diff --git a/api/v1beta1/runner_types.go b/api/v1beta1/runner_types.go index 648b535..3e7272c 100644 --- a/api/v1beta1/runner_types.go +++ b/api/v1beta1/runner_types.go @@ -90,15 +90,15 @@ func init() { } type KubernetesConfig struct { - Host string `toml:"host" json:"host" long:"host" env:"KUBERNETES_HOST" description:"Optional Kubernetes master host URL (auto-discovery attempted if not specified)"` + Host string `toml:"host" json:"host,omitempty" long:"host" env:"KUBERNETES_HOST" description:"Optional Kubernetes master host URL (auto-discovery attempted if not specified)"` CertFile string `toml:"cert_file,omitempty" json:"cert_file,omitempty" long:"cert-file" env:"KUBERNETES_CERT_FILE" description:"Optional Kubernetes master auth certificate"` KeyFile string `toml:"key_file,omitempty" json:"key_file,omitempty" long:"key-file" env:"KUBERNETES_KEY_FILE" description:"Optional Kubernetes master auth private key"` CAFile string `toml:"ca_file,omitempty" json:"ca_file,omitempty" long:"ca-file" env:"KUBERNETES_CA_FILE" description:"Optional Kubernetes master auth ca certificate"` - BearerTokenOverwriteAllowed bool `toml:"bearer_token_overwrite_allowed" json:"bearer_token_overwrite_allowed" long:"bearer_token_overwrite_allowed" env:"KUBERNETES_BEARER_TOKEN_OVERWRITE_ALLOWED" description:"Bool to authorize builds to specify their own bearer token for creation."` + BearerTokenOverwriteAllowed *bool `toml:"bearer_token_overwrite_allowed,omitempty" json:"bearer_token_overwrite_allowed,omitempty" long:"bearer_token_overwrite_allowed" env:"KUBERNETES_BEARER_TOKEN_OVERWRITE_ALLOWED" description:"Bool to authorize builds to specify their own bearer token for creation."` BearerToken string `toml:"bearer_token,omitempty" json:"bearer_token,omitempty" long:"bearer_token" env:"KUBERNETES_BEARER_TOKEN" description:"Optional Kubernetes service account token used to start build pods."` - Image string `toml:"image" json:"image" long:"image" env:"KUBERNETES_IMAGE" description:"Default docker image to use for builds when none is specified"` - Namespace string `toml:"namespace" json:"namespace" long:"namespace" env:"KUBERNETES_NAMESPACE" description:"Namespace to run Kubernetes jobs in"` - NamespaceOverwriteAllowed string `toml:"namespace_overwrite_allowed" json:"namespace_overwrite_allowed" long:"namespace_overwrite_allowed" env:"KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_NAMESPACE_OVERWRITE' value"` + Image string `toml:"image,omitempty" json:"image,omitempty" long:"image" env:"KUBERNETES_IMAGE" description:"Default docker image to use for builds when none is specified"` + Namespace string `toml:"namespace,omitempty" json:"namespace,omitempty" long:"namespace" env:"KUBERNETES_NAMESPACE" description:"Namespace to run Kubernetes jobs in"` + NamespaceOverwriteAllowed string `toml:"namespace_overwrite_allowed,omitempty" json:"namespace_overwrite_allowed,omitempty" long:"namespace_overwrite_allowed" env:"KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_NAMESPACE_OVERWRITE' value"` Privileged *bool `toml:"privileged,omitzero" json:"privileged,omitempty" long:"privileged" env:"KUBERNETES_PRIVILEGED" description:"Run all containers with the privileged flag enabled"` AllowPrivilegeEscalation *bool `toml:"allow_privilege_escalation,omitzero" json:"allow_privilege_escalation,omitempty" long:"allow-privilege-escalation" env:"KUBERNETES_ALLOW_PRIVILEGE_ESCALATION" description:"Run all containers with the security context allowPrivilegeEscalation flag enabled. When empty, it does not define the allowPrivilegeEscalation flag in the container SecurityContext and allows Kubernetes to use the default privilege escalation behavior."