Skip to content
This repository was archived by the owner on May 17, 2024. It is now read-only.

Commit 9987e04

Browse files
jetstack-botjetstack-bot
authored
Merge pull request #38 from jetstack/fix-prefixes-and-namespaces
Ensure we prefix all names correctly and allow custom namespaces
2 parents 6ac5be9 + b7dc699 commit 9987e04

File tree

5 files changed

+74
-62
lines changed

5 files changed

+74
-62
lines changed

demo/manifests/components/contour.jsonnet

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,16 @@ local apiVersion = 'v1beta1';
1212

1313
{
1414
p:: '',
15+
app:: 'contour',
16+
17+
name:: $.p + $.app,
1518

1619
namespace:: 'contour',
1720

1821
labels:: {
1922
metadata+: {
2023
labels+: {
21-
app: 'contour',
24+
app: $.app,
2225
},
2326
},
2427
},
@@ -36,15 +39,15 @@ local apiVersion = 'v1beta1';
3639

3740
clusterRole: contour_clusterrole + $.labels,
3841

39-
serviceAccount: kube.ServiceAccount($.p + 'contour') + $.metadata {
42+
serviceAccount: kube.ServiceAccount($.name) + $.metadata {
4043
},
4144

42-
clusterRoleBinding: kube.ClusterRoleBinding($.p + 'contour') + $.metadata {
45+
clusterRoleBinding: kube.ClusterRoleBinding($.name) + $.metadata {
4346
roleRef_: $.clusterRole,
4447
subjects_+: [$.serviceAccount],
4548
},
4649

47-
deployment: kube.Deployment($.p + 'contour') + $.metadata {
50+
deployment: kube.Deployment($.name) + $.metadata {
4851
local this = self,
4952
spec+: {
5053
replicas: 1,
@@ -123,7 +126,7 @@ local apiVersion = 'v1beta1';
123126
},
124127
},
125128

126-
svc: kube._Object('v1', 'Service', 'contour') + $.metadata {
129+
svc: kube._Object('v1', 'Service', $.name) + $.metadata {
127130
metadata+: {
128131
annotations+: {
129132
'service.beta.kubernetes.io/aws-load-balancer-backend-protocol': 'tcp',

demo/manifests/components/dex.jsonnet

Lines changed: 19 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -41,31 +41,21 @@ local fakeHashFNV(input) =
4141
// This hashes clientIDs and emails to metadata names for dex crds
4242
local dexNameHash(s) = std.asciiLower(std.strReplace(base32.base32(fakeHashFNV(s)), '=', ''));
4343

44-
4544
{
4645
// Create a entry in the password DB
47-
Password(email, hash):: kube._Object(dexAPIGroup + '/' + dexAPIVersion, 'Password', dexNameHash(email)) + {
48-
metadata+: {
49-
namespace: $.namespace,
50-
},
46+
Password(email, hash):: kube._Object(dexAPIGroup + '/' + dexAPIVersion, 'Password', dexNameHash(email)) + $.metadata {
5147
email: email,
5248
hash: std.base64(hash),
5349
username: email,
5450
},
5551

5652
// Create a client configuration for dex
57-
Client(name):: kube._Object(dexAPIGroup + '/' + dexAPIVersion, 'OAuth2Client', dexNameHash(name)) + {
58-
metadata+: {
59-
namespace: $.namespace,
60-
},
53+
Client(name):: kube._Object(dexAPIGroup + '/' + dexAPIVersion, 'OAuth2Client', dexNameHash(name)) + $.metadata {
6154
id: name,
6255
},
6356

6457
// Create a connector configuration for dex
65-
Connector(id, name, type, config):: kube._Object(dexAPIGroup + '/' + dexAPIVersion, 'Connector', id) + {
66-
metadata+: {
67-
namespace: $.namespace,
68-
},
58+
Connector(id, name, type, config):: kube._Object(dexAPIGroup + '/' + dexAPIVersion, 'Connector', id) + $.metadata {
6959
id: id,
7060
name: name,
7161
type: type,
@@ -76,12 +66,15 @@ local dexNameHash(s) = std.asciiLower(std.strReplace(base32.base32(fakeHashFNV(s
7666

