Update kshell to manage the pod itself so I can use registry pull secrets to use my harbor pull-through cache.

2023-07-14 15:33:44 -04:00 · 2023-07-14 15:33:44 -04:00 · a025770fe7
commit a025770fe7
parent 6bde027c48
1 changed files with 100 additions and 21 deletions
--- a/ansible/roles/kubernetes/files/kshell
+++ b/ansible/roles/kubernetes/files/kshell
@ -4,27 +4,106 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

-: ${cpu:="500m"}
-: ${memory:="2Gi"}
+############## Setup #########################

-overrides=""
-if [ ! -z "${highmem:-}" ]; then
-    overrides=$(jq --compact-output '.' <<EOF
-{
-  "spec": {
-    "tolerations": [
-      {
-        "key": "dedicated",
-        "operator": "Equal",
-        "value": "background-highmem",
-        "effect": "NoSchedule"
-      }
-    ],
-    "nodeSelector": {"dedicated": "background-highmem"}
-  }
+function cleanup {
+    for f in "${pods[@]}"; do
+        log "Deleting $f"
+        kubectl delete pod --force=true --grace-period=0 --namespace homepage "$f"
+    done
 }
-EOF
-)
-fi
+pods=()
+for sig in EXIT INT QUIT HUP TERM; do
+  trap "set +e; cleanup" "$sig"
+done

-exec kubectl run --rm -i -t --image alpine:3.13 --overrides="$overrides" --requests "cpu=$cpu,memory=$memory" --limits "cpu=$cpu,memory=$memory" --pod-running-timeout 10m "tom-$(uuidgen | cut -d '-' -f 1)" -- /bin/sh "$@"
+function die {
+    local status_code="$1"
+    shift
+    (>&2 echo "${@}")
+    exit "$status_code"
+}
+
+function log {
+    (>&2 echo "${@}")
+}
+
+############## Program #########################
+
+function main {
+    local pod_name="tom-$(uuidgen | cut -d '-' -f 1)"
+    pods+=("$pod_name")
+    create_pod "$pod_name"
+    kubectl wait pods -n homepage "$pod_name" --for condition=Ready --timeout=90s
+    kubectl exec -i -t --namespace homepage "$pod_name" -- "${@}"
+}
+
+function create_pod {
+    local pod_name="$1"
+    kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: $pod_name
+  name: $pod_name
+  namespace: homepage
+spec:
+  imagePullSecrets:
+    - name: registry-credentials
+  containers:
+  - args:
+    - /bin/sleep
+    - infinity
+    image: harbor.fizz.buzz/dockerhub/library/alpine:3.18
+    imagePullPolicy: IfNotPresent
+    name: $pod_name
+    stdin: true
+    stdinOnce: true
+    terminationMessagePath: /dev/termination-log
+    terminationMessagePolicy: File
+    tty: true
+    volumeMounts:
+    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+      name: kube-api-access-hskj7
+      readOnly: true
+  # serviceAccount: default
+  # serviceAccountName: default
+  terminationGracePeriodSeconds: 30
+  tolerations:
+  - effect: NoExecute
+    key: node.kubernetes.io/not-ready
+    operator: Exists
+    tolerationSeconds: 300
+  - effect: NoExecute
+    key: node.kubernetes.io/unreachable
+    operator: Exists
+    tolerationSeconds: 300
+  volumes:
+  - name: kube-api-access-hskj7
+    projected:
+      defaultMode: 420
+      sources:
+      - serviceAccountToken:
+          expirationSeconds: 3607
+          path: token
+      - configMap:
+          items:
+          - key: ca.crt
+            path: ca.crt
+          name: kube-root-ca.crt
+      - downwardAPI:
+          items:
+          - fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+            path: namespace
+EOF
+}
+
+function delete_pod {
+    local pod_name="$1"
+    kubectl delete pod --force=true --grace-period=0 --namespace homepage "$pod_name"
+}
+
+main "$@"