92 lines
3.0 KiB
Plaintext
92 lines
3.0 KiB
Plaintext
local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
|
|
local deployment = k.apps.v1.deployment;
|
|
local container = deployment.mixin.spec.template.spec.containersType;
|
|
local containerPort = container.portsType;
|
|
|
|
{
|
|
local krp = self,
|
|
config+:: {
|
|
kubeRbacProxy: {
|
|
image: error 'must provide image',
|
|
name: error 'must provide name',
|
|
securePortName: error 'must provide securePortName',
|
|
securePort: error 'must provide securePort',
|
|
secureListenAddress: error 'must provide secureListenAddress',
|
|
upstream: error 'must provide upstream',
|
|
tlsCipherSuites: error 'must provide tlsCipherSuites',
|
|
},
|
|
},
|
|
|
|
specMixin:: {
|
|
local sm = self,
|
|
config+:: {
|
|
kubeRbacProxy: {
|
|
image: error 'must provide image',
|
|
name: error 'must provide name',
|
|
securePortName: error 'must provide securePortName',
|
|
securePort: error 'must provide securePort',
|
|
secureListenAddress: error 'must provide secureListenAddress',
|
|
upstream: error 'must provide upstream',
|
|
tlsCipherSuites: error 'must provide tlsCipherSuites',
|
|
},
|
|
},
|
|
spec+: {
|
|
template+: {
|
|
spec+: {
|
|
containers+: [
|
|
container.new(krp.config.kubeRbacProxy.name, krp.config.kubeRbacProxy.image) +
|
|
container.mixin.securityContext.withRunAsUser(65534) +
|
|
container.withArgs([
|
|
'--logtostderr',
|
|
'--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,
|
|
'--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites),
|
|
'--upstream=' + krp.config.kubeRbacProxy.upstream,
|
|
]) +
|
|
container.withPorts(containerPort.newNamed(krp.config.kubeRbacProxy.securePort, krp.config.kubeRbacProxy.securePortName)),
|
|
],
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
deploymentMixin:: {
|
|
local dm = self,
|
|
config+:: {
|
|
kubeRbacProxy: {
|
|
image: error 'must provide image',
|
|
name: error 'must provide name',
|
|
securePortName: error 'must provide securePortName',
|
|
securePort: error 'must provide securePort',
|
|
secureListenAddress: error 'must provide secureListenAddress',
|
|
upstream: error 'must provide upstream',
|
|
tlsCipherSuites: error 'must provide tlsCipherSuites',
|
|
},
|
|
},
|
|
deployment+: krp.specMixin {
|
|
config+:: {
|
|
kubeRbacProxy+: dm.config.kubeRbacProxy,
|
|
},
|
|
},
|
|
},
|
|
|
|
statefulSetMixin:: {
|
|
local sm = self,
|
|
config+:: {
|
|
kubeRbacProxy: {
|
|
image: error 'must provide image',
|
|
name: error 'must provide name',
|
|
securePortName: error 'must provide securePortName',
|
|
securePort: error 'must provide securePort',
|
|
secureListenAddress: error 'must provide secureListenAddress',
|
|
upstream: error 'must provide upstream',
|
|
tlsCipherSuites: error 'must provide tlsCipherSuites',
|
|
},
|
|
},
|
|
statefulSet+: krp.specMixin {
|
|
config+:: {
|
|
kubeRbacProxy+: sm.config.kubeRbacProxy,
|
|
},
|
|
},
|
|
},
|
|
}
|