kubes 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/docs/_docs/dsl/resources/network_policy.md +73 -7
- data/lib/kubes/compiler/dsl/syntax/network_policy.rb +29 -12
- data/lib/kubes/docker/build.rb +1 -12
- data/lib/kubes/version.rb +1 -1
- data/spec/fixtures/syntax/network_policy.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 70a3c967287e0537aa037d433d02e0e31b1964bc1f4a87aed27472fbf11e6f9b
|
4
|
+
data.tar.gz: 0e50409529c1ca49356d651647cef3ff0c871fdc13aa2b8ab1b66a689f238543
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9077b12f79344afe33ef89cc3895b729c92ca0014d4b0e54371d8a2504115c9d35cbbd10374a350a93bf340681e8d6354b2e8cd269490a9cfb64ecc5d02a03e8
|
7
|
+
data.tar.gz: 220fb55845ce19d85fb5fb3e527750638230cf1bc2b914f4aa3a5ac7ca2c0b9c0b96e7c1eb417c425d382dc9cd8a9a35ddd5358c0b5ba744faaf2972e411ae36
|
data/CHANGELOG.md
CHANGED
@@ -10,9 +10,13 @@ Here's an example of a NetworkPolicy.
|
|
10
10
|
.kubes/resources/web/network_policy.rb
|
11
11
|
|
12
12
|
```ruby
|
13
|
-
name "
|
14
|
-
|
15
|
-
|
13
|
+
name "web"
|
14
|
+
labels(app: "backend")
|
15
|
+
namespace "backend"
|
16
|
+
|
17
|
+
matchLabels(app: "backend", role: "web")
|
18
|
+
fromNamespace(app: "frontend")
|
19
|
+
fromPod(app: "backend")
|
16
20
|
```
|
17
21
|
|
18
22
|
Produces:
|
@@ -23,23 +27,85 @@ Produces:
|
|
23
27
|
apiVersion: networking.k8s.io/v1
|
24
28
|
kind: NetworkPolicy
|
25
29
|
metadata:
|
26
|
-
name:
|
30
|
+
name: web
|
31
|
+
labels:
|
32
|
+
app: backend
|
33
|
+
namespace: backend
|
27
34
|
spec:
|
28
35
|
podSelector:
|
29
36
|
matchLabels:
|
37
|
+
app: backend
|
30
38
|
role: web
|
31
39
|
ingress:
|
32
40
|
- from:
|
41
|
+
- namespaceSelector:
|
42
|
+
matchLabels:
|
43
|
+
app: frontend
|
33
44
|
- podSelector:
|
34
45
|
matchLabels:
|
35
|
-
|
46
|
+
app: backend
|
47
|
+
```
|
48
|
+
|
49
|
+
Note, the behavior of the from is an *or* since the namespaceSelector and podSelector are separate items.
|
50
|
+
|
51
|
+
## Example 2
|
52
|
+
|
53
|
+
If you need more control over the ingress selectors you can use the from method. He's an example:
|
54
|
+
|
55
|
+
.kubes/resources/web/network_policy.rb
|
56
|
+
|
57
|
+
```ruby
|
58
|
+
name "web"
|
59
|
+
labels(app: "backend")
|
60
|
+
namespace "backend"
|
61
|
+
|
62
|
+
matchLabels(app: "backend", role: "web")
|
63
|
+
from([
|
64
|
+
{ namespaceSelector: { matchLabels: { app: "frontend" } } },
|
65
|
+
{ namespaceSelector: { matchLabels: { app: "backend" } } }
|
66
|
+
])
|
67
|
+
```
|
68
|
+
|
69
|
+
Produces:
|
70
|
+
|
71
|
+
.kubes/output/web/network_policy.yaml
|
72
|
+
|
73
|
+
```yaml
|
74
|
+
apiVersion: networking.k8s.io/v1
|
75
|
+
kind: NetworkPolicy
|
76
|
+
metadata:
|
77
|
+
name: web
|
78
|
+
labels:
|
79
|
+
app: backend
|
80
|
+
namespace: backend
|
81
|
+
spec:
|
82
|
+
podSelector:
|
83
|
+
matchLabels:
|
84
|
+
app: backend
|
85
|
+
role: web
|
86
|
+
ingress:
|
87
|
+
- from:
|
88
|
+
- namespaceSelector:
|
89
|
+
matchLabels:
|
90
|
+
app: frontend
|
91
|
+
- namespaceSelector:
|
92
|
+
matchLabels:
|
93
|
+
app: backend
|
36
94
|
```
|
37
95
|
|
96
|
+
This will allow traffic from pods in either the frontend or backend namespaces to the backend pods.
