From 73a9346d20cd8aefd2b9949c1321c5754ad731ad Mon Sep 17 00:00:00 2001 From: Pavel Busko Date: Wed, 16 Oct 2024 11:53:31 +0200 Subject: [PATCH] extract job-task-runner to a standalone deployment --- HACKING.md | 45 ++++++++ controllers/Dockerfile | 1 - controllers/config/config.go | 12 --- controllers/config/config_test.go | 47 -------- .../controllers/workloads/orgs/controller.go | 2 + controllers/main.go | 21 ---- helm/korifi/controllers/configmap.yaml | 4 - helm/korifi/controllers/role.yaml | 8 ++ helm/korifi/job-task-runner/deployment.yaml | 72 +++++++++++++ helm/korifi/job-task-runner/rbac.yaml | 37 +++++++ helm/korifi/job-task-runner/service.yaml | 18 ++++ helm/korifi/values.yaml | 9 +- job-task-runner/Dockerfile | 32 ++++++ job-task-runner/main.go | 101 ++++++++++++++++++ job-task-runner/remote-debug/Dockerfile | 35 ++++++ scripts/assets/kind-config.yaml | 9 ++ scripts/assets/korifi-debug-kbld.yml | 6 ++ scripts/assets/korifi-kbld.yml | 6 ++ scripts/deploy-on-kind.sh | 7 +- 19 files changed, 382 insertions(+), 90 deletions(-) create mode 100644 helm/korifi/job-task-runner/deployment.yaml create mode 100644 helm/korifi/job-task-runner/rbac.yaml create mode 100644 helm/korifi/job-task-runner/service.yaml create mode 100644 job-task-runner/Dockerfile create mode 100644 job-task-runner/main.go create mode 100644 job-task-runner/remote-debug/Dockerfile diff --git a/HACKING.md b/HACKING.md index d183b02ed..7f2497c79 100644 --- a/HACKING.md +++ b/HACKING.md @@ -96,6 +96,51 @@ A sample VSCode `launch.json` configuration is provided below: ], "host": "localhost", "port": 30052 + }, + { + "name": "Attach to Debug Job Task Runner on Kind", + "type": "go", + "debugAdapter": "dlv-dap", + "request": "attach", + "mode": "remote", + "substitutePath": [ + { + "from": "${workspaceFolder}", + "to": "/workspace" + } + ], + "host": "localhost", + "port": 30053 + }, + { + "name": "Attach to Debug Kpack Image Builder on Kind", + "type": "go", + "debugAdapter": "dlv-dap", + "request": "attach", + "mode": "remote", + "substitutePath": [ + { + "from": "${workspaceFolder}", + "to": "/workspace" + } + ], + "host": "localhost", + "port": 30054 + }, + { + "name": "Attach to Debug Statefulset Runner on Kind", + "type": "go", + "debugAdapter": "dlv-dap", + "request": "attach", + "mode": "remote", + "substitutePath": [ + { + "from": "${workspaceFolder}", + "to": "/workspace" + } + ], + "host": "localhost", + "port": 30055 } ] } diff --git a/controllers/Dockerfile b/controllers/Dockerfile index bd0cde1a5..45bd00135 100644 --- a/controllers/Dockerfile +++ b/controllers/Dockerfile @@ -13,7 +13,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \ COPY model model COPY controllers controllers COPY kpack-image-builder kpack-image-builder -COPY job-task-runner job-task-runner COPY statefulset-runner statefulset-runner COPY tools tools COPY version version diff --git a/controllers/config/config.go b/controllers/config/config.go index 348d650ca..df959026d 100644 --- a/controllers/config/config.go +++ b/controllers/config/config.go @@ -11,7 +11,6 @@ import ( type ControllerConfig struct { // components IncludeKpackImageBuilder bool `yaml:"includeKpackImageBuilder"` - IncludeJobTaskRunner bool `yaml:"includeJobTaskRunner"` IncludeStatefulsetRunner bool `yaml:"includeStatefulsetRunner"` // core controllers @@ -29,9 +28,6 @@ type ControllerConfig struct { LogLevel zapcore.Level `yaml:"logLevel"` SpaceFinalizerAppDeletionTimeout *int32 `yaml:"spaceFinalizerAppDeletionTimeout"` - // job-task-runner - JobTTL string `yaml:"jobTTL"` - // kpack-image-builder ClusterBuilderName string `yaml:"clusterBuilderName"` BuilderServiceAccount string `yaml:"builderServiceAccount"` @@ -110,11 +106,3 @@ func (c ControllerConfig) ParseTaskTTL() (time.Duration, error) { func (c ControllerConfig) ParseBuilderReadinessTimeout() (time.Duration, error) { return tools.ParseDuration(c.BuilderReadinessTimeout) } - -func (c ControllerConfig) ParseJobTTL() (time.Duration, error) { - if