// CreateBuildPod creates a pod that will execute the STI build // TODO: Make the Pod definition configurable func (bs *SourceBuildStrategy) CreateBuildPod(build *buildapi.Build) (*kapi.Pod, error) { data, err := bs.Codec.Encode(build) if err != nil { return nil, fmt.Errorf("failed to encode the Build %s/%s: %v", build.Namespace, build.Name, err) } containerEnv := []kapi.EnvVar{ {Name: "BUILD", Value: string(data)}, {Name: "SOURCE_REPOSITORY", Value: build.Parameters.Source.Git.URI}, {Name: "BUILD_LOGLEVEL", Value: fmt.Sprintf("%d", cmdutil.GetLogLevel())}, } strategy := build.Parameters.Strategy.SourceStrategy if len(strategy.Env) > 0 { mergeTrustedEnvWithoutDuplicates(strategy.Env, &containerEnv) } privileged := true pod := &kapi.Pod{ ObjectMeta: kapi.ObjectMeta{ Name: buildutil.GetBuildPodName(build), Namespace: build.Namespace, Labels: getPodLabels(build), }, Spec: kapi.PodSpec{ ServiceAccount: build.Parameters.ServiceAccount, Containers: []kapi.Container{ { Name: "sti-build", Image: bs.Image, Env: containerEnv, // TODO: run unprivileged https://github.com/projectatomic/atomic-enterprise/issues/662 SecurityContext: &kapi.SecurityContext{ Privileged: &privileged, }, Args: []string{"--loglevel=" + getContainerVerbosity(containerEnv)}, }, }, RestartPolicy: kapi.RestartPolicyNever, }, } pod.Spec.Containers[0].ImagePullPolicy = kapi.PullIfNotPresent pod.Spec.Containers[0].Resources = build.Parameters.Resources setupDockerSocket(pod) setupDockerSecrets(pod, build.Parameters.Output.PushSecret, strategy.PullSecret) setupSourceSecrets(pod, build.Parameters.Source.SourceSecret) return pod, nil }
// CreateBuildPod creates the pod to be used for the Docker build // TODO: Make the Pod definition configurable func (bs *DockerBuildStrategy) CreateBuildPod(build *buildapi.Build) (*kapi.Pod, error) { data, err := bs.Codec.Encode(build) if err != nil { return nil, fmt.Errorf("failed to encode the build: %v", err) } privileged := true strategy := build.Parameters.Strategy.DockerStrategy pod := &kapi.Pod{ ObjectMeta: kapi.ObjectMeta{ Name: buildutil.GetBuildPodName(build), Namespace: build.Namespace, Labels: getPodLabels(build), }, Spec: kapi.PodSpec{ ServiceAccount: build.Parameters.ServiceAccount, Containers: []kapi.Container{ { Name: "docker-build", Image: bs.Image, Env: []kapi.EnvVar{ {Name: "BUILD", Value: string(data)}, }, Args: []string{"--loglevel=" + fmt.Sprintf("%d", cmdutil.GetLogLevel())}, // TODO: run unprivileged https://github.com/projectatomic/atomic-enterprise/issues/662 SecurityContext: &kapi.SecurityContext{ Privileged: &privileged, }, }, }, RestartPolicy: kapi.RestartPolicyNever, }, } pod.Spec.Containers[0].ImagePullPolicy = kapi.PullIfNotPresent pod.Spec.Containers[0].Resources = build.Parameters.Resources setupDockerSocket(pod) setupDockerSecrets(pod, build.Parameters.Output.PushSecret, strategy.PullSecret) setupSourceSecrets(pod, build.Parameters.Source.SourceSecret) return pod, nil }