Merge pull request #368 from kstrenkova/refactor-pod-definitions

Refactor pod definitions

Author: openshift-merge-bot[bot]

pkg/ansibletest/const.go

@@ -3,6 +3,7 @@ package ansibletest
 
 import (
 	"github.com/openstack-k8s-operators/lib-common/modules/storage"
+	corev1 "k8s.io/api/core/v1"
 )
 
 const (
@@ -11,7 +12,18 @@ const (
 
 	// AnsibleTest is the definition of the ansibletest group
 	AnsibleTest storage.PropagationType = "AnsibleTest"
+
+	// PodRunAsUser is the UID to run the AnsibleTest pod as
+	PodRunAsUser = int64(227)
+
+	// PodRunAsGroup is the GID to run the AnsibleTest pod as
+	PodRunAsGroup = int64(227)
 )
 
-// AnsibleTestPropagation is the definition of the AnsibleTest propagation service
-var AnsibleTestPropagation = []storage.PropagationType{AnsibleTest}
+var (
+	// AnsibleTestPropagation is the definition of the Ansible Test propagation service
+	AnsibleTestPropagation = []storage.PropagationType{AnsibleTest}
+
+	// PodCapabilities defines the Linux capabilities for AnsibleTest pods
+	PodCapabilities = []corev1.Capability{"NET_ADMIN", "NET_RAW"}
+)

pkg/ansibletest/pod.go

@@ -6,7 +6,6 @@ import (
 	testv1beta1 "github.com/openstack-k8s-operators/test-operator/api/v1beta1"
 	util "github.com/openstack-k8s-operators/test-operator/pkg/util"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // Pod - prepare pod to run AnsibleTests tests
@@ -20,55 +19,24 @@ func Pod(
 	externalWorkflowCounter int,
 	containerImage string,
 ) *corev1.Pod {
-
-	runAsUser := int64(227)
-	runAsGroup := int64(227)
-
-	capabilities := []corev1.Capability{"NET_ADMIN", "NET_RAW"}
-	securityContext := util.GetSecurityContext(runAsUser, capabilities, instance.Spec.Privileged)
-
-	pod := &corev1.Pod{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      podName,
-			Namespace: instance.Namespace,
-			Labels:    labels,
-		},
-		Spec: corev1.PodSpec{
-			AutomountServiceAccountToken: &instance.Spec.Privileged,
-			RestartPolicy:                corev1.RestartPolicyNever,
-			Tolerations:                  instance.Spec.Tolerations,
-			NodeSelector:                 instance.Spec.NodeSelector,
-			SecurityContext: &corev1.PodSecurityContext{
-				RunAsUser:  &runAsUser,
-				RunAsGroup: &runAsGroup,
-				FSGroup:    &runAsGroup,
-			},
-			Containers: []corev1.Container{
-				{
-					Name:            instance.Name,
-					Image:           containerImage,
-					Args:            []string{},
-					Env:             env.MergeEnvs([]corev1.EnvVar{}, envVars),
-					VolumeMounts:    GetVolumeMounts(mountCerts, AnsibleTestPropagation, instance, externalWorkflowCounter),
-					SecurityContext: &securityContext,
-					Resources:       instance.Spec.Resources,
-				},
-			},
-			Volumes: GetVolumes(
-				instance,
-				logsPVCName,
-				mountCerts,
-				AnsibleTestPropagation,
-				externalWorkflowCounter,
-			),
-		},
-	}
-
-	if len(instance.Spec.SELinuxLevel) > 0 {
-		pod.Spec.SecurityContext.SELinuxOptions = &corev1.SELinuxOptions{
-			Level: instance.Spec.SELinuxLevel,
-		}
-	}
-
-	return pod
+	return util.BuildTestPod(
+		nil, // No annotations
+		PodCapabilities,
+		containerImage,
+		instance.Name,
+		[]corev1.EnvFromSource{}, // No EnvFromSource
+		envVars,
+		labels,
+		instance.Namespace,
+		instance.Spec.NodeSelector,
+		podName,
+		instance.Spec.Privileged,
+		instance.Spec.Resources,
+		PodRunAsGroup,
+		PodRunAsUser,
+		instance.Spec.SELinuxLevel,
+		instance.Spec.Tolerations,
+		GetVolumeMounts(mountCerts, AnsibleTestPropagation, instance, externalWorkflowCounter),
+		GetVolumes(instance, logsPVCName, mountCerts, AnsibleTestPropagation, externalWorkflowCounter),
+	)
 }

pkg/horizontest/const.go

@@ -3,6 +3,7 @@ package horizontest
 
 import (
 	"github.com/openstack-k8s-operators/lib-common/modules/storage"
+	corev1 "k8s.io/api/core/v1"
 )
 
 const (
@@ -11,7 +12,18 @@ const (
 
 	// HorizonTest is the definition of the horizontest group
 	HorizonTest storage.PropagationType = "HorizonTest"
+
+	// PodRunAsUser is the UID to run the HorizonTest pod as
+	PodRunAsUser = int64(42455)
+
+	// PodRunAsGroup is the GID to run the HorizonTest pod as
+	PodRunAsGroup = int64(42455)
 )
 
