Add Tolerations to Build and BuildRun objects

[dorzel]

Changes

Fixes #1636

Submitter Checklist

• Includes tests if functionality changed/was added
• Includes docs if changes are user-facing
• Set a kind label on this PR
• Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

Add Tolerations to Build and BuildRun objects

[SaschaSchwarze0]

Nice that tests now succeed. I still have one more homework for you. Sorry that I missed that earlier.

[SaschaSchwarze0]

This is not correct and reminds me of something that I missed earlier (also for nodeSelector). Users can define these things both in the inline build spec as well as the overrides on the buildrun spec.

Two things:

1. We should validate the buildrun spec fields somewhere near here (https://github.com/shipwright-io/build/blob/v0.14.0/pkg/reconciler/buildrun/buildrun.go#L276-L292) and not copy it over to a build spec to perform a validation.
2. When an inline build spec is used, we validate that certain fields are not set on the buildrun spec because it does not make sense to have them specified in two places. That would be suitable for both nodeSelector and tolerations as well. The code that validates this is here: https://github.com/shipwright-io/build/blob/v0.14.0/pkg/validate/validate.go#L106-L136. Basically, when somebody creates a standalone BuildRun (= with an inline Build spec), we expect that BuildRun to not also set those fields (params, volumes, timeout etc) on the BuildRun spec itself.

Can you adopt this please.

[dorzel]

Ah, so if I understand it seems that specifically in the inline build spec case we expect that certain fields are only specified on that build spec instead of having, for example, the "BuildRun Tolerations take preference over Build Tolerations" behavior (overriding). I'll implement these.

[dorzel]

@SaschaSchwarze0 Ok, let me know how that looks. Tests are good except for an unrelated flaky e2e test.

[dorzel]

/retest

[openshift-ci]

@dorzel: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[adambkaplan]

/approve

In general this looks really good! I found a few opportunities for improvement - either through refactoring or adding additional tests to improve code coverage. That said, I would not block merge/lgtm on these items, they can all be addressed in a follow-up pull request.

[adambkaplan]

Can't we simplify this a bit and re-use the logic in BuildRunTolerations?

Suggested change

	for _, toleration := range b.Build.Spec.Tolerations {
	// validate Key
	if errs := validation.IsQualifiedName(toleration.Key); errs != nil {
	b.Build.Status.Reason = ptr.To(build.TolerationNotValid)
	b.Build.Status.Message = ptr.To(fmt.Sprintf("Toleration key not valid: %v", strings.Join(errs, ", ")))
	}
	// validate Operator
	if !((toleration.Operator == v1.TolerationOpExists) || (toleration.Operator == v1.TolerationOpEqual)) {
	b.Build.Status.Reason = ptr.To(build.TolerationNotValid)
	b.Build.Status.Message = ptr.To(fmt.Sprintf("Toleration operator not valid. Must be one of: '%v', '%v'", v1.TolerationOpExists, v1.TolerationOpEqual))
	}
	// validate Value
	if errs := validation.IsValidLabelValue(toleration.Value); errs != nil {
	b.Build.Status.Reason = ptr.To(build.TolerationNotValid)
	b.Build.Status.Message = ptr.To(fmt.Sprintf("Toleration value not valid: %v", strings.Join(errs, ", ")))
	}
	// validate Taint Effect, of which only "NoSchedule" is supported
	if !((toleration.Effect) == "" || (toleration.Effect == v1.TaintEffectNoSchedule)) {
	b.Build.Status.Reason = ptr.To(build.TolerationNotValid)
	b.Build.Status.Message = ptr.To(fmt.Sprintf("Only the '%v' toleration effect is supported.", v1.TaintEffectNoSchedule))
	}
	// validate TolerationSeconds, which should not be specified
	if toleration.TolerationSeconds != nil {
	b.Build.Status.Reason = ptr.To(build.TolerationNotValid)
	b.Build.Status.Message = ptr.To("Specifying TolerationSeconds is not supported.")
	}
	}
	ok, reason, msg := BuildRunTolerations(b.Build.Spec.Tolerations)
	if !ok {
	b.Build.Status.Reason = reason
	b.Build.Status.Message = msg
	}
	return nil

[adambkaplan]

nit (not blocking): keep k8s.io imports grouped together above.

[adambkaplan]

👍 on the reference doc!

[adambkaplan]

Ditto here - there is a refactoring opportunity to consolidate the logic into a single function.

[adambkaplan]

Not blocking - if possible, I'd love to have unit-style Ginkgo tests that cover all the possible validation exceptions.

This can be done in a follow-up pull request, as we currently don't have similar levels of unit test coverage for the node selector validations. We have test coverage elsewhere in this PR.

[adambkaplan]

(not-blocking): would like to have unit test coverage here.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [adambkaplan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dorzel]

@adambkaplan @SaschaSchwarze0 Is this ok for merge? I'll plan on addressing the comments above in #1770

[SaschaSchwarze0]

/lgtm