feat(k8s): add function for injecting names from hashed data objects (#33)

2025-12-11 23:50:06 +01:00 · 2023-09-26 05:04:32 +03:00 · 2023-09-26 05:04:32 +03:00 · 473fb3ae50
commit 473fb3ae50
parent 71cb0a2a47
3 changed files with 62 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+### Added
+
+- add `optionalHashedNames` to inject hashed names for referencing inside modules
+
 ### Changed

 - removed local `kubectl` and `kubernetes` packages in lieu of those from nixpkgs
--- a/lib/k8s/default.nix
+++ b/lib/k8s/default.nix
@ -62,6 +62,23 @@ with lib; rec {
      } // labels;
    };

+  # Returns "<name>-<hash(data)>"
+  mkNameHash = { name, data, length ? 10 }:
+    "${name}-${builtins.substring 0 length (builtins.hashString "sha1" (builtins.toJSON data))}";
+
+  # Returns the same resources with addition of injected (or overwritten) metadata.name with hashed data
+  # name of the resource in Nix does not change for reference reasons
+  # useful for the ConfigMap and Secret resources
+  injectHashedNames = attrs:
+    lib.mapAttrs
+      (name: o:
+        recursiveUpdate o {
+          metadata.name = mkNameHash { inherit name; data = o.data; };
+        }
+      )
+      attrs;
+
+
  inherit (lib) toBase64;
  inherit (lib) octalToDecimal;
 }
--- a/modules/k8s.nix
+++ b/modules/k8s.nix
@ -257,6 +257,39 @@ with lib; let
      (types.listOf (types.submodule submodule))
      (mergeValuesByFn keyFn)
      (types.attrsOf (types.submodule submodule));
+
+  # inject hashed names for referencing inside modules, example:
+  # pod = {
+  #   containers.nginx = {
+  #     image = "nginx:1.25.1";
+  #     volumeMounts = {
+  #       "/etc/nginx".name = "config";
+  #       "/var/lib/html".name = "static";
+  #     };
+  #   };
+  #   volumes = {
+  #     config.configMap.name = config.kubernetes.resources.configMaps.nginx-config.metadata.name;
+  #     static.configMap.name = config.kubernetes.resources.configMaps.nginx-static.metadata.name;
+  #   };
+  # };
+  optionalHashedNames = object:
+    if cfg.enableHashedNames then
+      recursiveUpdate object
+        (mapAttrs
+          (ks: v:
+            if builtins.elem ks [ "configMaps" "secrets" ] then
+              k8s.injectHashedNames v
+            else
+              v
+          )
+          object)
+    else object;
+
+  # inject hashed names in the output
+  optionalHashedNames' = object: kind:
+    if cfg.enableHashedNames && elem kind [ "ConfigMap" "Secret" ] then
+      k8s.injectHashedNames object
+    else object;
 in
 {
  imports = [ ./base.nix ];
@ -319,6 +352,7 @@ in
      description = "Alias for `config.kubernetes.api.resources` options";
      default = { };
      type = types.attrsOf types.attrs;
+      apply = optionalHashedNames;
    };

    customTypes = mkOption {
@ -411,6 +445,12 @@ in
      description = "Genrated kubernetes YAML file";
      type = types.package;
    };
+
+    enableHashedNames = mkOption {
+      description = "Enable hashing of resource (ConfigMap,Secret) names";
+      type = types.bool;
+      default = false;
+    };
  };

  config = {
@ -497,7 +537,7 @@ in
    kubernetes.objects = flatten (mapAttrsToList
      (_: type:
        mapAttrsToList (_name: moduleToAttrs)
-          cfg.api.resources.${type.group}.${type.version}.${type.kind}
+          (optionalHashedNames' cfg.api.resources.${type.group}.${type.version}.${type.kind} type.kind)
      )
      cfg.api.types);