-// HorizonTestPropagation is the definition of the HorizonTest propagation service
-var HorizonTestPropagation = []storage.PropagationType{HorizonTest}
+var (
+	// HorizonTestPropagation is the definition of the HorizonTest propagation service
+	HorizonTestPropagation = []storage.PropagationType{HorizonTest}
+
+	// PodCapabilities defines the Linux capabilities for HorizonTest pods
+	PodCapabilities = []corev1.Capability{"NET_ADMIN", "NET_RAW"}
+)

pkg/horizontest/pod.go

@@ -6,7 +6,6 @@ import (
 	testv1beta1 "github.com/openstack-k8s-operators/test-operator/api/v1beta1"
 	util "github.com/openstack-k8s-operators/test-operator/pkg/util"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // Pod - prepare pod to run Horizon tests
@@ -20,55 +19,24 @@ func Pod(
 	envVars map[string]env.Setter,
 	containerImage string,
 ) *corev1.Pod {
-
-	runAsUser := int64(42455)
-	runAsGroup := int64(42455)
-
-	capabilities := []corev1.Capability{"NET_ADMIN", "NET_RAW"}
-	securityContext := util.GetSecurityContext(runAsUser, capabilities, instance.Spec.Privileged)
-
-	pod := &corev1.Pod{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      podName,
-			Namespace: instance.Namespace,
-			Labels:    labels,
-		},
-		Spec: corev1.PodSpec{
-			AutomountServiceAccountToken: &instance.Spec.Privileged,
-			RestartPolicy:                corev1.RestartPolicyNever,
-			Tolerations:                  instance.Spec.Tolerations,
-			NodeSelector:                 instance.Spec.NodeSelector,
-			SecurityContext: &corev1.PodSecurityContext{
-				RunAsUser:  &runAsUser,
-				RunAsGroup: &runAsGroup,
-				FSGroup:    &runAsGroup,
-			},
-			Containers: []corev1.Container{
-				{
-					Name:            instance.Name,
-					Image:           containerImage,
-					Args:            []string{},
-					Env:             env.MergeEnvs([]corev1.EnvVar{}, envVars),
-					VolumeMounts:    GetVolumeMounts(mountCerts, mountKubeconfig, HorizonTestPropagation, instance),
-					SecurityContext: &securityContext,
-					Resources:       instance.Spec.Resources,
-				},
-			},
-			Volumes: GetVolumes(
-				instance,
-				logsPVCName,
-				mountCerts,
-				mountKubeconfig,
-				HorizonTestPropagation,
-			),
-		},
-	}
-
-	if len(instance.Spec.SELinuxLevel) > 0 {
-		pod.Spec.SecurityContext.SELinuxOptions = &corev1.SELinuxOptions{
-			Level: instance.Spec.SELinuxLevel,
-		}
-	}
-
-	return pod
+	return util.BuildTestPod(
+		nil, // No annotations
+		PodCapabilities,
+		containerImage,
+		instance.Name,
+		[]corev1.EnvFromSource{}, // No EnvFromSource
+		envVars,
+		labels,
+		instance.Namespace,
+		instance.Spec.NodeSelector,
+		podName,
+		instance.Spec.Privileged,
+		instance.Spec.Resources,
+		PodRunAsGroup,
+		PodRunAsUser,
+		instance.Spec.SELinuxLevel,
+		instance.Spec.Tolerations,
+		GetVolumeMounts(mountCerts, mountKubeconfig, HorizonTestPropagation, instance),
+		GetVolumes(instance, logsPVCName, mountCerts, mountKubeconfig, HorizonTestPropagation),
+	)
 }

pkg/tempest/const.go

@@ -3,6 +3,7 @@ package tempest
 
 import (
 	"github.com/openstack-k8s-operators/lib-common/modules/storage"
+	corev1 "k8s.io/api/core/v1"
 )
 
 const (
@@ -11,7 +12,18 @@ const (
 
 	// Tempest is the definition of the tempest group
 	Tempest storage.PropagationType = "Tempest"
+
+	// PodRunAsUser is the UID to run the Tempest pod as
+	PodRunAsUser = int64(42480)
+
+	// PodRunAsGroup is the GID to run the Tempest pod as
+	PodRunAsGroup = int64(42480)
 )
 
