Use utils functions

This commit is contained in:
Carlos de Paula 2019-10-09 17:11:17 -03:00
parent 47711c5ed6
commit 5fd83a4ef2
2 changed files with 90 additions and 35 deletions

View File

@ -15,15 +15,8 @@ local utils = import 'utils.libsonnet';
}, },
armExporter+:: { armExporter+:: {
clusterRoleBinding: serviceAccount:
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; utils.newServiceAccount('arm-exporter', $._config.namespace, null),
clusterRoleBinding.new() +
clusterRoleBinding.mixin.metadata.withName('arm-exporter') +
clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') +
clusterRoleBinding.mixin.roleRef.withName('arm-exporter') +
clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) +
clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'arm-exporter', namespace: $._config.namespace }]),
clusterRole: clusterRole:
utils.newClusterRole('arm-exporter', [ utils.newClusterRole('arm-exporter', [
@ -35,13 +28,10 @@ local utils = import 'utils.libsonnet';
res: ['subjectaccessreviews'], res: ['subjectaccessreviews'],
verbs: ['create'] verbs: ['create']
} }
]), ], null),
serviceAccount: clusterRoleBinding:
local serviceAccount = k.core.v1.serviceAccount; utils.newClusterRoleBinding('arm-exporter', 'arm-exporter', $._config.namespace, 'arm-exporter', null),
serviceAccount.new('arm-exporter') +
serviceAccount.mixin.metadata.withNamespace($._config.namespace),
daemonset: daemonset:
local daemonset = k.apps.v1.daemonSet; local daemonset = k.apps.v1.daemonSet;
@ -84,16 +74,6 @@ local utils = import 'utils.libsonnet';
daemonset.mixin.spec.template.spec.withServiceAccountName('arm-exporter') + daemonset.mixin.spec.template.spec.withServiceAccountName('arm-exporter') +
daemonset.mixin.spec.template.spec.withContainers(c), daemonset.mixin.spec.template.spec.withContainers(c),
serviceMonitor:
utils.newServiceMonitorHTTPS('arm-exporter',
$._config.namespace,
{'k8s-app': 'arm-exporter'},
$._config.namespace,
'https',
'https',
'/var/run/secrets/kubernetes.io/serviceaccount/token',
),
service: service:
local service = k.core.v1.service; local service = k.core.v1.service;
local servicePort = k.core.v1.service.mixin.spec.portsType; local servicePort = k.core.v1.service.mixin.spec.portsType;
@ -104,5 +84,15 @@ local utils = import 'utils.libsonnet';
service.mixin.metadata.withNamespace($._config.namespace) + service.mixin.metadata.withNamespace($._config.namespace) +
service.mixin.metadata.withLabels({ 'k8s-app': 'arm-exporter' }) + service.mixin.metadata.withLabels({ 'k8s-app': 'arm-exporter' }) +
service.mixin.spec.withClusterIp('None'), service.mixin.spec.withClusterIp('None'),
serviceMonitor:
utils.newServiceMonitorHTTPS('arm-exporter',
$._config.namespace,
{'k8s-app': 'arm-exporter'},
$._config.namespace,
'https',
'https',
'/var/run/secrets/kubernetes.io/serviceaccount/token',
),
}, },
} }

