From 4128a154f67907edd28c57f07df53dc8ffb1dab0 Mon Sep 17 00:00:00 2001 From: Frostebite Date: Mon, 10 Jul 2023 03:22:29 +0100 Subject: [PATCH] disable aws pipe for now --- dist/index.js | Bin 19463315 -> 19465672 bytes dist/index.js.map | Bin 13762694 -> 13765526 bytes src/model/cloud-runner/providers/k8s/index.ts | 3 + .../providers/k8s/kubernetes-role.ts | 56 ++++++++++++++++++ 4 files changed, 59 insertions(+) create mode 100644 src/model/cloud-runner/providers/k8s/kubernetes-role.ts diff --git a/dist/index.js b/dist/index.js index c1e228f94cdb60a2450113de73112a1f5124e974..0e9a74c28320ab43158ffee06d059ccf470d545b 100644 GIT binary patch delta 2379 zcmbW%2~<>79LMo9k6~B_oPl9jgnueIY^}rs(~- zt4?3AMysWGXTg4AL!v2Cs0$UF$jwpGTjB;QLsh+;rP#PQb&@Fc_==-~=OoH1(k#MQ zsPu`gb@+U0@U>d8+M^`v1I2gEQc}gV;YzIDTkUX)H6@Bwl<%JuKe0#8A(3jwCnra3 zU!dx!nd@?^bB-@QupO$yUDN)h+U2fsxn~}~(OKvA)dwyWwqFryxSA?dLq&=h5w6BZ z$vJdfvWpSXF};MEuQQ}nWiIk*-uW)4Hqz;=YjD?(bIjG2^a(tj1&3HfsnM4q+B8$B zp`m)V=ByV7OPZ}>XHQ+cWe$(ZSMB423W!FV&gyT=(g(_mZ7wB6te+hnCCelT^Jtoz zHi}N|DQ-4}d6`qWHbcY|DRD-J$2Hnp*WjU`oOY6!SKMqdc03}mgK{8H)^@5{SBb{$ z(V3#E#9+|N2b{DKp|aHf*a6Q3bEwi#D;&$r@qyKwIw$PQSEtx}*~Q2)N`h$J(j`1B zc*Hng^Hv89SdOpXD2@%#$Eqj#Qm*+tv{6$FRL25`i*|BQvPE`cg*{)cq@#U7$K^!V z|NUNhmPBh(rFETcN?7}Dl$E7eGJ+3E=bgO+gPp&`ky4#iR2|Y8B795T5(lcWt`gMbhkN*OmSlBPJLL~N&gY--#=f%jeD0StSFnT zAOw1Z!hkS@BLa~yA_~#y0u#)LK`bnYgB9_RbrX?1 z&=b9I2703pvXO&aVO48t)3BTQ4(Fj1WhlpZoR0~Zh)JlxWL$tLsKiuE!*o=^foeEW0}V4U6SLsLY|KF|=E99S zcrXuM_)w1q%*O&;h=sTai?A3=a50vm5zBB1F2!b+{fk;6~hpo3S3ZU;{SdR&2s%+=kn62kyjOxEuFi3+}~zxE~MTK|F+q zu@#TtQMBMOJdSO60#9N)p2807#4bFIXYeeZ!}E9nyYV7k!pnFCd$1R;q80n_8eYd6 zcoT2oZS2Q8co*;CeSCle_z(y25kAHz_!OVv5I)Bj_!3{?YkY&l_!i%x4M*@je!!3T z2|wc({EDOa4ae|1{=lF3tEp_VZWUxGGD2kNWrWHw$Ow}WE+axlqzt2sC>hZ*y2voe zFw2OM5i7$YBTj}@M!bv!8HqBIWOS90EF(pRO-8DWG#RRlbQu{ky2;3tktL(M47+Xz Ke-paGO@9Lidt#;l delta 1278 zcmWmEd3+889LMq3^UTIvbIlwZV~!G~grZv|5~Wi*m*_%;Qc0_<#VRy;5IQE^Cz*6}3~&g3l4raR}*gPxpAFV3SkeK?;B=*xv%#Kl~~rCdfoE~h_N za3xo9HP>)0gFxPcqFiJQ5F!3<$2w{jb|GmPPk;12F&BzJK)_b`fk8O?nZ zaX%06AY&-zAxe0dv5cdXM|hOS7|#SI@;GHo;t3{`VhU54#*<8E1~Ykzr+J2FDQ6bX zF`MUkffsp+mwAO(d5zb3gEx7LIn3p4=25|X-r-%|V*v|!pGADYhkV4xEM^HyS;lf! z@Cl!?l2xo`4Qu&~&-sFNtmjKM@D*S44d1enO>AZhTltP{Z0CD^;74}w6Fd2tU)aU3 z?B+N2u$SNYgFpF;zxjuM*~fnV<9`ltkVB=#g^BS*l99AXrAT@tBT_k1C6XDb8mShk z9;p$j8Oe&&iqwwOiPVkMi)2UYM{*(!A`K&rB8?-tk-SKgNYhAuq*V-Y4z)!wU+w6~}E?hen2sZ;jt<7!+u>uAQzZeXC|GV?n#=QVVhX$E_JEhztN-Bt}Utd zifX4z?X8UJCYEY*ln*E6p$F~ulXPuQa5>?Or0#q(`?%iCg%tjvBA4ZkD}TTb&(T znWX)sBn5`)B+j27CLL$Y!y`Q2@@1N%&Lg>6o>AKNnRL>8$ZSgN&NsJTFgbO|Yz`)p zUv4R>Vpw6;`BZCkSG@QbbD~UcF%OZ2SFA(A1Dh|=mdL3~N^+FF);Y~xt+=`CJt?+$~PsQZnVXr9^{ zmq$}4srKb|XPxTiVCKlR&7SnAKp}b#MoXEJVD2jazfDMxTgyGsp$wAigY%MxuL>T~ z+wx=uJA1Oq^$h8i0Ttv^+8}Ob;?p0G_Sl1Hgtf@;7wX8l|%^2|YW~owkj!!~c zlttfXs_nmKxj5yXTDwD&!m}oewcl+Il&f!tH2*Qd>Tk|7uhhxSFv~$-m7;4LcSC^% zR-_;mD$+0v!!ZIQF$(F(fDM_r16jyM4n|`Pa&af_!dTpmaTt#Y$U{CR;vP)Gy_k#w z6k-adq6qileoVsyn2rZA12gduW??ppF$X1>i-$1}^YI8C#ba22g($@$JdQFfh8^W_ zpaL3}U@4w}6U$JEDpbRT8r0%RxZyz^yr{==tiV%PiB)(StFZ=au?