diff --git a/core/src/plugins/kubernetes/config.ts b/core/src/plugins/kubernetes/config.ts index 01cfe9cff7..4e65a16b62 100644 --- a/core/src/plugins/kubernetes/config.ts +++ b/core/src/plugins/kubernetes/config.ts @@ -918,6 +918,8 @@ export const runPodResourceSchema = (kind: string) => This resource will be selected from the manifests provided in this ${kind}'s \`files\` or \`manifests\` config field. The following fields from the Pod will be used (if present) when executing the ${kind}: + + **Warning**: Garden will retain \`configMaps\` and \`secrets\` as volumes, but remove \`persistentVolumeClaim\` volumes from the Pod spec, as they might already be mounted. ${runPodSpecWhitelistDescription()} ` ) @@ -932,7 +934,7 @@ export const runPodSpecSchema = (kind: string) => You can find the full Pod spec in the [official Kubernetes documentation](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec) - The following Pod spec fields from the selected \`resource\` will be used (if present) when executing the ${kind}: + The following Pod spec fields from the \`podSpec\` will be used (if present) when executing the ${kind}: ${runPodSpecWhitelistDescription()} ` ) @@ -949,6 +951,8 @@ export const kubernetesTaskSchema = () => ${serviceResourceDescription} The following pod spec fields from the service resource will be used (if present) when executing the task: + + **Warning**: Garden will retain \`configMaps\` and \`secrets\` as volumes, but remove \`persistentVolumeClaim\` volumes from the Pod spec, as they might already be mounted. ${runPodSpecWhitelistDescription()}` ), ...kubernetesCommonRunSchemaKeys(), @@ -966,6 +970,8 @@ export const kubernetesTestSchema = () => ${serviceResourceDescription} The following pod spec fields from the service resource will be used (if present) when executing the test suite: + + **Warning**: Garden will retain \`configMaps\` and \`secrets\` as volumes, but remove \`persistentVolumeClaim\` volumes from the Pod spec, as they might already be mounted. ${runPodSpecWhitelistDescription()}` ), command: joi diff --git a/core/src/plugins/kubernetes/helm/module-config.ts b/core/src/plugins/kubernetes/helm/module-config.ts index 1db3adf57f..64e14d5023 100644 --- a/core/src/plugins/kubernetes/helm/module-config.ts +++ b/core/src/plugins/kubernetes/helm/module-config.ts @@ -113,6 +113,8 @@ const helmTaskSchema = () => ${serviceResourceDescription} The following pod spec fields from the service resource will be used (if present) when executing the task: + + **Warning**: Garden will retain \`configMaps\` and \`secrets\` as volumes, but remove \`persistentVolumeClaim\` volumes from the Pod spec, as they might already be mounted. ${runPodSpecWhitelistDescription}` ), }) @@ -127,6 +129,8 @@ const helmTestSchema = () => ${serviceResourceDescription} The following pod spec fields from the service resource will be used (if present) when executing the test suite: + + **Warning**: Garden will retain \`configMaps\` and \`secrets\` as volumes, but remove \`persistentVolumeClaim\` volumes from the Pod spec, as they might already be mounted. ${runPodSpecWhitelistDescription}` ), }) diff --git a/core/src/plugins/kubernetes/kubernetes-type/common.ts b/core/src/plugins/kubernetes/kubernetes-type/common.ts index f42c0638e5..b4b01e797c 100644 --- a/core/src/plugins/kubernetes/kubernetes-type/common.ts +++ b/core/src/plugins/kubernetes/kubernetes-type/common.ts @@ -8,7 +8,6 @@ import { basename, dirname, join, resolve } from "path" import fsExtra from "fs-extra" -const { pathExists, readFile } = fsExtra import { flatten, isEmpty, keyBy, set } from "lodash-es" import type { KubernetesModule } from "./module-config.js" import type { KubernetesResource } from "../types.js" @@ -32,6 +31,8 @@ import pFilter from "p-filter" import { kubectl } from "../kubectl.js" import { loadAndValidateYaml } from "../../../config/base.js" +const { pathExists, readFile } = fsExtra + /** * "DeployFile": Manifest has been read from one of the files declared in Garden Deploy `spec.files` * "DeployInline": Manifest has been declared inline using Garden Deploy `spec.manifests` diff --git a/core/src/plugins/kubernetes/run.ts