pepr 0.51.6-nightly.4 → 0.51.6-nightly.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/build.d.ts.map +1 -1
- package/dist/cli/build.helpers.d.ts.map +1 -1
- package/dist/cli/deploy.d.ts +1 -1
- package/dist/cli/deploy.d.ts.map +1 -1
- package/dist/cli.js +229 -130
- package/dist/controller.js +1 -1
- package/dist/lib/assets/assets.d.ts +13 -2
- package/dist/lib/assets/assets.d.ts.map +1 -1
- package/dist/lib/assets/deploy.d.ts.map +1 -1
- package/dist/lib/assets/{envrionment.d.ts → environment.d.ts} +1 -1
- package/dist/lib/assets/environment.d.ts.map +1 -0
- package/dist/lib/assets/helm.d.ts +4 -3
- package/dist/lib/assets/helm.d.ts.map +1 -1
- package/dist/lib/assets/{pods.d.ts → k8sObjects.d.ts} +4 -2
- package/dist/lib/assets/k8sObjects.d.ts.map +1 -0
- package/dist/lib/assets/networking.d.ts +0 -2
- package/dist/lib/assets/networking.d.ts.map +1 -1
- package/dist/lib/assets/yaml/generateAllYaml.d.ts +8 -3
- package/dist/lib/assets/yaml/generateAllYaml.d.ts.map +1 -1
- package/dist/lib/assets/yaml/overridesFile.d.ts +4 -1
- package/dist/lib/assets/yaml/overridesFile.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/cli/build.helpers.ts +17 -2
- package/src/cli/build.ts +27 -39
- package/src/cli/deploy.ts +13 -13
- package/src/lib/assets/assets.ts +81 -22
- package/src/lib/assets/deploy.ts +26 -12
- package/src/lib/assets/helm.ts +31 -3
- package/src/lib/assets/{pods.ts → k8sObjects.ts} +69 -22
- package/src/lib/assets/networking.ts +0 -52
- package/src/lib/assets/yaml/generateAllYaml.ts +38 -11
- package/src/lib/assets/yaml/overridesFile.ts +4 -1
- package/src/templates/tsconfig.module.json +2 -2
- package/dist/lib/assets/envrionment.d.ts.map +0 -1
- package/dist/lib/assets/pods.d.ts.map +0 -1
- /package/src/lib/assets/{envrionment.ts → environment.ts} +0 -0
package/src/lib/assets/helm.ts
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
// SPDX-License-Identifier: Apache-2.0
|
|
2
2
|
// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
|
|
3
3
|
|
|
4
|
+
type ControllerType = "admission" | "watcher";
|
|
5
|
+
|
|
4
6
|
export function clusterRoleTemplate(): string {
|
|
5
7
|
return `
|
|
6
8
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
@@ -61,8 +63,9 @@ export function chartYaml(name: string, description?: string): string {
|
|
|
61
63
|
`;
|
|
62
64
|
}
|
|
63
65
|
|
|
64
|
-
export function watcherDeployTemplate(buildTimestamp: string): string {
|
|
66
|
+
export function watcherDeployTemplate(buildTimestamp: string, type: ControllerType): string {
|
|
65
67
|
return `
|
|
68
|
+
{{- if .Values.${type}.enabled }}
|
|
66
69
|
apiVersion: apps/v1
|
|
67
70
|
kind: Deployment
|
|
68
71
|
metadata:
|
|
@@ -154,11 +157,13 @@ export function watcherDeployTemplate(buildTimestamp: string): string {
|
|
|
154
157
|
{{- if .Values.watcher.extraVolumes }}
|
|
155
158
|
{{- toYaml .Values.watcher.extraVolumes | nindent 8 }}
|
|
156
159
|
{{- end }}
|
|
160
|
+
{{- end }}
|
|
157
161
|
`;
|
|
158
162
|
}
|
|
159
163
|
|
|
160
|
-
export function admissionDeployTemplate(buildTimestamp: string): string {
|
|
164
|
+
export function admissionDeployTemplate(buildTimestamp: string, type: ControllerType): string {
|
|
161
165
|
return `
|
|
166
|
+
{{- if .Values.${type}.enabled }}
|
|
162
167
|
apiVersion: apps/v1
|
|
163
168
|
kind: Deployment
|
|
164
169
|
metadata:
|
|
@@ -270,9 +275,10 @@ export function admissionDeployTemplate(buildTimestamp: string): string {
|
|
|
270
275
|
{{- if .Values.admission.extraVolumes }}
|
|
271
276
|
{{- toYaml .Values.admission.extraVolumes | nindent 8 }}
|
|
272
277
|
{{- end }}
|
|
278
|
+
{{- end }}
|
|
273
279
|
`;
|
|
274
280
|
}
|
|
275
|
-
|
|
281
|
+
|
|
276
282
|
export function serviceMonitorTemplate(name: string, type: ControllerType): string {
|
|
277
283
|
return `
|
|
278
284
|
{{- if .Values.${type}.serviceMonitor.enabled }}
|
|
@@ -300,3 +306,25 @@ export function serviceMonitorTemplate(name: string, type: ControllerType): stri
|
|
|
300
306
|
{{- end }}
|
|
301
307
|
`;
|
|
302
308
|
}
|
|
309
|
+
|
|
310
|
+
export function serviceTemplate(name: string, type: ControllerType): string {
|
|
311
|
+
const svcName = type === "admission" ? name : `${name}-${type}`;
|
|
312
|
+
return `
|
|
313
|
+
{{- if .Values.${type}.enabled }}
|
|
314
|
+
apiVersion: v1
|
|
315
|
+
kind: Service
|
|
316
|
+
metadata:
|
|
317
|
+
name: ${svcName}
|
|
318
|
+
namespace: pepr-system
|
|
319
|
+
labels:
|
|
320
|
+
pepr.dev/controller: ${type}
|
|
321
|
+
spec:
|
|
322
|
+
selector:
|
|
323
|
+
app: ${svcName}
|
|
324
|
+
pepr.dev/controller: ${type}
|
|
325
|
+
ports:
|
|
326
|
+
- port: 443
|
|
327
|
+
targetPort: 3000
|
|
328
|
+
{{- end }}
|
|
329
|
+
`;
|
|
330
|
+
}
|
|
@@ -5,9 +5,8 @@ import { KubernetesObject } from "@kubernetes/client-node";
|
|
|
5
5
|
import { kind } from "kubernetes-fluent-client";
|
|
6
6
|
import { gzipSync } from "zlib";
|
|
7
7
|
import { secretOverLimit } from "../helpers";
|
|
8
|
-
import { Assets } from "./assets";
|
|
9
|
-
import {
|
|
10
|
-
import { genEnv } from "./envrionment";
|
|
8
|
+
import { Assets, isAdmission, isWatcher, norWatchOrAdmission } from "./assets";
|
|
9
|
+
import { genEnv } from "./environment";
|
|
11
10
|
|
|
12
11
|
/** Generate the pepr-system namespace */
|
|
13
12
|
export function getNamespace(namespaceLabels?: Record<string, string>): KubernetesObject {
|
|
@@ -37,27 +36,13 @@ export function getWatcher(
|
|
|
37
36
|
buildTimestamp: string,
|
|
38
37
|
imagePullSecret?: string,
|
|
39
38
|
): kind.Deployment | null {
|
|
40
|
-
const { name, image,
|
|
41
|
-
|
|
42
|
-
let hasSchedule = false;
|
|
43
|
-
|
|
44
|
-
// Append the watcher suffix
|
|
45
|
-
const app = `${name}-watcher`;
|
|
46
|
-
const bindings: Binding[] = [];
|
|
47
|
-
|
|
48
|
-
// Loop through the capabilities and find any Watch Actions
|
|
49
|
-
for (const capability of capabilities) {
|
|
50
|
-
if (capability.hasSchedule) {
|
|
51
|
-
hasSchedule = true;
|
|
52
|
-
}
|
|
53
|
-
const watchers = capability.bindings.filter(binding => binding.isWatch);
|
|
54
|
-
bindings.push(...watchers);
|
|
55
|
-
}
|
|
39
|
+
const { name, image, config } = assets;
|
|
56
40
|
|
|
57
|
-
|
|
58
|
-
if (bindings.length < 1 && !hasSchedule) {
|
|
41
|
+
if (!isWatcher(assets.capabilities)) {
|
|
59
42
|
return null;
|
|
60
43
|
}
|
|
44
|
+
// Append the watcher suffix
|
|
45
|
+
const app = `${name}-watcher`;
|
|
61
46
|
|
|
62
47
|
const deploy: kind.Deployment = {
|
|
63
48
|
apiVersion: "apps/v1",
|
|
@@ -196,10 +181,14 @@ export function getDeployment(
|
|
|
196
181
|
hash: string,
|
|
197
182
|
buildTimestamp: string,
|
|
198
183
|
imagePullSecret?: string,
|
|
199
|
-
): kind.Deployment {
|
|
184
|
+
): kind.Deployment | null {
|
|
200
185
|
const { name, image, config } = assets;
|
|
201
186
|
const app = name;
|
|
202
187
|
|
|
188
|
+
if (!isAdmission(assets.capabilities) && !norWatchOrAdmission(assets.capabilities)) {
|
|
189
|
+
return null;
|
|
190
|
+
}
|
|
191
|
+
|
|
203
192
|
const deploy: kind.Deployment = {
|
|
204
193
|
apiVersion: "apps/v1",
|
|
205
194
|
kind: "Deployment",
|
|
@@ -364,3 +353,61 @@ export function getModuleSecret(name: string, data: Buffer, hash: string): kind.
|
|
|
364
353
|
};
|
|
365
354
|
}
|
|
366
355
|
}
|
|
356
|
+
|
|
357
|
+
export function service(name: string, assets: Assets): kind.Service | null {
|
|
358
|
+
if (!isAdmission(assets.capabilities) && !norWatchOrAdmission(assets.capabilities)) {
|
|
359
|
+
return null;
|
|
360
|
+
}
|
|
361
|
+
return {
|
|
362
|
+
apiVersion: "v1",
|
|
363
|
+
kind: "Service",
|
|
364
|
+
metadata: {
|
|
365
|
+
name,
|
|
366
|
+
namespace: "pepr-system",
|
|
367
|
+
labels: {
|
|
368
|
+
"pepr.dev/controller": "admission",
|
|
369
|
+
},
|
|
370
|
+
},
|
|
371
|
+
spec: {
|
|
372
|
+
selector: {
|
|
373
|
+
app: name,
|
|
374
|
+
"pepr.dev/controller": "admission",
|
|
375
|
+
},
|
|
376
|
+
ports: [
|
|
377
|
+
{
|
|
378
|
+
port: 443,
|
|
379
|
+
targetPort: 3000,
|
|
380
|
+
},
|
|
381
|
+
],
|
|
382
|
+
},
|
|
383
|
+
};
|
|
384
|
+
}
|
|
385
|
+
|
|
386
|
+
export function watcherService(name: string, assets: Assets): kind.Service | null {
|
|
387
|
+
if (!isWatcher(assets.capabilities)) {
|
|
388
|
+
return null;
|
|
389
|
+
}
|
|
390
|
+
return {
|
|
391
|
+
apiVersion: "v1",
|
|
392
|
+
kind: "Service",
|
|
393
|
+
metadata: {
|
|
394
|
+
name: `${name}-watcher`,
|
|
395
|
+
namespace: "pepr-system",
|
|
396
|
+
labels: {
|
|
397
|
+
"pepr.dev/controller": "watcher",
|
|
398
|
+
},
|
|
399
|
+
},
|
|
400
|
+
spec: {
|
|
401
|
+
selector: {
|
|
402
|
+
app: `${name}-watcher`,
|
|
403
|
+
"pepr.dev/controller": "watcher",
|
|
404
|
+
},
|
|
405
|
+
ports: [
|
|
406
|
+
{
|
|
407
|
+
port: 443,
|
|
408
|
+
targetPort: 3000,
|
|
409
|
+
},
|
|
410
|
+
],
|
|
411
|
+
},
|
|
412
|
+
};
|
|
413
|
+
}
|
|
@@ -35,55 +35,3 @@ export function tlsSecret(name: string, tls: TLSOut): kind.Secret {
|
|
|
35
35
|
},
|
|
36
36
|
};
|
|
37
37
|
}
|
|
38
|
-
|
|
39
|
-
export function service(name: string): kind.Service {
|
|
40
|
-
return {
|
|
41
|
-
apiVersion: "v1",
|
|
42
|
-
kind: "Service",
|
|
43
|
-
metadata: {
|
|
44
|
-
name,
|
|
45
|
-
namespace: "pepr-system",
|
|
46
|
-
labels: {
|
|
47
|
-
"pepr.dev/controller": "admission",
|
|
48
|
-
},
|
|
49
|
-
},
|
|
50
|
-
spec: {
|
|
51
|
-
selector: {
|
|
52
|
-
app: name,
|
|
53
|
-
"pepr.dev/controller": "admission",
|
|
54
|
-
},
|
|
55
|
-
ports: [
|
|
56
|
-
{
|
|
57
|
-
port: 443,
|
|
58
|
-
targetPort: 3000,
|
|
59
|
-
},
|
|
60
|
-
],
|
|
61
|
-
},
|
|
62
|
-
};
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
export function watcherService(name: string): kind.Service {
|
|
66
|
-
return {
|
|
67
|
-
apiVersion: "v1",
|
|
68
|
-
kind: "Service",
|
|
69
|
-
metadata: {
|
|
70
|
-
name: `${name}-watcher`,
|
|
71
|
-
namespace: "pepr-system",
|
|
72
|
-
labels: {
|
|
73
|
-
"pepr.dev/controller": "watcher",
|
|
74
|
-
},
|
|
75
|
-
},
|
|
76
|
-
spec: {
|
|
77
|
-
selector: {
|
|
78
|
-
app: `${name}-watcher`,
|
|
79
|
-
"pepr.dev/controller": "watcher",
|
|
80
|
-
},
|
|
81
|
-
ports: [
|
|
82
|
-
{
|
|
83
|
-
port: 443,
|
|
84
|
-
targetPort: 3000,
|
|
85
|
-
},
|
|
86
|
-
],
|
|
87
|
-
},
|
|
88
|
-
};
|
|
89
|
-
}
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
import crypto from "crypto";
|
|
5
5
|
import { Assets } from "../assets";
|
|
6
6
|
import { WebhookType } from "../../enums";
|
|
7
|
-
import { apiPathSecret,
|
|
7
|
+
import { apiPathSecret, tlsSecret } from "../networking";
|
|
8
8
|
import {
|
|
9
9
|
clusterRole,
|
|
10
10
|
clusterRoleBinding,
|
|
@@ -12,33 +12,60 @@ import {
|
|
|
12
12
|
storeRole,
|
|
13
13
|
storeRoleBinding,
|
|
14
14
|
} from "../rbac";
|
|
15
|
-
import { dumpYaml, V1Deployment } from "@kubernetes/client-node";
|
|
16
|
-
import { getModuleSecret, getNamespace } from "../
|
|
15
|
+
import { dumpYaml, V1Deployment, V1Service, KubernetesObject } from "@kubernetes/client-node";
|
|
16
|
+
import { getModuleSecret, getNamespace } from "../k8sObjects";
|
|
17
17
|
import { promises as fs } from "fs";
|
|
18
18
|
import { webhookConfigGenerator } from "../webhooks";
|
|
19
19
|
|
|
20
|
-
type deployments = {
|
|
20
|
+
type deployments = { admission: V1Deployment | null; watch: V1Deployment | null };
|
|
21
|
+
type services = {
|
|
22
|
+
admission: V1Service | null;
|
|
23
|
+
watch: V1Service | null;
|
|
24
|
+
};
|
|
21
25
|
|
|
22
|
-
export
|
|
26
|
+
export function pushControllerManifests(
|
|
27
|
+
resources: KubernetesObject[],
|
|
28
|
+
deployments: deployments,
|
|
29
|
+
services: services,
|
|
30
|
+
): KubernetesObject[] {
|
|
31
|
+
if (deployments.watch) {
|
|
32
|
+
resources.push(deployments.watch);
|
|
33
|
+
}
|
|
34
|
+
if (deployments.admission) {
|
|
35
|
+
resources.push(deployments.admission);
|
|
36
|
+
}
|
|
37
|
+
if (services.admission) {
|
|
38
|
+
resources.push(services.admission);
|
|
39
|
+
}
|
|
40
|
+
if (services.watch) {
|
|
41
|
+
resources.push(services.watch);
|
|
42
|
+
}
|
|
43
|
+
return resources;
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
export async function generateAllYaml(
|
|
47
|
+
assets: Assets,
|
|
48
|
+
deployments: deployments,
|
|
49
|
+
services: services,
|
|
50
|
+
): Promise<string> {
|
|
23
51
|
const { name, tls, apiPath, path, config } = assets;
|
|
24
52
|
const code = await fs.readFile(path);
|
|
25
53
|
const hash = crypto.createHash("sha256").update(code).digest("hex");
|
|
26
54
|
|
|
27
|
-
|
|
55
|
+
let resources = [
|
|
28
56
|
getNamespace(assets.config.customLabels?.namespace),
|
|
29
57
|
clusterRole(name, assets.capabilities, config.rbacMode, config.rbac),
|
|
30
58
|
clusterRoleBinding(name),
|
|
31
59
|
serviceAccount(name),
|
|
32
60
|
apiPathSecret(name, apiPath),
|
|
33
61
|
tlsSecret(name, tls),
|
|
34
|
-
deployments.default,
|
|
35
|
-
service(name),
|
|
36
|
-
watcherService(name),
|
|
37
62
|
getModuleSecret(name, code, hash),
|
|
38
63
|
storeRole(name),
|
|
39
64
|
storeRoleBinding(name),
|
|
40
65
|
];
|
|
41
66
|
|
|
67
|
+
resources = pushControllerManifests(resources, deployments, services);
|
|
68
|
+
|
|
42
69
|
const webhooks = {
|
|
43
70
|
mutate: await webhookConfigGenerator(assets, WebhookType.MUTATE, assets.config.webhookTimeout),
|
|
44
71
|
validate: await webhookConfigGenerator(
|
|
@@ -48,8 +75,8 @@ export async function generateAllYaml(assets: Assets, deployments: deployments):
|
|
|
