Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / e36beba34c70f263e3726f569e5d8330e7968e72^! / . / cluster / kube / k0.libsonnet
commite36beba34c70f263e3726f569e5d8330e7968e72[log] [tgz]
authorradex <radex@hackerspace.pl>Wed Oct 11 00:41:48 2023 +0200
committerradex <radex@hackerspace.pl>Sat Oct 14 12:21:46 2023 +0000
tree190a6d738993b82efe700cdb1fa120823944ebcc
parentf4313b7b2655822248cf389958052fa80a5d1d4c [diff] [blame]
cluster/admitomatic: Regexp-based admission rules

Change-Id: Ic2b1d6a952dc194c0ee2fa1673ceb91c43799308
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1723
Reviewed-by: q3k <q3k@hackerspace.pl>

diff --git a/cluster/kube/k0.libsonnet b/cluster/kube/k0.libsonnet
index 81627ac..648ed3f 100644
--- a/cluster/kube/k0.libsonnet
+++ b/cluster/kube/k0.libsonnet

@@ -358,15 +358,23 @@
                         { namespace: "mastodon-hackerspace-qa", dns: "social-qa-2.hackerspace.pl" },
                         { namespace: "mastodon-hackerspace-prod", dns: "social.hackerspace.pl" },
 
+                        // auto-namespaced domains, i.e:
+                        // USER.hscloud.ovh is allowed for personal-USER namespace
+                        // *.USER.hscloud.ovh is allowed for personal-USER namespace
+                        { namespace: "personal-$2", dns: "(.*\\.)?([^.]+)\\.hscloud\\.ovh", regexp: true },
+
+                        // cluster infra
                         { namespace: "ceph-waw3", dns: "ceph-waw3.hswaw.net" },
                         { namespace: "ceph-waw3", dns: "object.ceph-waw3.hswaw.net" },
                         { namespace: "ceph-waw3", dns: "object.ceph-eu.hswaw.net" },
                         { namespace: "monitoring-global-k0", dns: "*.hswaw.net" },
                         { namespace: "registry", dns: "*.hswaw.net" },
 
-                        // q3k's legacy namespace (pre-prodvider)
+                        // personal namespaces
                         { namespace: "q3k", dns: "*.q3k.org" },
                         { namespace: "personal-q3k", dns: "*.q3k.org" },
+                        { namespace: "personal-radex", dns: "hs.radex.io" },
+                        { namespace: "personal-radex", dns: "*.hs.radex.io" },
                     ],
 
                     anything_goes_namespace: [