kubes 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1705ea4877f8147699b06f43bd7e4e265c45f8ce289d3f54b724b9ca304325c
-  data.tar.gz: 6473d29cf54233c203af7daec2b78d3128e7b80d78cf739af4705e9a77f8033a
+  metadata.gz: 70a3c967287e0537aa037d433d02e0e31b1964bc1f4a87aed27472fbf11e6f9b
+  data.tar.gz: 0e50409529c1ca49356d651647cef3ff0c871fdc13aa2b8ab1b66a689f238543
 SHA512:
-  metadata.gz: aec944078d5b6987b4b8c0f91ef4cd11cd512d2b7f6c007465b93b190c95af55bf4dcf4843d1295ae0ea08bf4b46e8db72cc5bd2bc70dfa7e2db1fd15cfd540e
-  data.tar.gz: bd470be829eb4545563e6dca41a01a9122f9e045bcbfb462267bd68f6316329f61a02e46b7fd17b9fb3bed7379589c99fc0f47a569a53aae5a2b639886d1cd00
+  metadata.gz: 9077b12f79344afe33ef89cc3895b729c92ca0014d4b0e54371d8a2504115c9d35cbbd10374a350a93bf340681e8d6354b2e8cd269490a9cfb64ecc5d02a03e8
+  data.tar.gz: 220fb55845ce19d85fb5fb3e527750638230cf1bc2b914f4aa3a5ac7ca2c0b9c0b96e7c1eb417c425d382dc9cd8a9a35ddd5358c0b5ba744faaf2972e411ae36

data/CHANGELOG.md

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.2.1]
+- #13 improve network policy dsl
+
 ## [0.2.0]
 - Initial release.
 

data/docs/_docs/dsl/resources/network_policy.md

@@ -10,9 +10,13 @@ Here's an example of a NetworkPolicy.
 .kubes/resources/web/network_policy.rb
 
 ```ruby
-name "demo-web-allow-tester"
-matchLabels(role: "web")
-fromMatchLabels(run: "tester")
+name "web"
+labels(app: "backend")
+namespace "backend"
+
+matchLabels(app: "backend", role: "web")
+fromNamespace(app: "frontend")
+fromPod(app: "backend")
 ```
 
 Produces:
@@ -23,23 +27,85 @@ Produces:
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: demo-web-allow-tester
+  name: web
+  labels:
+    app: backend
+  namespace: backend
 spec:
   podSelector:
     matchLabels:
+      app: backend
       role: web
   ingress:
   - from:
+    - namespaceSelector:
+        matchLabels:
+          app: frontend
     - podSelector:
         matchLabels:
-          run: tester
+          app: backend
+```
+
+Note, the behavior of the from is an *or* since the namespaceSelector and podSelector are separate items.
+
+## Example 2
+
+If you need more control over the ingress selectors you can use the from method. He's an example:
+
+.kubes/resources/web/network_policy.rb
+
+```ruby
+name "web"
+labels(app: "backend")
+namespace "backend"
+
+matchLabels(app: "backend", role: "web")
+from([
+  { namespaceSelector: { matchLabels: { app: "frontend" } } },
+  { namespaceSelector: { matchLabels: { app: "backend" } } }
+])
+```
+
+Produces:
+
+.kubes/output/web/network_policy.yaml
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: web
+  labels:
+    app: backend
+  namespace: backend
+spec:
+  podSelector:
+    matchLabels:
+      app: backend
+      role: web
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          app: frontend
+    - namespaceSelector:
+        matchLabels:
+          app: backend
 ```
 
+This will allow traffic from pods in either the frontend or backend namespaces to the backend pods.
+
 ## DSL Methods
 
 Here's a list of more common methods:
 
-* matchLabels
-* fromMatchLabels
+* fromNamespace
+* fromPod
+* fromIpBlock
+* toNamespace
+* toPod
+* toIpBlock
+* from
+* to
 
 {% include dsl/methods.md name="network_policy" %}

data/lib/kubes/compiler/dsl/syntax/network_policy.rb

@@ -5,8 +5,16 @@ module Kubes::Compiler::Dsl::Syntax
            :podSelector,  # <Object> -required-
            :policyTypes   # <[]string>
 
-    fields "fromMatchLabels:hash",
-           "matchLabels:hash"
+    fields "matchLabels:hash"
+
+    fields "fromNamespace:hash",
+           "fromPod:hash",
+           "fromIpBlock:hash",
+           "toNamespace:hash",
+           "toPod:hash",
+           "toIpBlock:hash",
+           :from,
+           :to
 
     def default_apiVersion
       "networking.k8s.io/v1"
@@ -14,17 +22,26 @@ module Kubes::Compiler::Dsl::Syntax
 
     def default_spec
       {
-        podSelector: {
-          matchLabels: matchLabels
-        },
-        ingress: [
-          from: [
-            podSelector: {
-              matchLabels: fromMatchLabels
-            }
-          ]
-        ]
+        podSelector: { matchLabels: matchLabels },
+        ingress: [from: from],
+        egress: [to: to],
       }
     end
+
+    def default_from
+      [
+        { namespaceSelector: { matchLabels: fromNamespace } },
+        { podSelector: { matchLabels: fromPod } },
+        { ipBlock: fromIpBlock }
+      ]
+    end
+
+    def default_to
+      [
+        { namespaceSelector: { matchLabels: toNamespace } },
+        { podSelector: { matchLabels: toPod } },
+        { ipBlock: toIpBlock }
+      ]
+    end
   end
 end

data/lib/kubes/docker/build.rb

@@ -1,5 +1,3 @@
-require 'open4'
-
 module Kubes::Docker
   class Build < Base
     def run
@@ -17,17 +15,8 @@ module Kubes::Docker
       params = args.flatten.join(' ')
       command = "docker build #{params}"
       run_hooks "build" do
-        # sh(command)
-        spawn(command)
+        sh(command)
       end
     end
-
-    def spawn(command, stdin: '', stdout: STDOUT, stderr: STDERR)
-      Open4::spawn(
-          command,
-          stdin: stdin,
-          stdout: stdout,
-          stderr: stderr)
-    end
   end
 end

data/lib/kubes/version.rb

@@ -1,3 +1,3 @@
 module Kubes
-  VERSION = "0.2.0"
+  VERSION = "0.2.1"
 end

data/spec/fixtures/syntax/network_policy.rb

@@ -1,3 +1,3 @@
 name "demo-web-allow-tester"
 matchLabels(role: "web")
-fromMatchLabels(run: "tester")
+fromPod(run: "tester")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubes
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-07-16 00:00:00.000000000 Z
+date: 2020-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport