feat(k8s): add function for injecting names from hashed data objects (#…

…33)
hall · Sep 26, 2023 · de856f9 · de856f9
1 parent 71cb0a2
commit de856f9
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 1 deletion.
diff --git a/lib/k8s/default.nix b/lib/k8s/default.nix
@@ -62,6 +62,23 @@ with lib; rec {
       } // labels;
     };
 
+  # Returns "<name>-<hash(data)>"
+  mkNameHash = { name, data, length ? 10 }:
+    "${name}-${builtins.substring 0 length (builtins.hashString "sha1" (builtins.toJSON data))}";
+
+  # Returns the same resources with addition of injected (or overwritten) metadata.name with hashed data
+  # name of the resource in Nix does not change for reference reasons
+  # useful for the ConfigMap and Secret resources
+  injectHashedNames = attrs:
+    lib.mapAttrs
+      (name: o:
+        recursiveUpdate o {
+          metadata.name = mkNameHash { inherit name; data = o.data; };
+        }
+      )
+      attrs;
+
+
   inherit (lib) toBase64;
   inherit (lib) octalToDecimal;
 }
diff --git a/modules/k8s.nix b/modules/k8s.nix
@@ -257,6 +257,39 @@ with lib; let
       (types.listOf (types.submodule submodule))
       (mergeValuesByFn keyFn)
       (types.attrsOf (types.submodule submodule));
+
+  # inject hashed names for referencing inside modules, example:
+  # pod = {
+  #   containers.nginx = {
+  #     image = "nginx:1.25.1";
+  #     volumeMounts = {
+  #       "/etc/nginx".name = "config";
+  #       "/var/lib/html".name = "static";
+  #     };
+  #   };
+  #   volumes = {
+  #     config.configMap.name = config.kubernetes.resources.configMaps.nginx-config.metadata.name;
+  #     static.configMap.name = config.kubernetes.resources.configMaps.nginx-static.metadata.name;
+  #   };
+  # };
+  optionalHashedNames = object:
+    if cfg.enableHashedNames then
+      recursiveUpdate object
+        (mapAttrs
+          (ks: v:
+            if builtins.elem ks [ "configMaps" "secrets" ] then
+              k8s.injectHashedNames v
+            else
+              v
+          )
+          object)
+    else object;
+
+  # inject hashed names in the output
+  optionalHashedNames' = object: kind:
+    if cfg.enableHashedNames && elem kind [ "ConfigMap" "Secret" ] then
+      k8s.injectHashedNames object
+    else object;
 in
 {
   imports = [ ./base.nix ];
@@ -319,6 +352,7 @@ in
       description = "Alias for `config.kubernetes.api.resources` options";
       default = { };
       type = types.attrsOf types.attrs;
+      apply = optionalHashedNames;
     };
 
     customTypes = mkOption {
@@ -411,6 +445,12 @@ in
       description = "Genrated kubernetes YAML file";
       type = types.package;
     };
+
+    enableHashedNames = mkOption {
+      description = "Enable hashing of resource (ConfigMap,Secret) names";
+      type = types.bool;
+      default = false;
+    };
   };
 
   config = {
@@ -497,7 +537,7 @@ in
     kubernetes.objects = flatten (mapAttrsToList
       (_: type:
         mapAttrsToList (_name: moduleToAttrs)
-          cfg.api.resources.${type.group}.${type.version}.${type.kind}
+          (optionalHashedNames' cfg.api.resources.${type.group}.${type.version}.${type.kind} type.kind)
       )
       cfg.api.types);