Skip to content

Commit 91e7ec2

Browse files
lion7lion7
committed
Allow defining inline patches
1 parent 09daa76 commit 91e7ec2

File tree

7 files changed

+82
-38
lines changed

7 files changed

+82
-38
lines changed

Makefile

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
SHELL := bash
55
.SHELLFLAGS += -eo pipefail
66

7+
USER := stefanprodan
78
VERSION?=$(shell grep 'version:' modules/flux-aio/values.cue | awk '{ print $$2 }' | tr -d '"')
89

910
.PHONY: tools
@@ -48,41 +49,41 @@ gen-deploy: ## Print the Flux deployment
4849

4950
.PHONY: push-mod
5051
push-mod: ## Push the Timoni modules to GHCR
51-
@timoni mod push ./modules/flux-aio oci://ghcr.io/stefanprodan/modules/flux-aio -v=$(VERSION:v%=%) --latest \
52+
@timoni mod push ./modules/flux-aio oci://ghcr.io/$(USER)/modules/flux-aio -v=$(VERSION:v%=%) --latest \
5253
--sign cosign \
5354
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/flux-aio' \
5455
-a 'org.opencontainers.image.licenses=Apache-2.0' \
5556
-a 'org.opencontainers.image.description=A timoni.sh module for deploying Flux AIO.' \
5657
-a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/flux-aio/blob/main/README.md'
57-
@timoni mod push ./modules/flux-git-sync oci://ghcr.io/stefanprodan/modules/flux-git-sync -v=$(VERSION:v%=%) --latest \
58+
@timoni mod push ./modules/flux-git-sync oci://ghcr.io/$(USER)/modules/flux-git-sync -v=$(VERSION:v%=%) --latest \
5859
--sign cosign \
59-
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/flux-aio' \
60+
-a 'org.opencontainers.image.source=https://github.com/$(USER)/flux-aio' \
6061
-a 'org.opencontainers.image.licenses=Apache-2.0' \
6162
-a 'org.opencontainers.image.description=A timoni.sh module for configuring Flux Git reconciliation.' \
62-
-a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/flux-aio/blob/main/README.md'
63-
@timoni mod push ./modules/flux-oci-sync oci://ghcr.io/stefanprodan/modules/flux-oci-sync -v=$(VERSION:v%=%) --latest \
63+
-a 'org.opencontainers.image.documentation=https://github.com/$(USER)/flux-aio/blob/main/README.md'
64+
@timoni mod push ./modules/flux-oci-sync oci://ghcr.io/$(USER)/modules/flux-oci-sync -v=$(VERSION:v%=%) --latest \
6465
--sign cosign \
65-
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/flux-aio' \
66+
-a 'org.opencontainers.image.source=https://github.com/$(USER)/flux-aio' \
6667
-a 'org.opencontainers.image.licenses=Apache-2.0' \
6768
-a 'org.opencontainers.image.description=A timoni.sh module for configuring Flux OCI artifacts reconciliation.' \
68-
-a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/flux-aio/blob/main/README.md'
69-
@timoni mod push ./modules/flux-tenant oci://ghcr.io/stefanprodan/modules/flux-tenant -v=$(VERSION:v%=%) --latest \
69+
-a 'org.opencontainers.image.documentation=https://github.com/$(USER)/flux-aio/blob/main/README.md'
70+
@timoni mod push ./modules/flux-tenant oci://ghcr.io/$(USER)/modules/flux-tenant -v=$(VERSION:v%=%) --latest \
7071
--sign cosign \
71-
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/flux-aio' \
72+
-a 'org.opencontainers.image.source=https://github.com/$(USER)/flux-aio' \
7273
-a 'org.opencontainers.image.licenses=Apache-2.0' \
7374
-a 'org.opencontainers.image.description=A timoni.sh module for managing Flux tenants.' \
74-
-a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/flux-aio/blob/main/README.md'
75-
@timoni mod push ./modules/flux-helm-release oci://ghcr.io/stefanprodan/modules/flux-helm-release -v=$(VERSION:v%=%) --latest \
75+
-a 'org.opencontainers.image.documentation=https://github.com/$(USER)/flux-aio/blob/main/README.md'
76+
@timoni mod push ./modules/flux-helm-release oci://ghcr.io/$(USER)/modules/flux-helm-release -v=$(VERSION:v%=%) --latest \
7677
--sign cosign \
77-
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/flux-aio' \
78+
-a 'org.opencontainers.image.source=https://github.com/$(USER)/flux-aio' \
7879
-a 'org.opencontainers.image.licenses=Apache-2.0' \
7980
-a 'org.opencontainers.image.description=A timoni.sh module for deploying Flux Helm Releases.' \
80-
-a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/flux-aio/blob/main/README.md'
81+
-a 'org.opencontainers.image.documentation=https://github.com/$(USER)/flux-aio/blob/main/README.md'
8182