c.JobTTL == "" { - return defaultJobTTL, nil - } - - return tools.ParseDuration(c.JobTTL) -} diff --git a/controllers/config/config_test.go b/controllers/config/config_test.go index 5a9c2c139..f90b7e9ff 100644 --- a/controllers/config/config_test.go +++ b/controllers/config/config_test.go @@ -45,7 +45,6 @@ var _ = Describe("LoadFromPath", func() { TaskTTL: "taskTTL", BuilderName: "buildReconciler", RunnerName: "statefulset-runner", - JobTTL: "jobTTL", LogLevel: zapcore.DebugLevel, SpaceFinalizerAppDeletionTimeout: tools.PtrTo(int32(42)), Networking: config.Networking{ @@ -89,7 +88,6 @@ var _ = Describe("LoadFromPath", func() { RunnerName: "statefulset-runner", NamespaceLabels: map[string]string{}, ExtraVCAPApplicationValues: map[string]any{}, - JobTTL: "jobTTL", LogLevel: zapcore.DebugLevel, SpaceFinalizerAppDeletionTimeout: tools.PtrTo(int32(42)), Networking: config.Networking{ @@ -187,48 +185,3 @@ var _ = Describe("ParseTaskTTL", func() { }) }) }) - -var _ = Describe("ParseJobTTL", func() { - var ( - jobTTL time.Duration - parseErr error - jobTTLStr string - ) - - BeforeEach(func() { - jobTTLStr = "" - }) - - JustBeforeEach(func() { - cfg := config.ControllerConfig{ - JobTTL: jobTTLStr, - } - jobTTL, parseErr = cfg.ParseJobTTL() - }) - - It("return 30 days by default", func() { - Expect(parseErr).NotTo(HaveOccurred()) - Expect(jobTTL).To(Equal(24 * time.Hour)) - }) - - When("jobTTL is something parseable by tools.ParseDuration", func() { - BeforeEach(func() { - jobTTLStr = "5d12h" - }) - - It("parses ok", func() { - Expect(parseErr).NotTo(HaveOccurred()) - Expect(jobTTL).To(Equal(5*24*time.Hour + 12*time.Hour)) - }) - }) - - When("entering something that cannot be parsed", func() { - BeforeEach(func() { - jobTTLStr = "foreva" - }) - - It("returns an error", func() { - Expect(parseErr).To(HaveOccurred()) - }) - }) -}) diff --git a/controllers/controllers/workloads/orgs/controller.go b/controllers/controllers/workloads/orgs/controller.go index 9f0e74530..dd2450904 100644 --- a/controllers/controllers/workloads/orgs/controller.go +++ b/controllers/controllers/workloads/orgs/controller.go @@ -118,6 +118,8 @@ func (r *Reconciler) enqueueCFOrgRequests(ctx context.Context, object client.Obj //+kubebuilder:rbac:groups="metrics.k8s.io",resources=pods,verbs=get;list;watch //+kubebuilder:rbac:groups="policy",resources=poddisruptionbudgets,verbs=create;deletecollection //+kubebuilder:rbac:groups="policy",resources=podsecuritypolicies,verbs=use +//+kubebuilder:rbac:groups=korifi.cloudfoundry.org,resources=runnerinfos,verbs=get;list;watch;create;patch;delete +//+kubebuilder:rbac:groups=korifi.cloudfoundry.org,resources=runnerinfos/status,verbs=get;patch func (r *Reconciler) ReconcileResource(ctx context.Context, cfOrg *korifiv1alpha1.CFOrg) (ctrl.Result, error) { nsReconcileResult, err := r.namespaceReconciler.ReconcileResource(ctx, cfOrg) diff --git a/controllers/main.go b/controllers/main.go index a62eaffa6..141115360 100644 --- a/controllers/main.go +++ b/controllers/main.go @@ -60,7 +60,6 @@ import ( packageswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/packages" spaceswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/spaces" taskswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/tasks" - jobtaskrunnercontrollers "code.cloudfoundry.org/korifi/job-task-runner/controllers" "code.cloudfoundry.org/korifi/kpack-image-builder/controllers" kpackimagebuilderfinalizer "code.cloudfoundry.org/korifi/kpack-image-builder/controllers/webhooks/finalizer" statefulsetcontrollers "code.cloudfoundry.org/korifi/statefulset-runner/controllers" @@ -380,26 +379,6 @@ func main() { } } - if controllerConfig.IncludeJobTaskRunner { - var jobTTL time.Duration - jobTTL, err = controllerConfig.ParseJobTTL() - if err != nil { - panic(err) - } - - taskWorkloadReconciler := jobtaskrunnercontrollers.NewTaskWorkloadReconciler( - controllersLog, - mgr.GetClient(), - mgr.GetScheme(), - jobtaskrunnercontrollers.NewStatusGetter(mgr.GetClient()), - jobTTL, - ) - if