|
97
|
+
|
38
98
|
## DSL Methods
|
39
99
|
|
40
100
|
Here's a list of more common methods:
|
41
101
|
|
42
|
-
*
|
43
|
-
*
|
102
|
+
* fromNamespace
|
103
|
+
* fromPod
|
104
|
+
* fromIpBlock
|
105
|
+
* toNamespace
|
106
|
+
* toPod
|
107
|
+
* toIpBlock
|
108
|
+
* from
|
109
|
+
* to
|
44
110
|
|
45
111
|
{% include dsl/methods.md name="network_policy" %}
|
@@ -5,8 +5,16 @@ module Kubes::Compiler::Dsl::Syntax
|
|
5
5
|
:podSelector, # <Object> -required-
|
6
6
|
:policyTypes # <[]string>
|
7
7
|
|
8
|
-
fields "
|
9
|
-
|
8
|
+
fields "matchLabels:hash"
|
9
|
+
|
10
|
+
fields "fromNamespace:hash",
|
11
|
+
"fromPod:hash",
|
12
|
+
"fromIpBlock:hash",
|
13
|
+
"toNamespace:hash",
|
14
|
+
"toPod:hash",
|
15
|
+
"toIpBlock:hash",
|
16
|
+
:from,
|
17
|
+
:to
|
10
18
|
|
11
19
|
def default_apiVersion
|
12
20
|
"networking.k8s.io/v1"
|
@@ -14,17 +22,26 @@ module Kubes::Compiler::Dsl::Syntax
|
|
14
22
|
|
15
23
|
def default_spec
|
16
24
|
{
|
17
|
-
podSelector: {
|
18
|
-
|
19
|
-
|
20
|
-
ingress: [
|
21
|
-
from: [
|
22
|
-
podSelector: {
|
23
|
-
matchLabels: fromMatchLabels
|
24
|
-
}
|
25
|
-
]
|
26
|
-
]
|
25
|
+
podSelector: { matchLabels: matchLabels },
|
26
|
+
ingress: [from: from],
|
27
|
+
egress: [to: to],
|
27
28
|
}
|
28
29
|
end
|
30
|
+
|
31
|
+
def default_from
|
32
|
+
[
|
33
|
+
{ namespaceSelector: { matchLabels: fromNamespace } },
|
34
|
+
{ podSelector: { matchLabels: fromPod } },
|
35
|
+
{ ipBlock: fromIpBlock }
|
36
|
+
]
|
37
|
+
end
|
38
|
+
|
39
|
+
def default_to
|
40
|
+
[
|
41
|
+
{ namespaceSelector: { matchLabels: toNamespace } },
|
42
|
+
{ podSelector: { matchLabels: toPod } },
|
43
|
+
{ ipBlock: toIpBlock }
|
44
|
+
]
|
45
|
+
end
|
29
46
|
end
|
30
47
|
end
|
data/lib/kubes/docker/build.rb
CHANGED
@@ -1,5 +1,3 @@
|
|
1
|
-
require 'open4'
|
2
|
-
|
3
1
|
module Kubes::Docker
|
4
2
|
class Build < Base
|
5
3
|
def run
|
@@ -17,17 +15,8 @@ module Kubes::Docker
|
|
17
15
|
params = args.flatten.join(' ')
|
18
16
|
command = "docker build #{params}"
|
19
17
|
run_hooks "build" do
|
20
|
-
|
21
|
-
spawn(command)
|
18
|
+
sh(command)
|
22
19
|
end
|
23
20
|
end
|
24
|
-
|
25
|
-
def spawn(command, stdin: '', stdout: STDOUT, stderr: STDERR)
|
26
|
-
Open4::spawn(
|
27
|
-
command,
|
28
|
-
stdin: stdin,
|
29
|
-
stdout: stdout,
|
30
|
-
stderr: stderr)
|
31
|
-
end
|
32
21
|
end
|
33
22
|
end
|
data/lib/kubes/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kubes
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-07-
|
11
|
+
date: 2020-07-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|