Skip to content

Commit

Permalink
Change static variable starting field to schema
Browse files Browse the repository at this point in the history 
This change is introduced to ensure we know which spec we're
referencing. We are still only able to reference the `spec`
and the `metadata` of the schema.

This change also affects how we reference schema variables
when compiling `includeWhen` expressions

changing from
```yaml
name: ${spec.name}
```

to
```yaml
name: ${schema.spec.name}
```

more examples in files changed
  • Loading branch information
@michaelhtm
michaelhtm committed Nov 9, 2024
1 parent b4cb7c2 commit 50dcb66
Show file tree
Hide file tree
Showing 39 changed files with 463 additions and 458 deletions.
1 change: 0 additions & 1 deletion api/v1alpha1/groupversion_info.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
package v1alpha1

import (

"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/scheme"
)
Expand Down
74 changes: 37 additions & 37 deletions examples/ack-controller/ec2-controller/ec2-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,31 +42,31 @@ spec:
apiVersion: kro.run/v1alpha1
kind: EC2CRDGroup
metadata:
name: ${spec.name}-crd-group
name: ${schema.spec.name}-crd-group
spec:
name: ${spec.name}-crd-group
name: ${schema.spec.name}-crd-group
- name: ec2ControllerIamRole
template:
apiVersion: iam.services.k8s.aws/v1alpha1
kind: Role
metadata:
name: ${spec.name}-iam-role
namespace: ${spec.namespace}
name: ${schema.spec.name}-iam-role
namespace: ${schema.spec.namespace}
spec:
name: ${spec.name}-iam-role
description: ${spec.values.iamRole.roleDescription}
maxSessionDuration: ${spec.values.iamRole.maxSessionDuration}
name: ${schema.spec.name}-iam-role
description: ${schema.spec.values.iamRole.roleDescription}
maxSessionDuration: ${schema.spec.values.iamRole.maxSessionDuration}
policies:
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
assumeRolePolicyDocument: >
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {"Federated": "arn:aws:iam::${spec.values.aws.accountID}:oidc-provider/${spec.values.iamRole.oidcProvider}"},
"Principal": {"Federated": "arn:aws:iam::${schema.spec.values.aws.accountID}:oidc-provider/${schema.spec.values.iamRole.oidcProvider}"},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {"${spec.values.iamRole.oidcProvider}:sub": "system:serviceaccount:${spec.namespace}:${spec.values.serviceAccount.name}"}
"StringEquals": {"${schema.spec.values.iamRole.oidcProvider}:sub": "system:serviceaccount:${schema.spec.namespace}:${schema.spec.values.serviceAccount.name}"}
}
}]
}
Expand All @@ -75,75 +75,75 @@ spec:
apiVersion: v1
kind: ServiceAccount
metadata:
name: ${spec.values.serviceAccount.name}
namespace: ${spec.namespace}
name: ${schema.spec.values.serviceAccount.name}
namespace: ${schema.spec.namespace}
annotations:
eks.amazonaws.com/role-arn: ${ec2ControllerIamRole.status.ackResourceMetadata.arn}
- name: deployment
template:
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${spec.name}-deployment
namespace: ${spec.namespace}
name: ${schema.spec.name}-deployment
namespace: ${schema.spec.namespace}
labels:
app.kubernetes.io.name: ${spec.name}-deployment
app.kubernetes.io.instance: ${spec.name}
app.kubernetes.io.name: ${schema.spec.name}-deployment
app.kubernetes.io.instance: ${schema.spec.name}
spec:
replicas: ${spec.values.deployment.replicas}
replicas: ${schema.spec.values.deployment.replicas}
selector:
matchLabels:
app.kubernetes.io.name: ${spec.name}-deployment
app.kubernetes.io.instance: ${spec.name}
app.kubernetes.io.name: ${schema.spec.name}-deployment
app.kubernetes.io.instance: ${schema.spec.name}
template:
metadata:
labels:
app.kubernetes.io.name: ${spec.name}-deployment
app.kubernetes.io.instance: ${spec.name}
app.kubernetes.io.name: ${schema.spec.name}-deployment
app.kubernetes.io.instance: ${schema.spec.name}
