@flowfuse/driver-kubernetes 2.22.2-212a69c-202510161205.0 → 2.22.2-6911c7c-202510201047.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/release-publish.yml +1 -1
- package/README.md +1 -0
- package/kubernetes.js +90 -1
- package/package.json +1 -1
|
@@ -9,7 +9,7 @@ jobs:
|
|
|
9
9
|
runs-on: ubuntu-latest
|
|
10
10
|
steps:
|
|
11
11
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
12
|
-
- uses: actions/setup-node@
|
|
12
|
+
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
|
|
13
13
|
with:
|
|
14
14
|
node-version: 18
|
|
15
15
|
- run: npm ci
|
package/README.md
CHANGED
|
@@ -65,6 +65,7 @@ AWS EKS specific annotation for ALB Ingress. or `openshift` to allow running on
|
|
|
65
65
|
- `storage.storageClassEFSTag` Used instead of `storage.storageClass` when needing to shard across multiple EFS file systems (default not set)
|
|
66
66
|
- `storage.size` Size of the volume to request (default not set)
|
|
67
67
|
- `podSecurityContext` Settings linked to the [security context of the pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
|
|
68
|
+
- `containerSecurityContext` Settings linked to the [security context of the container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
|
|
68
69
|
- `service.type` Type of service to create for the editor (allowed `ClusterIP` or `NodePort`, default `ClusterIP`)
|
|
69
70
|
|
|
70
71
|
Expects to pick up K8s credentials from the environment
|
package/kubernetes.js
CHANGED
|
@@ -194,6 +194,14 @@ const createDeployment = async (project, options) => {
|
|
|
194
194
|
this._app.log.info('[k8s] OpenShift, removing PodSecurityContext')
|
|
195
195
|
}
|
|
196
196
|
|
|
197
|
+
if (this._app.config.driver.options?.containerSecurityContext) {
|
|
198
|
+
localPod.spec.containers[0].securityContext = this._app.config.driver.options.containerSecurityContext
|
|
199
|
+
this._app.log.info(`[k8s] Using custom ContainerSecurityContext ${JSON.stringify(this._app.config.driver.options.containerSecurityContext)}`)
|
|
200
|
+
} else if (this._app.license.active() && this._cloudProvider === 'openshift') {
|
|
201
|
+
localPod.spec.containers[0].securityContext = {}
|
|
202
|
+
this._app.log.info('[k8s] OpenShift, removing ContainerSecurityContext')
|
|
203
|
+
}
|
|
204
|
+
|
|
197
205
|
if (stack.memory && stack.cpu) {
|
|
198
206
|
localPod.spec.containers[0].resources.requests.memory = `${stack.memory}Mi`
|
|
199
207
|
// increase limit to give npm more room to run in
|
|
@@ -271,8 +279,37 @@ const createIngress = async (project, options) => {
|
|
|
271
279
|
|
|
272
280
|
const localIngress = JSON.parse(JSON.stringify(ingressTemplate))
|
|
273
281
|
|
|
282
|
+
let addIngressTls = false
|
|
283
|
+
|
|
274
284
|
if (this._certManagerIssuer) {
|
|
275
285
|
localIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._certManagerIssuer
|
|
286
|
+
addIngressTls = true
|
|
287
|
+
|
|
288
|
+
// Add non-cert-manager annotations from projectIngressAnnotations if they exist
|
|
289
|
+
if (this._projectIngressAnnotations) {
|
|
290
|
+
Object.keys(this._projectIngressAnnotations).forEach((key) => {
|
|
291
|
+
if (!key.startsWith('cert-manager.io/')) {
|
|
292
|
+
localIngress.metadata.annotations[key] = this._projectIngressAnnotations[key]
|
|
293
|
+
}
|
|
294
|
+
})
|
|
295
|
+
}
|
|
296
|
+
} else if (this._projectIngressAnnotations) {
|
|
297
|
+
const hasCertManagerAnnotation = Object.keys(this._projectIngressAnnotations).some(key =>
|
|
298
|
+
key.startsWith('cert-manager.io/')
|
|
299
|
+
)
|
|
300
|
+
|
|
301
|
+
if (hasCertManagerAnnotation) {
|
|
302
|
+
addIngressTls = true
|
|
303
|
+
}
|
|
304
|
+
|
|
305
|
+
// Add all annotations from projectIngressAnnotations
|
|
306
|
+
Object.keys(this._projectIngressAnnotations).forEach((key) => {
|
|
307
|
+
localIngress.metadata.annotations[key] = this._projectIngressAnnotations[key]
|
|
308
|
+
})
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
// Add TLS configuration if needed
|
|
312
|
+
if (addIngressTls) {
|
|
276
313
|
localIngress.spec.tls = [
|
|
277
314
|
{
|
|
278
315
|
hosts: [
|
|
@@ -319,8 +356,37 @@ const createCustomIngress = async (project, hostname, options) => {
|
|
|
319
356
|
customIngress.spec.rules[0].host = hostname
|
|
320
357
|
customIngress.spec.rules[0].http.paths[0].backend.service.name = `${prefix}${project.safeName}`
|
|
321
358
