apply ¶
func (rc *ResourceClass) Apply(podSpec *corev1.PodSpec)
Apply adds the resource class NodeSelector to the podSpec, and resource requests and limits to the command container. It assumes there is only one command container named "container-0".
type SidecarParams ¶
type SidecarParams struct {
EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"`
ExtraVolumeMounts []corev1.VolumeMount `json:"extraVolumeMounts,omitempty"`
}
SidecarParams contains parameters that provide additional control over all sidecar container(s).
func (*SidecarParams) ApplyTo ¶
func (sc *SidecarParams) ApplyTo(ctr *corev1.Container)
Source Files
Click to show internal directories.
Click to hide internal directories.