mirror of
https://github.com/sourcegraph/sourcegraph.git
synced 2026-02-06 19:51:50 +00:00
f8cc07220a
For Executors on Native Kubernetes deployments, the option to run jobs in a single pod has been available since Native Kubernetes has been around. The purpose of running jobs in a single pod is: 1. Efficiency. Jobs require three steps at least, and without specifying a single pod, that requires spinning up three pods. 2. Security. For Batch Changes, when jobs are run across several pods, `git`'s `safe.directory` must be set to avoid untrusted users or processes injecting code or an attack. Running the job in one pod removes the need for `safe.directory`. 3. Usability. Because of the need to set `safe.directory`, `root` access to write to `git`'s global config is required, which means that many times special configurations and sign-offs from security teams must be used for Batch Change setups. This PR takes a step toward using single pod jobs only in enabling them by default instead of requiring an environment variable to enable them. The same environment variable that was used to enable them - `KUBERNETES_SINGLE_JOB_POD` - is still available to disable them by setting it to `false`. ## Test plan Bazel and CI for now ## Changelog |
||
|---|---|---|
| .. | ||
| BUILD.bazel | ||
| config_test.go | ||
| config.go | ||
| consts.go | ||
| kubernetes_test.go | ||
| kubernetes.go | ||