From 39b49e9f4d8aef870d648a0b254d1d817215b788 Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Mon, 17 Feb 2025 16:35:43 +0100 Subject: [PATCH] Refactor component to emit each K8s manifest in an individual file This makes the OpenShift 4 install instructions which copy the output of this component into the bootstrap manifests simpler since the OpenShift 4 bootstrap process requires that each K8s manifest is in its own file. --- component/main.jsonnet | 42 ++++++++++++------- ..._cloudscale_cloud_controller_manager.yaml} | 6 --- ..._kube_system_cloud_controller_manager.yaml | 5 +++ ...role_system:cloud-controller-manager.yaml} | 13 ------ ...nding_system:cloud-controller-manager.yaml | 12 ++++++ ..._cloudscale_cloud_controller_manager.yaml} | 6 --- ..._kube_system_cloud_controller_manager.yaml | 5 +++ ...role_system:cloud-controller-manager.yaml} | 13 ------ ...nding_system:cloud-controller-manager.yaml | 12 ++++++ ...d_controller_manager_ccm_hostnetwork.yaml} | 0 10 files changed, 62 insertions(+), 52 deletions(-) rename tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/{10_daemonset.yaml => 10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml} (91%) create mode 100644 tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml rename tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/{20_rbac.yaml => 20_rbac_clusterrole_system:cloud-controller-manager.yaml} (77%) create mode 100644 tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml rename tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/{10_daemonset.yaml => 10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml} (92%) create mode 100644 tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml rename tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/{20_rbac.yaml => 20_rbac_clusterrole_system:cloud-controller-manager.yaml} (77%) create mode 100644 tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml rename tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/{30_custom_rbac.yaml => 30_custom_rbac_rolebinding_syn_cloudscale_cloud_controller_manager_ccm_hostnetwork.yaml} (100%) diff --git a/component/main.jsonnet b/component/main.jsonnet index 2a411a9..2ae8dc7 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -76,6 +76,19 @@ local customRBAC = if isOpenShift then else []; +local objKey(prefix, obj) = + local sanitize(str) = + std.asciiLower(std.strReplace(std.strReplace(str, '-', '_'), ':', '_')); + local nsname = if std.objectHas(obj.metadata, 'namespace') then + '%s_%s' % [ sanitize(obj.metadata.namespace), sanitize(obj.metadata.name) ] + else + obj.metadata.name; + '%s_%s_%s' % [ prefix, sanitize(obj.kind), nsname ]; + +// NOTE(sg): We generate individual files for each object here so that we +// don't need to further process the rendered manifests to feed them to the +// OpenShift install process which requires that additional manifests are +// stored in individual files. { [if params.namespace != 'kube-system' then '00_namespace']: kube.Namespace(params.namespace) { @@ -88,16 +101,16 @@ else }, }, '01_secret': tokenSecret, - '10_daemonset': [ - patchDaemonset(object) { - metadata+: { - namespace: params.namespace, - }, - } - for object in manifests - if std.setMember(object.kind, [ 'DaemonSet', 'ServiceAccount' ]) - ], - '20_rbac': [ +} + { + [objKey('10_ccm', object)]: patchDaemonset(object) { + metadata+: { + namespace: params.namespace, + }, + } + for object in manifests + if std.setMember(object.kind, [ 'DaemonSet', 'ServiceAccount' ]) +} + { + [objKey('20_rbac', object)]: object + if std.objectHas(object, 'subjects') then { subjects: [ @@ -109,8 +122,9 @@ else } else {} - for object in manifests - if std.setMember(object.kind, [ 'ClusterRole', 'ClusterRoleBinding' ]) - ], - [if std.length(customRBAC) > 0 then '30_custom_rbac']: customRBAC, + for object in manifests + if std.setMember(object.kind, [ 'ClusterRole', 'ClusterRoleBinding' ]) +} + { + [objKey('30_custom_rbac', object)]: object + for object in customRBAC } diff --git a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_daemonset.yaml b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml similarity index 91% rename from tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_daemonset.yaml rename to tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml index 82325dd..4e2a1b0 100644 --- a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_daemonset.yaml +++ b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml @@ -1,9 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cloud-controller-manager - namespace: syn-cloudscale-cloud-controller-manager ---- apiVersion: apps/v1 kind: DaemonSet metadata: diff --git a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml new file mode 100644 index 0000000..eddf060 --- /dev/null +++ b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: syn-cloudscale-cloud-controller-manager diff --git a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac.yaml b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml similarity index 77% rename from tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac.yaml rename to tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml index 5bdcd49..c78649f 100644 --- a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac.yaml +++ b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml @@ -82,16 +82,3 @@ rules: - get - create - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:cloud-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager -subjects: - - kind: ServiceAccount - name: cloud-controller-manager - namespace: syn-cloudscale-cloud-controller-manager diff --git a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml new file mode 100644 index 0000000..17cd317 --- /dev/null +++ b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: syn-cloudscale-cloud-controller-manager diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_daemonset.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml similarity index 92% rename from tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_daemonset.yaml rename to tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml index aea1971..9702e06 100644 --- a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_daemonset.yaml +++ b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml @@ -1,9 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cloud-controller-manager - namespace: syn-cloudscale-cloud-controller-manager ---- apiVersion: apps/v1 kind: DaemonSet metadata: diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml new file mode 100644 index 0000000..eddf060 --- /dev/null +++ b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: syn-cloudscale-cloud-controller-manager diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml similarity index 77% rename from tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac.yaml rename to tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml index 5bdcd49..c78649f 100644 --- a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac.yaml +++ b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml @@ -82,16 +82,3 @@ rules: - get - create - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:cloud-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager -subjects: - - kind: ServiceAccount - name: cloud-controller-manager - namespace: syn-cloudscale-cloud-controller-manager diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml new file mode 100644 index 0000000..17cd317 --- /dev/null +++ b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: syn-cloudscale-cloud-controller-manager diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/30_custom_rbac.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/30_custom_rbac_rolebinding_syn_cloudscale_cloud_controller_manager_ccm_hostnetwork.yaml similarity index 100% rename from tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/30_custom_rbac.yaml rename to tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/30_custom_rbac_rolebinding_syn_cloudscale_cloud_controller_manager_ccm_hostnetwork.yaml