View File

@ -2,6 +2,15 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
local vars = import 'vars.jsonnet'; local vars = import 'vars.jsonnet';
{ {
// Generates the manifests for all objects in kp except those starting with "_"
generate(kp):: (
{
[std.asciiLower(module) + '-' + name]: kp[module][name]
for module in std.objectFieldsAll(kp) if !std.startsWith(module, '_')
for name in std.objectFields(kp[module])
}
),
// Join multiple objects into one // Join multiple objects into one
join_objects(objs):: join_objects(objs)::
local aux(arr, i, running) = local aux(arr, i, running) =
@ -11,30 +20,53 @@ local vars = import 'vars.jsonnet';
aux(arr, i + 1, running + arr[i]) tailstrict; aux(arr, i + 1, running + arr[i]) tailstrict;
aux(objs, 0, {}), aux(objs, 0, {}),
// Creates serviceaccount
newServiceAccount(name, namespace, labels):: (
local serviceAccount = k.core.v1.serviceAccount;
serviceAccount.new(name)
+ (if labels != null then serviceAccount.mixin.metadata.withLabels(labels) else {})
+ serviceAccount.mixin.metadata.withNamespace(namespace)
),
// Creates ClusterRoles // Creates ClusterRoles
// roles format example: {apis: ['authentication.k8s.io'], // roles format example: [{apis: ['authentication.k8s.io'],
// res: ['tokenreviews'], // res: ['tokenreviews'],
// verbs: ['create'] // verbs: ['create']
// } // },[{...}]]
newClusterRole(name, roles):: ( newClusterRole(name, roles, labels):: (
local clusterRole = k.rbac.v1.clusterRole; local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType; local policyRule = clusterRole.rulesType;
local p(apigroups, resources, verbs) = policyRule.new() + local p(apigroups, resources, verbs) = policyRule.new()
policyRule.withApiGroups([a for a in apigroups]) + + policyRule.withApiGroups([a for a in apigroups])
policyRule.withResources([r for r in resources]) + + policyRule.withResources([r for r in resources])
policyRule.withVerbs([v for v in verbs]); + policyRule.withVerbs([v for v in verbs]);
local r = [ p(pol.apis, pol.res, pol.verbs) for pol in roles ]; local r = [ p(pol.apis, pol.res, pol.verbs) for pol in roles ];
local rules = r; local rules = r;
local c = clusterRole.new() + local c = clusterRole.new()
clusterRole.mixin.metadata.withName(name) + + (if labels != null then clusterRole.mixin.metadata.withLabels(labels) else {})
clusterRole.withRules(rules); + clusterRole.mixin.metadata.withName(name) +
+ clusterRole.withRules(rules);
c c
), ),
// Creates a ClusterRoleBinding between a `clusterRole` and a `serviceAccount` on `serviceAccountNamespace`
newClusterRoleBinding(name, serviceAccount, serviceAccountNamespace, clusterRole, labels):: (
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
clusterRoleBinding.new()
+ clusterRoleBinding.mixin.metadata.withName(name) +
+ (if labels != null then clusterRoleBinding.mixin.metadata.withLabels(labels) else {})
+ clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io')
+ clusterRoleBinding.mixin.roleRef.withName(clusterRole)
+ clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' })
+ clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', 'name': serviceAccount, 'namespace': serviceAccountNamespace }])
),
// Creates endpoint objects // Creates endpoint objects
newEndpoint(name, namespace, ips, portName, portNumber):: ( newEndpoint(name, namespace, ips, portName, portNumber):: (
local endpoints = k.core.v1.endpoints; local endpoints = k.core.v1.endpoints;
@ -81,6 +113,39 @@ local vars = import 'vars.jsonnet';
) )
), ),
// Creates new basic deployments
newDeployment(name, namespace, image, cmd, port):: (
local deployment = k.apps.v1.deployment;
local container = k.apps.v1.deployment.mixin.spec.template.spec.containersType;
local containerPort = container.portsType;
local con =
container.new(name, image)
+ (if cmd != null then container.withCommand(cmd) else {})
+ container.withPorts(containerPort.newNamed(port, name+'-port'));
local c = [con];
local d = deployment.new(name, 1, c, {'app': name}) +
deployment.mixin.metadata.withNamespace(namespace) +
deployment.mixin.metadata.withLabels({'app': name}) +
deployment.mixin.spec.selector.withMatchLabels({'app': name}) +
deployment.mixin.spec.strategy.withType('RollingUpdate') +
deployment.mixin.spec.template.spec.withRestartPolicy('Always');
d
),
newService(name, namespace, port):: (
local service = k.core.v1.service;
local servicePort = k.core.v1.service.mixin.spec.portsType;
local p = servicePort.newNamed(name, port, port);
local s = service.new(name, {'app': name}, p) +
service.mixin.metadata.withNamespace(namespace) +
service.mixin.metadata.withLabels({'app': name});
s
),
// Creates http ServiceMonitor objects // Creates http ServiceMonitor objects
newServiceMonitor(name, namespace, matchLabel, matchNamespace, portName, portScheme, path='metrics'):: ( newServiceMonitor(name, namespace, matchLabel, matchNamespace, portName, portScheme, path='metrics'):: (
{ {