err = taskWorkloadReconciler.SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "TaskWorkload") - os.Exit(1) - } - } - if controllerConfig.IncludeStatefulsetRunner { if err = statefulsetcontrollers.NewAppWorkloadReconciler( mgr.GetClient(), diff --git a/helm/korifi/controllers/configmap.yaml b/helm/korifi/controllers/configmap.yaml index 562578be0..13adabd66 100644 --- a/helm/korifi/controllers/configmap.yaml +++ b/helm/korifi/controllers/configmap.yaml @@ -6,7 +6,6 @@ metadata: data: config.yaml: |- includeKpackImageBuilder: {{ .Values.kpackImageBuilder.include }} - includeJobTaskRunner: {{ .Values.jobTaskRunner.include }} includeStatefulsetRunner: {{ .Values.statefulsetRunner.include }} builderName: {{ .Values.reconcilers.build }} runnerName: {{ .Values.reconcilers.run }} @@ -51,9 +50,6 @@ data: containerRegistryType: "ECR" {{- end }} {{- end }} - {{- if .Values.jobTaskRunner.include }} - jobTTL: {{ required "jobTTL is required" .Values.jobTaskRunner.jobTTL }} - {{- end }} networking: gatewayNamespace: {{ .Release.Namespace }}-gateway gatewayName: korifi diff --git a/helm/korifi/controllers/role.yaml b/helm/korifi/controllers/role.yaml index 22e45c152..aa0436f81 100644 --- a/helm/korifi/controllers/role.yaml +++ b/helm/korifi/controllers/role.yaml @@ -186,6 +186,7 @@ rules: - korifi.cloudfoundry.org resources: - cfdomains + - runnerinfos - taskworkloads verbs: - create @@ -215,6 +216,13 @@ rules: - patch - update - watch +- apiGroups: + - korifi.cloudfoundry.org + resources: + - runnerinfos/status + verbs: + - get + - patch - apiGroups: - kpack.io resources: diff --git a/helm/korifi/job-task-runner/deployment.yaml b/helm/korifi/job-task-runner/deployment.yaml new file mode 100644 index 000000000..c41072ea3 --- /dev/null +++ b/helm/korifi/job-task-runner/deployment.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: job-task-runner + name: job-task-runner-controller-manager + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.jobTaskRunner.replicas }} + selector: + matchLabels: + app: job-task-runner + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + prometheus.io/path: /metrics + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: job-task-runner + spec: + containers: + - name: manager + image: {{ .Values.jobTaskRunner.image }} +{{- if .Values.debug }} + command: + - "/dlv" + args: + - "--listen=:40000" + - "--headless=true" + - "--api-version=2" + - "exec" + - "/manager" + - "--continue" + - "--accept-multiclient" + - "--" + - "--health-probe-bind-address=:8081" + - "--leader-elect" + - "--ttl={{ required "jobTTL is required" .Values.jobTaskRunner.jobTTL }}" + - "--add-seccomp-profile={{ .Values.jobTaskRunner.temporarySetPodSeccompProfile }}" +{{- else }} + args: + - --health-probe-bind-address=:8081 + - --leader-elect + - --ttl={{ required "jobTTL is required" .Values.jobTaskRunner.jobTTL }} + - --add-seccomp-profile={{ .Values.jobTaskRunner.temporarySetPodSeccompProfile }} +{{- end }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + {{- .Values.jobTaskRunner.resources | toYaml | nindent 10 }} + {{- include "korifi.securityContext" . | indent 8 }} + {{- include "korifi.podSecurityContext" . | indent 6 }} + serviceAccountName: job-task-runner-controller-manager +{{- if .Values.jobTaskRunner.nodeSelector }} + nodeSelector: + {{ toYaml .Values.jobTaskRunner.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.jobTaskRunner.tolerations }} + tolerations: + {{- toYaml .Values.jobTaskRunner.tolerations | nindent 8 }} +{{- end }} + terminationGracePeriodSeconds: 10 diff --git a/helm/korifi/job-task-runner/rbac.yaml b/helm/korifi/job-task-runner/rbac.yaml new file mode 100644 index 000000000..b860e0e5d --- /dev/null +++ b/helm/korifi/job-task-runner/rbac.