Create customizer for initContainers

eigr-labs · Dec 14, 2023 · 758bb4a · 758bb4a
1 parent 87fb2bc
commit 758bb4a
Show file tree

Hide file tree

Showing 2 changed files with 114 additions and 1 deletion.
diff --git a/flame_k8s_controller/lib/flame_k8s_controller/application.ex b/flame_k8s_controller/lib/flame_k8s_controller/application.ex
@@ -4,7 +4,7 @@ defmodule FlameK8sController.Application do
 
   require Logger
 
-  @port 9090
+  @port 9001
 
   def start(_type, args) do
     env = Keyword.get(args, :env, :dev)

diff --git a/flame_k8s_controller/lib/mix/tasks/bonny.gen.manifest/customizer.ex b/flame_k8s_controller/lib/mix/tasks/bonny.gen.manifest/customizer.ex
@@ -17,8 +17,121 @@ defmodule Mix.Tasks.Bonny.Gen.Manifest.FlameK8sControllerCustomizer do
   end
   """
 
+  import YamlElixir.Sigil
+
   @spec override(Bonny.Resource.t()) :: Bonny.Resource.t()
 
+  def override(%{"kind" => "Deployment"} = resource) do
+    image =
+      get_in(
+        resource,
+        [
+          "spec",
+          "template",
+          "spec",
+          "containers",
+          Access.filter(&(&1["name"] == "flame-controller")),
+          "image"
+        ]
+      )
+      |> List.first()
+
+    resource
+    |> update_in(
+      ["spec", "template", "spec", Access.key("volumes", [])],
+      &[%{"name" => "certs", "secret" => %{"secretName" => "tls-certs", "optional" => true}} | &1]
+    )
+    |> put_in(
+      [
+        "spec",
+        "template",
+        "spec",
+        "containers",
+        Access.all(),
+        "securityContext",
+        "runAsUser"
+      ],
+      1001
+    )
+    |> update_in(
+      [
+        "spec",
+        "template",
+        "spec",
+        "containers",
+        Access.filter(&(&1["name"] == "flame-controller")),
+        Access.key("volumeMounts", [])
+      ],
+      &[%{"name" => "certs", "mountPath" => "/mnt/cert"} | &1]
+    )
+    |> update_in(
+      [
+        "spec",
+        "template",
+        "spec",
+        Access.key("initContainers", [])
+      ],
+      fn init_containers ->
+        certs = %{
+          "name" => "init-certificates",
+          "image" => image,
+          "args" => ["eval", ~s|FlameK8sController.Webhooks.bootstrap_tls(:prod, "tls-certs")|]
+        }
+
+        [certs | init_containers]
+      end
+    )
+    |> put_in(
+      [
+        "spec",
+        "template",
+        "spec",
+        "containers",
+        Access.filter(&(&1["name"] == "flame-controller")),
+        "ports"
+      ],
+      [%{"containerPort" => 9001, "name" => "webhooks"}]
+    )
+  end
+
+  def override(%{"kind" => "ClusterRole"} = resource) do
+    Map.update!(resource, "rules", fn rules ->
+      [
+        ~y"""
+        apiGroups: ["admissionregistration.k8s.io"]
+        resources:
+          - validatingwebhookconfigurations
+          - mutatingwebhookconfigurations
+        verbs: ["get", "list", "update", "patch"]
+        """,
+        ~y"""
+        apiGroups: ["apiextensions.k8s.io"]
+        resources: ["customresourcedefinitions"]
+        verbs: ["get", "list", "update", "patch"]
+        """
+        | rules
+      ]
+    end)
+  end
+
+  def override(%{"kind" => "CustomResourceDefinition"} = resource) do
+    resource
+    |> Map.update!("metadata", fn
+      %{"labels" => labels} = metadata when labels == %{} -> Map.delete(metadata, "labels")
+      metadata -> metadata
+    end)
+    |> update_in(["spec", "versions", Access.all()], fn
+      version ->
+        version
+        |> Enum.reject(fn
+          {"additionalPrinterColumns", []} -> true
+          {"deprecated", false} -> true
+          _ -> false
+        end)
+        |> Map.new()
+    end)
+  end
+
   # fallback
   def override(resource), do: resource
 end