2021-05-06 16:07:24 -04:00
|
|
|
{ options, config, lib, kubenix, pkgs, ... }:
|
2019-10-21 13:47:21 +02:00
|
|
|
|
|
|
|
|
with lib;
|
2020-01-14 14:53:42 +00:00
|
|
|
let
|
2021-05-13 17:27:08 -04:00
|
|
|
findObject = { kind, name }: filter
|
|
|
|
|
(object:
|
|
|
|
|
object.kind == kind && object.metadata.name == name
|
|
|
|
|
)
|
|
|
|
|
config.kubernetes.objects;
|
2020-01-14 14:53:42 +00:00
|
|
|
|
|
|
|
|
getObject = filter: head (findObject filter);
|
|
|
|
|
|
|
|
|
|
hasObject = { kind, name }: length (findObject { inherit kind name; }) == 1;
|
2021-05-13 17:27:08 -04:00
|
|
|
in
|
|
|
|
|
{
|
2019-10-21 13:47:21 +02:00
|
|
|
imports = with kubenix.modules; [ test k8s legacy ];
|
|
|
|
|
|
|
|
|
|
test = {
|
|
|
|
|
name = "legacy-crd";
|
|
|
|
|
description = "Simple test tesing kubenix legacy integration with crds crd";
|
2020-04-04 18:44:43 +07:00
|
|
|
enable = builtins.compareVersions config.kubernetes.version "1.15" <= 0;
|
2020-01-14 14:53:42 +00:00
|
|
|
assertions = [{
|
2020-01-14 19:13:33 +00:00
|
|
|
message = "should define crd in module";
|
2020-01-14 14:53:42 +00:00
|
|
|
assertion =
|
2021-05-13 17:27:08 -04:00
|
|
|
hasObject { kind = "SecretClaim"; name = "module-claim"; };
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
message = "should define crd in root";
|
|
|
|
|
assertion =
|
|
|
|
|
hasObject { kind = "SecretClaim"; name = "root-claim"; };
|
|
|
|
|
}];
|
2019-10-21 13:47:21 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
kubernetes.namespace = "test";
|
|
|
|
|
|
|
|
|
|
kubernetes.moduleDefinitions.secret-claim.module = { config, k8s, module, ... }: {
|
|
|
|
|
options = {
|
|
|
|
|
name = mkOption {
|
|
|
|
|
description = "Name of the secret claim";
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = module.name;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
type = mkOption {
|
|
|
|
|
description = "Type of the secret";
|
2021-05-13 17:27:08 -04:00
|
|
|
type = types.enum [ "Opaque" "kubernetes.io/tls" ];
|
2019-10-21 13:47:21 +02:00
|
|
|
default = "Opaque";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
path = mkOption {
|
|
|
|
|
description = "Secret path";
|
|
|
|
|
type = types.str;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
renew = mkOption {
|
|
|
|
|
description = "Renew time in seconds";
|
|
|
|
|
type = types.nullOr types.int;
|
|
|
|
|
default = null;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
data = mkOption {
|
|
|
|
|
type = types.nullOr types.attrs;
|
|
|
|
|
description = "Data to pass to get secrets";
|
|
|
|
|
default = null;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2021-05-13 17:27:08 -04:00
|
|
|
config = {
|
2019-10-21 13:47:21 +02:00
|
|
|
kubernetes.resources.customResourceDefinitions.secret-claims = {
|
|
|
|
|
kind = "CustomResourceDefinition";
|
|
|
|
|
apiVersion = "apiextensions.k8s.io/v1beta1";
|
|
|
|
|
metadata.name = "secretclaims.vaultproject.io";
|
|
|
|
|
spec = {
|
|
|
|
|
group = "vaultproject.io";
|
|
|
|
|
version = "v1";
|
|
|
|
|
scope = "Namespaced";
|
|
|
|
|
names = {
|
|
|
|
|
plural = "secretclaims";
|
|
|
|
|
kind = "SecretClaim";
|
2021-05-13 17:27:08 -04:00
|
|
|
shortNames = [ "scl" ];
|
2019-10-21 13:47:21 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
kubernetes.customResources.secret-claims.claim = {
|
|
|
|
|
metadata.name = config.name;
|
|
|
|
|
spec = {
|
|
|
|
|
inherit (config) type path;
|
|
|
|
|
} // (optionalAttrs (config.renew != null) {
|
|
|
|
|
inherit (config) renew;
|
|
|
|
|
}) // (optionalAttrs (config.data != null) {
|
|
|
|
|
inherit (config) data;
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2020-01-14 19:13:33 +00:00
|
|
|
kubernetes.modules.module-claim = {
|
|
|
|
|
module = "secret-claim";
|
2019-10-21 13:47:21 +02:00
|
|
|
configuration.path = "tokens/test";
|
|
|
|
|
};
|
|
|
|
|
|
2020-01-14 19:13:33 +00:00
|
|
|
kubernetes.customResources.secret-claims.root-claim = {
|
2019-10-21 13:47:21 +02:00
|
|
|
spec = {
|
|
|
|
|
path = "secrets/test2";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
