Reworked clone volume mounts

equinor · Sep 19, 2024 · 3bb6da4 · 3bb6da4
1 parent 1ef2aa0
commit 3bb6da4
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 30 deletions.
diff --git a/pipeline-runner/internal/jobs/build/acr.go b/pipeline-runner/internal/jobs/build/acr.go
@@ -24,6 +24,8 @@ import (
 
 const (
 	azureServicePrincipleContext = "/radix-image-builder/.azure"
+	acrHomeVolumeName            = "radix-image-builder-home"
+	acrHomePath                  = "/home/radix-image-builder"
 )
 
 // NewBuildKit returns a JobBuilder implementation for building components and jobs using radix-image-builder (https://github.com/equinor/radix-image-builder)
@@ -105,7 +107,15 @@ func (c *acrKubeJobProps) PodVolumes() []corev1.Volume {
 			},
 		},
 		corev1.Volume{
-			Name: git.BuildHomeVolumeName,
+			Name: acrHomeVolumeName,
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{
+					SizeLimit: resource.NewScaledQuantity(5, resource.Mega),
+				},
+			},
+		},
+		corev1.Volume{
+			Name: git.CloneRepoHomeVolumeName,
 			VolumeSource: corev1.VolumeSource{
 				EmptyDir: &corev1.EmptyDirVolumeSource{
 					SizeLimit: resource.NewScaledQuantity(5, resource.Mega),
@@ -158,8 +168,8 @@ func (c *acrKubeJobProps) getPodContainerVolumeMounts(componentImage pipeline.Bu
 		},
 		// .azure folder is created in the user home folder
 		corev1.VolumeMount{
-			Name:      git.BuildHomeVolumeName,
-			MountPath: git.BuildHomeVolumePath,
+			Name:      acrHomeVolumeName,
+			MountPath: acrHomePath,
 			ReadOnly:  false,
 		},
 	)

diff --git a/pipeline-runner/internal/jobs/build/acr_test.go b/pipeline-runner/internal/jobs/build/acr_test.go
@@ -105,7 +105,8 @@ func assertACRJobSpec(t *testing.T, pushImage bool) {
 		{Name: git.BuildContextVolumeName},
 		{Name: git.GitSSHKeyVolumeName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: git.GitSSHKeyVolumeName, DefaultMode: pointers.Ptr[int32](256)}}},
 		{Name: defaults.AzureACRServicePrincipleSecretName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: defaults.AzureACRServicePrincipleSecretName}}},
-		{Name: git.BuildHomeVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(5, resource.Mega)}}},
+		{Name: "radix-image-builder-home", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(5, resource.Mega)}}},
+		{Name: git.CloneRepoHomeVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(5, resource.Mega)}}},
 	}
 	for _, image := range componentImages {
 		expectedVolumes = append(expectedVolumes,
@@ -124,7 +125,7 @@ func assertACRJobSpec(t *testing.T, pushImage bool) {
 	expectedCloneVolumeMounts := []corev1.VolumeMount{
 		{Name: git.BuildContextVolumeName, MountPath: git.Workspace},
 		{Name: git.GitSSHKeyVolumeName, MountPath: "/.ssh", ReadOnly: true},
-		{Name: git.BuildHomeVolumeName, MountPath: git.BuildHomeVolumePath, ReadOnly: false},
+		{Name: git.CloneRepoHomeVolumeName, MountPath: git.CloneRepoHomeVolumePath},
 	}
 	assert.ElementsMatch(t, expectedCloneVolumeMounts, cloneContainer.VolumeMounts)
 
@@ -177,7 +178,7 @@ func assertACRJobSpec(t *testing.T, pushImage bool) {
 				{Name: fmt.Sprintf("tmp-%s", ci.ContainerName), MountPath: "/tmp", ReadOnly: false},
 				{Name: fmt.Sprintf("var-%s", ci.ContainerName), MountPath: "/var", ReadOnly: false},
 				{Name: defaults.AzureACRServicePrincipleSecretName, MountPath: "/radix-image-builder/.azure", ReadOnly: true},
-				{Name: git.BuildHomeVolumeName, MountPath: git.BuildHomeVolumePath, ReadOnly: false},
+				{Name: "radix-image-builder-home", MountPath: "/home/radix-image-builder", ReadOnly: false},
 			}
 			assert.ElementsMatch(t, expectedVolumeMounts, c.VolumeMounts)
 		})