b/core/src/plugins/kubernetes/run.ts index 1a329ec864..10abb8ade0 100644 --- a/core/src/plugins/kubernetes/run.ts +++ b/core/src/plugins/kubernetes/run.ts @@ -23,7 +23,7 @@ import { KubeApi, KubernetesError } from "./api.js" import { getPodLogs, checkPodStatus } from "./status/pod.js" import type { KubernetesResource, KubernetesPod, KubernetesServerResource, SupportedRuntimeAction } from "./types.js" import type { ContainerEnvVars, ContainerResourcesSpec, ContainerVolumeSpec } from "../container/config.js" -import { prepareEnvVars, makePodName, renderPodEvents } from "./util.js" +import { prepareEnvVars, makePodName, renderPodEvents, sanitizeVolumesForPodRunner } from "./util.js" import { dedent, deline, randomString } from "../../util/string.js" import type { ArtifactSpec } from "../../config/validation.js" import { prepareSecrets } from "./secrets.js" @@ -319,6 +319,8 @@ export async function prepareRunPodSpec({ // and `configmap` actions (which are only supported for `container` actions, and are currently discouraged). if (volumes && volumes.length && action.type === "container") { configureVolumes(action, preparedPodSpec, volumes) + } else { + sanitizeVolumesForPodRunner(preparedPodSpec, container) } if (getArtifacts) { diff --git a/core/src/plugins/kubernetes/util.ts b/core/src/plugins/kubernetes/util.ts index 8c4add667f..d0d6b945d4 100644 --- a/core/src/plugins/kubernetes/util.ts +++ b/core/src/plugins/kubernetes/util.ts @@ -820,3 +820,59 @@ export function renderPodEvents(events: CoreV1Event[]): string { export function summarize(resources: KubernetesResource[]) { return resources.map((r) => `${r.kind} ${r.metadata.name}`).join(", ") } + +/** + * Filter out all volumes and volumeMounts that are not a ConfigMaps or Secrets, + * since they will probably cause issues when creating a pod runner from a chart or larger manifest. + * + * This is not a pure function, i.e. it has side effects and can mutate the input arguments. + * + * This sanitization only makes sense when both `podSpec` and `containerSpec` are defined. + * It serves helm-pod and kubernetes-pod action types. + */ +export function sanitizeVolumesForPodRunner(podSpec: V1PodSpec | undefined, containerSpec: V1Container | undefined) { + if (!podSpec) { + return + } + if (!podSpec.volumes) { + return + } + if (!containerSpec) { + return + } + + // Sanitize volumes + podSpec.volumes = podSpec.volumes.filter((volume) => volume.configMap || volume.secret) + + // Sanitize volumeMounts + const retainedVolumes = new Set(podSpec?.volumes?.map((volume) => volume.name)) + containerSpec.volumeMounts = containerSpec.volumeMounts?.filter((volumeMount) => { + return retainedVolumes.has(volumeMount.name) + }) + + /* + Here we get the `containerSpec` and the `podSpec` as separate arguments, + so we can't be sure that `containerSpec` object has the same identity as one of the containers defined in `podSpec.containers`. + + The names of these 2 containers can also be different + because we always override the container name in the caller function `prepareRunPodSpec()`. + + Thus, we need to sanitize `podSpec.containers` explicitly. + */ + for (const podSpecContainer of podSpec.containers) { + podSpecContainer.volumeMounts = podSpecContainer.volumeMounts?.filter((volumeMount) => { + return retainedVolumes.has(volumeMount.name) + }) + } + + // We also make sure the defaultMode of a configMap volume is an octal number. + podSpec.volumes.forEach((volume) => { + if (volume.configMap && volume.configMap.defaultMode && !isOctal(volume.configMap.defaultMode.toString())) { + volume.configMap!.defaultMode = parseInt(`0${volume.configMap?.defaultMode}`, 8) + } + }) +} + +export function isOctal(value: string) { + return /^(0o?)