control-service: Allow job builder run as non-root

Currently, the data job builder requires root priviledges to run, which is not ideal in situations, where users may have access to kubernetes clusters which allow pods to run only under SecurityContext. This change allows the job builder pods to run under security context. Testing Done: TODO Signed-off-by: Andon Andonov <[email protected]>
vmware · Dec 14, 2021 · bbb19be · bbb19be
1 parent 282a1f7
commit bbb19be
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/projects/control-service/cicd/.gitlab-ci.yml b/projects/control-service/cicd/.gitlab-ci.yml
@@ -120,6 +120,7 @@ control_service_publish_job_builder_image:
   retry: !reference [.control_service_retry, retry_options]
   only:
     refs:
+      - external_pull_requests
       - main
     changes:
       - projects/control-service/projects/job-builder/version.txt

diff --git a/projects/control-service/projects/job-builder/build_image.sh b/projects/control-service/projects/job-builder/build_image.sh
@@ -63,7 +63,9 @@ fi
 git_url_scheme="https"
 [ "$GIT_SSL_ENABLED" = false ] && git_url_scheme="http"
 
-git clone $git_url_scheme://$git_username:$git_password@$git_repository ./data-jobs
+#git clone $git_url_scheme://$git_username:$git_password@$git_repository ./data-jobs
+echo $git_url_scheme://$git_username:$git_password@$git_repository
+git clone $git_username:$git_password@$git_repository ./data-jobs
 cd ./data-jobs
 git reset --hard $GIT_COMMIT || ( echo ">data-job-not-found<" && exit 1 )
 if [ ! -d ${DATA_JOB_NAME} ]; then

diff --git a/projects/control-service/projects/job-builder/publish-vdk-job-builder.sh b/projects/control-service/projects/job-builder/publish-vdk-job-builder.sh
@@ -15,9 +15,10 @@ function build_and_push_image() {
     image_repo="$VDK_DOCKER_REGISTRY_URL/$name"
     image_tag="$image_repo:$VERSION_TAG"
 
-    docker build -t $image_tag -t $image_repo:latest -f "$SCRIPT_DIR/$docker_file" $arguments "$SCRIPT_DIR"
+#    docker build -t $image_tag -t $image_repo:latest -f "$SCRIPT_DIR/$docker_file" $arguments "$SCRIPT_DIR"
+    docker build -t $image_tag -f "$SCRIPT_DIR/$docker_file" $arguments "$SCRIPT_DIR"
     docker push $image_tag
-    docker push $image_repo:latest
+#    docker push $image_repo:latest
 }
 
 build_and_push_image "job-builder" Dockerfile
diff --git a/projects/control-service/projects/job-builder/version.txt b/projects/control-service/projects/job-builder/version.txt
@@ -1 +1 @@
-1.2.2
+1.2.1dev5