Tmp volumes are separated til each build container (#1107)

equinor · May 3, 2024 · 78f167f · 78f167f
1 parent 27f4d17
commit 78f167f
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 19 deletions.
diff --git a/charts/radix-operator/Chart.yaml b/charts/radix-operator/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: radix-operator
-version: 1.32.2
-appVersion: 1.52.2
+version: 1.32.3
+appVersion: 1.52.3
 kubeVersion: ">=1.24.0"
 description: Radix Operator
 keywords:

diff --git a/pipeline-runner/steps/build_acr.go b/pipeline-runner/steps/build_acr.go
@@ -32,7 +32,6 @@ const (
 	azureServicePrincipleContext    = "/radix-image-builder/.azure"
 	RadixImageBuilderHomeVolumeName = "radix-image-builder-home"
 	BuildKitRunVolumeName           = "build-kit-run"
-	RadixImageBuilderTmpVolumeName  = "radix-image-builder-tmp"
 )
 
 func (step *BuildStepImplementation) buildContainerImageBuildingJobs(pipelineInfo *model.PipelineInfo, buildSecrets []corev1.EnvVar) ([]*batchv1.Job, error) {
@@ -122,7 +121,7 @@ func buildContainerImageBuildingJob(rr *v1.RadixRegistration, pipelineInfo *mode
 					InitContainers:  initContainers,
 					Containers:      buildContainers,
 					SecurityContext: buildPodSecurityContext,
-					Volumes:         getContainerImageBuildingJobVolumes(&defaultMode, buildSecrets, isUsingBuildKit(pipelineInfo)),
+					Volumes:         getContainerImageBuildingJobVolumes(&defaultMode, buildSecrets, isUsingBuildKit(pipelineInfo), buildContainers),
 					Affinity:        utils.GetPipelineJobPodSpecAffinity(),
 					Tolerations:     utils.GetPipelineJobPodSpecTolerations(),
 				},
@@ -132,7 +131,7 @@ func buildContainerImageBuildingJob(rr *v1.RadixRegistration, pipelineInfo *mode
 	return job
 }
 
-func getContainerImageBuildingJobVolumes(defaultMode *int32, buildSecrets []corev1.EnvVar, isUsingBuildKit bool) []corev1.Volume {
+func getContainerImageBuildingJobVolumes(defaultMode *int32, buildSecrets []corev1.EnvVar, isUsingBuildKit bool, containers []corev1.Container) []corev1.Volume {
 	volumes := []corev1.Volume{
 		{
 			Name: git.BuildContextVolumeName,
@@ -163,21 +162,25 @@ func getContainerImageBuildingJobVolumes(defaultMode *int32, buildSecrets []core
 			},
 		},
 		{
-			Name: RadixImageBuilderTmpVolumeName,
+			Name: RadixImageBuilderHomeVolumeName,
 			VolumeSource: corev1.VolumeSource{
 				EmptyDir: &corev1.EmptyDirVolumeSource{
-					SizeLimit: resource.NewScaledQuantity(100, resource.Giga),
+					SizeLimit: resource.NewScaledQuantity(5, resource.Mega),
 				},
 			},
 		},
-		{
-			Name: RadixImageBuilderHomeVolumeName,
+	}
+
+	for _, container := range containers {
+		volumes = append(volumes, corev1.Volume{
+			Name: getTmpVolumeNameForContainer(container.Name),
 			VolumeSource: corev1.VolumeSource{
 				EmptyDir: &corev1.EmptyDirVolumeSource{
-					SizeLimit: resource.NewScaledQuantity(5, resource.Mega),
+					SizeLimit: resource.NewScaledQuantity(100, resource.Giga),
 				},
 			},
 		},
+		)
 	}
 
 	if len(buildSecrets) > 0 {
@@ -237,7 +240,7 @@ func createContainerImageBuildingContainers(appName string, pipelineInfo *model.
 			Command:         command,
 			ImagePullPolicy: corev1.PullAlways,
 			Env:             envVars,
-			VolumeMounts:    getContainerImageBuildingJobVolumeMounts(buildSecrets, isUsingBuildKit(pipelineInfo)),
+			VolumeMounts:    getContainerImageBuildingJobVolumeMounts(buildSecrets, isUsingBuildKit(pipelineInfo), componentImage.ContainerName),
 			SecurityContext: buildContainerSecContext,
 			Resources:       resources,
 		}
@@ -414,7 +417,7 @@ func getStandardEnvVars(appName string, pipelineInfo *model.PipelineInfo, compon
 	return envVars
 }
 