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: job-task-runner-controller-manager + namespace: {{ .Release.Namespace }} +imagePullSecrets: +{{- range .Values.systemImagePullSecrets }} +- name: {{ . | quote }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: job-task-runner-leader-election-rolebinding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: korifi-controllers-leader-election-role +subjects: +- kind: ServiceAccount + name: job-task-runner-controller-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: job-task-runner-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: korifi-job-task-runner-taskworkload-manager-role +subjects: +- kind: ServiceAccount + name: job-task-runner-controller-manager + namespace: {{ .Release.Namespace }} diff --git a/helm/korifi/job-task-runner/service.yaml b/helm/korifi/job-task-runner/service.yaml new file mode 100644 index 000000000..217a4b389 --- /dev/null +++ b/helm/korifi/job-task-runner/service.yaml @@ -0,0 +1,18 @@ +--- +{{- if .Values.debug }} +apiVersion: v1 +kind: Service +metadata: + name: job-task-runner-debug-port + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: debug-30053 + nodePort: 30053 + port: 30053 + protocol: TCP + targetPort: 40000 + selector: + app: job-task-runner + type: NodePort +{{- end }} diff --git a/helm/korifi/values.yaml b/helm/korifi/values.yaml index 932d4c0b3..935fce330 100644 --- a/helm/korifi/values.yaml +++ b/helm/korifi/values.yaml @@ -122,14 +122,15 @@ statefulsetRunner: jobTaskRunner: include: true + image: cloudfoundry/job-task-runner:latest replicas: 1 resources: limits: - cpu: 500m - memory: 128Mi + cpu: 1000m + memory: 1Gi requests: - cpu: 10m - memory: 64Mi + cpu: 50m + memory: 100Mi jobTTL: 24h diff --git a/job-task-runner/Dockerfile b/job-task-runner/Dockerfile new file mode 100644 index 000000000..145f3598e --- /dev/null +++ b/job-task-runner/Dockerfile @@ -0,0 +1,32 @@ +# syntax = docker/dockerfile:experimental +FROM golang:1.23 as builder + +ARG version=dev + +WORKDIR /workspace + +COPY go.mod go.sum ./ + +RUN --mount=type=cache,target=/go/pkg/mod \ + go mod download + +COPY api api +COPY controllers controllers +COPY job-task-runner job-task-runner +COPY model model +COPY tools tools +COPY version version + +RUN --mount=type=cache,target=/root/.cache/go-build \ + --mount=type=cache,target=/go/pkg/mod \ + CGO_ENABLED=0 GOOS=linux go build -ldflags "-X code.cloudfoundry.org/korifi/version.Version=${version}" -o manager job-task-runner/main.go + +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot + +WORKDIR / +COPY --from=builder /workspace/manager . +USER 65532:65532 + +ENTRYPOINT ["/manager"] diff --git a/job-task-runner/main.go b/job-task-runner/main.go new file mode 100644 index 000000000..b0a31550c --- /dev/null +++ b/job-task-runner/main.go @@ -0,0 +1,101 @@ +package main + +import ( + "flag" + "fmt" + "os" + + korifiv1alpha1 "code.cloudfoundry.org/korifi/controllers/api/v1alpha1" + jobtaskcontrollers "code.cloudfoundry.org/korifi/job-task-runner/controllers" + "code.cloudfoundry.org/korifi/tools" + "go.uber.org/zap/zapcore" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + "k8s.io/klog/v2" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + + "k8s.io/apimachinery/pkg/runtime" +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + utilruntime.Must(korifiv1alpha1.AddToScheme(scheme)) +} + +func main() { + var ( + metricsAddr string + enableLeaderElection bool + probeAddr string + ttl string + addSeccompProfile bool + ) + + flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.StringVar(&ttl, "ttl", "24h", "The time to live for a task job.") + flag.BoolVar(&addSeccompProfile, "add-seccomp-profile", false, "Add temporary seccomp profile to the task job.