spec:
serviceAccountName: ${serviceAccount.metadata.name}
containers:
- command:
- ./bin/controller
args:
- --aws-region
- ${spec.values.aws.region}
- --enable-development-logging=${spec.values.log.enabled}
- ${schema.spec.values.aws.region}
- --enable-development-logging=${schema.spec.values.log.enabled}
- --log-level
- ${spec.values.log.level}
- ${schema.spec.values.log.level}
- --deletion-policy
- ${spec.values.image.deletePolicy}
- ${schema.spec.values.image.deletePolicy}
- --watch-namespace
- ${spec.namespace}
image: ${spec.values.image.repository}:${spec.values.image.tag}
- ${schema.spec.namespace}
image: ${schema.spec.values.image.repository}:${schema.spec.values.image.tag}
name: controller
ports:
- name: http
containerPort: ${spec.values.deployment.containerPort}
containerPort: ${schema.spec.values.deployment.containerPort}
resources:
requests:
memory: ${spec.values.image.resources.requests.memory}
cpu: ${spec.values.image.resources.requests.cpu}
memory: ${schema.spec.values.image.resources.requests.memory}
cpu: ${schema.spec.values.image.resources.requests.cpu}
limits:
memory: ${spec.values.image.resources.limits.memory}
cpu: ${spec.values.image.resources.limits.cpu}
memory: ${schema.spec.values.image.resources.limits.memory}
cpu: ${schema.spec.values.image.resources.limits.cpu}
env:
- name: ACK_SYSTEM_NAMESPACE
value: ${spec.namespace}
value: ${schema.spec.namespace}
- name: AWS_REGION
value: ${spec.values.aws.region}
value: ${schema.spec.values.aws.region}
- name: DELETE_POLICY
value: ${spec.values.image.deletePolicy}
value: ${schema.spec.values.image.deletePolicy}
- name: ACK_LOG_LEVEL
value: ${spec.values.log.level}
value: ${schema.spec.values.log.level}
ports:
- containerPort: 80
- name: clusterRoleBinding
template:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ${spec.name}-clusterrolebinding
name: ${schema.spec.name}-clusterrolebinding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
Expand All @@ -157,7 +157,7 @@ spec:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ${spec.name}-clusterrole
name: ${schema.spec.name}-clusterrole
rules:
- apiGroups:
- ""
Expand Down
80 changes: 40 additions & 40 deletions examples/ack-controller/eks-controller/eks-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,18 +45,18 @@ spec:
apiVersion: kro.run/v1alpha1
kind: EKSCRDGroup
metadata:
name: ${spec.name}-crd-group
name: ${schema.spec.name}-crd-group
spec:
name: ${spec.name}-crd-group
name: ${schema.spec.name}-crd-group
- name: eksControllerIamPolicy
template:
apiVersion: iam.services.k8s.aws/v1alpha1
kind: Policy
metadata:
name: ${spec.name}-iam-policy
name: ${schema.spec.name}-iam-policy
spec:
name: ${spec.name}-iam-policy
description: ${spec.values.iamPolicy.description}
name: ${schema.spec.name}-iam-policy
description: ${schema.spec.values.iamPolicy.description}
policyDocument: >
{
"Version": "2012-10-17",
Expand All @@ -80,23 +80,23 @@ spec:
apiVersion: iam.services.k8s.aws/v1alpha1
kind: Role
metadata:
name: ${spec.name}-iam-role
namespace: ${spec.namespace}
name: ${schema.spec.name}-iam-role
namespace: ${schema.spec.namespace}
spec:
name: ${spec.name}-iam-role
description: ${spec.values.iamRole.roleDescription}
maxSessionDuration: ${spec.values.iamRole.maxSessionDuration}
name: ${schema.spec.name}-iam-role
description: ${schema.spec.values.iamRole.roleDescription}
maxSessionDuration: ${schema.spec.values.iamRole.maxSessionDuration}
policies:
- ${eksControllerIamPolicy.status.ackResourceMetadata.arn}
assumeRolePolicyDocument: >
{
"Version":"2012-10-17",
"Statement": [{
"Effect":"Allow",
"Principal": {"Federated": "arn:aws:iam::${spec.values.aws.accountID}:oidc-provider/${spec.values.iamRole.oidcProvider}"},
"Principal": {"Federated": "arn:aws:iam::${schema.spec.values.aws.accountID}:oidc-provider/${schema.spec.values.iamRole.oidcProvider}"},
