-
Notifications
You must be signed in to change notification settings - Fork 88
/
render.go
120 lines (102 loc) · 3.88 KB
/
render.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package deploy
import (
"bytes"
"context"
"crypto/md5"
"fmt"
"github.com/pkg/errors"
serializer "k8s.io/apimachinery/pkg/runtime/serializer/json"
"k8s.io/client-go/kubernetes/scheme"
)
func Render(ctx context.Context, options Options) (map[string][]byte, error) {
issuerURL, err := dexIssuerURL(options.IdentitySpec, options.Builder)
if err != nil {
return nil, errors.Wrap(err, "failed to get dex issuer url")
}
dexConfig, err := getDexConfig(ctx, issuerURL, options)
if err != nil {
return nil, errors.Wrap(err, "failed to get dex config")
}
configChecksum := fmt.Sprintf("%x", md5.Sum(dexConfig))
s := serializer.NewYAMLSerializer(serializer.DefaultMetaFactory, scheme.Scheme, scheme.Scheme)
resources := map[string][]byte{}
// TODO (salah): make this work with minimal rbac
ns := namespaceResource(options)
buf := bytes.NewBuffer(nil)
if err := s.Encode(ns, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode namespace")
}
resources["namespace.yaml"] = buf.Bytes()
clusterRole := clusterRoleResource(options)
buf = bytes.NewBuffer(nil)
if err := s.Encode(clusterRole, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode cluster role")
}
resources["clusterrole.yaml"] = buf.Bytes()
serviceAccount := serviceAccountResource(options)
buf = bytes.NewBuffer(nil)
if err := s.Encode(serviceAccount, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode service account")
}
resources["serviceaccount.yaml"] = buf.Bytes()
clusterRoleBinding := clusterRoleBindingResource(options)
buf = bytes.NewBuffer(nil)
if err := s.Encode(clusterRoleBinding, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode cluster role binding")
}
resources["clusterrolebinding.yaml"] = buf.Bytes()
secret := secretResource(dexConfig, options)
buf = bytes.NewBuffer(nil)
if err := s.Encode(secret, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode secret")
}
resources["secret.yaml"] = buf.Bytes()
if options.IdentitySpec.WebConfig != nil && options.IdentitySpec.WebConfig.Theme != nil {
configMap, err := dexThemeConfigMapResource(options)
if err != nil {
return nil, errors.Wrap(err, "failed to get dex theme config map resource")
}
buf = bytes.NewBuffer(nil)
if err := s.Encode(configMap, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode dex theme config map resource")
}
resources["dexthemeconfigmap.yaml"] = buf.Bytes()
}
deployment, err := deploymentResource(issuerURL, configChecksum, options)
if err != nil {
return nil, errors.Wrap(err, "failed to get deployment resource")
}
buf = bytes.NewBuffer(nil)
if err := s.Encode(deployment, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode deployment")
}
resources["deployment.yaml"] = buf.Bytes()
service := serviceResource(options)
buf = bytes.NewBuffer(nil)
if err := s.Encode(service, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode service")
}
resources["service.yaml"] = buf.Bytes()
if options.IdentityConfigSpec.IngressConfig.Enabled {
if ingressConfig := options.IdentityConfigSpec.IngressConfig.Ingress; ingressConfig != nil {
ingress := ingressResource(options)
buf = bytes.NewBuffer(nil)
if err := s.Encode(ingress, buf); err != nil {
return nil, errors.Wrap(err, "failed to encode ingress")
}
resources["ingress.yaml"] = buf.Bytes()
}
}
if options.IdentityConfigSpec.ClientID != "" {
clientSecret, err := options.IdentityConfigSpec.ClientSecret.GetValue()
if err != nil {
return nil, errors.Wrap(err, "failed to decrypt client secret")
}
clientSecretResource, err := renderClientSecret(ctx, options.Namespace, options.IdentityConfigSpec.ClientID, clientSecret, options.AdditionalLabels)
if err != nil {
return nil, errors.Wrap(err, "failed to render client secret")
}
resources["clientsecret.yaml"] = clientSecretResource
}
return resources, nil
}