`Jbj}3SR8?gzE zcoxrLGq&J)ynwA}LNm7EMQq0oyaXQvFXI*L#H)A>yYM>Rz;5ipo7jtecnfdi9qh*e zyo-Z)5AWjx9KvC=;0RiA6vuEJew@IE_y`~46P(1S_zZ10h0{2L&v6##@CDj&9$(@s Te2okE2H&E?KkmlG;^@Bs7S)s7 delta 994 zcmW;ITUg6+0LJlW%yignLbCs?MagMY3(28c&W2EA&gY!ZOq3GMah480OpZ9sM-YOALl@J-zLffco3Rc3SR{r$0+Y=SRc`NC+qHFpiC9Nxzm~Bq8O@VIc4kda(g`NmO zD8dj9H8ki2Ep+IO2=qZ;^pnlD$Uk{bhd&bi5rqM=!>=#+D^g<(S~;UZN{$w8krX1_ z)kcl{uSJSe3b&=gAZl_Yi~PM!YL1aRa*X*(QCKHs3U9n#BRrM*rA}+71Oo=bh-jD) zgFzUKSj1rn;xQD%FdQQ=5@w9TXe1yJNw6RpV=xxukb?0@#RN>mBuqvc(vblxGBE{H zF%8o(12ZuTvth#=%*8xpVLldMA+nK!MOchnEP)-t50+s$R$wJoVKvrZE!JT@Hee(2 zunC*71zWKV+pz;Xu?xGg2Yay(`*8pc97H}2;V=qNh$ARMF^-}H$8a2_aN-0`;uKEf z49>!Zb8w>!=TVLdRH6z37jO}mP>svDf~&ZO8r0%CZr~ setTimeout(promise, 15000)); + await KubernetesRole.createRole(this.serviceAccountName, this.namespace); const result = await this.kubeClientBatch.createNamespacedJob(this.namespace, jobSpec); CloudRunnerLogger.log(`Build job created`); await new Promise((promise) => setTimeout(promise, 5000)); @@ -267,6 +269,7 @@ class Kubernetes implements ProviderInterface { try { await this.kubeClientBatch.deleteNamespacedJob(this.jobName, this.namespace); await this.kubeClient.deleteNamespacedPod(this.podName, this.namespace); + await KubernetesRole.deleteRole(this.serviceAccountName, this.namespace); } catch (error: any) { CloudRunnerLogger.log(`Failed to cleanup`); if (error.response.body.reason !== `NotFound`) { diff --git a/src/model/cloud-runner/providers/k8s/kubernetes-role.ts b/src/model/cloud-runner/providers/k8s/kubernetes-role.ts new file mode 100644 index 00000000..09a26d06 --- /dev/null +++ b/src/model/cloud-runner/providers/k8s/kubernetes-role.ts @@ -0,0 +1,56 @@ +import { RbacAuthorizationV1Api } from '@kubernetes/client-node'; + +class KubernetesRole { + static async createRole(serviceAccountName: string, namespace: string) { + const rbac = new RbacAuthorizationV1Api(); + + // create admin kubernetes role and role binding + const roleBinding = { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: `${serviceAccountName}-admin`, + namespace, + }, + subjects: [ + { + kind: 'ServiceAccount', + name: serviceAccountName, + namespace, + }, + ], + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: `${serviceAccountName}-admin`, + }, + }; + + const role = { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: `${serviceAccountName}-admin`, + namespace, + }, + rules: [ + { + apiGroups: ['*'], + resources: ['*'], + verbs: ['*'], + }, + ], + }; + const roleBindingResponse = await rbac.createNamespacedRoleBinding(namespace, roleBinding); + const roleResponse = await rbac.createNamespacedRole(namespace, role); + + return { roleBindingResponse, roleResponse }; + } + + public static async deleteRole(serviceAccountName: string, namespace: string) { + const rbac = new RbacAuthorizationV1Api(); + await rbac.deleteNamespacedRoleBinding(`${serviceAccountName}-admin`, namespace); + await rbac.deleteNamespacedRole(`${serviceAccountName}-admin`, namespace); + } +} +export { KubernetesRole };