8283
.PHONY: push-manifests
8384
push-manifests: ## Build and push the Flux manifests to GHCR
8485
@timoni -n flux-system build flux ./modules/flux-aio | flux push artifact \
85-
oci://ghcr.io/stefanprodan/manifests/flux-aio:$(VERSION) \
86+
oci://ghcr.io/$(USER)/manifests/flux-aio:$(VERSION) \
8687
--source=https://github.com/fluxcd/flux2 \
8788
--revision=$(VERSION) \
8889
-f-

modules/flux-git-sync/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,5 +43,6 @@ timoni -n flux-system delete my-repo-sync
4343
| `substitute:` | `{[ string]: string}` | `{}` | Configure [post build variable substitution](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) |
4444
| `substituteFrom:` | `[...{kind: string, name: string, optional: bool}]` | `[]` | List of ConfigMaps and Secrets to use for variable substitution |
4545
| `dependsOn:` | `[...{name: string}]` | `{}` | List of dependencies |
46+
| `patches:` | `[...{patch: {...}}]` | `{}` | Strategic merge and JSON patches, defined as inline YAML objects |
4647
| `metadata: labels:` | `{[ string]: string}` | `{}` | Custom labels |
4748
| `metadata: annotations:` | `{[ string]: string}` | `{}` | Custom annotations |

modules/flux-git-sync/templates/config.cue

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,21 @@ import (
5353
name: string
5454
namespace?: string
5555
}]
56+
57+
// Strategic merge and JSON patches, defined as inline YAML objects,
58+
// capable of targeting objects based on kind, label and annotation selectors.
59+
patches?: [...{
60+
patch!: {...} | [...]
61+
target: {
62+
annotationSelector?: string
63+
group?: string
64+
kind?: string
65+
labelSelector?: string
66+
name?: string
67+
namespace?: string
68+
version?: string
69+
}
70+
}]
5671
}
5772

5873
// Instance takes the config values and outputs the Kubernetes objects.

modules/flux-git-sync/templates/kustomization.cue

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
package templates
22

33
import (
4+
"encoding/json"
5+
46
ksv1 "kustomize.toolkit.fluxcd.io/kustomization/v1"
57
sourcev1 "source.toolkit.fluxcd.io/gitrepository/v1"
68
)
@@ -37,5 +39,9 @@ import (
3739
if #config.dependsOn != _|_ {
3840
dependsOn: #config.dependsOn
3941
}
42+
43+
if #config.patches != _|_ {
44+
patches: [for p in #config.patches {patch: json.Marshal(p.patch), target: p.target}]
45+
}
4046
}
4147
}

modules/flux-oci-sync/README.md

Lines changed: 25 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -22,27 +22,28 @@ timoni -n flux-system delete my-repo-sync
2222

