From 1a474030977639001e2b09bb717009a5287f1663 Mon Sep 17 00:00:00 2001 From: David Parker Date: Thu, 13 Feb 2025 12:57:55 +0000 Subject: [PATCH 1/3] [minor] Support configurable serviceaccounts --- src/mas/devops/templates/pipelinerun-install.yml.j2 | 2 +- src/mas/devops/templates/pipelinerun-uninstall.yml.j2 | 4 ++-- src/mas/devops/templates/pipelinerun-update.yml.j2 | 2 +- src/mas/devops/templates/pipelinerun-upgrade.yml.j2 | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/mas/devops/templates/pipelinerun-install.yml.j2 b/src/mas/devops/templates/pipelinerun-install.yml.j2 index cf5a4c25..40f03fc3 100644 --- a/src/mas/devops/templates/pipelinerun-install.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-install.yml.j2 @@ -9,7 +9,7 @@ spec: pipelineRef: name: mas-install - serviceAccountName: pipeline + serviceAccountName: "{{ service_account_name | default('pipeline', True) }}" timeouts: pipeline: "0" diff --git a/src/mas/devops/templates/pipelinerun-uninstall.yml.j2 b/src/mas/devops/templates/pipelinerun-uninstall.yml.j2 index aebad41b..7e43384b 100644 --- a/src/mas/devops/templates/pipelinerun-uninstall.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-uninstall.yml.j2 @@ -9,7 +9,7 @@ spec: pipelineRef: name: mas-uninstall - serviceAccountName: pipeline + serviceAccountName: "{{ service_account_name | default('pipeline', True) }}" timeouts: pipeline: "0" @@ -34,4 +34,4 @@ spec: value: {{ uds_action }} - name: dro_namespace value: {{ dro_namespace }} - + diff --git a/src/mas/devops/templates/pipelinerun-update.yml.j2 b/src/mas/devops/templates/pipelinerun-update.yml.j2 index f2137d9e..882ab928 100644 --- a/src/mas/devops/templates/pipelinerun-update.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-update.yml.j2 @@ -9,7 +9,7 @@ spec: pipelineRef: name: mas-update - serviceAccountName: pipeline + serviceAccountName: "{{ service_account_name | default('pipeline', True) }}" timeouts: pipeline: "0" diff --git a/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 b/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 index b9e41753..00a3e8c5 100644 --- a/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 @@ -9,7 +9,7 @@ spec: pipelineRef: name: mas-upgrade - serviceAccountName: pipeline + serviceAccountName: "{{ service_account_name | default('pipeline', True) }}" timeouts: pipeline: "0" From acb9af32e47bf927b8ee2a47c2c8cfa70f1065df Mon Sep 17 00:00:00 2001 From: David Parker Date: Thu, 13 Feb 2025 14:00:21 +0000 Subject: [PATCH 2/3] Add configureRBAC flag for preparePipelinesNamespace --- src/mas/devops/tekton.py | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py index ed371301..d284f6fb 100644 --- a/src/mas/devops/tekton.py +++ b/src/mas/devops/tekton.py @@ -102,25 +102,26 @@ def updateTektonDefinitions(namespace: str, yamlFile: str) -> None: logger.debug(line) -def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, storageClass: str = None, accessMode: str = None, waitForBind: bool = True): - templateDir = path.join(path.abspath(path.dirname(__file__)), "templates") - env = Environment( - loader=FileSystemLoader(searchpath=templateDir) - ) +def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, storageClass: str = None, accessMode: str = None, waitForBind: bool = True, configureRBAC: bool = True): + if configureRBAC: + templateDir = path.join(path.abspath(path.dirname(__file__)), "templates") + env = Environment( + loader=FileSystemLoader(searchpath=templateDir) + ) - if instanceId is None: - namespace = "mas-pipelines" - template = env.get_template("pipelines-rbac-cluster.yml.j2") - else: - namespace = f"mas-{instanceId}-pipelines" - template = env.get_template("pipelines-rbac.yml.j2") + if instanceId is None: + namespace = "mas-pipelines" + template = env.get_template("pipelines-rbac-cluster.yml.j2") + else: + namespace = f"mas-{instanceId}-pipelines" + template = env.get_template("pipelines-rbac.yml.j2") - # Create RBAC - renderedTemplate = template.render(mas_instance_id=instanceId) - logger.debug(renderedTemplate) - crb = yaml.safe_load(renderedTemplate) - clusterRoleBindingAPI = dynClient.resources.get(api_version="rbac.authorization.k8s.io/v1", kind="ClusterRoleBinding") - clusterRoleBindingAPI.apply(body=crb, namespace=namespace) + # Create RBAC + renderedTemplate = template.render(mas_instance_id=instanceId) + logger.debug(renderedTemplate) + crb = yaml.safe_load(renderedTemplate) + clusterRoleBindingAPI = dynClient.resources.get(api_version="rbac.authorization.k8s.io/v1", kind="ClusterRoleBinding") + clusterRoleBindingAPI.apply(body=crb, namespace=namespace) # Create PVC (instanceId namespace only) if instanceId is not None: From eb6afdb53cf9c869b4f86b7825524883bc0c0689 Mon Sep 17 00:00:00 2001 From: David Parker Date: Thu, 13 Feb 2025 17:18:24 +0000 Subject: [PATCH 3/3] Update tekton.py --- src/mas/devops/tekton.py | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py index d284f6fb..45539d14 100644 --- a/src/mas/devops/tekton.py +++ b/src/mas/devops/tekton.py @@ -103,19 +103,18 @@ def updateTektonDefinitions(namespace: str, yamlFile: str) -> None: def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, storageClass: str = None, accessMode: str = None, waitForBind: bool = True, configureRBAC: bool = True): - if configureRBAC: - templateDir = path.join(path.abspath(path.dirname(__file__)), "templates") - env = Environment( - loader=FileSystemLoader(searchpath=templateDir) - ) - - if instanceId is None: - namespace = "mas-pipelines" - template = env.get_template("pipelines-rbac-cluster.yml.j2") - else: - namespace = f"mas-{instanceId}-pipelines" - template = env.get_template("pipelines-rbac.yml.j2") + templateDir = path.join(path.abspath(path.dirname(__file__)), "templates") + env = Environment( + loader=FileSystemLoader(searchpath=templateDir) + ) + if instanceId is None: + namespace = "mas-pipelines" + template = env.get_template("pipelines-rbac-cluster.yml.j2") + else: + namespace = f"mas-{instanceId}-pipelines" + template = env.get_template("pipelines-rbac.yml.j2") + if configureRBAC: # Create RBAC renderedTemplate = template.render(mas_instance_id=instanceId) logger.debug(renderedTemplate)