diff --git a/Dockerfile b/Dockerfile index f0ea817b2..6a0c30a04 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ FROM ghcr.io/acorn-io/images-mirror/tonistiigi/binfmt:qemu-v6.2.0 AS binfmt FROM ghcr.io/acorn-io/images-mirror/moby/buildkit:v0.11.6 AS buildkit FROM ghcr.io/acorn-io/images-mirror/registry:2.8.1 AS registry FROM ghcr.io/acorn-io/images-mirror/rancher/klipper-lb:v0.3.5 AS klipper-lb +FROM ghcr.io/acorn-io/sleep:latest AS sleep FROM ghcr.io/acorn-io/images-mirror/golang:1.21-alpine AS helper WORKDIR /usr/src @@ -20,7 +21,8 @@ RUN --mount=type=cache,target=/go/pkg --mount=type=cache,target=/root/.cache/go- FROM ghcr.io/acorn-io/images-mirror/golang:1.21 AS build COPY / /src WORKDIR /src -RUN --mount=type=cache,target=/go/pkg --mount=type=cache,target=/root/.cache/go-build make build +COPY --from=sleep /sleep /src/pkg/controller/appdefinition/embed/acorn-sleep +RUN --mount=type=cache,target=/go/pkg --mount=type=cache,target=/root/.cache/go-build GO_TAGS=netgo,image make build FROM ghcr.io/acorn-io/images-mirror/nginx:1.23.2-alpine AS base RUN apk add --no-cache ca-certificates iptables ip6tables fuse3 git openssh pigz xz \ diff --git a/Makefile b/Makefile index 33fbb9f2c..d2a620dd4 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,6 @@ +GO_TAGS ?= netgo build: - CGO_ENABLED=0 go build -o bin/acorn -tags netgo -ldflags "-s -w" . + CGO_ENABLED=0 go build -o bin/acorn -tags "${GO_TAGS}" -ldflags "-s -w" . tidy: go mod tidy diff --git a/pkg/controller/appdefinition/deploy.go b/pkg/controller/appdefinition/deploy.go index 74707162d..3445f2295 100644 --- a/pkg/controller/appdefinition/deploy.go +++ b/pkg/controller/appdefinition/deploy.go @@ -2,6 +2,7 @@ package appdefinition import ( "crypto/sha256" + _ "embed" "encoding/hex" "encoding/json" "errors" @@ -118,6 +119,29 @@ func addDeployments(req router.Request, appInstance *v1.AppInstance, tag name.Re if err != nil { return err } + +outer: + for _, obj := range deps { + if dep, ok := obj.(*appsv1.Deployment); ok { + for _, v := range dep.Spec.Template.Spec.Volumes { + if v.Name == string(appInstance.UID) { + deps = append(deps, &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: string(appInstance.UID), + Namespace: appInstance.Status.Namespace, + Labels: map[string]string{ + labels.AcornManaged: "true", + }, + }, + BinaryData: map[string][]byte{ + string(appInstance.UID): acornSleepBinary, + }, + }) + break outer + } + } + } + } resp.Objects(deps...) return nil } @@ -205,7 +229,7 @@ func hasContextDir(container v1.Container) bool { return false } -func toContainers(app *v1.AppInstance, tag name.Reference, name string, container v1.Container, interpolator *secrets.Interpolator) ([]corev1.Container, []corev1.Container) { +func toContainers(app *v1.AppInstance, tag name.Reference, name string, container v1.Container, interpolator *secrets.Interpolator, addWait bool) ([]corev1.Container, []corev1.Container) { var ( containers []corev1.Container initContainers []corev1.Container @@ -226,10 +250,10 @@ func toContainers(app *v1.AppInstance, tag name.Reference, name string, containe }) } - newContainer := toContainer(app, tag, name, container, interpolator) + newContainer := toContainer(app, tag, name, container, interpolator, addWait && len(container.Ports) > 0) containers = append(containers, newContainer) for _, entry := range typed.Sorted(container.Sidecars) { - newContainer = toContainer(app, tag, entry.Key, entry.Value, interpolator) + newContainer = toContainer(app, tag, entry.Key, entry.Value, interpolator, addWait && len(entry.Value.Ports) > 0) if entry.Value.Init { initContainers = append(initContainers, newContainer) @@ -254,7 +278,7 @@ func sanitizeVolumeName(name string) string { return name } -func toMounts(app *v1.AppInstance, container v1.Container, interpolation *secrets.Interpolator) (result []corev1.VolumeMount) { +func toMounts(app *v1.AppInstance, container v1.Container, interpolation *secrets.Interpolator, addWait bool) (result []corev1.VolumeMount) { for _, entry := range typed.Sorted(container.Files) { suffix := "" if volume.NormalizeMode(entry.Value.Mode) != "" { @@ -297,6 +321,13 @@ func toMounts(app *v1.AppInstance, container v1.Container, interpolation *secret }) } } + + if addWait { + result = append(result, corev1.VolumeMount{ + Name: string(app.UID), + MountPath: AcornHelperSleepPath, + }) + } return } @@ -420,7 +451,7 @@ func toProbe(container v1.Container, probeType v1.ProbeType) *corev1.Probe { return nil } -func toContainer(app *v1.AppInstance, tag name.Reference, containerName string, container v1.Container, interpolator *secrets.Interpolator) corev1.Container { +func toContainer(app *v1.AppInstance, tag name.Reference, containerName string, container v1.Container, interpolator *secrets.Interpolator, addWait bool) corev1.Container { containerObject := corev1.Container{ Name: containerName, Image: images.ResolveTag(tag, container.Image), @@ -432,13 +463,26 @@ func toContainer(app *v1.AppInstance, tag name.Reference, containerName string, TTY: container.Interactive, Stdin: container.Interactive, Ports: toPorts(container), - VolumeMounts: toMounts(app, container, interpolator), + VolumeMounts: toMounts(app, container, interpolator, addWait), LivenessProbe: toProbe(container, v1.LivenessProbeType), StartupProbe: toProbe(container, v1.StartupProbeType), ReadinessProbe: toProbe(container, v1.ReadinessProbeType), Resources: app.Status.Scheduling[containerName].Requirements, } + if addWait { + // If a container exposes a port, then add a pre-stop lifecycle hook that sleeps for 5 seconds. This should allow the + // endpoints controller to remove the pods IP on termination and stop sending traffic to the container. + // Note that this requires the acorn-sleep binary to be in the container, via the volume mount. + containerObject.Lifecycle = &corev1.Lifecycle{ + PreStop: &corev1.LifecycleHandler{ + Exec: &corev1.ExecAction{ + Command: []string{fmt.Sprintf("%s/%s", AcornHelperSleepPath, app.UID)}, + }, + }, + } + } + return containerObject } @@ -636,18 +680,19 @@ func getSecretAnnotations(req router.Request, appInstance *v1.AppInstance, conta func toDeployment(req router.Request, appInstance *v1.AppInstance, tag name.Reference, name string, container v1.Container, pullSecrets *PullSecrets, interpolator *secrets.Interpolator) (*appsv1.Deployment, error) { var ( stateful = isStateful(appInstance, container) + addWait = !stateful && len(acornSleepBinary) > 0 && z.Dereference(container.Scale) > 1 && !appInstance.Status.GetDevMode() ) interpolator = interpolator.ForContainer(name) - containers, initContainers := toContainers(appInstance, tag, name, container, interpolator) + containers, initContainers := toContainers(appInstance, tag, name, container, interpolator, addWait) secretAnnotations, err := getSecretAnnotations(req, appInstance, container, interpolator) if err != nil { return nil, err } - volumes, err := toVolumes(appInstance, container, interpolator) + volumes, err := toVolumes(appInstance, container, interpolator, addWait) if err != nil { return nil, err } @@ -685,7 +730,7 @@ func toDeployment(req router.Request, appInstance *v1.AppInstance, tag name.Refe Affinity: appInstance.Status.Scheduling[name].Affinity, Tolerations: appInstance.Status.Scheduling[name].Tolerations, PriorityClassName: appInstance.Status.Scheduling[name].PriorityClassName, - TerminationGracePeriodSeconds: z.Pointer[int64](5), + TerminationGracePeriodSeconds: z.Pointer[int64](10), ImagePullSecrets: pullSecrets.ForContainer(name, append(containers, initContainers...)), EnableServiceLinks: new(bool), Containers: containers, @@ -733,6 +778,7 @@ func ToDeployments(req router.Request, appInstance *v1.AppInstance, tag name.Ref if err != nil { return nil, err } + perms := v1.FindPermission(containerName, appInstance.Status.Permissions) sa, err := toServiceAccount(req, dep.GetName(), dep.GetLabels(), dep.GetAnnotations(), appInstance, perms) if err != nil { diff --git a/pkg/controller/appdefinition/jobs.go b/pkg/controller/appdefinition/jobs.go index fa95b1fee..5ec967811 100644 --- a/pkg/controller/appdefinition/jobs.go +++ b/pkg/controller/appdefinition/jobs.go @@ -109,7 +109,7 @@ func toJob(req router.Request, appInstance *v1.AppInstance, pullSecrets *PullSec return nil, nil } - containers, initContainers := toContainers(appInstance, tag, name, container, interpolator) + containers, initContainers := toContainers(appInstance, tag, name, container, interpolator, false) containers = append(containers, corev1.Container{ Name: jobs.Helper, @@ -123,7 +123,7 @@ func toJob(req router.Request, appInstance *v1.AppInstance, pullSecrets *PullSec return nil, err } - volumes, err := toVolumes(appInstance, container, interpolator) + volumes, err := toVolumes(appInstance, container, interpolator, false) if err != nil { return nil, err } diff --git a/pkg/controller/appdefinition/pre_stop_test.go b/pkg/controller/appdefinition/pre_stop_test.go new file mode 100644 index 000000000..c00ce83eb --- /dev/null +++ b/pkg/controller/appdefinition/pre_stop_test.go @@ -0,0 +1,22 @@ +package appdefinition + +import ( + "testing" + + "github.com/acorn-io/baaah/pkg/router/tester" + "github.com/acorn-io/runtime/pkg/scheme" +) + +func TestPreStop(t *testing.T) { + acornSleepBinary = []byte("acorn-sleep") + t.Cleanup(func() { + acornSleepBinary = nil + }) + + tester.DefaultTest(t, scheme.Scheme, "testdata/deployspec/pre-stop/basic", DeploySpec) + tester.DefaultTest(t, scheme.Scheme, "testdata/deployspec/pre-stop/stateful", DeploySpec) + tester.DefaultTest(t, scheme.Scheme, "testdata/deployspec/pre-stop/job", DeploySpec) + tester.DefaultTest(t, scheme.Scheme, "testdata/deployspec/pre-stop/dev", DeploySpec) + tester.DefaultTest(t, scheme.Scheme, "testdata/deployspec/pre-stop/no-ports", DeploySpec) + tester.DefaultTest(t, scheme.Scheme, "testdata/deployspec/pre-stop/ports-only-sidecar", DeploySpec) +} diff --git a/pkg/controller/appdefinition/router.go b/pkg/controller/appdefinition/router.go index cf1d43cb6..9b05691f3 100644 --- a/pkg/controller/appdefinition/router.go +++ b/pkg/controller/appdefinition/router.go @@ -74,7 +74,7 @@ func toRouter(appInstance *v1.AppInstance, routerName string, router v1.Router) Annotations: deploymentAnnotations, }, Spec: corev1.PodSpec{ - TerminationGracePeriodSeconds: z.Pointer[int64](5), + TerminationGracePeriodSeconds: z.Pointer[int64](10), EnableServiceLinks: new(bool), Containers: []corev1.Container{ { @@ -110,6 +110,17 @@ func toRouter(appInstance *v1.AppInstance, routerName string, router v1.Router) }, }, }, + Lifecycle: &corev1.Lifecycle{ + PreStop: &corev1.LifecycleHandler{ + Exec: &corev1.ExecAction{ + Command: []string{ + "/bin/sh", + "-c", + "sleep 5 && /usr/sbin/nginx -s quit", + }, + }, + }, + }, }, }, Volumes: []corev1.Volume{ diff --git a/pkg/controller/appdefinition/sleep_dev.go b/pkg/controller/appdefinition/sleep_dev.go new file mode 100644 index 000000000..2bf0e8e8c --- /dev/null +++ b/pkg/controller/appdefinition/sleep_dev.go @@ -0,0 +1,6 @@ +//go:build !image + +package appdefinition + +// If the binary is being built on its own and not part of an image, then don't worry about this binary. +var acornSleepBinary []byte diff --git a/pkg/controller/appdefinition/sleep_image.go b/pkg/controller/appdefinition/sleep_image.go new file mode 100644 index 000000000..857bb0fc3 --- /dev/null +++ b/pkg/controller/appdefinition/sleep_image.go @@ -0,0 +1,8 @@ +//go:build image + +package appdefinition + +import _ "embed" + +//go:embed embed/acorn-sleep +var acornSleepBinary []byte diff --git a/pkg/controller/appdefinition/testdata/computeclass/all-set-overwrite-computeclass/expected.golden b/pkg/controller/appdefinition/testdata/computeclass/all-set-overwrite-computeclass/expected.golden index cd5816512..84cd29771 100644 --- a/pkg/controller/appdefinition/testdata/computeclass/all-set-overwrite-computeclass/expected.golden +++ b/pkg/controller/appdefinition/testdata/computeclass/all-set-overwrite-computeclass/expected.golden @@ -95,7 +95,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/computeclass/all-set/expected.golden b/pkg/controller/appdefinition/testdata/computeclass/all-set/expected.golden index 78b00f62b..0284a2111 100644 --- a/pkg/controller/appdefinition/testdata/computeclass/all-set/expected.golden +++ b/pkg/controller/appdefinition/testdata/computeclass/all-set/expected.golden @@ -95,7 +95,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/computeclass/container/expected.golden b/pkg/controller/appdefinition/testdata/computeclass/container/expected.golden index 383ff8d54..0ffa18558 100644 --- a/pkg/controller/appdefinition/testdata/computeclass/container/expected.golden +++ b/pkg/controller/appdefinition/testdata/computeclass/container/expected.golden @@ -95,7 +95,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/computeclass/different-computeclass/expected.golden b/pkg/controller/appdefinition/testdata/computeclass/different-computeclass/expected.golden index 70fb9e39b..c75113616 100644 --- a/pkg/controller/appdefinition/testdata/computeclass/different-computeclass/expected.golden +++ b/pkg/controller/appdefinition/testdata/computeclass/different-computeclass/expected.golden @@ -81,7 +81,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -198,7 +198,7 @@ spec: imagePullSecrets: - name: twoimage-pull-1234567890ab serviceAccountName: twoimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/computeclass/overwrite-acornfile-computeclass/expected.golden b/pkg/controller/appdefinition/testdata/computeclass/overwrite-acornfile-computeclass/expected.golden index 57b56e807..e1afd1e49 100644 --- a/pkg/controller/appdefinition/testdata/computeclass/overwrite-acornfile-computeclass/expected.golden +++ b/pkg/controller/appdefinition/testdata/computeclass/overwrite-acornfile-computeclass/expected.golden @@ -95,7 +95,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/computeclass/two-containers/expected.golden b/pkg/controller/appdefinition/testdata/computeclass/two-containers/expected.golden index e4ab7b00c..3db41007f 100644 --- a/pkg/controller/appdefinition/testdata/computeclass/two-containers/expected.golden +++ b/pkg/controller/appdefinition/testdata/computeclass/two-containers/expected.golden @@ -81,7 +81,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -184,7 +184,7 @@ spec: imagePullSecrets: - name: twoimage-pull-1234567890ab serviceAccountName: twoimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/computeclass/with-acornfile-computeclass/expected.golden b/pkg/controller/appdefinition/testdata/computeclass/with-acornfile-computeclass/expected.golden index 3aa1fd784..64c6f9fe7 100644 --- a/pkg/controller/appdefinition/testdata/computeclass/with-acornfile-computeclass/expected.golden +++ b/pkg/controller/appdefinition/testdata/computeclass/with-acornfile-computeclass/expected.golden @@ -95,7 +95,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/depends-ready/expected.golden b/pkg/controller/appdefinition/testdata/depends-ready/expected.golden index f6493b58d..f2e480fe2 100644 --- a/pkg/controller/appdefinition/testdata/depends-ready/expected.golden +++ b/pkg/controller/appdefinition/testdata/depends-ready/expected.golden @@ -61,7 +61,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -158,7 +158,7 @@ spec: imagePullSecrets: - name: web-pull-1234567890ab serviceAccountName: web - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/depends/expected.golden b/pkg/controller/appdefinition/testdata/depends/expected.golden index cfd28fdd4..9c74e43e8 100644 --- a/pkg/controller/appdefinition/testdata/depends/expected.golden +++ b/pkg/controller/appdefinition/testdata/depends/expected.golden @@ -61,7 +61,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -162,7 +162,7 @@ spec: imagePullSecrets: - name: web-pull-1234567890ab serviceAccountName: web - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/deployspec/basic/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/basic/expected.golden index d1d6ebc8d..30c18f624 100644 --- a/pkg/controller/appdefinition/testdata/deployspec/basic/expected.golden +++ b/pkg/controller/appdefinition/testdata/deployspec/basic/expected.golden @@ -61,7 +61,7 @@ spec: imagePullSecrets: - name: buildimage-pull-1234567890ab serviceAccountName: buildimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -173,7 +173,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/deployspec/filter-user-labels/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/filter-user-labels/expected.golden index c1f2e4cc8..d3bf8d4ef 100644 --- a/pkg/controller/appdefinition/testdata/deployspec/filter-user-labels/expected.golden +++ b/pkg/controller/appdefinition/testdata/deployspec/filter-user-labels/expected.golden @@ -96,7 +96,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/deployspec/karpenter/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/karpenter/expected.golden index 716399be0..d6bc16be0 100644 --- a/pkg/controller/appdefinition/testdata/deployspec/karpenter/expected.golden +++ b/pkg/controller/appdefinition/testdata/deployspec/karpenter/expected.golden @@ -61,7 +61,7 @@ spec: imagePullSecrets: - name: scalenil-pull-1234567890ab serviceAccountName: scalenil - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -159,7 +159,7 @@ spec: imagePullSecrets: - name: scaleone-pull-1234567890ab serviceAccountName: scaleone - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -255,7 +255,7 @@ spec: imagePullSecrets: - name: scaleotwo-pull-1234567890ab serviceAccountName: scaleotwo - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/deployspec/labels/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/labels/expected.golden index f26788dba..e77051b7c 100644 --- a/pkg/controller/appdefinition/testdata/deployspec/labels/expected.golden +++ b/pkg/controller/appdefinition/testdata/deployspec/labels/expected.golden @@ -96,7 +96,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/deployspec/metrics/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/metrics/expected.golden index 8c367e1ee..19cccd049 100644 --- a/pkg/controller/appdefinition/testdata/deployspec/metrics/expected.golden +++ b/pkg/controller/appdefinition/testdata/deployspec/metrics/expected.golden @@ -70,7 +70,7 @@ spec: imagePullSecrets: - name: nginx-pull-abcdef123456 serviceAccountName: nginx - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/deployspec/no-user-labels/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/no-user-labels/expected.golden index 0a68372c6..3b345dd18 100644 --- a/pkg/controller/appdefinition/testdata/deployspec/no-user-labels/expected.golden +++ b/pkg/controller/appdefinition/testdata/deployspec/no-user-labels/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/basic/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/basic/expected.golden new file mode 100644 index 000000000..86814bfd6 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/basic/expected.golden @@ -0,0 +1,365 @@ +`apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace +spec: + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: buildimage + acorn.io/managed: "true" + strategy: {} + template: + metadata: + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"custom-dockerfile"},"image":"sha256:build-image","metrics":{},"probes":null}' + karpenter.sh/do-not-evict: "true" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: sha256:build-image + name: buildimage + resources: {} + enableServiceLinks: false + hostname: buildimage + imagePullSecrets: + - name: buildimage-pull-1234567890ab + serviceAccountName: buildimage + terminationGracePeriodSeconds: 10 +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace +spec: + maxUnavailable: 25% + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: buildimage + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + replicas: 3 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + strategy: {} + template: + metadata: + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","metrics":{},"ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"scale":3,"sidecars":{"left":{"image":"foo","metrics":{},"ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: image-name + lifecycle: + preStop: + exec: + command: + - /.acorn/sleep/1234567890abcdef + name: oneimage + ports: + - containerPort: 81 + protocol: TCP + readinessProbe: + tcpSocket: + port: 81 + resources: {} + volumeMounts: + - mountPath: /.acorn/sleep + name: 1234567890abcdef + - image: foo + lifecycle: + preStop: + exec: + command: + - /.acorn/sleep/1234567890abcdef + name: left + ports: + - containerPort: 91 + protocol: TCP + readinessProbe: + tcpSocket: + port: 91 + resources: {} + volumeMounts: + - mountPath: /.acorn/sleep + name: 1234567890abcdef + enableServiceLinks: false + imagePullSecrets: + - name: oneimage-pull-1234567890ab + serviceAccountName: oneimage + terminationGracePeriodSeconds: 10 + volumes: + - configMap: + defaultMode: 484 + name: 1234567890abcdef + name: 1234567890abcdef +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + maxUnavailable: 1 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: v1 +binaryData: + 1234567890abcdef: YWNvcm4tc2xlZXA= +kind: ConfigMap +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + name: 1234567890abcdef + namespace: app-created-namespace + +--- +apiVersion: internal.acorn.io/v1 +kind: ServiceInstance +metadata: + annotations: + acorn.io/app-generation: "0" + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/public-name: app-name.oneimage + name: oneimage + namespace: app-created-namespace +spec: + appName: app-name + appNamespace: app-namespace + container: oneimage + default: true + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + ports: + - port: 80 + protocol: http + targetPort: 81 + - port: 90 + protocol: tcp + targetPort: 91 +status: {} + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: buildimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: oneimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: internal.acorn.io/v1 +kind: AppInstance +metadata: + creationTimestamp: null + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + appImage: + buildContext: {} + id: test + imageData: {} + vcs: {} + appSpec: + containers: + buildimage: + build: + context: . + dockerfile: custom-dockerfile + image: sha256:build-image + metrics: {} + probes: null + oneimage: + build: + context: . + dockerfile: Dockerfile + image: image-name + metrics: {} + ports: + - port: 80 + protocol: http + targetPort: 81 + probes: null + scale: 3 + sidecars: + left: + image: foo + metrics: {} + ports: + - port: 90 + protocol: tcp + targetPort: 91 + probes: null + appStatus: {} + columns: {} + conditions: + reason: Success + status: "True" + success: true + type: defined + defaults: {} + namespace: app-created-namespace + staged: + appImage: + buildContext: {} + imageData: {} + vcs: {} + summary: {} +` diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/basic/input.yaml b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/basic/input.yaml new file mode 100644 index 000000000..6cba81e61 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/basic/input.yaml @@ -0,0 +1,36 @@ +kind: AppInstance +apiVersion: internal.acorn.io/v1 +metadata: + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + namespace: app-created-namespace + appImage: + id: test + appSpec: + containers: + oneimage: + scale: 3 + sidecars: + left: + image: "foo" + ports: + - port: 90 + targetPort: 91 + protocol: tcp + ports: + - port: 80 + targetPort: 81 + protocol: http + image: "image-name" + build: + dockerfile: "Dockerfile" + context: "." + buildimage: + image: "sha256:build-image" + build: + dockerfile: "custom-dockerfile" + context: "." diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/dev/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/dev/expected.golden new file mode 100644 index 000000000..1c0fdbffe --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/dev/expected.golden @@ -0,0 +1,338 @@ +`apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace +spec: + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: buildimage + acorn.io/managed: "true" + strategy: {} + template: + metadata: + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"custom-dockerfile"},"image":"sha256:build-image","metrics":{},"probes":null}' + karpenter.sh/do-not-evict: "true" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: sha256:build-image + name: buildimage + resources: {} + enableServiceLinks: false + hostname: buildimage + imagePullSecrets: + - name: buildimage-pull-1234567890ab + serviceAccountName: buildimage + terminationGracePeriodSeconds: 10 +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace +spec: + maxUnavailable: 25% + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: buildimage + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + replicas: 3 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + strategy: {} + template: + metadata: + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","metrics":{},"ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"scale":3,"sidecars":{"left":{"image":"foo","metrics":{},"ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: image-name + name: oneimage + ports: + - containerPort: 81 + protocol: TCP + readinessProbe: + tcpSocket: + port: 81 + resources: {} + - image: foo + name: left + ports: + - containerPort: 91 + protocol: TCP + readinessProbe: + tcpSocket: + port: 91 + resources: {} + enableServiceLinks: false + imagePullSecrets: + - name: oneimage-pull-1234567890ab + serviceAccountName: oneimage + terminationGracePeriodSeconds: 10 +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + maxUnavailable: 1 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: internal.acorn.io/v1 +kind: ServiceInstance +metadata: + annotations: + acorn.io/app-generation: "0" + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/public-name: app-name.oneimage + name: oneimage + namespace: app-created-namespace +spec: + appName: app-name + appNamespace: app-namespace + container: oneimage + default: true + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + ports: + - port: 80 + protocol: http + targetPort: 81 + - port: 90 + protocol: tcp + targetPort: 91 +status: {} + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: buildimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: oneimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: internal.acorn.io/v1 +kind: AppInstance +metadata: + creationTimestamp: null + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + appImage: + buildContext: {} + id: test + imageData: {} + vcs: {} + appSpec: + containers: + buildimage: + build: + context: . + dockerfile: custom-dockerfile + image: sha256:build-image + metrics: {} + probes: null + oneimage: + build: + context: . + dockerfile: Dockerfile + image: image-name + metrics: {} + ports: + - port: 80 + protocol: http + targetPort: 81 + probes: null + scale: 3 + sidecars: + left: + image: foo + metrics: {} + ports: + - port: 90 + protocol: tcp + targetPort: 91 + probes: null + appStatus: {} + columns: {} + conditions: + reason: Success + status: "True" + success: true + type: defined + defaults: {} + devSession: + client: + imageSource: {} + sessionRenewTime: null + sessionStartTime: null + sessionTimeoutSeconds: 60 + namespace: app-created-namespace + staged: + appImage: + buildContext: {} + imageData: {} + vcs: {} + summary: {} +` diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/dev/input.yaml b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/dev/input.yaml new file mode 100644 index 000000000..b8dce2df9 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/dev/input.yaml @@ -0,0 +1,38 @@ +kind: AppInstance +apiVersion: internal.acorn.io/v1 +metadata: + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + devSession: + sessionTimeoutSeconds: 60 + namespace: app-created-namespace + appImage: + id: test + appSpec: + containers: + oneimage: + scale: 3 + sidecars: + left: + image: "foo" + ports: + - port: 90 + targetPort: 91 + protocol: tcp + ports: + - port: 80 + targetPort: 81 + protocol: http + image: "image-name" + build: + dockerfile: "Dockerfile" + context: "." + buildimage: + image: "sha256:build-image" + build: + dockerfile: "custom-dockerfile" + context: "." diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/job/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/job/expected.golden new file mode 100644 index 000000000..096692be0 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/job/expected.golden @@ -0,0 +1,178 @@ +`apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/app-generation: "0" + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/job-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace + +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + acorn.io/app-generation: "0" + acorn.io/config-hash: "" + apply.acorn.io/prune: "false" + apply.acorn.io/update: "true" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/job-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + backoffLimit: 1000 + template: + metadata: + annotations: + acorn.io/config-hash: "" + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","metrics":{},"ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","metrics":{},"ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/job-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - env: + - name: ACORN_EVENT + value: create + image: image-name + name: oneimage + ports: + - containerPort: 81 + protocol: TCP + readinessProbe: + tcpSocket: + port: 81 + resources: {} + volumeMounts: + - mountPath: /run/secrets + name: acorn-job-output-helper + - env: + - name: ACORN_EVENT + value: create + image: foo + name: left + ports: + - containerPort: 91 + protocol: TCP + readinessProbe: + tcpSocket: + port: 91 + resources: {} + volumeMounts: + - mountPath: /run/secrets + name: acorn-job-output-helper + - command: + - /usr/local/bin/acorn-job-helper-init + env: + - name: ACORN_EVENT + value: create + image: ghcr.io/acorn-io/runtime:main + imagePullPolicy: IfNotPresent + name: acorn-job-output-helper + resources: {} + volumeMounts: + - mountPath: /run/secrets + name: acorn-job-output-helper + enableServiceLinks: false + imagePullSecrets: + - name: oneimage-pull-1234567890ab + restartPolicy: Never + serviceAccountName: oneimage + terminationGracePeriodSeconds: 5 + volumes: + - emptyDir: + medium: Memory + sizeLimit: 1M + name: acorn-job-output-helper +status: {} + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJnaGNyLmlvIjp7ImF1dGgiOiJPZz09In0sImluZGV4LmRvY2tlci5pbyI6eyJhdXRoIjoiT2c9PSJ9fX0= +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: oneimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: internal.acorn.io/v1 +kind: AppInstance +metadata: + creationTimestamp: null + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + appImage: + buildContext: {} + id: test + imageData: {} + vcs: {} + appSpec: + jobs: + oneimage: + build: + context: . + dockerfile: Dockerfile + image: image-name + metrics: {} + ports: + - port: 80 + protocol: http + targetPort: 81 + probes: null + sidecars: + left: + image: foo + metrics: {} + ports: + - port: 90 + protocol: tcp + targetPort: 91 + probes: null + appStatus: + jobs: + oneimage: {} + columns: {} + conditions: + reason: Success + status: "True" + success: true + type: defined + defaults: {} + namespace: app-created-namespace + staged: + appImage: + buildContext: {} + imageData: {} + vcs: {} + summary: {} +` diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/job/input.yaml b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/job/input.yaml new file mode 100644 index 000000000..b81aa4ae7 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/job/input.yaml @@ -0,0 +1,30 @@ +kind: AppInstance +apiVersion: internal.acorn.io/v1 +metadata: + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + namespace: app-created-namespace + appImage: + id: test + appSpec: + jobs: + oneimage: + sidecars: + left: + image: "foo" + ports: + - port: 90 + targetPort: 91 + protocol: tcp + ports: + - port: 80 + targetPort: 81 + protocol: http + image: "image-name" + build: + dockerfile: "Dockerfile" + context: "." \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/no-ports/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/no-ports/expected.golden new file mode 100644 index 000000000..007a0495a --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/no-ports/expected.golden @@ -0,0 +1,277 @@ +`apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace +spec: + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: buildimage + acorn.io/managed: "true" + strategy: {} + template: + metadata: + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"custom-dockerfile"},"image":"sha256:build-image","metrics":{},"probes":null}' + karpenter.sh/do-not-evict: "true" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: sha256:build-image + name: buildimage + resources: {} + enableServiceLinks: false + hostname: buildimage + imagePullSecrets: + - name: buildimage-pull-1234567890ab + serviceAccountName: buildimage + terminationGracePeriodSeconds: 10 +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace +spec: + maxUnavailable: 25% + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: buildimage + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + replicas: 3 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + strategy: {} + template: + metadata: + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","metrics":{},"probes":null,"scale":3,"sidecars":{"left":{"image":"foo","metrics":{},"probes":null}}}' + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: image-name + name: oneimage + resources: {} + - image: foo + name: left + resources: {} + enableServiceLinks: false + imagePullSecrets: + - name: oneimage-pull-1234567890ab + serviceAccountName: oneimage + terminationGracePeriodSeconds: 10 +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + maxUnavailable: 1 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: buildimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: oneimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: internal.acorn.io/v1 +kind: AppInstance +metadata: + creationTimestamp: null + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + appImage: + buildContext: {} + id: test + imageData: {} + vcs: {} + appSpec: + containers: + buildimage: + build: + context: . + dockerfile: custom-dockerfile + image: sha256:build-image + metrics: {} + probes: null + oneimage: + build: + context: . + dockerfile: Dockerfile + image: image-name + metrics: {} + probes: null + scale: 3 + sidecars: + left: + image: foo + metrics: {} + probes: null + appStatus: {} + columns: {} + conditions: + reason: Success + status: "True" + success: true + type: defined + defaults: {} + namespace: app-created-namespace + staged: + appImage: + buildContext: {} + imageData: {} + vcs: {} + summary: {} +` diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/no-ports/input.yaml b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/no-ports/input.yaml new file mode 