2323
## Configuration
2424

25-
| Key | Type | Default | Description |
26-
|--------------------------------|-----------------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------|
27-
| `artifact: url:` | `string` | `""` | URL in the format `oci://<registry host>/<repository name>` |
28-
| `artifact: tag:` | `string` | `latest` | OCI artifact tag |
29-
| `artifact: semver:` | `string` | `""` | OCI artifact tag semver range, when specified takes precedence over tag |
30-
| `artifact: interval:` | `int` | `"1"` | Interval in minutes to check for changes upstream |
31-
| `artifact: ignore:` | `string` | `""` | Multi-line string in the .gitignore format |
32-
| `auth: provider:` | `string` | `"generic"` | Kubernetes workload identity provider, can be `aws`, `azure` or `gcp` |
33-
| `auth: credentials: username:` | `string` | `""` | Username when using `dockerconfigjson` credentials |
34-
| `auth: credentials: password:` | `string` | `""` | Password when using `dockerconfigjson` credentials, can be a personal access token (PAT) when using GitHub, GitLab, DockerHub, etc |
35-
| `tls: insecure:` | `bool` | `false` | Allow connecting to an insecure non-TLS OCI registry server |
36-
| `tls: ca:` | `string` | `""` | Certificate Authority (`ca.crt` file content) for when using a OCI registry server with self-signed TLS certs |
37-
| `sync: path:` | `string` | `"./"` | Path to the directory containing Kubernetes YAMLs |
38-
| `sync: prune:` | `bool` | `true` | Prune stale resources |
39-
| `sync: wait:` | `bool` | `false` | Wait for resources to become ready |
40-
| `sync: timeout:` | `int` | `3` | Wait timeout in minutes |
41-
| `sync: retryInterval:` | `int` | `5` | Retry failed reconciliation interval in minutes |
42-
| `sync: serviceAccountName:` | `string` | `""` | Service account to impersonate |
43-
| `sync: targetNamespace:` | `string` | `""` | Target namespace |
44-
| `substitute:` | `{[ string]: string}` | `{}` | Configure [post build variable substitution](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) |
45-
| `substituteFrom:` | `[...{kind: string, name: string, optional: bool}]` | `[]` | List of ConfigMaps and Secrets to use for variable substitution |
46-
| `dependsOn:` | `[...{name: string}]` | `{}` | List of dependencies |
47-
| `metadata: labels:` | `{[ string]: string}` | `{}` | Custom labels |
48-
| `metadata: annotations:` | `{[ string]: string}` | `{}` | Custom annotations |
25+
| Key | Type | Default | Description |
26+
|--------------------------------|-----------------------------------------------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------|
27+
| `artifact: url:` | `string` | `""` | URL in the format `oci://<registry host>/<repository name>` |
28+
| `artifact: tag:` | `string` | `latest` | OCI artifact tag |
29+
| `artifact: semver:` | `string` | `""` | OCI artifact tag semver range, when specified takes precedence over tag |
30+
| `artifact: interval:` | `int` | `"1"` | Interval in minutes to check for changes upstream |
31+
| `artifact: ignore:` | `string` | `""` | Multi-line string in the .gitignore format |
32+
| `auth: provider:` | `string` | `"generic"` | Kubernetes workload identity provider, can be `aws`, `azure` or `gcp` |
33+
| `auth: credentials: username:` | `string` | `""` | Username when using `dockerconfigjson` credentials |
34+
| `auth: credentials: password:` | `string` | `""` | Password when using `dockerconfigjson` credentials, can be a personal access token (PAT) when using GitHub, GitLab, DockerHub, etc |
35+
| `tls: insecure:` | `bool` | `false` | Allow connecting to an insecure non-TLS OCI registry server |
36+
| `tls: ca:` | `string` | `""` | Certificate Authority (`ca.crt` file content) for when using a OCI registry server with self-signed TLS certs |
37+
| `sync: path:` | `string` | `"./"` | Path to the directory containing Kubernetes YAMLs |
38+
| `sync: prune:` | `bool` | `true` | Prune stale resources |
39+
| `sync: wait:` | `bool` | `false` | Wait for resources to become ready |
40+
| `sync: timeout:` | `int` | `3` | Wait timeout in minutes |
41+
| `sync: retryInterval:` | `int` | `5` | Retry failed reconciliation interval in minutes |
42+
| `sync: serviceAccountName:` | `string` | `""` | Service account to impersonate |
43+
| `sync: targetNamespace:` | `string` | `""` | Target namespace |
44+
| `substitute:` | `{[ string]: string}` | `{}` | Configure [post build variable substitution](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) |
45+
| `substituteFrom:` | `[...{kind: string, name: string, optional: bool}]` | `[]` | List of ConfigMaps and Secrets to use for variable substitution |
46+
| `dependsOn:` | `[...{name: string}]` | `{}` | List of dependencies |
47+
| `patches:` | `[...{patch: {...}}]` | `{}` | Strategic merge and JSON patches, defined as inline YAML objects |
48+
| `metadata: labels:` | `{[ string]: string}` | `{}` | Custom labels |
49+
| `metadata: annotations:` | `{[ string]: string}` | `{}` | Custom annotations |

modules/flux-oci-sync/templates/config.cue

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,21 @@ import (
6464
name: string
6565
namespace?: string
6666
}]
67+
68+
// Strategic merge and JSON patches, defined as inline YAML objects,
69+
// capable of targeting objects based on kind, label and annotation selectors.
70+
patches?: [...{
71+
patch!: {...} | [...]
72+
target: {
73+
annotationSelector?: string
74+
group?: string
75+
kind?: string
76+
labelSelector?: string
77+
name?: string
78+
namespace?: string
79+
version?: string
80+
}
81+
}]
6782
}
6883

6984
// Instance takes the config values and outputs the Kubernetes objects.

modules/flux-oci-sync/templates/kustomization.cue

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
package templates
22

33
import (
4+
"encoding/json"
5+
46
ksv1 "kustomize.toolkit.fluxcd.io/kustomization/v1"
57
sourcev1 "source.toolkit.fluxcd.io/ocirepository/v1beta2"
68
)
@@ -34,5 +36,8 @@ import (
3436
if #config.dependsOn != _|_ {
3537
dependsOn: #config.dependsOn
3638
}
39+
if #config.patches != _|_ {
40+
patches: [for p in #config.patches {patch: json.Marshal(p.patch), target: p.target}]
41+
}
3742
}
3843
}

0 commit comments

Comments
 (0)