[0-7]+$/i.test(value) +} diff --git a/core/test/integ/src/plugins/kubernetes/run.ts b/core/test/integ/src/plugins/kubernetes/run.ts index df27450f7a..259a9e506e 100644 --- a/core/test/integ/src/plugins/kubernetes/run.ts +++ b/core/test/integ/src/plugins/kubernetes/run.ts @@ -44,7 +44,7 @@ import { buildHelmModules, getHelmTestGarden } from "./helm/common.js" import { getBaseModule, getChartResources } from "../../../../../src/plugins/kubernetes/helm/common.js" import { getActionNamespace } from "../../../../../src/plugins/kubernetes/namespace.js" import type { GardenModule } from "../../../../../src/types/module.js" -import type { V1Container, V1Pod, V1PodSpec } from "@kubernetes/client-node" +import type { V1Container, V1Pod, V1PodSpec, V1Volume } from "@kubernetes/client-node" import { getResourceRequirements } from "../../../../../src/plugins/kubernetes/container/util.js" import type { ContainerBuildAction, ContainerResourcesSpec } from "../../../../../src/plugins/container/moduleConfig.js" import type { KubernetesPodRunActionSpec } from "../../../../../src/plugins/kubernetes/kubernetes-type/kubernetes-pod.js" @@ -52,6 +52,7 @@ import type { Resolved } from "../../../../../src/actions/types.js" import type { HelmDeployAction } from "../../../../../src/plugins/kubernetes/helm/config.js" import { executeAction } from "../../../../../src/graph/actions.js" import { DEFAULT_RUN_TIMEOUT_SEC } from "../../../../../src/constants.js" +import cloneDeep from "fast-copy" describe("kubernetes Pod runner functions", () => { let garden: Garden @@ -631,14 +632,19 @@ describe("kubernetes Pod runner functions", () => { action: helmAction, provider: helmCtx.provider, }) - helmTarget = await getTargetResource({ - ctx: helmCtx, - log: helmLog, - provider: helmCtx.provider, - manifests: helmManifests, - action: helmAction, - query: { ...helmResourceSpec, name: helmAction.getSpec().releaseName }, - }) + }) + + beforeEach(async () => { + helmTarget = cloneDeep( + await getTargetResource({ + ctx: helmCtx, + log: helmLog, + provider: helmCtx.provider, + manifests: helmManifests, + action: helmAction, + query: { ...helmResourceSpec, name: helmAction.getSpec().releaseName }, + }) + ) helmContainer = getResourceContainer(helmTarget, helmResourceSpec.containerName) }) @@ -705,7 +711,6 @@ describe("kubernetes Pod runner functions", () => { action: helmAction, args: ["sh", "-c"], command: ["echo", "foo"], - envVars: {}, resources, // <--- description: "Helm module", @@ -759,7 +764,6 @@ describe("kubernetes Pod runner functions", () => { action: helmAction, args: ["sh", "-c"], command: ["echo", "foo"], - envVars: {}, resources, // <--- description: "Helm module", @@ -803,19 +807,41 @@ describe("kubernetes Pod runner functions", () => { }) }) - it("should include volume mounts for containers in the generated pod spec", async () => { + it("should include configMaps and secrets in the generated pod spec", async () => { + const podSpecWithVolumes = getResourcePodSpec(helmTarget) + const volumes = [ + { + name: "myconfigmap", + configMap: { + name: "myconfigmap", + defaultMode: 0o755, + }, + }, + { + name: "mysecret", + secret: { + secretName: "mysecret", + }, + }, + ] const volumeMounts = [ { - name: "some-volume", - mountPath: "/some-volume", + name: "myconfigmap", + mountPath: "/config", + }, + { + name: "mysecret", + mountPath: "/secret", }, ] + podSpecWithVolumes!.volumes = volumes const helmContainerWithVolumeMounts = { ...helmContainer, volumeMounts, } + const generatedPodSpec = await prepareRunPodSpec({ - podSpec: undefined, + podSpec: podSpecWithVolumes, getArtifacts: false, api: helmApi, provider: helmProvider, @@ -823,7 +849,52 @@ describe("kubernetes Pod runner functions", () => { action: helmAction, args: ["sh", "-c"], command: ["echo", "foo"], + envVars: {}, + resources, + description: "Helm module", + mainContainerName: "main", + image: "foo", + container: helmContainerWithVolumeMounts, + namespace: helmNamespace, + // Note: We're not passing the `volumes` param here, since that's for `container` Runs/Tests. + // This test case is intended for `kubernetes-pod` Runs and Tests. + }) + + expect(generatedPodSpec.volumes).to.eql(volumes) + expect(generatedPodSpec.containers[0].volumeMounts).to.eql(volumeMounts) + }) + it("should not include persistentVolumes in the generated pod spec", async () => { + const podSpecWithPersistentVolume = getResourcePodSpec(helmTarget) + const volumes: V1Volume[] = [ + { + name: "myvolume", + persistentVolumeClaim: { + claimName: "myVolumeClaim", + }, + }, + ] + const volumeMounts = [ + { + name: "myvolume", + mountPath: "/data", + }, + ] + podSpecWithPersistentVolume!.volumes = volumes + const helmContainerWithVolumeMounts = { + ...helmContainer, + volumeMounts, + } + + const generatedPodSpec = await prepareRunPodSpec({ + podSpec: podSpecWithPersistentVolume, + getArtifacts: false, + api: helmApi, + provider: helmProvider, + log: helmLog, + action: helmAction, + args: ["sh", "-c"], + command: ["echo", "foo"], envVars: {}, resources, description: "Helm module", @@ -834,38 +905,53 @@ describe("kubernetes Pod runner functions", () => { // Note: We're not passing the `volumes` param here, since that's for `container` Runs/Tests. // This test case is intended for `kubernetes-pod` Runs and Tests. }) + expect(generatedPodSpec.volumes).to.eql([]) + expect(generatedPodSpec.containers[0].volumeMounts).to.eql([]) + }) - expect(pruneEmpty(generatedPodSpec)).to.eql({ - containers: [ - { - name: "main", - image: "foo", - imagePullPolicy: "IfNotPresent", - args: ["sh", "-c"], - ports: [ - { - name: "http", - containerPort: 80, - protocol: "TCP", - }, - ], - resources: getResourceRequirements(resources), - env: [ - { - name: "GARDEN_ACTION_VERSION", - value: helmAction.versionString(), - }, - { - name: "GARDEN_MODULE_VERSION", - value: helmAction.versionString(), - }, - ], - volumeMounts, // <------ - command: ["echo", "foo"], + it("should make sure configMap file permissions are in octal", async () => { + const podSpecWithConfigMap = getResourcePodSpec(helmTarget) + const volumes = [ + { + name: "myconfigmap", + configMap: { + name: "myconfigmap", + defaultMode: 755, // <--- This is not in octal }, - ], - imagePullSecrets: [], + }, + ] + const volumeMounts = [ + { + name: "myconfigmap", + mountPath: "/config", + }, + ] + podSpecWithConfigMap!.volumes = volumes + const helmContainerWithVolumeMounts = { + ...helmContainer, + volumeMounts, + } + + const generatedPodSpec = await prepareRunPodSpec({ + podSpec: podSpecWithConfigMap, + getArtifacts: false, + api: helmApi, + provider: helmProvider, + log: helmLog, + action: helmAction, + args: ["sh", "-c"], + command: ["echo", "foo"], + envVars: {}, + resources, + description: "Helm module", + mainContainerName: "main", + image: "foo", + container: helmContainerWithVolumeMounts, + namespace: helmNamespace, + // Note: We're not passing the `volumes` param here, since that's for `container` Runs/Tests. + // This test case is intended for `kubernetes-pod` Runs and Tests. }) + expect(generatedPodSpec.volumes![0].configMap?.defaultMode).to.eql(493) }) it("should apply security context fields to the main container when provided", async () => { @@ -878,7 +964,6 @@ describe("kubernetes Pod runner functions", () => { action: helmAction, args: ["sh", "-c"], command: ["echo", "foo"], - envVars: {}, resources, // <--- description: "Helm module", @@ -963,7 +1048,6 @@ describe("kubernetes Pod runner functions", () => { action: helmAction, args: ["sh", "-c"], command: ["echo", "foo"], - envVars: {}, description: "Helm module", mainContainerName: "main", @@ -1040,7 +1124,6 @@ describe("kubernetes Pod runner functions", () => { action: helmAction, args: ["sh", "-c"], command: ["echo", "foo"], - envVars: {}, description: "Helm module", mainContainerName: "main", diff --git a/core/test/unit/src/plugins/kubernetes/util.ts b/core/test/unit/src/plugins/kubernetes/util.ts index 8ab79bae47..1c6547c481 100644 --- a/core/test/unit/src/plugins/kubernetes/util.ts +++ b/core/test/unit/src/plugins/kubernetes/util.ts @@ -17,6 +17,7 @@ import { getSelectorString, makePodName, matchSelector, + isOctal, } from "../../../../../src/plugins/kubernetes/util.js" import type { KubernetesPod, KubernetesServerResource } from "../../../../../src/plugins/kubernetes/types.js" import type { V1Pod } from "@kubernetes/client-node" @@ -362,3 +363,27 @@ describe("matchSelector", () => { expect(matched).to.be.true }) }) + +describe("isOctal", () => { + describe("should recognize octal numbers", () => { + it("in YAML <= 1.1", () => { + expect(isOctal("0777")).to.true + }) + + it("in YAML >= 1.2", () => { + expect(isOctal("0o777")).to.true + }) + }) + + it("should not recognize non-octal numeric strings", () => { + expect(isOctal("777")).to.false + }) + + it("should not recognize hex