-func getContainerImageBuildingJobVolumeMounts(buildSecrets []corev1.EnvVar, isUsingBuildKit bool) []corev1.VolumeMount {
+func getContainerImageBuildingJobVolumeMounts(buildSecrets []corev1.EnvVar, isUsingBuildKit bool, containerName string) []corev1.VolumeMount {
 	volumeMounts := []corev1.VolumeMount{
 		{
 			Name:      git.BuildContextVolumeName,
@@ -430,7 +433,7 @@ func getContainerImageBuildingJobVolumeMounts(buildSecrets []corev1.EnvVar, isUs
 	if isUsingBuildKit {
 		volumeMounts = append(volumeMounts, []corev1.VolumeMount{
 			{
-				Name:      RadixImageBuilderTmpVolumeName, // image-builder creates files there
+				Name:      getTmpVolumeNameForContainer(containerName), // image-builder creates files there
 				MountPath: "/var/tmp",
 				ReadOnly:  false,
 			},
@@ -453,7 +456,7 @@ func getContainerImageBuildingJobVolumeMounts(buildSecrets []corev1.EnvVar, isUs
 	} else {
 		volumeMounts = append(volumeMounts, []corev1.VolumeMount{
 			{
-				Name:      RadixImageBuilderTmpVolumeName, // image-builder creates a script there
+				Name:      getTmpVolumeNameForContainer(containerName), // image-builder creates a script there
 				MountPath: "/tmp",
 				ReadOnly:  false,
 			},
@@ -476,6 +479,10 @@ func getContainerImageBuildingJobVolumeMounts(buildSecrets []corev1.EnvVar, isUs
 	return volumeMounts
 }
 
+func getTmpVolumeNameForContainer(containerName string) string {
+	return fmt.Sprintf("tmp-%s", containerName)
+}
+
 func getBuildahContainerCommand(containerImageRegistry, secretArgsString string, componentImage pipeline.BuildComponentImage, clusterTypeImageTag, clusterNameImageTag, cacheContainerImageRegistry, cacheImagePath string, useBuildCache, pushImage bool) []string {
 	commandList := commandbuilder.NewCommandList()
 	commandList.AddStrCmd("cp %s %s", path.Join(privateImageHubMountPath, ".dockerconfigjson"), buildahRegistryAuthFile)

diff --git a/pipeline-runner/steps/build_test.go b/pipeline-runner/steps/build_test.go
@@ -164,8 +164,8 @@ func (s *buildTestSuite) Test_BuildDeploy_JobSpecAndDeploymentConsistent() {
 		{Name: git.GitSSHKeyVolumeName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: git.GitSSHKeyVolumeName, DefaultMode: pointers.Ptr[int32](256)}}},
 		{Name: defaults.AzureACRServicePrincipleSecretName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: defaults.AzureACRServicePrincipleSecretName}}},
 		{Name: defaults.PrivateImageHubSecretName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: defaults.PrivateImageHubSecretName}}},
-		{Name: steps.RadixImageBuilderTmpVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
 		{Name: steps.RadixImageBuilderHomeVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(5, resource.Mega)}}},
+		{Name: "tmp-build-c1-dev", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
 	}
 	s.ElementsMatch(expectedVolumes, job.Spec.Template.Spec.Volumes)
 
