From 69a614f493e50e7a6cc7029774a6d32df6425f80 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Wed, 22 Mar 2023 14:02:16 +0200 Subject: [PATCH] Add auth and caching to examples - Add an optional `password` field to redis module - Add an optional `redisURL` field to podinfo module Signed-off-by: Stefan Prodan --- README.md | 4 ++-- docs/index.md | 2 +- examples/podinfo-values/caching-values.cue | 4 ++++ examples/podinfo/README.md | 7 +++++++ examples/podinfo/templates/config.cue | 15 +++++++++++++-- examples/podinfo/templates/deployment.cue | 7 +++++++ examples/redis/README.md | 1 + examples/redis/templates/config.cue | 7 +++++-- examples/redis/templates/master.deployment.cue | 8 +++++++- examples/redis/templates/replica.deployment.cue | 6 ++++++ examples/redis/test_values.cue | 1 + 11 files changed, 54 insertions(+), 8 deletions(-) create mode 100644 examples/podinfo-values/caching-values.cue diff --git a/README.md b/README.md index e4814a25..79e85137 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ to offer a better experience of creating, packaging and delivering apps to Kuber > **Warning** > > Note that Timoni in under active development and is still in its infancy. -> Its APIs and command-line interface may change in a backwards incompatible manner. +> The APIs and command-line interface may change in a backwards incompatible manner. ## Get started @@ -50,7 +50,7 @@ Module structure: └── values.cue # Timoni values placeholder ``` -A module example can be found at [examples/podinfo](examples/podinfo). +Module examples can be found at [examples/podinfo](examples/podinfo) and [examples/redis](examples/redis). Commands for working with local modules: diff --git a/docs/index.md b/docs/index.md index 6c1a3ec2..c3f4dd6e 100644 --- a/docs/index.md +++ b/docs/index.md @@ -13,7 +13,7 @@ to offer a better experience of creating, packaging and delivering apps to Kuber !!! warning "Development phase" Timoni in under active development and is still in its infancy. - Its APIs and interfaces may change in a backwards incompatible manner. + The APIs and interfaces may change in a backwards incompatible manner. ## Concepts diff --git a/examples/podinfo-values/caching-values.cue b/examples/podinfo-values/caching-values.cue new file mode 100644 index 00000000..0d73af7f --- /dev/null +++ b/examples/podinfo-values/caching-values.cue @@ -0,0 +1,4 @@ +values: caching: { + enabled: true + redisURL: "tcp://:redis@redis:6379" +} diff --git a/examples/podinfo/README.md b/examples/podinfo/README.md index 4feb43e4..ee7158f3 100644 --- a/examples/podinfo/README.md +++ b/examples/podinfo/README.md @@ -120,3 +120,10 @@ values: { |-------------------------|----------|---------|-------------------------------------------------------------------------------| | `monitoring: enabled:` | `bool` | `false` | Enable [Prometheus ServiceMonitor](https://prometheus-operator.dev/) creation | | `monitoring: interval:` | `string` | `15s` | Prometheus scrape interval | + +### Cashing values + +| Key | Type | Default | Description | +|----------------------|----------|---------|---------------------------------------------------------| +| `caching: enabled:` | `bool` | `false` | Enable Redis caching | +| `caching: redisURL:` | `string` | `""` | Redis URL in the format `tcp://:[password]@host[:port]` | diff --git a/examples/podinfo/templates/config.cue b/examples/podinfo/templates/config.cue index 7bdb8ab9..617eb6cf 100644 --- a/examples/podinfo/templates/config.cue +++ b/examples/podinfo/templates/config.cue @@ -1,6 +1,8 @@ package templates import ( + "strings" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" corev1 "k8s.io/api/core/v1" ) @@ -9,12 +11,15 @@ import ( #Config: { // Metadata (common to all resources) metadata: metav1.