numbers", () => { + expect(isOctal("0xff")).to.false + }) + + it("should not non-numeric strings", () => { + expect(isOctal("qweRTY")).to.false + }) +}) diff --git a/docs/reference/action-types/Run/helm-pod.md b/docs/reference/action-types/Run/helm-pod.md index 8bb21b3849..1aa5ec7a78 100644 --- a/docs/reference/action-types/Run/helm-pod.md +++ b/docs/reference/action-types/Run/helm-pod.md @@ -534,6 +534,8 @@ Specify a Kubernetes resource to derive the Pod spec from for the Run. This resource will be selected from the manifests provided in this Run's `files` or `manifests` config field. The following fields from the Pod will be used (if present) when executing the Run: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` diff --git a/docs/reference/action-types/Run/kubernetes-exec.md b/docs/reference/action-types/Run/kubernetes-exec.md index 788f17e42a..229eb40b0e 100644 --- a/docs/reference/action-types/Run/kubernetes-exec.md +++ b/docs/reference/action-types/Run/kubernetes-exec.md @@ -305,6 +305,8 @@ Specify a Kubernetes resource to derive the Pod spec from for the Run. This resource will be selected from the manifests provided in this Run's `files` or `manifests` config field. The following fields from the Pod will be used (if present) when executing the Run: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` diff --git a/docs/reference/action-types/Run/kubernetes-pod.md b/docs/reference/action-types/Run/kubernetes-pod.md index 55c4d09f1b..1cd6c3912a 100644 --- a/docs/reference/action-types/Run/kubernetes-pod.md +++ b/docs/reference/action-types/Run/kubernetes-pod.md @@ -576,6 +576,8 @@ Specify a Kubernetes resource to derive the Pod spec from for the Run. This resource will be selected from the manifests provided in this Run's `files` or `manifests` config field. The following fields from the Pod will be used (if present) when executing the Run: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` @@ -657,7 +659,7 @@ Supply a custom Pod specification. This should be a normal Kubernetes Pod manife You can find the full Pod spec in the [official Kubernetes documentation](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec) -The following Pod spec fields from the selected `resource` will be used (if present) when executing the Run: +The following Pod spec fields from the `podSpec` will be used (if present) when executing the Run: * `affinity` * `automountServiceAccountToken` * `containers` diff --git a/docs/reference/action-types/Test/helm-pod.md b/docs/reference/action-types/Test/helm-pod.md index 2027dee7cd..96f3dbd518 100644 --- a/docs/reference/action-types/Test/helm-pod.md +++ b/docs/reference/action-types/Test/helm-pod.md @@ -534,6 +534,8 @@ Specify a Kubernetes resource to derive the Pod spec from for the Run. This resource will be selected from the manifests provided in this Run's `files` or `manifests` config field. The following fields from the Pod will be used (if present) when executing the Run: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` diff --git a/docs/reference/action-types/Test/kubernetes-exec.md b/docs/reference/action-types/Test/kubernetes-exec.md index 5164fff0f4..11c957f389 100644 --- a/docs/reference/action-types/Test/kubernetes-exec.md +++ b/docs/reference/action-types/Test/kubernetes-exec.md @@ -305,6 +305,8 @@ Specify a Kubernetes resource to derive the Pod spec from for the Test. This resource will be selected from the manifests provided in this Test's `files` or `manifests` config field. The following fields from the Pod will be used (if present) when executing the Test: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` diff --git a/docs/reference/action-types/Test/kubernetes-pod.md b/docs/reference/action-types/Test/kubernetes-pod.md index 90da7590fb..de378fca63 100644 --- a/docs/reference/action-types/Test/kubernetes-pod.md +++ b/docs/reference/action-types/Test/kubernetes-pod.md @@ -576,6 +576,8 @@ Specify a Kubernetes resource to derive the Pod spec from for the Test. This resource will be selected from the manifests provided in this Test's `files` or `manifests` config field. The following fields from the Pod will be used (if present) when executing the