diff --git a/pipeline-runner/internal/jobs/build/buildkit.go b/pipeline-runner/internal/jobs/build/buildkit.go
@@ -24,6 +24,8 @@ import (
 const (
 	buildKitRunVolumeName           = "build-kit-run"
 	buildKitRootVolumeName          = "build-kit-root"
+	buildKitHomeVolumeName          = "radix-image-builder-home"
+	buildKitHomePath                = "/home/build"
 	buildKitBuildSecretsPath        = "/build-secrets"
 	privateImageHubDockerAuthPath   = "/radix-private-image-hubs"
 	defaultExternalRegistryAuthPath = "/radix-default-external-registry-auth"
@@ -128,7 +130,7 @@ func (c *buildKitKubeJobProps) PodVolumes() []corev1.Volume {
 			},
 		},
 		corev1.Volume{
-			Name: git.BuildHomeVolumeName,
+			Name: buildKitHomeVolumeName,
 			VolumeSource: corev1.VolumeSource{
 				EmptyDir: &corev1.EmptyDirVolumeSource{
 					SizeLimit: resource.NewScaledQuantity(5, resource.Mega),
@@ -151,6 +153,14 @@ func (c *buildKitKubeJobProps) PodVolumes() []corev1.Volume {
 				},
 			},
 		},
+		corev1.Volume{
+			Name: git.CloneRepoHomeVolumeName,
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{
+					SizeLimit: resource.NewScaledQuantity(5, resource.Mega),
+				},
+			},
+		},
 	)
 
 	if len(c.pipelineArgs.ExternalContainerRegistryDefaultAuthSecret) > 0 {
@@ -337,8 +347,8 @@ func (c *buildKitKubeJobProps) getPodContainerVolumeMounts() []corev1.VolumeMoun
 			ReadOnly:  true,
 		},
 		corev1.VolumeMount{
-			Name:      git.BuildHomeVolumeName,
-			MountPath: git.BuildHomeVolumePath, // Writable directory where buildah's auth.json file is stored
+			Name:      buildKitHomeVolumeName,
+			MountPath: buildKitHomePath, // Writable directory where buildah's auth.json file is stored
 			ReadOnly:  false,
 		},
 	)

diff --git a/pipeline-runner/internal/jobs/build/buildkit_test.go b/pipeline-runner/internal/jobs/build/buildkit_test.go
@@ -130,9 +130,10 @@ func assertBuildKitJobSpec(t *testing.T, useCache, pushImage bool, buildSecrets
 				{Name: fmt.Sprintf("tmp-%s", ci.ContainerName), VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
 				{Name: fmt.Sprintf("var-%s", ci.ContainerName), VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
 				{Name: defaults.PrivateImageHubSecretName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: defaults.PrivateImageHubSecretName}}},
-				{Name: git.BuildHomeVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(5, resource.Mega)}}},
+				{Name: "radix-image-builder-home", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(5, resource.Mega)}}},
 				{Name: "build-kit-run", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
 				{Name: "build-kit-root", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
+				{Name: git.CloneRepoHomeVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(5, resource.Mega)}}},
 			}
 			if len(args.ExternalContainerRegistryDefaultAuthSecret) > 0 {
 				expectedVolumes = append(expectedVolumes, corev1.Volume{
@@ -150,13 +151,12 @@ func assertBuildKitJobSpec(t *testing.T, useCache, pushImage bool, buildSecrets
 			assert.ElementsMatch(t, []string{"internal-nslookup", "clone", "internal-chmod"}, slice.Map(job.Spec.Template.Spec.InitContainers, func(c corev1.Container) string { return c.Name }))
 			cloneContainer, _ := slice.FindFirst(job.Spec.Template.Spec.InitContainers, func(c corev1.Container) bool { return c.Name == "clone" })
 			assert.Equal(t, args.GitCloneGitImage, cloneContainer.Image)
-			assert.Equal(t, []string{"sh", "-c", "git config --global --add safe.directory /workspace && git clone --recurse-submodules anycloneurl -b anybranch --verbose --progress /workspace && cd /workspace && if [ -n \"$(git lfs ls-files 2>/dev/null)\" ]; then git lfs install && echo 'Pulling large files...' && git lfs pull && echo 'Done'; fi"},
-				cloneContainer.Command)
+			assert.Equal(t, []string{"sh", "-c", "git config --global --add safe.directory /workspace && git clone --recurse-submodules anycloneurl -b anybranch --verbose --progress /workspace && cd /workspace && if [ -n \"$(git lfs ls-files 2>/dev/null)\" ]; then git lfs install && echo 'Pulling large files...' && git lfs pull && echo 'Done'; fi"}, cloneContainer.Command)
 			assert.Empty(t, cloneContainer.Args)
 			expectedCloneVolumeMounts := []corev1.VolumeMount{
 				{Name: git.BuildContextVolumeName, MountPath: git.Workspace},
 				{Name: git.GitSSHKeyVolumeName, MountPath: "/.ssh", ReadOnly: true},
-				{Name: git.BuildHomeVolumeName, MountPath: git.BuildHomeVolumePath, ReadOnly: false},
+				{Name: git.CloneRepoHomeVolumeName, MountPath: git.CloneRepoHomeVolumePath},
 			}
 			assert.ElementsMatch(t, expectedCloneVolumeMounts, cloneContainer.VolumeMounts)
 
