actions
/
unity-builder
mirror of https://github.com/game-ci/unity-builder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

service account

pull/273/head
Frostebite 2021-07-13 01:28:16 +01:00
parent 33b8e149ac
commit f64f0b01f7
5 changed files with 101 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
dist/index.js vendored
View File

@ -1280,6 +1280,7 @@ const kubernetes_utils_1 = __importDefault(__webpack_require__(92040));
const async_wait_until_1 = __importDefault(__webpack_require__(41299)); const async_wait_until_1 = __importDefault(__webpack_require__(41299));
const kubernetes_job_spec_factory_1 = __importDefault(__webpack_require__(17203)); const kubernetes_job_spec_factory_1 = __importDefault(__webpack_require__(17203));
const kubernetes_cleanup_cronjob_1 = __importDefault(__webpack_require__(82974)); const kubernetes_cleanup_cronjob_1 = __importDefault(__webpack_require__(82974));
const kubernetes_service_account_1 = __importDefault(__webpack_require__(671));
class Kubernetes { class Kubernetes {
constructor(buildParameters) { constructor(buildParameters) {
this.buildId = ''; this.buildId = '';
@ -1289,6 +1290,7 @@ class Kubernetes {
this.podName = ''; this.podName = '';
this.containerName = ''; this.containerName = '';
this.cleanupCronJobName = ''; this.cleanupCronJobName = '';
this.serviceAccountName = '';
this.kubeConfig = new k8s.KubeConfig(); this.kubeConfig = new k8s.KubeConfig();
this.kubeConfig.loadFromDefault(); this.kubeConfig.loadFromDefault();
this.kubeClient = this.kubeConfig.makeApiClient(k8s.CoreV1Api); this.kubeClient = this.kubeConfig.makeApiClient(k8s.CoreV1Api);
@ -1307,8 +1309,10 @@ class Kubernetes {
try { try {
this.pvcName = `unity-builder-pvc-${buildUid}`; this.pvcName = `unity-builder-pvc-${buildUid}`;
this.cleanupCronJobName = `unity-builder-cronjob-${buildUid}`; this.cleanupCronJobName = `unity-builder-cronjob-${buildUid}`;
this.serviceAccountName = `service-account-${buildUid}`;
yield kubernetes_storage_1.default.createPersistentVolumeClaim(buildParameters, this.pvcName, this.kubeClient, this.namespace); yield kubernetes_storage_1.default.createPersistentVolumeClaim(buildParameters, this.pvcName, this.kubeClient, this.namespace);
yield kubernetes_cleanup_cronjob_1.default.createCleanupCronJob(this.kubeClientBatchBeta, this.cleanupCronJobName, this.namespace); yield kubernetes_service_account_1.default.createServiceAccount(this.serviceAccountName, this.namespace, this.kubeClient);
yield kubernetes_cleanup_cronjob_1.default.createCleanupCronJob(this.kubeClientBatchBeta, this.cleanupCronJobName, this.serviceAccountName, this.namespace);
} }
catch (error) { catch (error) {
throw error; throw error;
@ -1436,7 +1440,7 @@ class KubernetesCleanupCronJob {
yield api.deleteNamespacedCronJob('name', namespace); yield api.deleteNamespacedCronJob('name', namespace);
}); });
} }
static createCleanupCronJob(kubeClientBatch, name, namespace) { static createCleanupCronJob(kubeClientBatch, name, serviceAccountName, namespace) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
try { try {
const batchJob = new client_node_1.V1beta1CronJob(); const batchJob = new client_node_1.V1beta1CronJob();
@ -1449,6 +1453,7 @@ class KubernetesCleanupCronJob {
}; };
const spec = { const spec = {
restartPolicy: 'Never', restartPolicy: 'Never',
serviceAccountName,
containers: [ containers: [
{ {
name: 'main', name: 'main',
@ -1781,6 +1786,65 @@ class KubernetesSecret {
exports.default = KubernetesSecret; exports.default = KubernetesSecret;
/***/ }),
/***/ 671:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
const k8s = __importStar(__webpack_require__(89679));
class KubernetesServiceAccount {
static createServiceAccount(serviceAccountName, namespace, kubeClient) {
return __awaiter(this, void 0, void 0, function* () {
const serviceAccount = new k8s.V1ServiceAccount();
serviceAccount.apiVersion = 'v1';
serviceAccount.kind = 'ServiceAccount';
serviceAccount.metadata = {
name: serviceAccountName,
};
serviceAccount.automountServiceAccountToken = false;
try {
yield kubeClient.createNamespacedServiceAccount(namespace, serviceAccount);
}
catch (error) {
throw error;
}
});
}
}
exports.default = KubernetesServiceAccount;
/***/ }), /***/ }),
/***/ 38941: /***/ 38941:

