You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by "squakez (via GitHub)" <gi...@apache.org> on 2024/01/11 10:03:19 UTC

[PR] feat(pipeline): user publishing task [camel-k]

squakez opened a new pull request, #5057:
URL: https://github.com/apache/camel-k/pull/5057

   <!-- Description -->
   
   This PR will allow a user to run its own publishing task. Beside that we allow the possibility to sort the execution of a customized pipeline and to run each of the customized task with a given security context setting.
   
   Closes #4747 
   
   
   <!--
   Enter your extended release note in the below block. If the PR requires
   additional action from users switching to the new release, include the string
   "action required". If no release note is required, write "NONE". 
   
   You can (optionally) mark this PR with labels "kind/bug" or "kind/feature" to make sure
   the text is added to the right section of the release notes. 
   -->
   
   **Release Note**
   ```release-note
   feat(pipeline): user publishing task
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] feat(pipeline): user publishing task [camel-k]

Posted by "gansheer (via GitHub)" <gi...@apache.org>.

gansheer commented on code in PR #5057:
URL: https://github.com/apache/camel-k/pull/5057#discussion_r1448679328


##########
docs/modules/ROOT/pages/pipeline/pipeline.adoc:
##########
@@ -113,9 +117,44 @@ Given the limited space we can use in a Kubernetes custom resource, we are trunc
 
 If for any reason you still need to access the entire log of the execution, you can always access to the log of the builder `Pod` and the specific container that was executed, ie `kubectl logs camel-k-kit-chj2gpi9rcoc73cjfv2g-builder -c task1 -p`
 
+[[build-pipeline-sort]]
+=== Tasks filtering and sorting
+The default execution of tasks can be changed. You can include or remove tasks and provide your order of execution. When using the `builder` trait, this is done via `builder.tasks-filter` property. This parameter accepts a comma separated value list of tasks to execute. It must specify both operator tasks (ie, builder) and custom tasks.
+
+WARNING: altering the order of tasks may result in a disruptive build behavior.
+
+With this approach you can also provide your own publishing strategy. The pipeline run as a Kubernetes Pod. Each task is an `initContainer` and the last one is the final `container` which has to provide the published image digest into the `/dev/termination-log` in order to know the publish was completed. This is done out of the box when a supported publishing strategy is executed. If you want to provide your own publishing strategy, then, you need to make sure to follow this rule to have the entire process working (see examples later).
+
+There are certain environment variables we are injecting in each custom container in order to be able to get dynamic values required to perform certain operation (ie, publishing a container image):
+
+* INTEGRATION_KIT_IMAGE contains the name of the image expected to be used for the IntegrationKit generated during the pipeline execution
+
+We may add more if they are required and useful for a general case.
+
+[[build-pipeline-privileges]]
+=== Execution privileges
+The builder Pod will set a `PodSecurityContext` with user 1001 privileges. This is a convention in order to maintain the same default user ID for the container images we use by defautl. Each container image will inherit this value unless specified with the user ID parameter.

Review Comment:
   The user is will not be 1001 in S2I mode, we would use the security context constraints (SCCs) to define it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] feat(pipeline): user publishing task [camel-k]

Posted by "gansheer (via GitHub)" <gi...@apache.org>.

gansheer commented on code in PR #5057:
URL: https://github.com/apache/camel-k/pull/5057#discussion_r1448679328


##########
docs/modules/ROOT/pages/pipeline/pipeline.adoc:
##########
@@ -113,9 +117,44 @@ Given the limited space we can use in a Kubernetes custom resource, we are trunc
 
 If for any reason you still need to access the entire log of the execution, you can always access to the log of the builder `Pod` and the specific container that was executed, ie `kubectl logs camel-k-kit-chj2gpi9rcoc73cjfv2g-builder -c task1 -p`
 
+[[build-pipeline-sort]]
+=== Tasks filtering and sorting
+The default execution of tasks can be changed. You can include or remove tasks and provide your order of execution. When using the `builder` trait, this is done via `builder.tasks-filter` property. This parameter accepts a comma separated value list of tasks to execute. It must specify both operator tasks (ie, builder) and custom tasks.
+
+WARNING: altering the order of tasks may result in a disruptive build behavior.
+
+With this approach you can also provide your own publishing strategy. The pipeline run as a Kubernetes Pod. Each task is an `initContainer` and the last one is the final `container` which has to provide the published image digest into the `/dev/termination-log` in order to know the publish was completed. This is done out of the box when a supported publishing strategy is executed. If you want to provide your own publishing strategy, then, you need to make sure to follow this rule to have the entire process working (see examples later).
+
+There are certain environment variables we are injecting in each custom container in order to be able to get dynamic values required to perform certain operation (ie, publishing a container image):
+
+* INTEGRATION_KIT_IMAGE contains the name of the image expected to be used for the IntegrationKit generated during the pipeline execution
+
+We may add more if they are required and useful for a general case.
+
+[[build-pipeline-privileges]]
+=== Execution privileges
+The builder Pod will set a `PodSecurityContext` with user 1001 privileges. This is a convention in order to maintain the same default user ID for the container images we use by defautl. Each container image will inherit this value unless specified with the user ID parameter.

Review Comment:
   The user will not be 1001 in S2I mode, we would use the security context constraints (SCCs) to define it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] feat(pipeline): user publishing task [camel-k]

Posted by "squakez (via GitHub)" <gi...@apache.org>.

squakez merged PR #5057:
URL: https://github.com/apache/camel-k/pull/5057


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org