7767
p:: '',
7868

79-
namespace:: 'auth',
80-
8169
base_domain:: 'example.net',
8270

8371
app:: 'dex',
84-
domain:: $.app + '.' + $.base_domain,
72+
73+
name:: $.p + $.app,
74+
75+
domain:: $.name + '.' + $.base_domain,
76+
77+
namespace:: 'foo',
8578

8679
labels:: {
8780
metadata+: {
@@ -121,10 +114,10 @@ local dexNameHash(s) = std.asciiLower(std.strReplace(base32.base32(fakeHashFNV(s
121114
},
122115
enablePasswordDB: true,
123116
},
124-
serviceAccount: kube.ServiceAccount($.p + $.app) + $.metadata {
117+
serviceAccount: kube.ServiceAccount($.name) + $.metadata {
125118
},
126119

127-
role: kube.Role($.p + $.app) + $.metadata {
120+
role: kube.Role($.name) + $.metadata {
128121
rules: [
129122
{
130123
apiGroups: [''],
@@ -134,7 +127,7 @@ local dexNameHash(s) = std.asciiLower(std.strReplace(base32.base32(fakeHashFNV(s
134127
],
135128
},
136129

137-
clusterRole: kube.ClusterRole($.p + $.app) + $.metadata {
130+
clusterRole: kube.ClusterRole($.name) + $.metadata {
138131
rules: [
139132
{
140133
apiGroups: ['dex.coreos.com'], // API group created by dex
@@ -149,29 +142,29 @@ local dexNameHash(s) = std.asciiLower(std.strReplace(base32.base32(fakeHashFNV(s
149142
],
150143
},
151144

152-
roleBinding: kube.RoleBinding($.p + $.app) + $.metadata {
145+
roleBinding: kube.RoleBinding($.name) + $.metadata {
153146
roleRef_: $.role,
154147
subjects_+: [$.serviceAccount],
155148
},
156149

157-
clusterRoleBinding: kube.ClusterRoleBinding($.p + $.app) + $.metadata {
150+
clusterRoleBinding: kube.ClusterRoleBinding($.name) + $.metadata {
158151
roleRef_: $.clusterRole,
159152
subjects_+: [$.serviceAccount],
160153
},
161154

162-
disruptionBudget: kube.PodDisruptionBudget($.p + $.app) + $.metadata {
155+
disruptionBudget: kube.PodDisruptionBudget($.name) + $.metadata {
163156
target_pod: $.deployment.spec.template,
164157
spec+: { maxUnavailable: 1 },
165158
},
166159

167160

168161
// ConfigMap for additional Java security properties
169-
configMap: kube.ConfigMap($.p + $.app) + $.metadata {
162+
configMap: kube.ConfigMap($.name) + $.metadata {
170163
data+: {
171164
'config.yaml': std.manifestJsonEx($.config, ' '),
172165
},
173166
},
174-
deployment: kube.Deployment($.p + $.app) + $.metadata {
167+
deployment: kube.Deployment($.name) + $.metadata {
175168
local this = self,
176169
spec+: {
177170
replicas: 1,
@@ -189,7 +182,7 @@ local dexNameHash(s) = std.asciiLower(std.strReplace(base32.base32(fakeHashFNV(s
189182
config: kube.ConfigMapVolume($.configMap),
190183
tls: {
191184
secret: {
192-
secretName: $.p + 'dex-tls',
185+
secretName: $.name + '-tls',
193186
},
194187
},
195188
},
@@ -262,7 +255,7 @@ local dexNameHash(s) = std.asciiLower(std.strReplace(base32.base32(fakeHashFNV(s
262255
]
263256
),
264257

265-
svc: kube.Service($.p + $.app) + $.metadata {
258+
svc: kube.Service($.name) + $.metadata {
266259
target_pod: $.deployment.spec.template,
267260
spec+: {
268261
sessionAffinity: 'None',

demo/manifests/components/gangway.jsonnet

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,10 @@ local GANGWAY_TLS_VOLUME_PATH = GANGWAY_CONFIG_VOLUME_PATH + '/tls';
1414
base_domain:: 'cluster.local',
1515

1616
app:: 'gangway',
17-
domain:: $.app + '.' + $.base_domain,
17+
18+
name:: $.p + $.app,
19+
20+
domain:: $.name + '.' + $.base_domain,
1821
gangway_url:: 'https://' + $.domain,
1922