48
75
|
),
|
|
49
76
|
};
|
|
50
77
|
|
|
51
|
-
// Add webhooks
|
|
52
|
-
const additionalResources = [webhooks.mutate, webhooks.validate
|
|
78
|
+
// Add webhooks if they exist
|
|
79
|
+
const additionalResources = [webhooks.mutate, webhooks.validate].filter(
|
|
53
80
|
resource => resource !== null && resource !== undefined,
|
|
54
81
|
);
|
|
55
82
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { genEnv } from "../
|
|
1
|
+
import { genEnv } from "../environment";
|
|
2
2
|
import { CapabilityExport, ModuleConfig } from "../../types";
|
|
3
3
|
import { dumpYaml } from "@kubernetes/client-node";
|
|
4
4
|
import { clusterRole } from "../rbac";
|
|
@@ -18,6 +18,7 @@ export async function overridesFile(
|
|
|
18
18
|
{ hash, name, image, config, apiPath, capabilities }: ChartOverrides,
|
|
19
19
|
path: string,
|
|
20
20
|
imagePullSecrets: string[],
|
|
21
|
+
controllerType: { admission: boolean; watcher: boolean } = { admission: true, watcher: true },
|
|
21
22
|
): Promise<void> {
|
|
22
23
|
const rbacOverrides = clusterRole(name, capabilities, config.rbacMode, config.rbac).rules;
|
|
23
24
|
|
|
@@ -41,6 +42,7 @@ export async function overridesFile(
|
|
|
41
42
|
},
|
|
42
43
|
uuid: name,
|
|
43
44
|
admission: {
|
|
45
|
+
enabled: controllerType.admission === true ? true : false,
|
|
44
46
|
antiAffinity: false,
|
|
45
47
|
terminationGracePeriodSeconds: 5,
|
|
46
48
|
failurePolicy: config.onError === "reject" ? "Fail" : "Ignore",
|
|
@@ -110,6 +112,7 @@ export async function overridesFile(
|
|
|
110
112
|
},
|
|
111
113
|
},
|
|
112
114
|
watcher: {
|
|
115
|
+
enabled: controllerType.watcher === true ? true : false,
|
|
113
116
|
terminationGracePeriodSeconds: 5,
|
|
114
117
|
env: genEnv(config, true, true),
|
|
115
118
|
envFrom: [],
|
|
@@ -6,8 +6,8 @@
|
|
|
6
6
|
"emitDeclarationOnly": true,
|
|
7
7
|
"esModuleInterop": true,
|
|
8
8
|
"lib": ["ES2022"],
|
|
9
|
-
"module": "
|
|
10
|
-
"moduleResolution": "
|
|
9
|
+
"module": "NodeNext",
|
|
10
|
+
"moduleResolution": "NodeNext",
|
|
11
11
|
"outDir": "dist",
|
|
12
12
|
"resolveJsonModule": true,
|
|
13
13
|
"rootDir": ".",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"envrionment.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/envrionment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,wBAAgB,MAAM,CACpB,MAAM,EAAE,YAAY,EACpB,SAAS,UAAQ,EACjB,eAAe,UAAQ,GACtB,QAAQ,EAAE,CAkBZ"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"pods.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/pods.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAGhD,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAIlC,yCAAyC;AACzC,wBAAgB,YAAY,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,gBAAgB,CAmBvF;AAED,wBAAgB,UAAU,CACxB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,MAAM,EACtB,eAAe,CAAC,EAAE,MAAM,GACvB,IAAI,CAAC,UAAU,GAAG,IAAI,CAyJxB;AAED,wBAAgB,aAAa,CAC3B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,MAAM,EACtB,eAAe,CAAC,EAAE,MAAM,GACvB,IAAI,CAAC,UAAU,CA+IjB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAsBrF"}
|
|
File without changes
|