2
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

6
src/model/remote-builder/kubernetes-build-platform.ts
View File

@ -11,6 +11,7 @@ import KubernetesUtilities from './kubernetes-utils';
import waitUntil from 'async-wait-until'; import waitUntil from 'async-wait-until';
import KubernetesJobSpecFactory from './kubernetes-job-spec-factory'; import KubernetesJobSpecFactory from './kubernetes-job-spec-factory';
import KubernetesCleanupCronJob from './kubernetes-cleanup-cronjob'; import KubernetesCleanupCronJob from './kubernetes-cleanup-cronjob';
import KubernetesServiceAccount from './kubernetes-service-account';
class Kubernetes implements RemoteBuilderProviderInterface { class Kubernetes implements RemoteBuilderProviderInterface {
private kubeConfig: k8s.KubeConfig; private kubeConfig: k8s.KubeConfig;
@ -25,6 +26,7 @@ class Kubernetes implements RemoteBuilderProviderInterface {
private podName: string = ''; private podName: string = '';
private containerName: string = ''; private containerName: string = '';
private cleanupCronJobName: string = ''; private cleanupCronJobName: string = '';
private serviceAccountName: string = '';
private kubeClientBatchBeta: k8s.BatchV1beta1Api; private kubeClientBatchBeta: k8s.BatchV1beta1Api;
constructor(buildParameters: BuildParameters) { constructor(buildParameters: BuildParameters) {
@ -49,15 +51,19 @@ class Kubernetes implements RemoteBuilderProviderInterface {
try { try {
this.pvcName = `unity-builder-pvc-${buildUid}`; this.pvcName = `unity-builder-pvc-${buildUid}`;
this.cleanupCronJobName = `unity-builder-cronjob-${buildUid}`; this.cleanupCronJobName = `unity-builder-cronjob-${buildUid}`;
this.serviceAccountName = `service-account-${buildUid}`;
await KubernetesStorage.createPersistentVolumeClaim( await KubernetesStorage.createPersistentVolumeClaim(
buildParameters, buildParameters,
this.pvcName, this.pvcName,
this.kubeClient, this.kubeClient,
this.namespace, this.namespace,
); );
await KubernetesServiceAccount.createServiceAccount(this.serviceAccountName, this.namespace, this.kubeClient);
await KubernetesCleanupCronJob.createCleanupCronJob( await KubernetesCleanupCronJob.createCleanupCronJob(
this.kubeClientBatchBeta, this.kubeClientBatchBeta,
this.cleanupCronJobName, this.cleanupCronJobName,
this.serviceAccountName,
this.namespace, this.namespace,
); );
} catch (error) { } catch (error) {

8
src/model/remote-builder/kubernetes-cleanup-cronjob.ts
View File

@ -4,7 +4,12 @@ class KubernetesCleanupCronJob {
static async cleanup(api: BatchV1beta1Api, name: string, namespace: string) { static async cleanup(api: BatchV1beta1Api, name: string, namespace: string) {
await api.deleteNamespacedCronJob('name', namespace); await api.deleteNamespacedCronJob('name', namespace);
} }
static async createCleanupCronJob(kubeClientBatch: BatchV1beta1Api, name: string, namespace: string) { static async createCleanupCronJob(
kubeClientBatch: BatchV1beta1Api,
name: string,
serviceAccountName: string,
namespace: string,
) {
try { try {
const batchJob = new V1beta1CronJob(); const batchJob = new V1beta1CronJob();
batchJob.kind = 'CronJob'; batchJob.kind = 'CronJob';
@ -16,6 +21,7 @@ class KubernetesCleanupCronJob {
}; };
const spec = { const spec = {
restartPolicy: 'Never', restartPolicy: 'Never',
serviceAccountName,
containers: [ containers: [
{ {
name: 'main', name: 'main',

21
src/model/remote-builder/kubernetes-service-account.ts 100644
View File

@ -0,0 +1,21 @@
import { CoreV1Api } from '@kubernetes/client-node';
import * as k8s from '@kubernetes/client-node';
class KubernetesServiceAccount {
static async createServiceAccount(serviceAccountName: string, namespace: string, kubeClient: CoreV1Api) {
const serviceAccount = new k8s.V1ServiceAccount();
serviceAccount.apiVersion = 'v1';
serviceAccount.kind = 'ServiceAccount';
serviceAccount.metadata = {
name: serviceAccountName,
};
serviceAccount.automountServiceAccountToken = false;
try {
await kubeClient.createNamespacedServiceAccount(namespace, serviceAccount);
} catch (error) {
throw error;
}
}
}
export default KubernetesServiceAccount;