` CPULimit string `toml:"cpu_limit,omitempty" json:"cpu_limit,omitempty" long:"cpu-limit" env:"KUBERNETES_CPU_LIMIT" description:"The CPU allocation given to build containers"` @@ -153,9 +153,9 @@ type KubernetesConfig struct { PollTimeout int `toml:"poll_timeout,omitzero" json:"poll_timeout,omitempty" long:"poll-timeout" env:"KUBERNETES_POLL_TIMEOUT" description:"The total amount of time, in seconds, that needs to pass before the runner will timeout attempting to connect to the pod it has just created (useful for queueing more builds that the cluster can handle at a time)"` PodLabels map[string]string `toml:"pod_labels,omitempty" json:"pod_labels,omitempty" long:"pod-labels" description:"A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given pod labels. Environment variables will be substituted for values here."` ServiceAccount string `toml:"service_account,omitempty" json:"service_account,omitempty" long:"service-account" env:"KUBERNETES_SERVICE_ACCOUNT" description:"Executor pods will use this Service Account to talk to kubernetes API"` - ServiceAccountOverwriteAllowed string `toml:"service_account_overwrite_allowed" json:"service_account_overwrite_allowed" long:"service_account_overwrite_allowed" env:"KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_SERVICE_ACCOUNT' value"` + ServiceAccountOverwriteAllowed string `toml:"service_account_overwrite_allowed,omitempty" json:"service_account_overwrite_allowed,omitempty" long:"service_account_overwrite_allowed" env:"KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_SERVICE_ACCOUNT' value"` PodAnnotations map[string]string `toml:"pod_annotations,omitempty" json:"pod_annotations,omitempty" long:"pod-annotations" description:"A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given annotations. Can be overwritten in build with KUBERNETES_POD_ANNOTATION_* variables"` - PodAnnotationsOverwriteAllowed string `toml:"pod_annotations_overwrite_allowed" json:"pod_annotations_overwrite_allowed" long:"pod_annotations_overwrite_allowed" env:"KUBERNETES_POD_ANNOTATIONS_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_POD_ANNOTATIONS_*' values"` + PodAnnotationsOverwriteAllowed string `toml:"pod_annotations_overwrite_allowed,omitempty" json:"pod_annotations_overwrite_allowed,omitempty" long:"pod_annotations_overwrite_allowed" env:"KUBERNETES_POD_ANNOTATIONS_OVERWRITE_ALLOWED" description:"Regex to validate 'KUBERNETES_POD_ANNOTATIONS_*' values"` PodSecurityContext *KubernetesPodSecurityContext `toml:"pod_security_context,omitempty" json:"pod_security_context,omitempty" namespace:"pod-security-context" description:"A security context attached to each build pod"` BuildContainerSecurityContext *KubernetesContainerSecurityContext `toml:"build_container_security_context,omitempty" json:"build_container_security_context,omitempty" namespace:"build_container_security_context" description:"A security context attached to the build container inside the build pod"` HelperContainerSecurityContext *KubernetesContainerSecurityContext `toml:"helper_container_security_context,omitempty" json:"helper_container_security_context,omitempty" namespace:"helper_container_security_context" description:"A security context attached to the helper container inside the build pod"` diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 08ee89a..586a1ef 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -81,6 +81,11 @@ func (in *KubernetesCSI) DeepCopy() *KubernetesCSI { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubernetesConfig) DeepCopyInto(out *KubernetesConfig) { *out = *in + if in.BearerTokenOverwriteAllowed != nil { + in, out := &in.BearerTokenOverwriteAllowed, &out.BearerTokenOverwriteAllowed + *out = new(bool) + **out = **in + } if in.Privileged != nil { in, out := &in.Privileged, &out.Privileged *out = new(bool) diff --git a/config/crd/bases/gitlab.k8s.alekc.dev_runners.yaml b/config/crd/bases/gitlab.k8s.alekc.dev_runners.yaml index c6bbf20..03c08fc 100644 --- a/config/crd/bases/gitlab.k8s.alekc.dev_runners.yaml +++ b/config/crd/bases/gitlab.k8s.alekc.dev_runners.yaml @@ -950,14 +950,6 @@ spec: - pvc - secret type: object - required: - - bearer_token_overwrite_allowed - - host - - image - - namespace - - namespace_overwrite_allowed - - pod_annotations_overwrite_allowed - - service_account_overwrite_allowed type: object gitlab_instance_url: type: string