diff --git a/deploy/sigma/templates/configmap.yaml b/deploy/sigma/templates/configmap.yaml index 6c7fd159..86eed34a 100644 --- a/deploy/sigma/templates/configmap.yaml +++ b/deploy/sigma/templates/configmap.yaml @@ -41,6 +41,13 @@ data: server: 0.0.0.0:{{.Values.service.server.port}} worker: 0.0.0.0:{{.Values.service.worker.port}} daemon: + builder: + enabled: true + image: "{{ .Values.image.registry }}/{{ .Values.config.daemon.builder.image.repository }}:{{ .Values.config.daemon.builder.image.tag | default .Chart.AppVersion }}" + type: kubernetes + kubernetes: + kubeconfig: "" + namespace: default gc: # if blob not associate with artifact retention: 72h diff --git a/deploy/sigma/templates/serviceaccount.yaml b/deploy/sigma/templates/serviceaccount.yaml index c08c0bc5..13a2d3bb 100644 --- a/deploy/sigma/templates/serviceaccount.yaml +++ b/deploy/sigma/templates/serviceaccount.yaml @@ -12,9 +12,9 @@ metadata: {{- end }} rules: - apiGroups: - - "" + - core resources: - - configmaps + - pods verbs: - get - list @@ -24,31 +24,19 @@ rules: - patch - delete - apiGroups: - - "" + - core resources: - - configmaps/status + - pods/status verbs: - get - update - patch - apiGroups: - - "" + - core resources: - - events + - pods/finalizers verbs: - - create - - apiGroups: - - "coordination.k8s.io" - resources: - - leases - verbs: - - get - - list - - watch - - create - update - - patch - - delete --- kind: RoleBinding apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} diff --git a/deploy/sigma/values.yaml b/deploy/sigma/values.yaml index 0489a6f3..10e60252 100644 --- a/deploy/sigma/values.yaml +++ b/deploy/sigma/values.yaml @@ -100,7 +100,7 @@ serviceAccount: ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) annotations: {} ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account - automountServiceAccountToken: false + automountServiceAccountToken: true config: log: @@ -121,7 +121,16 @@ config: type: s3 filesystem: path: / - # Notice: the tag never update after the first pulled from remote registry, unless you delete the image and pull again. + daemon: + builder: + enabled: false + image: + repository: tosone/sigma-builder + tag: latest + type: docker + kubernetes: + kubeconfig: "" + namespace: default proxy: enabled: true endpoint: https://registry-1.docker.io diff --git a/pkg/builder/kubernetes/k8s.go b/pkg/builder/kubernetes/k8s.go index 002eb93f..d2305bf4 100644 --- a/pkg/builder/kubernetes/k8s.go +++ b/pkg/builder/kubernetes/k8s.go @@ -21,6 +21,7 @@ import ( "path" "reflect" "strconv" + "strings" "gopkg.in/yaml.v3" corev1 "k8s.io/api/core/v1" @@ -50,7 +51,7 @@ func (f factory) New(config configs.Configuration) (builder.Builder, error) { var err error var restConfig *restclient.Config - if config.Daemon.Builder.Kubernetes.Kubeconfig != nil { + if strings.TrimSpace(ptr.To(config.Daemon.Builder.Kubernetes.Kubeconfig)) != "" { cfg := clientcmdapi.NewConfig() err := yaml.Unmarshal([]byte(ptr.To(config.Daemon.Builder.Kubernetes.Kubeconfig)), &cfg) if err != nil { @@ -62,7 +63,7 @@ func (f factory) New(config configs.Configuration) (builder.Builder, error) { return nil, fmt.Errorf("Get k8s rest config failed: %v", err) } } else { - restConfig, err = clientcmd.BuildConfigFromFlags("", "") + restConfig, err = restclient.InClusterConfig() if err != nil { return nil, fmt.Errorf("Get k8s client in cluster failed: %v", err) } diff --git a/pkg/inits/baseimage.go b/pkg/inits/baseimage.go index 488de542..26db8fcd 100644 --- a/pkg/inits/baseimage.go +++ b/pkg/inits/baseimage.go @@ -44,7 +44,7 @@ func init() { const baseImageDir = "./bin" func initBaseimage(config configs.Configuration) error { - if !config.Daemon.Builder.Enabled { + if config.Daemon.Builder.Enabled { return nil } dir := strings.TrimPrefix(baseImageDir, "./")