Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 99ed6a7abb57ee302a1f2f96c0173f7d0b318d5d^! / . / app / matrix / lib / media-repo.libsonnet
commit99ed6a7abb57ee302a1f2f96c0173f7d0b318d5d[log] [tgz]
authorradex <radex@hackerspace.pl>Fri Nov 24 11:42:55 2023 +0100
committerradex <radex@hackerspace.pl>Fri Nov 24 20:38:44 2023 +0000
tree8d5f95adff9ed0fb3ecfe9b339e2f7aa931b6ade
parent36964dca3b75e054d24b91dbaec76b0611147e3c [diff] [blame]
kube: standardize on a `local ns` convention

A convention is introduced to specify the kube.Namespace object in a deployment as a `local ns` instead of an `ns:` or a `namespace:` for these reasons:

- non-cluster admins cannot create new namespaces, and we've been moving in the direction of specifying objects that require cluster admin permissions to apply (policies, role bindings) in //cluster/kube/k0 instead of in the app jsonnet
- namespace admins CAN delete the namespace, making `kubecfg delete` unexpectedly dangerous (especially if a namespace contains more than just the contents of the file being applied - common with personal namespaces)
- `.Contain()` is a common operation, and it shows up in lines that are pretty long, so `ns.Contain()` is preferable to `app.ns.Contain()` or `service.namespace.Contain()`

Change-Id: Ie4ea825376dbf6faa175179054f3ee3de2253ae0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1804
Reviewed-by: q3k <q3k@hackerspace.pl>

diff --git a/app/matrix/lib/media-repo.libsonnet b/app/matrix/lib/media-repo.libsonnet
index 4b079d8..275be24 100644
--- a/app/matrix/lib/media-repo.libsonnet
+++ b/app/matrix/lib/media-repo.libsonnet

@@ -27,6 +27,7 @@
     },
 
     ns:: error "ns needs to be a kube.Namespace object",
+    local ns = app.ns,
 
     config:: {
         repo: {
@@ -60,13 +61,13 @@
         ],
     },
 
-    configSecret: app.ns.Contain(kube.Secret("media-repo-config")) {
+    configSecret: ns.Contain(kube.Secret("media-repo-config")) {
         data_: {
             "config.yaml": std.manifestJsonEx(app.config, ""),
         },
     },
 
-    deployment: app.ns.Contain(kube.Deployment("media-repo")) {
+    deployment: ns.Contain(kube.Deployment("media-repo")) {
         spec+: {
             replicas: 1,
             template+: {
@@ -132,7 +133,7 @@
         local prefix = "https://",
         local downstreamHost = std.substr(homeserver.csApi, std.length(prefix), std.length(homeserver.csApi)-std.length(prefix)),
 
-        deployment: app.ns.Contain(kube.Deployment("media-repo-proxy")) {
+        deployment: ns.Contain(kube.Deployment("media-repo-proxy")) {
             spec+: {
                 template+: {
                     spec+: {
@@ -157,11 +158,11 @@
         },
     } else {},
 
-    internalSvc: app.ns.Contain(kube.Service("media-repo-internal")) {
+    internalSvc: ns.Contain(kube.Service("media-repo-internal")) {
         target:: app.deployment,
     },
 
-    svc: if std.length(needProxying) > 0 then app.ns.Contain(kube.Service("media-repo")) {
+    svc: if std.length(needProxying) > 0 then ns.Contain(kube.Service("media-repo")) {
         target:: app.proxies.deployment,
     } else app.internalSvc,
 }