diff --git a/internal/client/models.go b/internal/client/models.go index 169b2d9..c46bc93 100644 --- a/internal/client/models.go +++ b/internal/client/models.go @@ -103,15 +103,23 @@ type NewAppInput struct { App App `json:"app"` } -type App struct { - msg `json:",inline"` - Key AppKey `json:"key"` - Deployment string `json:"deployment,omitempty"` - ImageType string `json:"image_type,omitempty"` - ImagePath string `json:"image_path,omitempty"` - AllowServerless bool `json:"allow_serverless,omitempty"` - DefaultFlavor Flavor `json:"defaultFlavor,omitempty"` - ServerlessConfig any `json:"serverless_config,omitempty"` - DeploymentGenerator string `json:"deployment_generator,omitempty"` - DeploymentManifest string `json:"deployment_manifest,omitempty"` +type SecurityRule struct { + PortRangeMax int `json:"port_range_max"` + PortRangeMin int `json:"port_range_min"` + Protocol string `json:"protocol"` + RemoteCIDR string `json:"remote_cidr"` +} + +type App struct { + msg `json:",inline"` + Key AppKey `json:"key"` + Deployment string `json:"deployment,omitempty"` + ImageType string `json:"image_type,omitempty"` + ImagePath string `json:"image_path,omitempty"` + AllowServerless bool `json:"allow_serverless,omitempty"` + DefaultFlavor Flavor `json:"defaultFlavor,omitempty"` + ServerlessConfig any `json:"serverless_config,omitempty"` + DeploymentGenerator string `json:"deployment_generator,omitempty"` + DeploymentManifest string `json:"deployment_manifest,omitempty"` + RequiredOutboundConnections []SecurityRule `json:"required_outbound_connections"` } diff --git a/provider/provider.go b/provider/provider.go index de0d342..e096dae 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -28,8 +28,10 @@ import ( "edp.buildth.ing/DevFW-CICD/garm-provider-edge-connect/internal/client" "edp.buildth.ing/DevFW-CICD/garm-provider-edge-connect/internal/spec" + batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" execution "github.com/cloudbase/garm-provider-common/execution/v0.1.0" "github.com/cloudbase/garm-provider-common/params" @@ -91,42 +93,49 @@ func (a *edgeConnectProvider) CreateInstance(ctx context.Context, bootstrapParam envs := spec.GetRunnerEnvs(gitHubScopeDetails, bootstrapParams) - podv1 := corev1.Pod{ + jobv1 := batchv1.Job{ TypeMeta: metav1.TypeMeta{ - Kind: "Pod", - APIVersion: "v1", + Kind: "Job", + APIVersion: "batch/v1", }, ObjectMeta: metav1.ObjectMeta{ Name: instancename, Labels: map[string]string{"run": instancename}, }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - corev1.Container{ - Name: "mganter-test", - Image: "edp.buildth.ing/devfw-cicd/garm-act-runner:1", - ImagePullPolicy: "Always", - Env: envs, - VolumeMounts: []corev1.VolumeMount{ - corev1.VolumeMount{ - MountPath: "/runner", - Name: "cache-volume", + Spec: batchv1.JobSpec{ + BackoffLimit: ptr.To(int32(0)), + Completions: ptr.To(int32(1)), + Template: corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + RestartPolicy: "Never", + Containers: []corev1.Container{ + corev1.Container{ + Name: "mganter-test", + Image: "edp.buildth.ing/devfw-cicd/garm-act-runner:1", + ImagePullPolicy: "Always", + Env: envs, + VolumeMounts: []corev1.VolumeMount{ + corev1.VolumeMount{ + MountPath: "/runner", + Name: "cache-volume", + }, + }, }, }, - }, - }, - Volumes: []corev1.Volume{ - corev1.Volume{ - Name: "cache-volume", - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, + Volumes: []corev1.Volume{ + corev1.Volume{ + Name: "cache-volume", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, }, }, }, }, } - podjson, err := json.Marshal(podv1) + manifest, err := json.Marshal(jobv1) if err != nil { return params.ProviderInstance{}, err } @@ -157,7 +166,21 @@ func (a *edgeConnectProvider) CreateInstance(ctx context.Context, bootstrapParam Name: "EU.small", }, DeploymentGenerator: "kubernetes-basic", - DeploymentManifest: string(podjson), + DeploymentManifest: string(manifest), + RequiredOutboundConnections: []client.SecurityRule{ + client.SecurityRule{ + PortRangeMax: 65535, + PortRangeMin: 1, + Protocol: "TCP", + RemoteCIDR: "0.0.0.0/0", + }, + client.SecurityRule{ + PortRangeMax: 65535, + PortRangeMin: 1, + Protocol: "UDP", + RemoteCIDR: "0.0.0.0/0", + }, + }, }, }) if err != nil { diff --git a/testpod.yaml b/testpod.yaml index 10ff110..dfa9454 100644 --- a/testpod.yaml +++ b/testpod.yaml @@ -1,91 +1,101 @@ { - "apiVersion": "v1", - "kind": "Pod", + "apiVersion": "batch/v1", + "kind": "Job", "metadata": { "labels": { - "run": "garm-50cb196d-50fa68a5-garm-ff7ugu1ab8yo" + "run": "garm-22264210-a1ddd91e-garm-k00npjkippjy" }, - "name": "garm-50cb196d-50fa68a5-garm-ff7ugu1ab8yo" + "name": "garm-22264210-a1ddd91e-garm-k00npjkippjy" }, "spec": { - "containers": [ - { - "env": [ + "backoffLimit": 0, + "completions": 1, + "template": { + "metadata": { + }, + "spec": { + "containers": [ { - "name": "RUNNER_GITEA_INSTANCE", - "value": "https://gitea.com" - }, - { - "name": "RUNNER_GROUP" - }, - { - "name": "RUNNER_NAME", - "value": "garm-Ff7Ugu1AB8YO" - }, - { - "name": "RUNNER_LABELS", - "value": "n,runner-controller-id=50cb196d-0d3d-4223-996f-11e5f10c30ba,runner-pool-id=50fa68a5-cadf-4d84-a78a-eafeb3bfd0b0" - }, - { - "name": "RUNNER_NO_DEFAULT_LABELS", - "value": "true" - }, - { - "name": "DISABLE_RUNNER_UPDATE", - "value": "true" - }, - { - "name": "RUNNER_WORKDIR", - "value": "/runner/_work/" - }, - { - "name": "GITHUB_URL", - "value": "https://gitea.com" - }, - { - "name": "RUNNER_EPHEMERAL", - "value": "true" - }, - { - "name": "RUNNER_TOKEN", - "value": "dummy" - }, - { - "name": "METADATA_URL", - "value": "https://garm.garm-provider-test.t09.de/api/v1/metadata" - }, - { - "name": "BEARER_TOKEN", - "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlYTc2MjgxLWM2ZTYtNDRkNy04M2IwLTA3YjZjNTRhNWNmMCIsIm5hbWUiOiJnYXJtLUROendIZnB3ajJJcSIsInByb3ZpZGVyX2lkIjoiNTBmYTY4YTUtY2FkZi00ZDg0LWE3OGEtZWFmZWIzYmZkMGIwIiwic2NvcGUiOiJyZXBvc2l0b3J5IiwiZW50aXR5IjoiQ2hyaXN0b3BoZXIuSGFzZS9nYXJtLXRlc3QiLCJjcmVhdGVfYXR0ZW1wdCI6MCwiZm9yZ2VfdHlwZSI6ImdpdGVhIiwiaXNzIjoiZ2FybSIsImV4cCI6MTc1NzQxOTg0MX0.ukbdJo7n64m9l2olye3NRq3KK59iFVjXY5eom08W2UQ" - }, - { - "name": "CALLBACK_URL", - "value": "https://garm.garm-provider-test.t09.de/api/v1/callbacks" - }, - { - "name": "JIT_CONFIG_ENABLED", - "value": "false" + "env": [ + { + "name": "RUNNER_GITEA_INSTANCE", + "value": "https://gitea.com/api/v1" + }, + { + "name": "RUNNER_GROUP" + }, + { + "name": "RUNNER_NAME", + "value": "garm-k00NpjkippjY" + }, + { + "name": "RUNNER_LABELS", + "value": "garm,runner-controller-id=22264210-6ab5-4279-855e-218cd5f4bbc5,runner-pool-id=a1ddd91e-f533-49b7-afe3-57880ca809c1" + }, + { + "name": "RUNNER_NO_DEFAULT_LABELS", + "value": "true" + }, + { + "name": "DISABLE_RUNNER_UPDATE", + "value": "true" + }, + { + "name": "RUNNER_WORKDIR", + "value": "/runner/_work/" + }, + { + "name": "GITHUB_URL", + "value": "https://gitea.com" + }, + { + "name": "RUNNER_EPHEMERAL", + "value": "true" + }, + { + "name": "RUNNER_TOKEN", + "value": "dummy" + }, + { + "name": "METADATA_URL", + "value": "https://garm.garm-provider-test.t09.de/api/v1/metadata" + }, + { + "name": "BEARER_TOKEN", + "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjlhMTAxMThiLWU0NzctNGFhYy1iNzljLWFkYmQ1NmQ2ODI5MyIsIm5hbWUiOiJnYXJtLWswME5wamtpcHBqWSIsInByb3ZpZGVyX2lkIjoiYTFkZGQ5MWUtZjUzMy00OWI3LWFmZTMtNTc4ODBjYTgwOWMxIiwic2NvcGUiOiJyZXBvc2l0b3J5IiwiZW50aXR5IjoiQ2hyaXN0b3BoZXIuSGFzZS9nYXJtLXRlc3QiLCJjcmVhdGVfYXR0ZW1wdCI6MCwiZm9yZ2VfdHlwZSI6ImdpdGVhIiwiaXNzIjoiZ2FybSIsImV4cCI6MTc1NzUxMTk3N30.1c6kxdCh5sfxL6ZyzTIC3BYK-0u4h9jllXsZy_j23DM" + }, + { + "name": "CALLBACK_URL", + "value": "https://garm.garm-provider-test.t09.de/api/v1/callbacks" + }, + { + "name": "JIT_CONFIG_ENABLED", + "value": "false" + } + ], + "image": "edp.buildth.ing/devfw-cicd/garm-act-runner:1", + "imagePullPolicy": "Always", + "name": "mganter-test", + "resources": { + }, + "volumeMounts": [ + { + "mountPath": "/runner", + "name": "cache-volume" + } + ] } ], - "image": "edp.buildth.ing/devfw-cicd/garm-act-runner:1", - "imagePullPolicy": "Always", - "name": "mganter-test", - "resources": { - }, - "volumeMounts": [ + "restartPolicy": "Never", + "volumes": [ { - "mountPath": "/runner", - "name": "cache-volume" + "emptyDir": { + }, + "name": "cache-volume" } ] - } - ], - "volumes": [ - { - "name": "cache-volume", - "emptyDir": {} - } - ] + } + } }, "status": { }