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + flag.Parse() + + logger, _, err := tools.NewZapLogger(zapcore.InfoLevel) + if err != nil { + panic(fmt.Sprintf("error creating new zap logger: %v", err)) + } + + ctrl.SetLogger(logger) + klog.SetLogger(ctrl.Log) + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + Metrics: metricsserver.Options{ + BindAddress: metricsAddr, + }, + HealthProbeBindAddress: probeAddr, + LeaderElection: enableLeaderElection, + LeaderElectionID: "13c300bs.cloudfoundry.org", + }) + if err != nil { + setupLog.Error(err, "unable to initialize manager") + os.Exit(1) + } + + jobTTL, err := tools.ParseDuration(ttl) + if err != nil { + setupLog.Error(err, "unable to parse job TTL", "ttl", ttl) + os.Exit(1) + } + + controllersLog := ctrl.Log.WithName("controllers") + if err = jobtaskcontrollers.NewTaskWorkloadReconciler( + controllersLog, + mgr.GetClient(), + mgr.GetScheme(), + jobtaskcontrollers.NewStatusGetter(mgr.GetClient()), + jobTTL, + addSeccompProfile, + ).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "TaskWorkload") + os.Exit(1) + } + + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up health check") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/job-task-runner/remote-debug/Dockerfile b/job-task-runner/remote-debug/Dockerfile new file mode 100644 index 000000000..e66fe63aa --- /dev/null +++ b/job-task-runner/remote-debug/Dockerfile @@ -0,0 +1,35 @@ +# syntax = docker/dockerfile:experimental +FROM golang:1.23 as builder + +ARG version=dev + +WORKDIR /workspace + +COPY go.mod go.sum ./ + +RUN --mount=type=cache,target=/go/pkg/mod \ + go mod download + +COPY api api +COPY controllers controllers +COPY job-task-runner job-task-runner +COPY model model +COPY tools tools +COPY version version + +RUN --mount=type=cache,target=/root/.cache/go-build \ + --mount=type=cache,target=/go/pkg/mod \ + CGO_ENABLED=0 GOOS=linux go build -ldflags "-X code.cloudfoundry.org/korifi/version.Version=${version}" -gcflags=all="-N -l" -o manager job-task-runner/main.go + +# Get Delve from a GOPATH not from a Go Modules project +WORKDIR /go/src/ +RUN go install github.com/go-delve/delve/cmd/dlv@latest + +FROM ubuntu + +WORKDIR / +COPY --from=builder /workspace/manager . +COPY --from=builder /go/bin/dlv . +EXPOSE 8080 8081 9443 40000 + +CMD ["/dlv", "--listen=:40000", "--headless=true", "--api-version=2", "exec", "/manager", "--continue", "--accept-multiclient"] diff --git a/scripts/assets/kind-config.yaml b/scripts/assets/kind-config.yaml index 74915116e..d495c045d 100644 --- a/scripts/assets/kind-config.yaml +++ b/scripts/assets/kind-config.yaml @@ -27,3 +27,12 @@ nodes: - containerPort: 30052 hostPort: 30052 protocol: TCP + - containerPort: 30053 + hostPort: 30053 + protocol: TCP + - containerPort: 30054 + hostPort: 30054 + protocol: TCP + - containerPort: 30055 + hostPort: 30055 + protocol: TCP diff --git a/scripts/assets/korifi-debug-kbld.yml b/scripts/assets/korifi-debug-kbld.yml index 588202340..ef6cb7425 100644 --- a/scripts/assets/korifi-debug-kbld.yml +++ b/scripts/assets/korifi-debug-kbld.yml @@ -13,3 +13,9 @@ sources: docker: buildx: file: controllers/remote-debug/Dockerfile + +- image: cloudfoundry/job-task-runner:latest + path: . + docker: + buildx: + file: job-task-runner/remote-debug/Dockerfile diff --git a/scripts/assets/korifi-kbld.yml b/scripts/assets/korifi-kbld.yml index 132aa5f73..06132be00 100644 --- a/scripts/assets/korifi-kbld.yml +++ b/scripts/assets/korifi-kbld.yml @@ -13,3 +13,9 @@ sources: docker: buildx: file: controllers/Dockerfile + +- image: cloudfoundry/job-task-runner:latest + path: . + docker: + buildx: + file: job-task-runner/Dockerfile diff --git a/scripts/deploy-on-kind.sh b/scripts/deploy-on-kind.sh index 27c9162f9..7f63db795 100755 --- a/scripts/deploy-on-kind.sh +++ b/scripts/deploy-on-kind.sh @@ -189,7 +189,7 @@ function deploy_korifi() { helm upgrade --install korifi helm/korifi \ --namespace korifi \ --values="$values_file" \ - --set=adminUserName="cf-admin" \ + --set=adminUserName="kubernetes-admin" \ --set=defaultAppDomainName="apps-127-0-0-1.nip.io" \ --set=generateIngressCertificates="true" \ --set=logLevel="debug" \ @@ -216,6 +216,11 @@ function create_namespaces() { local security_policy security_policy="restricted" + + if [[ "$DEBUG" == "true" ]]; then + security_policy="privileged" + fi + for ns in cf korifi; do cat <