From 2df9bed5901e0dabd838ca09a47b183181776bce Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 6 Nov 2023 22:38:38 +0000 Subject: [PATCH 1/2] docker-socket optional, build volumes can be overridden This enables KubernetesBuildExecutor to be subclassed and used with other builders such as Kaniko which doesn't need a host socket --- binderhub/build.py | 65 ++++++++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/binderhub/build.py b/binderhub/build.py index ed64aa390..3c293cb0a 100644 --- a/binderhub/build.py +++ b/binderhub/build.py @@ -302,7 +302,9 @@ def _default_builder_info(self): help=( "The docker socket to use for building the image. " "Must be a unix domain socket on a filesystem path accessible on the node " - "in which the build pod is running." + "in which the build pod is running. " + "This is mounted into the build pod, set to empty string to disable, " + "e.g. if you are subclassing this builder and don't need the docker socket." ), config=True, ) @@ -416,6 +418,42 @@ def get_affinity(self): return affinity + def get_builder_volumes(self): + """ + Get the lists of volumes and volume-mounts for the build pod. + """ + volume_mounts = [] + volumes = [] + + if self.docker_host: + volume_mounts.append( + client.V1VolumeMount( + mount_path="/var/run/docker.sock", name="docker-socket" + ) + ) + docker_socket_path = urlparse(self.docker_host).path + volumes.append( + client.V1Volume( + name="docker-socket", + host_path=client.V1HostPathVolumeSource( + path=docker_socket_path, type="Socket" + ), + ) + ) + + if not self.registry_credentials and self.push_secret: + volume_mounts.append( + client.V1VolumeMount(mount_path="/root/.docker", name="docker-config") + ) + volumes.append( + client.V1Volume( + name="docker-config", + secret=client.V1SecretVolumeSource(secret_name=self.push_secret), + ) + ) + + return volumes, volume_mounts + def submit(self): """ Submit a build pod to create the image for the repository. @@ -423,20 +461,7 @@ def submit(self): Progress of the build can be monitored by listening for items in the Queue passed to the constructor as `q`. """ - volume_mounts = [ - client.V1VolumeMount( - mount_path="/var/run/docker.sock", name="docker-socket" - ) - ] - docker_socket_path = urlparse(self.docker_host).path - volumes = [ - client.V1Volume( - name="docker-socket", - host_path=client.V1HostPathVolumeSource( - path=docker_socket_path, type="Socket" - ), - ) - ] + volumes, volume_mounts = self.get_builder_volumes() env = [ client.V1EnvVar(name=key, value=value) @@ -454,16 +479,6 @@ def submit(self): value=json.dumps(self.registry_credentials), ) ) - elif self.push_secret: - volume_mounts.append( - client.V1VolumeMount(mount_path="/root/.docker", name="docker-config") - ) - volumes.append( - client.V1Volume( - name="docker-config", - secret=client.V1SecretVolumeSource(secret_name=self.push_secret), - ) - ) self.pod = client.V1Pod( metadata=client.V1ObjectMeta( From 010acd3e693b53dad5ee81fd3b3280186a118b7e Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 8 Nov 2023 17:48:31 +0000 Subject: [PATCH 2/2] KubernetesBuildExecutor.docker_host: use None to disable --- binderhub/build.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/binderhub/build.py b/binderhub/build.py index 3c293cb0a..0cbf82762 100644 --- a/binderhub/build.py +++ b/binderhub/build.py @@ -299,12 +299,13 @@ def _default_builder_info(self): docker_host = Unicode( "/var/run/docker.sock", + allow_none=True, help=( "The docker socket to use for building the image. " "Must be a unix domain socket on a filesystem path accessible on the node " "in which the build pod is running. " - "This is mounted into the build pod, set to empty string to disable, " - "e.g. if you are subclassing this builder and don't need the docker socket." + "This is mounted into the build pod, set to None to disable, " + "e.g. if you are using an alternative builder that doesn't need the docker socket." ), config=True, ) @@ -425,7 +426,7 @@ def get_builder_volumes(self): volume_mounts = [] volumes = [] - if self.docker_host: + if self.docker_host is not None: volume_mounts.append( client.V1VolumeMount( mount_path="/var/run/docker.sock", name="docker-socket"