DRONE_POLICY_FILE annotations don't seem to work

trondhindenes · July 30, 2020, 6:17pm

after learning about policies (Global podAnnotations for runner pods),
we’re using this configmap as drone policy:

apiVersion: v1
kind: ConfigMap
metadata:
  name: drone-cfg
  namespace: {{ drone_runner_target_namespace }}
data:
  runner-policies.yaml: |
    # https://github.com/drone-runners/drone-runner-kube/pull/18#issuecomment-637674508
    ---
    kind: policy
    name: default

    metadata:
      annotations:
        iam.amazonaws.com/role: drone-runner-prod

    node_selector:
      company.com/instancegroup-set: build-runner
    
    tolerations:
    - key: node-purpose
      operator: Equal
      value: build
      effect: NoSchedule

node selector and tolerations work perfectly, builds are spun up on dedicated nodes which is awesome. However, the configured annotations are not applied onto the build pods. Could this be a bug?

bradrydzewski · July 30, 2020, 6:30pm

I took a look at the source and it looks like annotations are being appended:

github.com

drone-runners/drone-runner-kube/blob/master/engine/policy/policy.go#L81


	// note that labels are appended as opposed to replaced
	// to ensure they do not remove Drone internal defaults.
	if v := p.Metadata.Labels; v != nil {
		p.Metadata.Labels = environ.Combine(p.Metadata.Labels, v)
	}

	// apply annotations.
	// note that annotations are appended as opposed to replaced
	// to ensure they do not remove Drone internal defaults.
	if v := p.Metadata.Annotations; v != nil {
		p.Metadata.Annotations = environ.Combine(p.Metadata.Annotations, v)
	}

	// apply resource requests
	if v := p.Resources.Request.CPU; v != 0 {
		for _, s := range spec.Steps {
			s.Resources.Requests.CPU = v
		}
	}
	if v := p.Resources.Request.Memory; v != 0 {
		for _, s := range spec.Steps {

I don’t have time to deep dive on this right now, but perhaps you can take a look at the code and see if you notice anything? Also remember that you need to restart the runner if you make changes to the policy file.

trondhindenes · August 2, 2020, 8:14am

I can test a policy including labels to see how that works. I’m not familiar enough with the codebase (or Golang) to understand how the annotation merging happens, and what happens to the annotations struct afterwards.

bradrydzewski · August 2, 2020, 12:57pm

I found the problem and pushed an update, which is available in the latest docker image.

trondhindenes · August 2, 2020, 1:29pm

awesome, thanks! I’ll verify right away.

trondhindenes · August 2, 2020, 1:46pm

yup, confirmed. Thanks for fixing!!