-// TempestPropagation is the definition of the Tempest propagation service
-var TempestPropagation = []storage.PropagationType{Tempest}
+var (
+	// TempestPropagation is the definition of the Tempest propagation service
+	TempestPropagation = []storage.PropagationType{Tempest}
+
+	// PodCapabilities defines the Linux capabilities for Tempest pods
+	PodCapabilities = []corev1.Capability{}
+)

pkg/tempest/pod.go

@@ -6,7 +6,6 @@ import (
 	testv1beta1 "github.com/openstack-k8s-operators/test-operator/api/v1beta1"
 	util "github.com/openstack-k8s-operators/test-operator/pkg/util"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // Pod - prepare pod to run Tempest tests
@@ -22,72 +21,41 @@ func Pod(
 	mountSSHKey bool,
 	containerImage string,
 ) *corev1.Pod {
-
-	envVars := map[string]env.Setter{}
-	runAsUser := int64(42480)
-	runAsGroup := int64(42480)
-	securityContext := util.GetSecurityContext(runAsUser, []corev1.Capability{}, instance.Spec.Privileged)
-
-	pod := &corev1.Pod{
-		ObjectMeta: metav1.ObjectMeta{
-			Annotations: annotations,
-			Name:        podName,
-			Namespace:   instance.Namespace,
-			Labels:      labels,
-		},
-		Spec: corev1.PodSpec{
-			AutomountServiceAccountToken: &instance.Spec.Privileged,
-			RestartPolicy:                corev1.RestartPolicyNever,
-			Tolerations:                  instance.Spec.Tolerations,
-			NodeSelector:                 instance.Spec.NodeSelector,
-			SecurityContext: &corev1.PodSecurityContext{
-				RunAsUser:  &runAsUser,
-				RunAsGroup: &runAsGroup,
-				FSGroup:    &runAsGroup,
+	envFromSource := []corev1.EnvFromSource{
+		{
+			ConfigMapRef: &corev1.ConfigMapEnvSource{
+				LocalObjectReference: corev1.LocalObjectReference{
+					Name: customDataConfigMapName,
+				},
 			},
-			Containers: []corev1.Container{
-				{
-					Name:            instance.Name + "-tests-runner",
-					Image:           containerImage,
-					Args:            []string{},
-					Env:             env.MergeEnvs([]corev1.EnvVar{}, envVars),
-					VolumeMounts:    GetVolumeMounts(mountCerts, mountSSHKey, TempestPropagation, instance),
-					SecurityContext: &securityContext,
-					Resources:       instance.Spec.Resources,
-					EnvFrom: []corev1.EnvFromSource{
-						{
-							ConfigMapRef: &corev1.ConfigMapEnvSource{
-								LocalObjectReference: corev1.LocalObjectReference{
-									Name: customDataConfigMapName,
-								},
-							},
-						},
-						{
-							ConfigMapRef: &corev1.ConfigMapEnvSource{
-								LocalObjectReference: corev1.LocalObjectReference{
-									Name: envVarsConfigMapName,
-								},
-							},
-						},
-					},
+		},
+		{
+			ConfigMapRef: &corev1.ConfigMapEnvSource{
+				LocalObjectReference: corev1.LocalObjectReference{
+					Name: envVarsConfigMapName,
 				},
 			},
-			Volumes: GetVolumes(
-				instance,
-				customDataConfigMapName,
-				logsPVCName,
-				mountCerts,
-				mountSSHKey,
-				TempestPropagation,
-			),
 		},
 	}
 
-	if len(instance.Spec.SELinuxLevel) > 0 {
-		pod.Spec.SecurityContext.SELinuxOptions = &corev1.SELinuxOptions{
-			Level: instance.Spec.SELinuxLevel,
-		}
-	}
-
-	return pod
+	return util.BuildTestPod(
+		annotations,
+		PodCapabilities,
+		containerImage,
+		instance.Name+"-tests-runner",
+		envFromSource,
+		map[string]env.Setter{},
+		labels,
+		instance.Namespace,
+		instance.Spec.NodeSelector,
+		podName,
+		instance.Spec.Privileged,
+		instance.Spec.Resources,
+		PodRunAsGroup,
+		PodRunAsUser,
+		instance.Spec.SELinuxLevel,
+		instance.Spec.Tolerations,
+		GetVolumeMounts(mountCerts, mountSSHKey, TempestPropagation, instance),
+		GetVolumes(instance, customDataConfigMapName, logsPVCName, mountCerts, mountSSHKey, TempestPropagation),
+	)
 }

pkg/tobiko/const.go

@@ -3,15 +3,27 @@ package tobiko
 
 import (
 	"github.com/openstack-k8s-operators/lib-common/modules/storage"
+	corev1 "k8s.io/api/core/v1"
 )
 
 const (
-	// ServiceName - tempest service name
+	// ServiceName - tobiko service name
 	ServiceName = "tobiko"
 
 	// Tobiko is the definition of the tobiko group
 	Tobiko storage.PropagationType = "Tobiko"
+
+	// PodRunAsUser is the UID to run the Tobiko pod as
+	PodRunAsUser = int64(42495)
+
+	// PodRunAsGroup is the GID to run the Tobiko pod as
+	PodRunAsGroup = int64(42495)
 )
 
-// TobikoPropagation is the definition of the Tobiko propagation service
-var TobikoPropagation = []storage.PropagationType{Tobiko}
+var (
+	// TobikoPropagation is the definition of the Tobiko propagation service
+	TobikoPropagation = []storage.PropagationType{Tobiko}
+
+	// PodCapabilities defines the Linux capabilities for Tobiko pods
+	PodCapabilities = []corev1.Capability{"NET_ADMIN", "NET_RAW"}
+)