100644 index 000000000..1587703ac --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/no-ports/input.yaml @@ -0,0 +1,28 @@ +kind: AppInstance +apiVersion: internal.acorn.io/v1 +metadata: + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + namespace: app-created-namespace + appImage: + id: test + appSpec: + containers: + oneimage: + scale: 3 + sidecars: + left: + image: "foo" + image: "image-name" + build: + dockerfile: "Dockerfile" + context: "." + buildimage: + image: "sha256:build-image" + build: + dockerfile: "custom-dockerfile" + context: "." diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/ports-only-sidecar/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/ports-only-sidecar/expected.golden new file mode 100644 index 000000000..932c8297c --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/ports-only-sidecar/expected.golden @@ -0,0 +1,344 @@ +`apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace +spec: + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: buildimage + acorn.io/managed: "true" + strategy: {} + template: + metadata: + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"custom-dockerfile"},"image":"sha256:build-image","metrics":{},"probes":null}' + karpenter.sh/do-not-evict: "true" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: sha256:build-image + name: buildimage + resources: {} + enableServiceLinks: false + hostname: buildimage + imagePullSecrets: + - name: buildimage-pull-1234567890ab + serviceAccountName: buildimage + terminationGracePeriodSeconds: 10 +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: buildimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: buildimage + namespace: app-created-namespace +spec: + maxUnavailable: 25% + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: buildimage + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + replicas: 3 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + strategy: {} + template: + metadata: + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","metrics":{},"probes":null,"scale":3,"sidecars":{"left":{"image":"foo","metrics":{},"ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: image-name + name: oneimage + resources: {} + - image: foo + lifecycle: + preStop: + exec: + command: + - /.acorn/sleep/1234567890abcdef + name: left + ports: + - containerPort: 91 + protocol: TCP + readinessProbe: + tcpSocket: + port: 91 + resources: {} + volumeMounts: + - mountPath: /.acorn/sleep + name: 1234567890abcdef + enableServiceLinks: false + imagePullSecrets: + - name: oneimage-pull-1234567890ab + serviceAccountName: oneimage + terminationGracePeriodSeconds: 10 + volumes: + - configMap: + defaultMode: 484 + name: 1234567890abcdef + name: 1234567890abcdef +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: oneimage + namespace: app-created-namespace +spec: + maxUnavailable: 1 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: v1 +binaryData: + 1234567890abcdef: YWNvcm4tc2xlZXA= +kind: ConfigMap +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + name: 1234567890abcdef + namespace: app-created-namespace + +--- +apiVersion: internal.acorn.io/v1 +kind: ServiceInstance +metadata: + annotations: + acorn.io/app-generation: "0" + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + acorn.io/public-name: app-name.oneimage + name: oneimage + namespace: app-created-namespace +spec: + appName: app-name + appNamespace: app-namespace + container: oneimage + default: true + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: oneimage + acorn.io/managed: "true" + ports: + - port: 90 + protocol: tcp + targetPort: 91 +status: {} + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: buildimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: oneimage-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: internal.acorn.io/v1 +kind: AppInstance +metadata: + creationTimestamp: null + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + appImage: + buildContext: {} + id: test + imageData: {} + vcs: {} + appSpec: + containers: + buildimage: + build: + context: . + dockerfile: custom-dockerfile + image: sha256:build-image + metrics: {} + probes: null + oneimage: + build: + context: . + dockerfile: Dockerfile + image: image-name + metrics: {} + probes: null + scale: 3 + sidecars: + left: + image: foo + metrics: {} + ports: + - port: 90 + protocol: tcp + targetPort: 91 + probes: null + appStatus: {} + columns: {} + conditions: + reason: Success + status: "True" + success: true + type: defined + defaults: {} + namespace: app-created-namespace + staged: + appImage: + buildContext: {} + imageData: {} + vcs: {} + summary: {} +` diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/ports-only-sidecar/input.yaml b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/ports-only-sidecar/input.yaml new file mode 100644 index 000000000..d074c5024 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/ports-only-sidecar/input.yaml @@ -0,0 +1,32 @@ +kind: AppInstance +apiVersion: internal.acorn.io/v1 +metadata: + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + namespace: app-created-namespace + appImage: + id: test + appSpec: + containers: + oneimage: + scale: 3 + sidecars: + left: + image: "foo" + ports: + - port: 90 + targetPort: 91 + protocol: tcp + image: "image-name" + build: + dockerfile: "Dockerfile" + context: "." + buildimage: + image: "sha256:build-image" + build: + dockerfile: "custom-dockerfile" + context: "." diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/existing.yaml b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/existing.yaml new file mode 100644 index 000000000..66cd25e26 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/existing.yaml @@ -0,0 +1,13 @@ +--- +kind: ClusterVolumeClassInstance +apiVersion: internal.admin.acorn.io/v1 +metadata: + name: test-custom-class +description: Just a simple test volume class +default: true +storageClassName: custom-class +size: + min: 1Gi + max: 10Gi + default: 3Gi +allowedAccessModes: ["readWriteOnce"] diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/expected.golden new file mode 100644 index 000000000..119bbabec --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/expected.golden @@ -0,0 +1,236 @@ +`apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: container-name + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: container-name + namespace: app-created-namespace + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: container-name + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: container-name + namespace: app-created-namespace +spec: + replicas: 1 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: container-name + acorn.io/managed: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + acorn.io/container-spec: '{"dirs":{"/var/tmp":{"secret":{},"volume":"foo"}},"image":"image-name","metrics":{},"ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null}' + karpenter.sh/do-not-evict: "true" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: container-name + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + spec: + containers: + - image: image-name + name: container-name + ports: + - containerPort: 81 + protocol: TCP + readinessProbe: + tcpSocket: + port: 81 + resources: {} + volumeMounts: + - mountPath: /var/tmp + name: foo + enableServiceLinks: false + hostname: container-name + imagePullSecrets: + - name: container-name-pull-1234567890ab + serviceAccountName: container-name + terminationGracePeriodSeconds: 10 + volumes: + - name: foo + persistentVolumeClaim: + claimName: foo +status: {} + +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/app-public-name: app-name + acorn.io/container-name: container-name + acorn.io/managed: "true" + acorn.io/project-name: app-namespace + name: container-name + namespace: app-created-namespace +spec: + maxUnavailable: 1 + selector: + matchLabels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: container-name + acorn.io/managed: "true" +status: + currentHealthy: 0 + desiredHealthy: 0 + disruptionsAllowed: 0 + expectedPods: 0 + +--- +apiVersion: internal.acorn.io/v1 +kind: ServiceInstance +metadata: + annotations: + acorn.io/app-generation: "0" + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: container-name + acorn.io/managed: "true" + acorn.io/public-name: app-name.container-name + name: container-name + namespace: app-created-namespace +spec: + appName: app-name + appNamespace: app-namespace + container: container-name + default: true + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/container-name: container-name + acorn.io/managed: "true" + ports: + - port: 80 + protocol: http + targetPort: 81 +status: {} + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + acorn.io/config-hash: "" + creationTimestamp: null + labels: + acorn.io/app-name: app-name + acorn.io/app-namespace: app-namespace + acorn.io/managed: "true" + acorn.io/public-name: app-name.foo + acorn.io/volume-class: test-custom-class + acorn.io/volume-name: foo + name: foo + namespace: app-created-namespace +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + storageClassName: custom-class +status: {} + +--- +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +kind: Secret +metadata: + creationTimestamp: null + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" + name: container-name-pull-1234567890ab + namespace: app-created-namespace +type: kubernetes.io/dockerconfigjson + +--- +apiVersion: internal.acorn.io/v1 +kind: AppInstance +metadata: + creationTimestamp: null + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + appImage: + buildContext: {} + id: test + imageData: {} + vcs: {} + appSpec: + containers: + container-name: + dirs: + /var/tmp: + secret: {} + volume: foo + image: image-name + metrics: {} + ports: + - port: 80 + protocol: http + targetPort: 81 + probes: null + volumes: + foo: {} + appStatus: {} + columns: {} + conditions: + reason: Success + status: "True" + success: true + type: defined + defaults: + volumes: + foo: + accessModes: + - readWriteOnce + class: test-custom-class + size: 3Gi + namespace: app-created-namespace + staged: + appImage: + buildContext: {} + imageData: {} + vcs: {} + summary: {} +` diff --git a/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/input.yaml b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/input.yaml new file mode 100644 index 000000000..3138c7dfc --- /dev/null +++ b/pkg/controller/appdefinition/testdata/deployspec/pre-stop/stateful/input.yaml @@ -0,0 +1,31 @@ +kind: AppInstance +apiVersion: internal.acorn.io/v1 +metadata: + name: app-name + namespace: app-namespace + uid: 1234567890abcdef +spec: + image: test +status: + namespace: app-created-namespace + appImage: + id: test + appSpec: + containers: + container-name: + image: "image-name" + dirs: + "/var/tmp": + volume: foo + ports: + - port: 80 + targetPort: 81 + protocol: http + volumes: + foo: {} + defaults: + volumes: + foo: + class: test-custom-class + size: 3Gi + accessModes: [ "readWriteOnce" ] \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/deployspec/scale/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/scale/expected.golden index 882e15e3d..ec4b67a4f 100644 --- a/pkg/controller/appdefinition/testdata/deployspec/scale/expected.golden +++ b/pkg/controller/appdefinition/testdata/deployspec/scale/expected.golden @@ -60,7 +60,7 @@ spec: imagePullSecrets: - name: buildimage-pull-1234567890ab serviceAccountName: buildimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -156,7 +156,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/deployspec/stop/expected.golden b/pkg/controller/appdefinition/testdata/deployspec/stop/expected.golden index f0283709a..6392041aa 100644 --- a/pkg/controller/appdefinition/testdata/deployspec/stop/expected.golden +++ b/pkg/controller/appdefinition/testdata/deployspec/stop/expected.golden @@ -61,7 +61,7 @@ spec: imagePullSecrets: - name: buildimage-pull-1234567890ab serviceAccountName: buildimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -158,7 +158,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/files-bug/expected.golden b/pkg/controller/appdefinition/testdata/files-bug/expected.golden index 3f0a160ee..e7c6c4dcc 100644 --- a/pkg/controller/appdefinition/testdata/files-bug/expected.golden +++ b/pkg/controller/appdefinition/testdata/files-bug/expected.golden @@ -71,7 +71,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: secrets-1234567890ab secret: diff --git a/pkg/controller/appdefinition/testdata/files/expected.golden b/pkg/controller/appdefinition/testdata/files/expected.golden index 187724e6b..57d495ca3 100644 --- a/pkg/controller/appdefinition/testdata/files/expected.golden +++ b/pkg/controller/appdefinition/testdata/files/expected.golden @@ -81,7 +81,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: secret--ref secret: diff --git a/pkg/controller/appdefinition/testdata/globalenv/expected.golden b/pkg/controller/appdefinition/testdata/globalenv/expected.golden index d82e7d546..5f226f5b1 100644 --- a/pkg/controller/appdefinition/testdata/globalenv/expected.golden +++ b/pkg/controller/appdefinition/testdata/globalenv/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/ingress/basic/expected.golden b/pkg/controller/appdefinition/testdata/ingress/basic/expected.golden index 9c0d7d7c4..e118b2c40 100644 --- a/pkg/controller/appdefinition/testdata/ingress/basic/expected.golden +++ b/pkg/controller/appdefinition/testdata/ingress/basic/expected.golden @@ -69,7 +69,7 @@ spec: imagePullSecrets: - name: buildimage-pull-1234567890ab serviceAccountName: buildimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -181,7 +181,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/ingress/clusterdomainport/expected.golden b/pkg/controller/appdefinition/testdata/ingress/clusterdomainport/expected.golden index 410670e7e..f487a29a6 100644 --- a/pkg/controller/appdefinition/testdata/ingress/clusterdomainport/expected.golden +++ b/pkg/controller/appdefinition/testdata/ingress/clusterdomainport/expected.golden @@ -67,7 +67,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/ingress/labels/expected.golden b/pkg/controller/appdefinition/testdata/ingress/labels/expected.golden index ef5f84e7f..15584dc39 100644 --- a/pkg/controller/appdefinition/testdata/ingress/labels/expected.golden +++ b/pkg/controller/appdefinition/testdata/ingress/labels/expected.golden @@ -97,7 +97,7 @@ spec: imagePullSecrets: - name: con1-pull-1234567890ab serviceAccountName: con1 - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/ingress/letsencrypt/expected.golden b/pkg/controller/appdefinition/testdata/ingress/letsencrypt/expected.golden index 7295930f9..5f9d6729e 100644 --- a/pkg/controller/appdefinition/testdata/ingress/letsencrypt/expected.golden +++ b/pkg/controller/appdefinition/testdata/ingress/letsencrypt/expected.golden @@ -67,7 +67,7 @@ spec: imagePullSecrets: - name: app1-pull-1234567890ab serviceAccountName: app1 - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -170,7 +170,7 @@ spec: imagePullSecrets: - name: app2-pull-1234567890ab serviceAccountName: app2 - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/ingress/prefix/prefix-1/expected.golden b/pkg/controller/appdefinition/testdata/ingress/prefix/prefix-1/expected.golden index 65bd7ea01..4277af0aa 100644 --- a/pkg/controller/appdefinition/testdata/ingress/prefix/prefix-1/expected.golden +++ b/pkg/controller/appdefinition/testdata/ingress/prefix/prefix-1/expected.golden @@ -97,7 +97,7 @@ spec: imagePullSecrets: - name: con1-pull-1234567890ab serviceAccountName: con1 - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/ingress/prefix/prefix-2/expected.golden b/pkg/controller/appdefinition/testdata/ingress/prefix/prefix-2/expected.golden index ef162d2ba..c0532cf16 100644 --- a/pkg/controller/appdefinition/testdata/ingress/prefix/prefix-2/expected.golden +++ b/pkg/controller/appdefinition/testdata/ingress/prefix/prefix-2/expected.golden @@ -97,7 +97,7 @@ spec: imagePullSecrets: - name: con1-pull-newuid123456 serviceAccountName: con1 - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/interpolation/expected.golden b/pkg/controller/appdefinition/testdata/interpolation/expected.golden index b4ada52c0..351e2d495 100644 --- a/pkg/controller/appdefinition/testdata/interpolation/expected.golden +++ b/pkg/controller/appdefinition/testdata/interpolation/expected.golden @@ -75,7 +75,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: secrets-1234567890ab secret: diff --git a/pkg/controller/appdefinition/testdata/memory/all-set-overwrite/expected.golden b/pkg/controller/appdefinition/testdata/memory/all-set-overwrite/expected.golden index dec888d04..898588c44 100644 --- a/pkg/controller/appdefinition/testdata/memory/all-set-overwrite/expected.golden +++ b/pkg/controller/appdefinition/testdata/memory/all-set-overwrite/expected.golden @@ -84,7 +84,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/memory/all-set/expected.golden b/pkg/controller/appdefinition/testdata/memory/all-set/expected.golden index 5e9e1833d..569f9db81 100644 --- a/pkg/controller/appdefinition/testdata/memory/all-set/expected.golden +++ b/pkg/controller/appdefinition/testdata/memory/all-set/expected.golden @@ -84,7 +84,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/memory/container/expected.golden b/pkg/controller/appdefinition/testdata/memory/container/expected.golden index 6dbb98b0c..d8cae40e5 100644 --- a/pkg/controller/appdefinition/testdata/memory/container/expected.golden +++ b/pkg/controller/appdefinition/testdata/memory/container/expected.golden @@ -80,7 +80,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/memory/overwrite-acornfile-memory/expected.golden b/pkg/controller/appdefinition/testdata/memory/overwrite-acornfile-memory/expected.golden index 8bac35702..d9492507e 100644 --- a/pkg/controller/appdefinition/testdata/memory/overwrite-acornfile-memory/expected.golden +++ b/pkg/controller/appdefinition/testdata/memory/overwrite-acornfile-memory/expected.golden @@ -80,7 +80,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/memory/sidecar/expected.golden b/pkg/controller/appdefinition/testdata/memory/sidecar/expected.golden index 339096237..665922f54 100644 --- a/pkg/controller/appdefinition/testdata/memory/sidecar/expected.golden +++ b/pkg/controller/appdefinition/testdata/memory/sidecar/expected.golden @@ -80,7 +80,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/memory/two-containers/expected.golden b/pkg/controller/appdefinition/testdata/memory/two-containers/expected.golden index 10bc463d4..ac01cd8d4 100644 --- a/pkg/controller/appdefinition/testdata/memory/two-containers/expected.golden +++ b/pkg/controller/appdefinition/testdata/memory/two-containers/expected.golden @@ -71,7 +71,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -174,7 +174,7 @@ spec: imagePullSecrets: - name: twoimage-pull-1234567890ab serviceAccountName: twoimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/memory/with-acornfile-memory/expected.golden b/pkg/controller/appdefinition/testdata/memory/with-acornfile-memory/expected.golden index 5f1336730..d63db3431 100644 --- a/pkg/controller/appdefinition/testdata/memory/with-acornfile-memory/expected.golden +++ b/pkg/controller/appdefinition/testdata/memory/with-acornfile-memory/expected.golden @@ -80,7 +80,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/permissions/both/expected.golden b/pkg/controller/appdefinition/testdata/permissions/both/expected.golden index d8e37cc85..fcb7cb034 100644 --- a/pkg/controller/appdefinition/testdata/permissions/both/expected.golden +++ b/pkg/controller/appdefinition/testdata/permissions/both/expected.golden @@ -173,7 +173,7 @@ spec: imagePullSecrets: - name: twoimage-pull-1234567890ab serviceAccountName: twoimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.golden b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.golden index de01be810..22c872049 100644 --- a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.golden +++ b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.golden @@ -76,7 +76,7 @@ spec: imagePullSecrets: - name: twoimage-pull-1234567890ab serviceAccountName: twoimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/permissions/container/expected.golden b/pkg/controller/appdefinition/testdata/permissions/container/expected.golden index fae3519f1..d4012cd20 100644 --- a/pkg/controller/appdefinition/testdata/permissions/container/expected.golden +++ b/pkg/controller/appdefinition/testdata/permissions/container/expected.golden @@ -173,7 +173,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/permissions/containerwithnamespace/expected.golden b/pkg/controller/appdefinition/testdata/permissions/containerwithnamespace/expected.golden index c4252a009..3140258fa 100644 --- a/pkg/controller/appdefinition/testdata/permissions/containerwithnamespace/expected.golden +++ b/pkg/controller/appdefinition/testdata/permissions/containerwithnamespace/expected.golden @@ -271,7 +271,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.golden b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.golden index ddec7a153..868c59252 100644 --- a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.golden +++ b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.golden @@ -173,7 +173,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -382,7 +382,7 @@ spec: imagePullSecrets: - name: twoimage-pull-1234567890ab serviceAccountName: twoimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.golden b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.golden index 6d8909439..cdd98c4f9 100644 --- a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.golden +++ b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.golden @@ -173,7 +173,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -382,7 +382,7 @@ spec: imagePullSecrets: - name: twoimage-pull-1234567890ab serviceAccountName: twoimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/probes/expected.golden b/pkg/controller/appdefinition/testdata/probes/expected.golden index 0eeaf1f34..22aec8122 100644 --- a/pkg/controller/appdefinition/testdata/probes/expected.golden +++ b/pkg/controller/appdefinition/testdata/probes/expected.golden @@ -64,7 +64,7 @@ spec: imagePullSecrets: - name: nodefault-pull-1234567890ab serviceAccountName: nodefault - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -185,7 +185,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/pullsecrets/custom/expected.golden b/pkg/controller/appdefinition/testdata/pullsecrets/custom/expected.golden index 906efa1c4..729616fa6 100644 --- a/pkg/controller/appdefinition/testdata/pullsecrets/custom/expected.golden +++ b/pkg/controller/appdefinition/testdata/pullsecrets/custom/expected.golden @@ -61,7 +61,7 @@ spec: imagePullSecrets: - name: buildimage-pull-1234567890ab serviceAccountName: buildimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -161,7 +161,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/pullsecrets/default/expected.golden b/pkg/controller/appdefinition/testdata/pullsecrets/default/expected.golden index 651bf21bf..7d7eacd14 100644 --- a/pkg/controller/appdefinition/testdata/pullsecrets/default/expected.golden +++ b/pkg/controller/appdefinition/testdata/pullsecrets/default/expected.golden @@ -61,7 +61,7 @@ spec: imagePullSecrets: - name: buildimage-pull-1234567890ab serviceAccountName: buildimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -161,7 +161,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/router/expected.golden b/pkg/controller/appdefinition/testdata/router/expected.golden index 255b65956..9c375e1c4 100644 --- a/pkg/controller/appdefinition/testdata/router/expected.golden +++ b/pkg/controller/appdefinition/testdata/router/expected.golden @@ -37,6 +37,13 @@ spec: command: - /docker-entrypoint.sh image: ghcr.io/acorn-io/runtime:main + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - sleep 5 && /usr/sbin/nginx -s quit name: nginx ports: - containerPort: 8080 @@ -53,7 +60,7 @@ spec: subPath: config enableServiceLinks: false serviceAccountName: router-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 tolerations: - key: taints.acorn.io/workload operator: Exists diff --git a/pkg/controller/appdefinition/testdata/secret/expected.golden b/pkg/controller/appdefinition/testdata/secret/expected.golden index a0f572347..7630675e5 100644 --- a/pkg/controller/appdefinition/testdata/secret/expected.golden +++ b/pkg/controller/appdefinition/testdata/secret/expected.golden @@ -95,7 +95,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: secret--secret_dir_noaction secret: diff --git a/pkg/controller/appdefinition/testdata/service/alias/expected.golden b/pkg/controller/appdefinition/testdata/service/alias/expected.golden index f01aab3cb..9cc4c1815 100644 --- a/pkg/controller/appdefinition/testdata/service/alias/expected.golden +++ b/pkg/controller/appdefinition/testdata/service/alias/expected.golden @@ -81,7 +81,7 @@ spec: imagePullSecrets: - name: con1-pull-1234567890ab serviceAccountName: con1 - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -202,7 +202,7 @@ spec: imagePullSecrets: - name: con2-pull-1234567890ab serviceAccountName: con2 - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -306,7 +306,7 @@ spec: imagePullSecrets: - name: con3-pull-1234567890ab serviceAccountName: con3 - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/service/basic/expected.golden b/pkg/controller/appdefinition/testdata/service/basic/expected.golden index 263e36e42..ea32281db 100644 --- a/pkg/controller/appdefinition/testdata/service/basic/expected.golden +++ b/pkg/controller/appdefinition/testdata/service/basic/expected.golden @@ -69,7 +69,7 @@ spec: imagePullSecrets: - name: buildimage-pull-1234567890ab serviceAccountName: buildimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- @@ -181,7 +181,7 @@ spec: imagePullSecrets: - name: oneimage-pull-1234567890ab serviceAccountName: oneimage - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/template/expected.golden b/pkg/controller/appdefinition/testdata/template/expected.golden index 61a87f2e5..c1711925b 100644 --- a/pkg/controller/appdefinition/testdata/template/expected.golden +++ b/pkg/controller/appdefinition/testdata/template/expected.golden @@ -61,7 +61,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/volumes/cluster-default-with-bind-combos/expected.golden