Merge pull request #12 from projectsyn/feat/individual-manifest-files

simu · web-flow · commit b36c7e18d374 · 2025-02-17T16:40:58.000+01:00
Refactor component to emit each K8s manifest in an individual file
diff --git a/component/main.jsonnet b/component/main.jsonnet
@@ -76,6 +76,19 @@ local customRBAC = if isOpenShift then
 else
   [];
 
+local objKey(prefix, obj) =
+  local sanitize(str) =
+    std.asciiLower(std.strReplace(std.strReplace(str, '-', '_'), ':', '_'));
+  local nsname = if std.objectHas(obj.metadata, 'namespace') then
+    '%s_%s' % [ sanitize(obj.metadata.namespace), sanitize(obj.metadata.name) ]
+  else
+    obj.metadata.name;
+  '%s_%s_%s' % [ prefix, sanitize(obj.kind), nsname ];
+
+// NOTE(sg): We generate individual files for each object here so that we
+// don't need to further process the rendered manifests to feed them to the
+// OpenShift install process which requires that additional manifests are
+// stored in individual files.
 {
   [if params.namespace != 'kube-system' then '00_namespace']:
     kube.Namespace(params.namespace) {
@@ -88,16 +101,16 @@ else
       },
     },
   '01_secret': tokenSecret,
-  '10_daemonset': [
-    patchDaemonset(object) {
-      metadata+: {
-        namespace: params.namespace,
-      },
-    }
-    for object in manifests
-    if std.setMember(object.kind, [ 'DaemonSet', 'ServiceAccount' ])
-  ],
-  '20_rbac': [
+} + {
+  [objKey('10_ccm', object)]: patchDaemonset(object) {
+    metadata+: {
+      namespace: params.namespace,
+    },
+  }
+  for object in manifests
+  if std.setMember(object.kind, [ 'DaemonSet', 'ServiceAccount' ])
+} + {
+  [objKey('20_rbac', object)]:
     object + if std.objectHas(object, 'subjects') then
       {
         subjects: [
@@ -109,8 +122,9 @@ else
       }
     else
       {}
-    for object in manifests
-    if std.setMember(object.kind, [ 'ClusterRole', 'ClusterRoleBinding' ])
-  ],
-  [if std.length(customRBAC) > 0 then '30_custom_rbac']: customRBAC,
+  for object in manifests
+  if std.setMember(object.kind, [ 'ClusterRole', 'ClusterRoleBinding' ])
+} + {
+  [objKey('30_custom_rbac', object)]: object
+  for object in customRBAC
 }
diff --git a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml
@@ -1,9 +1,3 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cloud-controller-manager
-  namespace: syn-cloudscale-cloud-controller-manager
----
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
diff --git a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: syn-cloudscale-cloud-controller-manager
diff --git a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml
@@ -82,16 +82,3 @@ rules:
       - get
       - create
       - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: system:cloud-controller-manager
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:cloud-controller-manager
-subjects:
-  - kind: ServiceAccount
-    name: cloud-controller-manager
-    namespace: syn-cloudscale-cloud-controller-manager
diff --git a/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml b/tests/golden/defaults/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:cloud-controller-manager
+subjects:
+  - kind: ServiceAccount
+    name: cloud-controller-manager
+    namespace: syn-cloudscale-cloud-controller-manager
diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_daemonset_kube_system_cloudscale_cloud_controller_manager.yaml
@@ -1,9 +1,3 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cloud-controller-manager
-  namespace: syn-cloudscale-cloud-controller-manager
----
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/10_ccm_serviceaccount_kube_system_cloud_controller_manager.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: syn-cloudscale-cloud-controller-manager
diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrole_system:cloud-controller-manager.yaml
@@ -82,16 +82,3 @@ rules:
       - get
       - create
       - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: system:cloud-controller-manager
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:cloud-controller-manager
-subjects:
-  - kind: ServiceAccount
-    name: cloud-controller-manager
-    namespace: syn-cloudscale-cloud-controller-manager
diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/20_rbac_clusterrolebinding_system:cloud-controller-manager.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:cloud-controller-manager
+subjects:
+  - kind: ServiceAccount
+    name: cloud-controller-manager
+    namespace: syn-cloudscale-cloud-controller-manager
diff --git a/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/30_custom_rbac_rolebinding_syn_cloudscale_cloud_controller_manager_ccm_hostnetwork.yaml b/tests/golden/openshift4/cloudscale-cloud-controller-manager/cloudscale-cloud-controller-manager/30_custom_rbac_rolebinding_syn_cloudscale_cloud_controller_manager_ccm_hostnetwork.yaml