2023
namespace:: 'gangway',
@@ -55,19 +58,19 @@ local GANGWAY_TLS_VOLUME_PATH = GANGWAY_CONFIG_VOLUME_PATH + '/tls';
5558
},
5659

5760

58-
configMap: kube.ConfigMap($.p + $.app) + $.metadata {
61+
configMap: kube.ConfigMap($.name) + $.metadata {
5962
data+: {
6063
'gangway.yaml': std.manifestJsonEx($.config, ' '),
6164
},
6265
},
6366

64-
secret: kube.Secret($.p + $.app) + $.metadata {
67+
secret: kube.Secret($.name) + $.metadata {
6568
data_+: {
6669
'session-security-key': $.sessionSecurityKey,
6770
},
6871
},
6972

70-
deployment: kube.Deployment($.p + $.app) + $.metadata {
73+
deployment: kube.Deployment($.name) + $.metadata {
7174
local this = self,
7275
spec+: {
7376
replicas: 1,
@@ -85,7 +88,7 @@ local GANGWAY_TLS_VOLUME_PATH = GANGWAY_CONFIG_VOLUME_PATH + '/tls';
8588
config: kube.ConfigMapVolume($.configMap),
8689
tls: {
8790
secret: {
88-
secretName: $.p + $.app + '-tls',
91+
secretName: $.name + '-tls',
8992
},
9093
},
9194
},
@@ -124,7 +127,7 @@ local GANGWAY_TLS_VOLUME_PATH = GANGWAY_CONFIG_VOLUME_PATH + '/tls';
124127
},
125128
},
126129

127-
svc: kube.Service($.p + $.app) + $.metadata {
130+
svc: kube.Service($.name) + $.metadata {
128131
target_pod: $.deployment.spec.template,
129132
},
130133
}

demo/manifests/components/kube-oidc-proxy.jsonnet

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,10 @@ local READINESS_PORT = 8080;
1111
base_domain:: 'example.net',
1212

1313
app:: 'kube-oidc-proxy',
14-
domain:: $.app + '.' + $.base_domain,
14+
15+
name:: $.p + $.app,
16+
17+
domain:: $.name + '.' + $.base_domain,
1518

1619
namespace:: 'kube-oidc-proxy',
1720

@@ -45,7 +48,7 @@ local READINESS_PORT = 8080;
4548
},
4649
},
4750

48-
clusterRole: kube.ClusterRole($.p + $.app) + $.metadata {
51+
clusterRole: kube.ClusterRole($.name) + $.metadata {
4952
rules: [
5053
{
5154
apiGroups: [''],
@@ -60,9 +63,9 @@ local READINESS_PORT = 8080;
6063
],
6164
},
6265

63-
serviceAccount: kube.ServiceAccount($.p + $.app) + $.metadata,
66+
serviceAccount: kube.ServiceAccount($.name) + $.metadata,
6467

65-
clusterRoleBinding: kube.ClusterRoleBinding($.p + $.app) + $.metadata {
68+
clusterRoleBinding: kube.ClusterRoleBinding($.name) + $.metadata {
6669
roleRef_: $.clusterRole,
6770
subjects_+: [$.serviceAccount],
6871
},
@@ -77,7 +80,7 @@ local READINESS_PORT = 8080;
7780
else {},
7881
},
7982

80-
deployment: kube.Deployment($.p + $.app) + $.metadata {
83+
deployment: kube.Deployment($.name) + $.metadata {
8184
local this = self,
8285

8386
spec+: {
@@ -138,7 +141,7 @@ local READINESS_PORT = 8080;
138141
oidc: kube.SecretVolume($.oidcSecret),
139142
serving: {
140143
secret: {
141-
secretName: $.p + $.app + '-tls',
144+
secretName: $.name + '-tls',
142145
},
143146
},
144147
},
@@ -147,7 +150,7 @@ local READINESS_PORT = 8080;
147150
},
148151
},
149152

150-
svc: kube.Service($.p + $.app) + $.metadata {
153+
svc: kube.Service($.name) + $.metadata {
151154
target_pod: $.deployment.spec.template,
152155
port: $.config.secureServing.port,
153156

0 commit comments

Comments
 (0)