@@ -190,8 +190,8 @@ func (s *buildTestSuite) Test_BuildDeploy_JobSpecAndDeploymentConsistent() {
 	expectedBuildVolumeMounts := []corev1.VolumeMount{
 		{Name: git.BuildContextVolumeName, MountPath: git.Workspace},
 		{Name: defaults.AzureACRServicePrincipleSecretName, MountPath: "/radix-image-builder/.azure", ReadOnly: true},
-		{Name: steps.RadixImageBuilderTmpVolumeName, MountPath: "/tmp", ReadOnly: false},
 		{Name: steps.RadixImageBuilderHomeVolumeName, MountPath: "/home/radix-image-builder", ReadOnly: false},
+		{Name: "tmp-build-c1-dev", MountPath: "/tmp", ReadOnly: false},
 	}
 	s.ElementsMatch(expectedBuildVolumeMounts, job.Spec.Template.Spec.Containers[0].VolumeMounts)
 	expectedEnv := []corev1.EnvVar{
@@ -1455,7 +1455,7 @@ func (s *buildTestSuite) Test_BuildJobSpec_BuildKit() {
 	expectedVolumeMounts := []corev1.VolumeMount{
 		{Name: git.BuildContextVolumeName, MountPath: git.Workspace, ReadOnly: false},
 		{Name: defaults.AzureACRServicePrincipleSecretName, MountPath: "/radix-image-builder/.azure", ReadOnly: true},
-		{Name: steps.RadixImageBuilderTmpVolumeName, MountPath: "/var/tmp", ReadOnly: false},
+		{Name: "tmp-build-c1-dev", MountPath: "/var/tmp", ReadOnly: false},
 		{Name: steps.BuildKitRunVolumeName, MountPath: "/run", ReadOnly: false},
 		{Name: defaults.PrivateImageHubSecretName, MountPath: "/radix-private-image-hubs", ReadOnly: true},
 		{Name: steps.RadixImageBuilderHomeVolumeName, MountPath: "/home/build", ReadOnly: false},
@@ -1581,8 +1581,8 @@ func (s *buildTestSuite) Test_BuildJobSpec_BuildKit_WithBuildSecrets() {
 		{Name: git.GitSSHKeyVolumeName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: git.GitSSHKeyVolumeName, DefaultMode: pointers.Ptr[int32](256)}}},
 		{Name: defaults.AzureACRServicePrincipleSecretName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: defaults.AzureACRServicePrincipleSecretName}}},
 		{Name: defaults.PrivateImageHubSecretName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: defaults.PrivateImageHubSecretName}}},
-		{Name: steps.RadixImageBuilderTmpVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
 		{Name: steps.RadixImageBuilderHomeVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(5, resource.Mega)}}},
+		{Name: "tmp-build-c1-dev", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
 		{Name: defaults.BuildSecretsName, VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: defaults.BuildSecretsName}}},
 		{Name: steps.BuildKitRunVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{SizeLimit: resource.NewScaledQuantity(100, resource.Giga)}}},
 	}
@@ -1592,7 +1592,7 @@ func (s *buildTestSuite) Test_BuildJobSpec_BuildKit_WithBuildSecrets() {
 	expectedVolumeMounts := []corev1.VolumeMount{
 		{Name: git.BuildContextVolumeName, MountPath: git.Workspace, ReadOnly: false},
 		{Name: defaults.AzureACRServicePrincipleSecretName, MountPath: "/radix-image-builder/.azure", ReadOnly: true},
-		{Name: steps.RadixImageBuilderTmpVolumeName, MountPath: "/var/tmp", ReadOnly: false},
+		{Name: "tmp-build-c1-dev", MountPath: "/var/tmp", ReadOnly: false},
 		{Name: steps.BuildKitRunVolumeName, MountPath: "/run", ReadOnly: false},
 		{Name: defaults.PrivateImageHubSecretName, MountPath: "/radix-private-image-hubs", ReadOnly: true},
 		{Name: steps.RadixImageBuilderHomeVolumeName, MountPath: "/home/build", ReadOnly: false},