#ObjectMeta - metadata: name: *"podinfo" | string - metadata: namespace: *"default" | string + metadata: name: *"podinfo" | string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63) + metadata: namespace: *"default" | string & strings.MaxRunes(63) metadata: labels: *selectorLabels | {[ string]: string} metadata: labels: "app.kubernetes.io/version": image.tag metadata: annotations?: {[ string]: string} + // Redis + redis?: string + // Deployment replicas: *1 | int & >0 selectorLabels: *{"app.kubernetes.io/name": metadata.name} | {[ string]: string} @@ -62,6 +67,12 @@ import ( enabled: *false | bool interval: *"15s" | string } + + // Caching (optional) + caching: { + enabled: *false | bool + redisURL?: string & =~"^tcp://.*$" + } } // Instance takes the config values and outputs the Kubernetes objects. diff --git a/examples/podinfo/templates/deployment.cue b/examples/podinfo/templates/deployment.cue index 60ed4a90..72b748e6 100644 --- a/examples/podinfo/templates/deployment.cue +++ b/examples/podinfo/templates/deployment.cue @@ -54,6 +54,13 @@ import ( if _config.securityContext != _|_ { securityContext: _config.securityContext } + command: [ + "./podinfo", + "--level=info", + if _config.caching.enabled { + "--cache-server=\(_config.caching.redisURL)" + }, + ] }, ] if _config.podSecurityContext != _|_ { diff --git a/examples/redis/README.md b/examples/redis/README.md index e163ebd1..d7d1cfe2 100644 --- a/examples/redis/README.md +++ b/examples/redis/README.md @@ -93,6 +93,7 @@ timoni -n default delete redis | `persistence: enabled:` | `bool` | `true` | Enable persistent storage for the Redis master node | | `persistence: storageClass:` | `string` | `standard` | The [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) storage class name | | `persistence: size:` | `string` | `8Gi` | The persistent volume size | +| `password` | `string` | `""` | When set, it enables auth for both the master and replicas with the specified password | ### General values diff --git a/examples/redis/templates/config.cue b/examples/redis/templates/config.cue index 9281d87d..a7019959 100644 --- a/examples/redis/templates/config.cue +++ b/examples/redis/templates/config.cue @@ -1,6 +1,8 @@ package templates import ( + "strings" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" corev1 "k8s.io/api/core/v1" ) @@ -15,11 +17,12 @@ import ( storageClass: *"standard" | string size: *"8Gi" | string } + password?: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" // Metadata (common to all resources) metadata: metav1.#ObjectMeta - metadata: name: *"redis" | string - metadata: namespace: *"default" | string + metadata: name: *"redis" | string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63) + metadata: namespace: *"default" | string & strings.MaxRunes(63) metadata: labels: { "app.kubernetes.io/version": image.tag "app.kubernetes.io/part-of": metadata.name diff --git a/examples/redis/templates/master.deployment.cue b/examples/redis/templates/master.deployment.cue index 03a71f8b..7aff31b8 100644 --- a/examples/redis/templates/master.deployment.cue +++ b/examples/redis/templates/master.deployment.cue @@ -42,7 +42,13 @@ import ( containerPort: 6379 protocol: "TCP" }] - command: ["redis-server", "/redis-master/redis.conf"] + command: [ + "redis-server", + "/redis-master/redis.conf", + if _config.password != _|_ { + "--requirepass \(_config.password)" + }, + ] livenessProbe: { tcpSocket: port: "redis" initialDelaySeconds: 2 diff --git a/examples/redis/templates/replica.deployment.cue b/examples/redis/templates/replica.deployment.cue index 230c68cd..52f3ccd5 100644 --- a/examples/redis/templates/replica.deployment.cue +++ b/examples/redis/templates/replica.deployment.cue @@ -50,6 +50,12 @@ import ( "\(_config.service.port)", "--include", "/redis-replica/redis.conf", + if _config.password != _|_ { + "--masterauth \(_config.password)" + }, + if _config.password != _|_ { + "--requirepass \(_config.password)" + }, ] livenessProbe: { tcpSocket: port: "redis" diff --git a/examples/redis/test_values.cue b/examples/redis/test_values.cue index cbe50917..387337f0 100644 --- a/examples/redis/test_values.cue +++ b/examples/redis/test_values.cue @@ -5,4 +5,5 @@ package main values: { resources: requests: cpu: "100m" resources: limits: cpu: "1000m" + password: "my-redis_password123" }