@@ -233,7 +233,7 @@ func assertBuildKitJobSpec(t *testing.T, useCache, pushImage bool, buildSecrets
 				{Name: "build-kit-run", MountPath: "/run", ReadOnly: false},
 				{Name: "build-kit-root", MountPath: "/root", ReadOnly: false},
 				{Name: defaults.PrivateImageHubSecretName, MountPath: "/radix-private-image-hubs", ReadOnly: true},
-				{Name: git.BuildHomeVolumeName, MountPath: git.BuildHomeVolumePath, ReadOnly: false},
+				{Name: "radix-image-builder-home", MountPath: "/home/build", ReadOnly: false},
 			}
 			if len(args.ExternalContainerRegistryDefaultAuthSecret) > 0 {
 				expectedVolumeMounts = append(expectedVolumeMounts, corev1.VolumeMount{Name: args.ExternalContainerRegistryDefaultAuthSecret, MountPath: "/radix-default-external-registry-auth", ReadOnly: true})

diff --git a/pipeline-runner/internal/tekton/tekton.go b/pipeline-runner/internal/tekton/tekton.go
@@ -18,7 +18,6 @@ import (
 	radixlabels "github.com/equinor/radix-operator/pkg/apis/utils/labels"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -98,6 +97,9 @@ func getJobVolumes() []corev1.Volume {
 		{
 			Name: git.BuildContextVolumeName,
 		},
+		{
+			Name: git.CloneRepoHomeVolumeName,
+		},
 		{
 			Name: git.GitSSHKeyVolumeName,
 			VolumeSource: corev1.VolumeSource{
@@ -120,14 +122,6 @@ func getJobVolumes() []corev1.Volume {
 				},
 			},
 		},
-		{
-			Name: git.BuildHomeVolumeName,
-			VolumeSource: corev1.VolumeSource{
-				EmptyDir: &corev1.EmptyDirVolumeSource{
-					SizeLimit: resource.NewScaledQuantity(5, resource.Mega),
-				},
-			},
-		},
 	}
 	return volumes
 }

diff --git a/pkg/apis/utils/git/clone.go b/pkg/apis/utils/git/clone.go
@@ -64,7 +64,7 @@ func CloneInitContainersWithContainerName(sshURL, branch, cloneContainerName str
 			Env: []corev1.EnvVar{
 				{
 					Name:  defaults.HomeEnvironmentVariable,
-					Value: BuildHomeVolumePath,
+					Value: CloneRepoHomeVolumePath,
 				},
 			},
 			VolumeMounts: []corev1.VolumeMount{
@@ -78,8 +78,8 @@ func CloneInitContainersWithContainerName(sshURL, branch, cloneContainerName str
 					ReadOnly:  true,
 				},
 				{
-					Name:      BuildHomeVolumeName,
-					MountPath: BuildHomeVolumePath,
+					Name:      CloneRepoHomeVolumeName,
+					MountPath: CloneRepoHomeVolumePath,
 					ReadOnly:  false,
 				},
 			},

diff --git a/pkg/apis/utils/git/defaults.go b/pkg/apis/utils/git/defaults.go
@@ -16,11 +16,11 @@ const (
 	// BuildContextVolumeName Name of volume to hold build context
 	BuildContextVolumeName = "build-context"
 
-	// BuildHomeVolumeName Name of volume to hold build home folder
-	BuildHomeVolumeName = "builder-home"
+	// CloneRepoHomeVolumeName Name of volume to hold clone repo home folder
+	CloneRepoHomeVolumeName = "builder-home"
 
-	// BuildHomeVolumePath Name of home volume path
-	BuildHomeVolumePath = "/home/builder"
+	// CloneRepoHomeVolumePath Name of home volume path
+	CloneRepoHomeVolumePath = "/home/clone"
 
 	// Workspace Folder to hold the code to build
 	Workspace = "/workspace"