jsonnet: move kube-rbac-proxy mixin to separate file

2021-01-05 15:14:43 +01:00
parent a4306c9c7a
commit 19376df824
4 changed files with 99 additions and 4 deletions
--- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet
@@ -1,4 +1,4 @@
-local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet';
+local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet';

 {
  _config+:: {
--- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
@@ -1,9 +1,8 @@
-local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet';
+local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet';

 (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
 (import './kube-state-metrics/kube-state-metrics.libsonnet') +
 (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') +
-(import './node-exporter/node-exporter.libsonnet') +
 (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') +
 (import './blackbox-exporter/blackbox-exporter.libsonnet') +
 (import './alertmanager/alertmanager.libsonnet') +
--- a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet
+++ b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet
@@ -0,0 +1,96 @@
+// TODO(paulfantom): remove the file after all usage of kube-rbac-proxy/containerMixin.libsonnet
+// are converted to use kube-rbac-proxy/container.libsonnet
+
+{
+  local krp = self,
+  config+:: {
+    kubeRbacProxy: {
+      image: error 'must provide image',
+      name: error 'must provide name',
+      securePortName: error 'must provide securePortName',
+      securePort: error 'must provide securePort',
+      secureListenAddress: error 'must provide secureListenAddress',
+      upstream: error 'must provide upstream',
+      tlsCipherSuites: error 'must provide tlsCipherSuites',
+    },
+  },
+
+  specMixin:: {
+    local sm = self,
+    config+:: {
+      kubeRbacProxy: {
+        image: error 'must provide image',
+        name: error 'must provide name',
+        securePortName: error 'must provide securePortName',
+        securePort: error 'must provide securePort',
+        secureListenAddress: error 'must provide secureListenAddress',
+        upstream: error 'must provide upstream',
+        tlsCipherSuites: error 'must provide tlsCipherSuites',
+      },
+    },
+    spec+: {
+      template+: {
+        spec+: {
+          containers+: [{
+            name: krp.config.kubeRbacProxy.name,
+            image: krp.config.kubeRbacProxy.image,
+            args: [
+              '--logtostderr',
+              '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,
+              '--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites),
+              '--upstream=' + krp.config.kubeRbacProxy.upstream,
+            ],
+            ports: [
+              { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
+            ],
+            securityContext: {
+              runAsUser: 65532,
+              runAsGroup: 65532,
+              runAsNonRoot: true,
+            },
+          }],
+        },
+      },
+    },
+  },
+
+  deploymentMixin:: {
+    local dm = self,
+    config+:: {
+      kubeRbacProxy: {
+        image: error 'must provide image',
+        name: error 'must provide name',
+        securePortName: error 'must provide securePortName',
+        securePort: error 'must provide securePort',
+        secureListenAddress: error 'must provide secureListenAddress',
+        upstream: error 'must provide upstream',
+        tlsCipherSuites: error 'must provide tlsCipherSuites',
+      },
+    },
+    deployment+: krp.specMixin {
+      config+:: {
+        kubeRbacProxy+: dm.config.kubeRbacProxy,
+      },
+    },
+  },
+
+  statefulSetMixin:: {
+    local sm = self,
+    config+:: {
+      kubeRbacProxy: {
+        image: error 'must provide image',
+        name: error 'must provide name',
+        securePortName: error 'must provide securePortName',
+        securePort: error 'must provide securePort',
+        secureListenAddress: error 'must provide secureListenAddress',
+        upstream: error 'must provide upstream',
+        tlsCipherSuites: error 'must provide tlsCipherSuites',
+      },
+    },
+    statefulSet+: krp.specMixin {
+      config+:: {
+        kubeRbacProxy+: sm.config.kubeRbacProxy,
+      },
+    },
+  },
+}
--- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
@@ -1,4 +1,4 @@
-local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet';
+local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet';
 local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet';

 {