"Action": ["sts:AssumeRoleWithWebIdentity"],
"Condition": {
"StringEquals": {"${spec.values.iamRole.oidcProvider}:sub": "system:serviceaccount:${spec.namespace}:${spec.values.serviceAccount.name}"}
"StringEquals": {"${schema.spec.values.iamRole.oidcProvider}:sub": "system:serviceaccount:${schema.spec.namespace}:${schema.spec.values.serviceAccount.name}"}
}
}]
}
Expand All @@ -105,75 +105,75 @@ spec:
apiVersion: v1
kind: ServiceAccount
metadata:
name: ${spec.values.serviceAccount.name}
namespace: ${spec.namespace}
name: ${schema.spec.values.serviceAccount.name}
namespace: ${schema.spec.namespace}
annotations:
eks.amazonaws.com/role-arn : ${eksControllerIamRole.status.ackResourceMetadata.arn}
- name: deployment
template:
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${spec.name}-deployment
namespace: ${spec.namespace}
name: ${schema.spec.name}-deployment
namespace: ${schema.spec.namespace}
labels:
app.kubernetes.io.name: ${spec.name}-deployment
app.kubernetes.io.instance: ${spec.name}
app.kubernetes.io.name: ${schema.spec.name}-deployment
app.kubernetes.io.instance: ${schema.spec.name}
spec:
replicas: ${spec.values.deployment.replicas}
replicas: ${schema.spec.values.deployment.replicas}
selector:
matchLabels:
app.kubernetes.io.name: ${spec.name}-deployment
app.kubernetes.io.instance: ${spec.name}
app.kubernetes.io.name: ${schema.spec.name}-deployment
app.kubernetes.io.instance: ${schema.spec.name}
template:
metadata:
labels:
app.kubernetes.io.name: ${spec.name}-deployment
app.kubernetes.io.instance: ${spec.name}
app.kubernetes.io.name: ${schema.spec.name}-deployment
app.kubernetes.io.instance: ${schema.spec.name}
spec:
serviceAccountName: ${serviceAccount.metadata.name}
containers:
- command:
- ./bin/controller
args:
- --aws-region
- ${spec.values.aws.region}
- --enable-development-logging=${spec.values.log.enabled}
- ${schema.spec.values.aws.region}
- --enable-development-logging=${schema.spec.values.log.enabled}
- --log-level
- ${spec.values.log.level}
- ${schema.spec.values.log.level}
- --deletion-policy
- ${spec.values.image.deletePolicy}
- ${schema.spec.values.image.deletePolicy}
- --watch-namespace
- ${spec.namespace}
image: ${spec.values.image.repository}:${spec.values.image.tag}
- ${schema.spec.namespace}
image: ${schema.spec.values.image.repository}:${schema.spec.values.image.tag}
name: controller
ports:
- name: http
containerPort: ${spec.values.deployment.containerPort}
containerPort: ${schema.spec.values.deployment.containerPort}
resources:
requests:
memory: ${spec.values.image.resources.requests.memory}
cpu: ${spec.values.image.resources.requests.cpu}
memory: ${schema.spec.values.image.resources.requests.memory}
cpu: ${schema.spec.values.image.resources.requests.cpu}
limits:
memory: ${spec.values.image.resources.limits.memory}
cpu: ${spec.values.image.resources.limits.cpu}
memory: ${schema.spec.values.image.resources.limits.memory}
cpu: ${schema.spec.values.image.resources.limits.cpu}
env:
- name: ACK_SYSTEM_NAMESPACE
value: ${spec.namespace}
value: ${schema.spec.namespace}
- name: AWS_REGION
value: ${spec.values.aws.region}
value: ${schema.spec.values.aws.region}
- name: DELETE_POLICY
value: ${spec.values.image.deletePolicy}
value: ${schema.spec.values.image.deletePolicy}
- name: ACK_LOG_LEVEL
value: ${spec.values.log.level}
value: ${schema.spec.values.log.level}
ports:
- containerPort: 80
- name: clusterRoleBinding
template:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ${spec.name}-clusterrolebinding
name: ${schema.spec.name}-clusterrolebinding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
Expand All @@ -187,7 +187,7 @@ spec:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ${spec.name}-clusterrole
name: ${schema.spec.name}-clusterrole
rules:
- apiGroups:
- ""
Expand Down
Loading

0 comments on commit 50dcb66

Please sign in to comment.