From 804baf70def9d4f3f2c231113072fa0e979ba16c Mon Sep 17 00:00:00 2001 From: Stephan Feurer Date: Thu, 27 Feb 2025 10:46:04 +0100 Subject: [PATCH] Initial implementation --- .github/workflows/test.yaml | 2 - Makefile | 1 + Makefile.custom.mk | 2 + Makefile.vars.mk | 4 +- class/defaults.yml | 9 ++++- class/namespaces.yml | 2 +- component/app.jsonnet | 19 +++++++-- component/main.jsonnet | 34 ++++++++++++++++ docs/modules/ROOT/pages/index.adoc | 5 +++ .../ROOT/pages/references/parameters.adoc | 40 ++++++++++++++++--- tests/defaults.yml | 3 -- .../defaults/namespaces/apps/namespaces.yaml | 0 .../team1/namespaces/apps/namespaces.yaml | 0 tests/golden/team1/team1/apps/team1.yaml | 4 ++ .../team1/team1/team1/my-namespace.yaml | 9 +++++ .../team2/namespaces/apps/namespaces.yaml | 0 tests/golden/team2/team2/apps/team2.yaml | 4 ++ tests/golden/team2/team2/team2/fancy-app.yaml | 9 +++++ tests/team1.yml | 12 ++++-- tests/team2.yml | 9 +++-- 20 files changed, 144 insertions(+), 24 deletions(-) create mode 100644 Makefile.custom.mk delete mode 100644 tests/defaults.yml delete mode 100644 tests/golden/defaults/namespaces/apps/namespaces.yaml delete mode 100644 tests/golden/team1/namespaces/apps/namespaces.yaml create mode 100644 tests/golden/team1/team1/apps/team1.yaml create mode 100644 tests/golden/team1/team1/team1/my-namespace.yaml delete mode 100644 tests/golden/team2/namespaces/apps/namespaces.yaml create mode 100644 tests/golden/team2/team2/apps/team2.yaml create mode 100644 tests/golden/team2/team2/team2/fancy-app.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index fc75f8f..a76ed44 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -32,7 +32,6 @@ jobs: strategy: matrix: instance: - - defaults - team1 - team2 defaults: @@ -49,7 +48,6 @@ jobs: strategy: matrix: instance: - - defaults - team1 - team2 defaults: diff --git a/Makefile b/Makefile index 696a2e9..daba018 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ SHELL := bash .SUFFIXES: include Makefile.vars.mk +include Makefile.custom.mk .PHONY: help help: ## Show this help diff --git a/Makefile.custom.mk b/Makefile.custom.mk new file mode 100644 index 0000000..6e30823 --- /dev/null +++ b/Makefile.custom.mk @@ -0,0 +1,2 @@ +# Configure instance alias for commodore component compile +commodore_args += --alias $(instance) diff --git a/Makefile.vars.mk b/Makefile.vars.mk index 433b884..c79864f 100644 --- a/Makefile.vars.mk +++ b/Makefile.vars.mk @@ -49,5 +49,5 @@ KUBENT_ARGS ?= -c=false --helm3=false -e KUBENT_IMAGE ?= ghcr.io/doitintl/kube-no-trouble:latest KUBENT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE) -instance ?= defaults -test_instances = tests/defaults.yml tests/team1.yml tests/team2.yml +instance ?= team1 +test_instances = tests/team1.yml tests/team2.yml diff --git a/class/defaults.yml b/class/defaults.yml index a350368..8a62c85 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -1,5 +1,12 @@ parameters: namespaces: =_metadata: + multi_instance: true multi_tenant: true - namespace: syn-namespaces + + ignoreList: + - default + - kube + - syn + + namespaces: {} diff --git a/class/namespaces.yml b/class/namespaces.yml index 327ccbe..ccc68d4 100644 --- a/class/namespaces.yml +++ b/class/namespaces.yml @@ -8,4 +8,4 @@ parameters: - input_paths: - ${_base_directory}/component/main.jsonnet input_type: jsonnet - output_path: namespaces/ + output_path: ${_instance}/ diff --git a/component/app.jsonnet b/component/app.jsonnet index 422059b..a63b130 100644 --- a/component/app.jsonnet +++ b/component/app.jsonnet @@ -1,14 +1,25 @@ +local argocd = import 'lib/argocd.libjsonnet'; local kap = import 'lib/kapitan.libjsonnet'; local inv = kap.inventory(); -local params = inv.parameters.namespaces; -local argocd = import 'lib/argocd.libjsonnet'; +local instance = inv.parameters._instance; + +// Prevent creating a non-instantiated instance +assert instance != 'namespaces' : 'component must be instantiated with a name'; -local app = argocd.App('namespaces', params.namespace); +local app = argocd.App(instance, 'default') { + spec+: { + syncPolicy+: { + syncOptions+: [ + 'ServerSideApply=true', + ], + }, + }, +}; local appPath = local project = std.get(std.get(app, 'spec', {}), 'project', 'syn'); if project == 'syn' then 'apps' else 'apps-%s' % project; { - ['%s/namespaces' % appPath]: app, + ['%s/%s' % [ appPath, instance ]]: app, } diff --git a/component/main.jsonnet b/component/main.jsonnet index 4357ac8..0a048c4 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -1,10 +1,44 @@ // main template for namespaces +local com = import 'lib/commodore.libjsonnet'; local kap = import 'lib/kapitan.libjsonnet'; local kube = import 'lib/kube.libjsonnet'; local inv = kap.inventory(); + // The hiera parameters for the component local params = inv.parameters.namespaces; +local instanceName = inv.parameters._instance; +local instanceKey = std.strReplace(instanceName, '-', '_'); +local instanceParams = inv.parameters[instanceKey]; + +// List of namespace names that are allowed to be configured +local