From 19376df824229b8daa207551ba4c0d633dad77f7 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 15:14:43 +0100 Subject: [PATCH] jsonnet: move kube-rbac-proxy mixin to separate file --- .../blackbox-exporter.libsonnet | 2 +- .../kube-prometheus/kube-prometheus.libsonnet | 3 +- .../kube-rbac-proxy/containerMixin.libsonnet | 96 +++++++++++++++++++ .../kube-state-metrics.libsonnet | 2 +- 4 files changed, 99 insertions(+), 4 deletions(-) create mode 100644 jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index 38ef07ea..9c76ff34 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -1,4 +1,4 @@ -local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; +local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet'; { _config+:: { diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 05c7326a..219c011d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,9 +1,8 @@ -local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; +local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet'; (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + -(import './node-exporter/node-exporter.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import './blackbox-exporter/blackbox-exporter.libsonnet') + (import './alertmanager/alertmanager.libsonnet') + diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet new file mode 100644 index 00000000..795463a7 --- /dev/null +++ b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet @@ -0,0 +1,96 @@ +// TODO(paulfantom): remove the file after all usage of kube-rbac-proxy/containerMixin.libsonnet +// are converted to use kube-rbac-proxy/container.libsonnet + +{ + local krp = self, + config+:: { + kubeRbacProxy: { + image: error 'must provide image', + name: error 'must provide name', + securePortName: error 'must provide securePortName', + securePort: error 'must provide securePort', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + tlsCipherSuites: error 'must provide tlsCipherSuites', + }, + }, + + specMixin:: { + local sm = self, + config+:: { + kubeRbacProxy: { + image: error 'must provide image', + name: error 'must provide name', + securePortName: error 'must provide securePortName', + securePort: error 'must provide securePort', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + tlsCipherSuites: error 'must provide tlsCipherSuites', + }, + }, + spec+: { + template+: { + spec+: { + containers+: [{ + name: krp.config.kubeRbacProxy.name, + image: krp.config.kubeRbacProxy.image, + args: [ + '--logtostderr', + '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress, + '--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites), + '--upstream=' + krp.config.kubeRbacProxy.upstream, + ], + ports: [ + { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort }, + ], + securityContext: { + runAsUser: 65532, + runAsGroup: 65532, + runAsNonRoot: true, + }, + }], + }, + }, + }, + }, + + deploymentMixin:: { + local dm = self, + config+:: { + kubeRbacProxy: { + image: error 'must provide image', + name: error 'must provide name', + securePortName: error 'must provide securePortName', + securePort: error 'must provide securePort', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + tlsCipherSuites: error 'must provide tlsCipherSuites', + }, + }, + deployment+: krp.specMixin { + config+:: { + kubeRbacProxy+: dm.config.kubeRbacProxy, + }, + }, + }, + + statefulSetMixin:: { + local sm = self, + config+:: { + kubeRbacProxy: { + image: error 'must provide image', + name: error 'must provide name', + securePortName: error 'must provide securePortName', + securePort: error 'must provide securePort', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + tlsCipherSuites: error 'must provide tlsCipherSuites', + }, + }, + statefulSet+: krp.specMixin { + config+:: { + kubeRbacProxy+: sm.config.kubeRbacProxy, + }, + }, + }, +} diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 4e1709dd..62cad10b 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -1,4 +1,4 @@ -local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; +local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet'; local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet'; {