Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 99ed6a7abb57ee302a1f2f96c0173f7d0b318d5d^! / . / app / matrix / lib / matrix-ng.libsonnet
commit99ed6a7abb57ee302a1f2f96c0173f7d0b318d5d[log] [tgz]
authorradex <radex@hackerspace.pl>Fri Nov 24 11:42:55 2023 +0100
committerradex <radex@hackerspace.pl>Fri Nov 24 20:38:44 2023 +0000
tree8d5f95adff9ed0fb3ecfe9b339e2f7aa931b6ade
parent36964dca3b75e054d24b91dbaec76b0611147e3c [diff] [blame]
kube: standardize on a `local ns` convention

A convention is introduced to specify the kube.Namespace object in a deployment as a `local ns` instead of an `ns:` or a `namespace:` for these reasons:

- non-cluster admins cannot create new namespaces, and we've been moving in the direction of specifying objects that require cluster admin permissions to apply (policies, role bindings) in //cluster/kube/k0 instead of in the app jsonnet
- namespace admins CAN delete the namespace, making `kubecfg delete` unexpectedly dangerous (especially if a namespace contains more than just the contents of the file being applied - common with personal namespaces)
- `.Contain()` is a common operation, and it shows up in lines that are pretty long, so `ns.Contain()` is preferable to `app.ns.Contain()` or `service.namespace.Contain()`

Change-Id: Ie4ea825376dbf6faa175179054f3ee3de2253ae0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1804
Reviewed-by: q3k <q3k@hackerspace.pl>

diff --git a/app/matrix/lib/matrix-ng.libsonnet b/app/matrix/lib/matrix-ng.libsonnet
index 18120f0..620a8d5 100644
--- a/app/matrix/lib/matrix-ng.libsonnet
+++ b/app/matrix/lib/matrix-ng.libsonnet

@@ -243,7 +243,7 @@
         },
     },
 
-    namespace: kube.Namespace(cfg.namespace),
+    local ns = kube.Namespace(cfg.namespace),
 
     postgres3: if cfg.postgres.enable then postgres {
         local psql = self,
@@ -282,7 +282,7 @@
     },
 
     riot: riot {
-        ns: app.namespace,
+        ns: ns,
         cfg+: {
             webDomain: cfg.webDomain,
             serverName: cfg.serverName,
@@ -292,7 +292,7 @@
 
     cas: if cfg.cas.enable && cfg.oidc.enable then error "cfg.cas.enable and cfg.oidc.enable options are exclusive"
         else if cfg.cas.enable then cas {
-        ns: app.namespace,
+        ns: ns,
         cfg+: {
             image: cfg.images.casProxy,
             webDomain: cfg.webDomain,
@@ -301,7 +301,7 @@
     },
 
     wellKnown: if cfg.wellKnown then wellKnown {
-        ns: app.namespace,
+        ns: ns,
         cfg+: {
             image: cfg.images.wellKnown,
             webDomain: cfg.webDomain,
@@ -309,7 +309,7 @@
     } else {},
 
     mediaRepo: if cfg.mediaRepo.enable then mediaRepo {
-        ns: app.namespace,
+        ns: ns,
         cfg+: {
             image: cfg.images.mediaRepo,
 
@@ -324,7 +324,7 @@
     } else {},
 
     coturn: if cfg.coturn.enable then coturn {
-        ns: app.namespace,
+        ns: ns,
         cfg+: {
             storageClassName: cfg.storageClassName,
             image: cfg.images.coturn,
@@ -335,7 +335,7 @@
     } else null,
 
     synapse: synapse {
-        ns: app.namespace,
+        ns: ns,
         postgres: if cfg.postgres.enable then app.postgres3 else {
             # If not using on-cluster postgres, pass the config postgres object
             # as the postgres object into the synapse lib. It's a bit ugly (we