isOpenshift = std.member([ 'openshift4', 'oke' ], inv.parameters.facts.distribution); +local ignoreList = params.ignoreList + (if isOpenshift then [ 'openshift' ] else []); +local isReserved(name) = std.any([ + std.startsWith(name, prefix) + for prefix in ignoreList +]); + +// Prevent configuring namespaces in `parameters.namespaces` +assert std.length(std.setDiff(std.objectFields(params.namespaces), std.objectFields(instanceParams.namespaces))) == 0 : "configuring namespaces in `parameters.namespaces.namespaces` isn't allowed"; + +local namespace(name) = { + assert !isReserved(name) : 'namespace "%s" is not allowed' % name, + + apiVersion: 'v1', + kind: 'Namespace', + metadata: { + annotations: { + 'argocd.argoproj.io/sync-options': 'Delete=false', + }, + labels: { + name: name, + }, + name: name, + } + com.makeMergeable(instanceParams.namespaces[name]), +}; // Define outputs below { + [name]: namespace(name) + for name in std.objectFields(instanceParams.namespaces) } diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc index bf8d217..d89dfc6 100644 --- a/docs/modules/ROOT/pages/index.adoc +++ b/docs/modules/ROOT/pages/index.adoc @@ -2,4 +2,9 @@ namespaces is a Commodore component to manage Managed Namespaces. +[TIP] +==== +Please ensure that you instantiate the component with a name and that you configure ownership of the instance if you are not the cluster owner. +==== + See the xref:references/parameters.adoc[parameters] reference for further details. diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index b56247b..d3062bc 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -2,18 +2,48 @@ The parent key for all of the following parameters is `namespaces`. -== `namespace` + +== `ignoreList` + +[horizontal] +type:: array +default:: ['default', 'kube', 'syn'] + +List of prefixes that are not allowed to be configured. + + +== `namespaces` [horizontal] -type:: string -default:: `syn-namespaces` +type:: object +default:: {} -The namespace in which to deploy this component. +Contains a list of namespaces to create. == Example [source,yaml] ---- -namespace: example-namespace +applications: + - namespaces as namespaces-team1 <1> + +parameters: + syn: + teams: + team1: + instances: + - namespaces-team1 <2> + + namespaces_team1: + namespaces: + plain-namespace: {} + with-annotations: + annotations: + team: team1 + with-labels: + labels: + team: team1 ---- +<1> Make sure you include the component as an instance. +<2> Make sure you configure ownership of the instance if you are not the cluster owner. diff --git a/tests/defaults.yml b/tests/defaults.yml deleted file mode 100644 index a4da5b7..0000000 --- a/tests/defaults.yml +++ /dev/null @@ -1,3 +0,0 @@ -# Overwrite parameters here - -# parameters: {...} diff --git a/tests/golden/defaults/namespaces/apps/namespaces.yaml b/tests/golden/defaults/namespaces/apps/namespaces.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/tests/golden/team1/namespaces/apps/namespaces.yaml b/tests/golden/team1/namespaces/apps/namespaces.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/tests/golden/team1/team1/apps/team1.yaml b/tests/golden/team1/team1/apps/team1.yaml new file mode 100644 index 0000000..6825b97 --- /dev/null +++ b/tests/golden/team1/team1/apps/team1.yaml @@ -0,0 +1,4 @@ +spec: + syncPolicy: + syncOptions: + - ServerSideApply=true diff --git a/tests/golden/team1/team1/team1/my-namespace.yaml b/tests/golden/team1/team1/team1/my-namespace.yaml new file mode 100644 index 0000000..b16b347 --- /dev/null +++ b/tests/golden/team1/team1/team1/my-namespace.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Delete=false + team: team1 + labels: + name: my-namespace + name: my-namespace diff --git a/tests/golden/team2/namespaces/apps/namespaces.yaml b/tests/golden/team2/namespaces/apps/namespaces.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/tests/golden/team2/team2/apps/team2.yaml b/tests/golden/team2/team2/apps/team2.yaml new file mode 100644 index 0000000..6825b97 --- /dev/null +++ b/tests/golden/team2/team2/apps/team2.yaml @@ -0,0 +1,4 @@ +spec: + syncPolicy: + syncOptions: + - ServerSideApply=true diff --git a/tests/golden/team2/team2/team2/fancy-app.yaml b/tests/golden/team2/team2/team2/fancy-app.yaml new file mode 100644 index 0000000..bfdca75 --- /dev/null +++ b/tests/golden/team2/team2/team2/fancy-app.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Delete=false + labels: + name: fancy-app + team: team2 + name: fancy-app diff --git a/tests/team1.yml b/tests/team1.yml index a4da5b7..c86a084 100644 --- a/tests/team1.yml +++ b/tests/team1.yml @@ -1,3 +1,9 @@ -# Overwrite parameters here - -# parameters: {...} +parameters: + namespaces: + ignoreList: + - cilium + team1: + namespaces: + my-namespace: + annotations: + team: team1 diff --git a/tests/team2.yml b/tests/team2.yml index a4da5b7..bd52eca 100644 --- a/tests/team2.yml +++ b/tests/team2.yml @@ -1,3 +1,6 @@ -# Overwrite parameters here - -# parameters: {...} +parameters: + team2: + namespaces: + fancy-app: + labels: + team: team2