b/pkg/controller/appdefinition/testdata/volumes/cluster-default-with-bind-combos/expected.golden index cd84e42d1..5ac2a9e41 100644 --- a/pkg/controller/appdefinition/testdata/volumes/cluster-default-with-bind-combos/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/cluster-default-with-bind-combos/expected.golden @@ -68,7 +68,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: bar persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/configure-but-no-bind/expected.golden b/pkg/controller/appdefinition/testdata/volumes/configure-but-no-bind/expected.golden index d31aaeba8..5b3dc1772 100644 --- a/pkg/controller/appdefinition/testdata/volumes/configure-but-no-bind/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/configure-but-no-bind/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/contextdir/expected.golden b/pkg/controller/appdefinition/testdata/volumes/contextdir/expected.golden index f9d0d7ffa..90237ca29 100644 --- a/pkg/controller/appdefinition/testdata/volumes/contextdir/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/contextdir/expected.golden @@ -62,7 +62,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 status: {} --- diff --git a/pkg/controller/appdefinition/testdata/volumes/defaults/expected.golden b/pkg/controller/appdefinition/testdata/volumes/defaults/expected.golden index e82c85df5..b73f3d96a 100644 --- a/pkg/controller/appdefinition/testdata/volumes/defaults/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/defaults/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/empty/expected.golden b/pkg/controller/appdefinition/testdata/volumes/empty/expected.golden index afc9ba880..803da2afd 100644 --- a/pkg/controller/appdefinition/testdata/volumes/empty/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/empty/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/ephemeral-bound/expected.golden b/pkg/controller/appdefinition/testdata/volumes/ephemeral-bound/expected.golden index 6f8a7a128..816c34e0a 100644 --- a/pkg/controller/appdefinition/testdata/volumes/ephemeral-bound/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/ephemeral-bound/expected.golden @@ -64,7 +64,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/ephemeral/expected.golden b/pkg/controller/appdefinition/testdata/volumes/ephemeral/expected.golden index 2828e750d..4e4327096 100644 --- a/pkg/controller/appdefinition/testdata/volumes/ephemeral/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/ephemeral/expected.golden @@ -64,7 +64,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - emptyDir: sizeLimit: 10G diff --git a/pkg/controller/appdefinition/testdata/volumes/inactive-class/expected.golden b/pkg/controller/appdefinition/testdata/volumes/inactive-class/expected.golden index e82c85df5..b73f3d96a 100644 --- a/pkg/controller/appdefinition/testdata/volumes/inactive-class/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/inactive-class/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/named-bound/expected.golden b/pkg/controller/appdefinition/testdata/volumes/named-bound/expected.golden index 159c7a30d..f03330080 100644 --- a/pkg/controller/appdefinition/testdata/volumes/named-bound/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/named-bound/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/named/expected.golden b/pkg/controller/appdefinition/testdata/volumes/named/expected.golden index 7eef9485a..4154f7737 100644 --- a/pkg/controller/appdefinition/testdata/volumes/named/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/named/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/no-default-class/expected.golden b/pkg/controller/appdefinition/testdata/volumes/no-default-class/expected.golden index afc9ba880..803da2afd 100644 --- a/pkg/controller/appdefinition/testdata/volumes/no-default-class/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/no-default-class/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/testdata/volumes/reuse-existing/expected.golden b/pkg/controller/appdefinition/testdata/volumes/reuse-existing/expected.golden index 94c223581..f25aa3aa3 100644 --- a/pkg/controller/appdefinition/testdata/volumes/reuse-existing/expected.golden +++ b/pkg/controller/appdefinition/testdata/volumes/reuse-existing/expected.golden @@ -66,7 +66,7 @@ spec: imagePullSecrets: - name: container-name-pull-1234567890ab serviceAccountName: container-name - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: 10 volumes: - name: foo persistentVolumeClaim: diff --git a/pkg/controller/appdefinition/volume.go b/pkg/controller/appdefinition/volume.go index 76f49afae..1ab181c25 100644 --- a/pkg/controller/appdefinition/volume.go +++ b/pkg/controller/appdefinition/volume.go @@ -15,6 +15,7 @@ import ( "github.com/acorn-io/runtime/pkg/publicname" "github.com/acorn-io/runtime/pkg/secrets" "github.com/acorn-io/runtime/pkg/volume" + "github.com/acorn-io/z" name2 "github.com/rancher/wrangler/pkg/name" "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" @@ -25,8 +26,9 @@ import ( ) const ( - AcornHelper = " /acorn-helper" - AcornHelperPath = "/.acorn" + AcornHelper = " /acorn-helper" + AcornHelperPath = "/.acorn" + AcornHelperSleepPath = "/.acorn/sleep" ) func addPVCs(req router.Request, appInstance *v1.AppInstance, resp router.Response) error { @@ -407,11 +409,13 @@ func secretPodVolName(secretName string) string { return strings.ReplaceAll(name.SafeConcatName("secret-", secretName), ".", "-") } -func toVolumes(appInstance *v1.AppInstance, container v1.Container, interpolator *secrets.Interpolator) (result []corev1.Volume, _ error) { +func toVolumes(appInstance *v1.AppInstance, container v1.Container, interpolator *secrets.Interpolator, addWaitVolume bool) (result []corev1.Volume, _ error) { + hasPorts := len(container.Ports) > 0 volumeReferences := map[volumeReference]bool{} addVolumeReferencesForContainer(appInstance, volumeReferences, container) for _, entry := range typed.Sorted(container.Sidecars) { addVolumeReferencesForContainer(appInstance, volumeReferences, entry.Value) + hasPorts = hasPorts || len(entry.Value.Ports) > 0 } for volume := range volumeReferences { @@ -454,6 +458,20 @@ func toVolumes(appInstance *v1.AppInstance, container v1.Container, interpolator } } + if addWaitVolume && hasPorts { + result = append(result, corev1.Volume{ + Name: string(appInstance.UID), + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + DefaultMode: z.Pointer[int32](0744), + LocalObjectReference: corev1.LocalObjectReference{ + Name: string(appInstance.UID), + }, + }, + }, + }) + } + fileModes := map[string]bool{} addFilesFileModesForContainer(fileModes, container) diff --git a/pkg/imagesystem/buildertemplate.go b/pkg/imagesystem/buildertemplate.go index 76ddb94ae..dcb43ce44 100644 --- a/pkg/imagesystem/buildertemplate.go +++ b/pkg/imagesystem/buildertemplate.go @@ -46,9 +46,10 @@ func BuilderObjects(name, namespace, forNamespace, buildKitImage, pub, privKey, Labels: labels.ManagedByApp(namespace, name, "app", name), }, Spec: corev1.PodSpec{ - PriorityClassName: system.AcornPriorityClass, - ServiceAccountName: "acorn-builder", - EnableServiceLinks: new(bool), + PriorityClassName: system.AcornPriorityClass, + ServiceAccountName: "acorn-builder", + EnableServiceLinks: new(bool), + TerminationGracePeriodSeconds: z.Pointer[int64](10), Containers: []corev1.Container{ { Name: "buildkitd", @@ -165,6 +166,13 @@ func BuilderObjects(name, namespace, forNamespace, buildKitImage, pub, privKey, Args: []string{ "build-server", }, + Lifecycle: &corev1.Lifecycle{ + PreStop: &corev1.LifecycleHandler{ + Exec: &corev1.ExecAction{ + Command: []string{"sh", "-c", "sleep 5"}, + }, + }, + }, Resources: system.ResourceRequirementsFor(*cfg.BuildkitdServiceMemory, *cfg.BuildkitdServiceCPU), ReadinessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ diff --git a/pkg/imagesystem/registrytemplate.go b/pkg/imagesystem/registrytemplate.go index e8e7d34bf..8805fc9f8 100644 --- a/pkg/imagesystem/registrytemplate.go +++ b/pkg/imagesystem/registrytemplate.go @@ -68,8 +68,9 @@ func registryDeployment(namespace, serviceAccountName, registryImage string, req }, }, Spec: corev1.PodSpec{ - PriorityClassName: system.AcornPriorityClass, - EnableServiceLinks: new(bool), + TerminationGracePeriodSeconds: z.Pointer[int64](10), + PriorityClassName: system.AcornPriorityClass, + EnableServiceLinks: new(bool), Containers: []corev1.Container{ { Name: "registry", @@ -122,6 +123,17 @@ func registryDeployment(namespace, serviceAccountName, registryImage string, req MountPath: "/var/lib/registry", }, }, + Lifecycle: &corev1.Lifecycle{ + PreStop: &corev1.LifecycleHandler{ + Exec: &corev1.ExecAction{ + Command: []string{ + "/bin/sh", + "-c", + "sleep 5", + }, + }, + }, + }, }, }, ServiceAccountName: serviceAccountName,