dind-volumes pr

Author: kosta709

README.md

@@ -73,6 +73,31 @@ rules:
   * Bind your user with cluster-admin kubernetes clusterrole
     > `kubectl create clusterrolebinding NAME --clusterrole cluster-admin --user YOUR_USER`
 
+#### Pipeline Storage with docker cache support
+
+###### GKE LocalSSD
+**Prerequisite:** [GKE custer with local SSD](https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/local-ssd)
+```
+venonactl install [options] --set-value=Storage.LocalVolumeParentDir=/mnt/disks/ssd0/codefresh-volumes \
+                            --build-node-selector=cloud.google.com/gke-local-ssd=true
+```
+
+###### Using GKE Disks 
+**Prerequisite:** dind-volume-provisioner should have permissions to create/delete/get of google disks
+There are 3 options:
+* run venona dind-volume-provisioniner on node with iam role which is allowed to create/delete/get of google disks
+* create Google Service Account with ComputeEngine.StorageAdmin, download its key and pass it to venona installed with `--set-file=Storage.GooogleServiceAccount=/path/to/google-service-account.json`
+* use [Google Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) to assign iam role to `volume-provisioner-venona` service account 
+
+**Note**: Builds will be running in single availability zone, so you must to specify AvailabilityZone params
+
+```
+venonactl install [options] --set-value=Storage.Backend=gcedisk \
+                            --set-value=Storage.AvailabilityZone=us-central1-a \
+                            --build-node-selector=failure-domain.beta.kubernetes.io/zone=us-central1-a \
+                            [--set-file=Storage.GoogleServiceAccount=/path/to/google-service-account.json"]
+```
+
 #### Kubernetes RBAC
 Installation of Venona on Kubernetes cluster installing 2 groups of objects,
 Each one has own RBAC needs and therefore, created roles(and cluster-roles)

venonactl/cmd/install.go

@@ -62,6 +62,7 @@ var installCmdOptions struct {
 	buildAnnotations              []string
 	tolerations                   string
 	templateValues                []string
+	templateFileValues            []string
 }
 
 // installCmd represents the install command
@@ -208,6 +209,16 @@ var installCmd = &cobra.Command{
 			}
 		}
 
+		for _, value := range installCmdOptions.templateFileValues {
+			reader := func(rs []rune) (interface{}, error) {
+				bytes, err := ioutil.ReadFile(string(rs))
+				return string(bytes), err
+			}
+			if err := strvals.ParseIntoFile(value, base, reader); err != nil {
+				dieOnError(fmt.Errorf("Cannot parse option --set-file %s", value))
+			}
+		}
+
 		values = mergeMaps(values, base)
 
 		for _, p := range builder.Get() {
@@ -264,6 +275,7 @@ func init() {
 	installCmd.Flags().BoolVar(&installCmdOptions.kubernetesRunnerType, "kubernetes-runner-type", false, "Set the runner type to kubernetes (alpha feature)")
 
 	installCmd.Flags().StringArrayVar(&installCmdOptions.templateValues, "set-value", []string{}, "Set values for templates, example: --set-value LocalVolumesDir=/mnt/disks/ssd0/codefresh-volumes")
+	installCmd.Flags().StringArrayVar(&installCmdOptions.templateFileValues, "set-file", []string{}, "Set values for templates from file, example: --set-value Storage.GoogleServiceAccount=/path/to/service-account.json")
 
 }
 

venonactl/pkg/store/store.go

@@ -95,10 +95,6 @@ func (s *Values) BuildValues() map[string]interface{} {
 			"Name": "codefresh/venona",
 			"Tag":  s.Version.Latest.Version,
 		},
-		"VolumeProvisionerImage": map[string]string{
-			"Name": "codefresh/dind-volume-provisioner",
-			"Tag":  "v20",
-		},
 		"Namespace":    s.KubernetesAPI.Namespace,
 		"NodeSelector": s.KubernetesAPI.NodeSelector,
 		"Tolerations":  s.KubernetesAPI.Tolerations,

venonactl/pkg/templates/kubernetes/deployment.dind-volume-provisioner.vp.yaml

@@ -47,3 +47,15 @@ spec:
         env:
         - name: PROVISIONER_NAME
           value: codefresh.io/dind-volume-provisioner-{{ .AppName }}-{{ .Namespace }}
+      {{- if .Storage.GoogleServiceAccount }}
+        - name: GOOGLE_APPLICATION_CREDENTIALS
+          value: /etc/dind-volume-provisioner/credentials/google-service-account.json
+        volumeMounts:
+        - name: credentials
+          readOnly: true
+          mountPath: "/etc/dind-volume-provisioner/credentials"
+      volumes:
+      - name: credentials
+        secret:
+          secretName: dind-volume-provisioner-{{ .AppName }}
+      {{- end }}