Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a way to propagate annotationa and labels to the terraform apply and destroy jobs #254

Open
anoop2811 opened this issue Feb 28, 2022 · 3 comments
Open

Provide a way to propagate annotationa and labels to the terraform apply and destroy jobs #254

anoop2811 opened this issue Feb 28, 2022 · 3 comments

Comments

@anoop2811
Copy link
Contributor

anoop2811 commented Feb 28, 2022
edited

A problem we are facing is when we use istio, it enables a sidecar called istio-proxy due to which the job remains in the running status as it continues running even after the terraform-executor has completed. Due to this, the job continues to stay in the Running status. In order to disable istio for jobs, we will need to add the annotation sidecar.istio.io/inject: "false" to the job. If we could propagate the annotation and labels from the application object to the jobs, it would help to selectively disable the sidecar injection.
@anoop2811 anoop2811 changed the title Provide a way to propagate labels to the terraform apply and destroy jobs Provide a way to propagate annotationa and labels to the terraform apply and destroy jobs Feb 28, 2022
@anoop2811
Copy link
Contributor Author

anoop2811 commented Feb 28, 2022
edited

An example Job creation that works when we are able to disable istio injection that worked would look like this:

	return &batchv1.Job{
		TypeMeta: metav1.TypeMeta{
			Kind:       "Job",
			APIVersion: "batch/v1",
		},
		ObjectMeta: metav1.ObjectMeta{
			Name:      meta.Name + "-" + string(executionType),
			Namespace: meta.Namespace,
		},
		Spec: batchv1.JobSpec{
			Parallelism:  &parallelism,
			Completions:  &completions,
			BackoffLimit: &backoffLimit,
			Template: v1.PodTemplateSpec{
				ObjectMeta: metav1.ObjectMeta{
					Annotations: map[string]string{
						"sidecar.istio.io/inject": "false",
					},
				},
				Spec: v1.PodSpec{
					// InitContainer will copy Terraform configuration files to working directory and create Terraform
					// state file directory in advance
					InitContainers: initContainers,
					// Container terraform-executor will first copy predefined terraform.d to working directory, and
					// then run terraform init/apply.
					Containers: []v1.Container{{
						Name:            terraformContainerName,
						Image:           meta.TerraformImage,
						ImagePullPolicy: v1.PullIfNotPresent,
						Command: []string{
							"bash",
							"-c",
							fmt.Sprintf("terraform init && terraform %s -lock=false -auto-approve", executionType),
						},
						VolumeMounts: []v1.VolumeMount{
							{
								Name:      meta.Name,
								MountPath: WorkingVolumeMountPath,
							},
							{
								Name:      InputTFConfigurationVolumeName,
								MountPath: InputTFConfigurationVolumeMountPath,
							},
						},
						Env: meta.Envs,
					},
					},
					ServiceAccountName: ServiceAccountName,
					Volumes:            executorVolumes,
					RestartPolicy:      v1.RestartPolicyOnFailure,
				},
			},
		},
	}

@anoop2811
Copy link
Contributor Author

@zzxwill Would it make sense to get these labels from the helm chart as user provided to start?

@zzxwill
Copy link
Collaborator

zzxwill commented Mar 1, 2022

@anoop2811 It makes sense. You can set it directly like the code sample. In the future, if we need to interact with Isitio, we can expose the setting of the annotation to user-side:)

@anoop2811 anoop2811 mentioned this issue Mar 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anoop2811 @zzxwill