Initial implementation

.github/workflows/test.yaml

@@ -32,7 +32,6 @@ jobs:
     strategy:
       matrix:
         instance:
-          - defaults
           - team1
           - team2
     defaults:
@@ -49,7 +48,6 @@ jobs:
     strategy:
       matrix:
         instance:
-          - defaults
           - team1
           - team2
     defaults:

Makefile

@@ -6,6 +6,7 @@ SHELL := bash
 .SUFFIXES:
 
 include Makefile.vars.mk
+include Makefile.custom.mk
 
 .PHONY: help
 help: ## Show this help

Makefile.custom.mk

@@ -0,0 +1,2 @@
+# Configure instance alias for commodore component compile
+commodore_args += --alias $(instance)

Makefile.vars.mk

@@ -49,5 +49,5 @@ KUBENT_ARGS     ?= -c=false --helm3=false -e
 KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
-instance ?= defaults
-test_instances = tests/defaults.yml tests/team1.yml tests/team2.yml
+instance ?= team1
+test_instances = tests/team1.yml tests/team2.yml

class/defaults.yml

@@ -1,5 +1,12 @@
 parameters:
   namespaces:
     =_metadata:
+      multi_instance: true
       multi_tenant: true
-    namespace: syn-namespaces
+
+    ignoreList:
+      - default
+      - kube
+      - syn
+
+    namespaces: {}

class/namespaces.yml

@@ -8,4 +8,4 @@ parameters:
       - input_paths:
           - ${_base_directory}/component/main.jsonnet
         input_type: jsonnet
-        output_path: namespaces/
+        output_path: ${_instance}/

component/app.jsonnet

@@ -1,14 +1,25 @@
+local argocd = import 'lib/argocd.libjsonnet';
 local kap = import 'lib/kapitan.libjsonnet';
 local inv = kap.inventory();
-local params = inv.parameters.namespaces;
-local argocd = import 'lib/argocd.libjsonnet';
+local instance = inv.parameters._instance;
+
+// Prevent creating a non-instantiated instance
+assert instance != 'namespaces' : 'component must be instantiated with a name';
 
-local app = argocd.App('namespaces', params.namespace);
+local app = argocd.App(instance, 'default') {
+  spec+: {
+    syncPolicy+: {
+      syncOptions+: [
+        'ServerSideApply=true',
+      ],
+    },
+  },
+};
 
 local appPath =
   local project = std.get(std.get(app, 'spec', {}), 'project', 'syn');
   if project == 'syn' then 'apps' else 'apps-%s' % project;
 
 {
-  ['%s/namespaces' % appPath]: app,
+  ['%s/%s' % [ appPath, instance ]]: app,
 }

component/main.jsonnet

@@ -1,10 +1,44 @@
 // main template for namespaces
+local com = import 'lib/commodore.libjsonnet';
 local kap = import 'lib/kapitan.libjsonnet';
 local kube = import 'lib/kube.libjsonnet';
 local inv = kap.inventory();
+
 // The hiera parameters for the component
 local params = inv.parameters.namespaces;
+local instanceName = inv.parameters._instance;
+local instanceKey = std.strReplace(instanceName, '-', '_');
+local instanceParams = inv.parameters[instanceKey];
+
+// List of namespace names that are allowed to be configured
+local isOpenshift = std.member([ 'openshift4', 'oke' ], inv.parameters.facts.distribution);
+local ignoreList = params.ignoreList + (if isOpenshift then [ 'openshift' ] else []);
+local isReserved(name) = std.any([
+  std.startsWith(name, prefix)
+  for prefix in ignoreList
+]);
+
+// Prevent configuring namespaces in `parameters.namespaces`
+assert std.length(std.setDiff(std.objectFields(params.namespaces), std.objectFields(instanceParams.namespaces))) == 0 : "configuring namespaces in `parameters.namespaces.namespaces` isn't allowed";
+
+local namespace(name) = {
+  assert !isReserved(name) : 'namespace "%s" is not allowed' % name,
+
+  apiVersion: 'v1',
+  kind: 'Namespace',
+  metadata: {
+    annotations: {
+      'argocd.argoproj.io/sync-options': 'Delete=false',
+    },
+    labels: {
+      name: name,
+    },
+    name: name,
+  } + com.makeMergeable(instanceParams.namespaces[name]),
+};
 
 // Define outputs below
 {
+  [name]: namespace(name)
+  for name in std.objectFields(instanceParams.namespaces)
 }

docs/modules/ROOT/pages/index.adoc

@@ -2,4 +2,9 @@
 
 namespaces is a Commodore component to manage Managed Namespaces.
 
+[TIP]
+====
+Please ensure that you instantiate the component with a name and that you configure ownership of the instance if you are not the cluster owner.
+====
+
 See the xref:references/parameters.adoc[parameters] reference for further details.

docs/modules/ROOT/pages/references/parameters.adoc

@@ -2,18 +2,48 @@
 
 The parent key for all of the following parameters is `namespaces`.
 
-== `namespace`
+
+== `ignoreList`
+
+[horizontal]
+type:: array
+default:: ['default', 'kube', 'syn']
+
+List of prefixes that are not allowed to be configured.
+
+
+== `namespaces`
 
 [horizontal]
-type:: string
-default:: `syn-namespaces`
+type:: object
+default:: {}
 
-The namespace in which to deploy this component.
+Contains a list of namespaces to create.
 
 
 == Example
 
 [source,yaml]
 ----
-namespace: example-namespace
+applications:
+  - namespaces as namespaces-team1 <1>
+
+parameters:
+  syn:
+    teams:
+      team1:
+        instances:
+          - namespaces-team1 <2>
+
+  namespaces_team1:
+    namespaces:
+      plain-namespace: {}
+      with-annotations:
+        annotations:
+          team: team1
+      with-labels:
+        labels:
+          team: team1
 ----
+<1> Make sure you include the component as an instance.
+<2> Make sure you configure ownership of the instance if you are not the cluster owner.

tests/golden/team1/team1/apps/team1.yaml

@@ -0,0 +1,4 @@
+spec:
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true

tests/golden/team1/team1/team1/my-namespace.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Delete=false
+    team: team1
+  labels:
+    name: my-namespace
+  name: my-namespace

tests/golden/team2/team2/apps/team2.yaml

@@ -0,0 +1,4 @@
+spec:
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true

tests/golden/team2/team2/team2/fancy-app.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Delete=false
+  labels:
+    name: fancy-app
+    team: team2
+  name: fancy-app

tests/team1.yml

@@ -1,3 +1,9 @@
-# Overwrite parameters here
-
-# parameters: {...}
+parameters:
+  namespaces:
+    ignoreList:
+      - cilium
+  team1:
+    namespaces:
+      my-namespace:
+        annotations:
+          team: team1

tests/team2.yml

@@ -1,3 +1,6 @@
-# Overwrite parameters here
-
-# parameters: {...}
+parameters:
+  team2:
+    namespaces:
+      fancy-app:
+        labels:
+          team: team2