|
|
|
359
|
+
let addCustomIngressTls = false
|
|
360
|
+
|
|
322
361
|
if (this._customHostname?.certManagerIssuer) {
|
|
323
362
|
customIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._customHostname.certManagerIssuer
|
|
363
|
+
addCustomIngressTls = true
|
|
364
|
+
|
|
365
|
+
// Add non-cert-manager annotations from projectIngressAnnotations if they exist
|
|
366
|
+
if (this._customHostname?.ingressAnnotations) {
|
|
367
|
+
Object.keys(this._customHostname?.ingressAnnotations).forEach((key) => {
|
|
368
|
+
if (!key.startsWith('cert-manager.io/')) {
|
|
369
|
+
customIngress.metadata.annotations[key] = this._customHostname?.ingressAnnotations[key]
|
|
370
|
+
}
|
|
371
|
+
})
|
|
372
|
+
}
|
|
373
|
+
} else if (this._customHostname?.ingressAnnotations) {
|
|
374
|
+
const hasCertManagerAnnotation = Object.keys(this._customHostname?.ingressAnnotations).some(key =>
|
|
375
|
+
key.startsWith('cert-manager.io/')
|
|
376
|
+
)
|
|
377
|
+
|
|
378
|
+
if (hasCertManagerAnnotation) {
|
|
379
|
+
addCustomIngressTls = true
|
|
380
|
+
}
|
|
381
|
+
|
|
382
|
+
// Add all annotations from projectIngressAnnotations
|
|
383
|
+
Object.keys(this._customHostname?.ingressAnnotations).forEach((key) => {
|
|
384
|
+
customIngress.metadata.annotations[key] = this._customHostname?.ingressAnnotations[key]
|
|
385
|
+
})
|
|
386
|
+
}
|
|
387
|
+
|
|
388
|
+
// Add TLS configuration if needed
|
|
389
|
+
if (addCustomIngressTls) {
|
|
324
390
|
customIngress.spec.tls = [
|
|
325
391
|
{
|
|
326
392
|
hosts: [
|
|
@@ -638,6 +704,7 @@ module.exports = {
|
|
|
638
704
|
this._k8sDelay = this._app.config.driver.options?.k8sDelay || 1000
|
|
639
705
|
this._k8sRetries = this._app.config.driver.options?.k8sRetries || 10
|
|
640
706
|
this._certManagerIssuer = this._app.config.driver.options?.certManagerIssuer
|
|
707
|
+
this._projectIngressAnnotations = this._app.config.driver.options?.projectIngressAnnotations
|
|
641
708
|
this._logPassthrough = this._app.config.driver.options?.logPassthrough || false
|
|
642
709
|
this._cloudProvider = this._app.config.driver.options?.cloudProvider
|
|
643
710
|
if (this._app.config.driver.options?.customHostname?.enabled) {
|
|
@@ -838,6 +905,17 @@ module.exports = {
|
|
|
838
905
|
} catch (err) {
|
|
839
906
|
this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()} ${err.stack}`)
|
|
840
907
|
}
|
|
908
|
+
} else if (this._projectIngressAnnotations) {
|
|
909
|
+
const hasCertManagerAnnotation = Object.keys(this._projectIngressAnnotations).some(key =>
|
|
910
|
+
key.startsWith('cert-manager.io/')
|
|
911
|
+
)
|
|
912
|
+
if (hasCertManagerAnnotation) {
|
|
913
|
+
try {
|
|
914
|
+
await this._k8sApi.deleteNamespacedSecret({ name: project.safeName, namespace: this._namespace })
|
|
915
|
+
} catch (err) {
|
|
916
|
+
this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()} ${err.stack}`)
|
|
917
|
+
}
|
|
918
|
+
}
|
|
841
919
|
}
|
|
842
920
|
|
|
843
921
|
if (this._customHostname?.enabled) {
|
|
@@ -969,6 +1047,17 @@ module.exports = {
|
|
|
969
1047
|
} catch (err) {
|
|
970
1048
|
this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()}`)
|
|
971
1049
|
}
|
|
1050
|
+
} else if (this._projectIngressAnnotations) {
|
|
1051
|
+
const hasCertManagerAnnotation = Object.keys(this._projectIngressAnnotations).some(key =>
|
|
1052
|
+
key.startsWith('cert-manager.io/')
|
|
1053
|
+
)
|
|
1054
|
+
if (hasCertManagerAnnotation) {
|
|
1055
|
+
try {
|
|
1056
|
+
await this._k8sApi.deleteNamespacedSecret({ name: project.safeName, namespace: this._namespace })
|
|
1057
|
+
} catch (err) {
|
|
1058
|
+
this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()}`)
|
|
1059
|
+
}
|
|
1060
|
+
}
|
|
972
1061
|
}
|
|
973
1062
|
if (this._customHostname?.enabled) {
|
|
974
1063
|
try {
|
|
@@ -976,7 +1065,7 @@ module.exports = {
|
|
|
976
1065
|
} catch (err) {
|
|
977
1066
|
this._app.log.error(`[k8s] Instance ${project.id} - error deleting custom ingress: ${err.toString()}`)
|
|
978
1067
|
}
|
|
979
|
-
if (this._customHostname?.certManagerIssuer) {
|
|
1068
|
+
if (this._customHostname?.certManagerIssuer || this._customHostname?.certManagerAnnotations) {
|
|
980
1069
|
try {
|
|
981
1070
|
await this._k8sApi.deleteNamespacedSecret({ name: `${project.safeName}-custom`, namespace: this._namespace })
|
|
982
1071
|
} catch (err) {
|