Test: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` @@ -657,7 +659,7 @@ Supply a custom Pod specification. This should be a normal Kubernetes Pod manife You can find the full Pod spec in the [official Kubernetes documentation](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec) -The following Pod spec fields from the selected `resource` will be used (if present) when executing the Test: +The following Pod spec fields from the `podSpec` will be used (if present) when executing the Test: * `affinity` * `automountServiceAccountToken` * `containers` diff --git a/docs/reference/module-types/helm.md b/docs/reference/module-types/helm.md index 32841ef588..50ebbbf3ad 100644 --- a/docs/reference/module-types/helm.md +++ b/docs/reference/module-types/helm.md @@ -466,6 +466,9 @@ tasks: # fields, or a Pod via the `podSelector` field. # # The following pod spec fields from the service resource will be used (if present) when executing the task: + # + # **Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` + # volumes from the Pod spec, as they might already be mounted. # * `affinity` # * `automountServiceAccountToken` # * `containers` @@ -570,6 +573,9 @@ tests: # fields, or a Pod via the `podSelector` field. # # The following pod spec fields from the service resource will be used (if present) when executing the test suite: + # + # **Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` + # volumes from the Pod spec, as they might already be mounted. # * `affinity` # * `automountServiceAccountToken` # * `containers` @@ -1693,6 +1699,8 @@ an error will be thrown. This can either reference a workload (i.e. a Deployment, DaemonSet or StatefulSet) via the `kind` and `name` fields, or a Pod via the `podSelector` field. The following pod spec fields from the service resource will be used (if present) when executing the task: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` @@ -1963,6 +1971,8 @@ an error will be thrown. This can either reference a workload (i.e. a Deployment, DaemonSet or StatefulSet) via the `kind` and `name` fields, or a Pod via the `podSelector` field. The following pod spec fields from the service resource will be used (if present) when executing the test suite: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` diff --git a/docs/reference/module-types/kubernetes.md b/docs/reference/module-types/kubernetes.md index 915c0d420e..0076f29a0e 100644 --- a/docs/reference/module-types/kubernetes.md +++ b/docs/reference/module-types/kubernetes.md @@ -452,6 +452,9 @@ tasks: # fields, or a Pod via the `podSelector` field. # # The following pod spec fields from the service resource will be used (if present) when executing the task: + # + # **Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` + # volumes from the Pod spec, as they might already be mounted. # * `affinity` # * `automountServiceAccountToken` # * `containers` @@ -552,6 +555,9 @@ tests: # fields, or a Pod via the `podSelector` field. # # The following pod spec fields from the service resource will be used (if present) when executing the test suite: + # + # **Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` + # volumes from the Pod spec, as they might already be mounted. # * `affinity` # * `automountServiceAccountToken` # * `containers` @@ -1613,6 +1619,8 @@ an error will be thrown. This can either reference a workload (i.e. a Deployment, DaemonSet or StatefulSet) via the `kind` and `name` fields, or a Pod via the `podSelector` field. The following pod spec fields from the service resource will be used (if present) when executing the task: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers` @@ -1874,6 +1882,8 @@ an error will be thrown. This can either reference a workload (i.e. a Deployment, DaemonSet or StatefulSet) via the `kind` and `name` fields, or a Pod via the `podSelector` field. The following pod spec fields from the service resource will be used (if present) when executing the test suite: + +**Warning**: Garden will retain `configMaps` and `secrets` as volumes, but remove `persistentVolumeClaim` volumes from the Pod spec, as they might already be mounted. * `affinity` * `automountServiceAccountToken` * `containers`