diff --git a/ci/resfdeploy.jsonnet b/ci/resfdeploy.jsonnet index cb4654f..86f694d 100644 --- a/ci/resfdeploy.jsonnet +++ b/ci/resfdeploy.jsonnet @@ -109,11 +109,12 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu image: image, tag: tag, }; + local istio_mode = if helm_mode then false else if utils.local_image then false else true; { [nssa]: (if helm_mode then '{{ if not .Values.serviceAccountName }}\n' else '') + manifestYamlStream([ // disable namespace creation in helm mode - if !helm_mode then kubernetes.define_namespace(metadata.namespace, infolabels), + if !helm_mode then kubernetes.define_namespace(metadata.namespace, infolabels + { annotations: { 'linkerd.io/inject': 'enabled' } }), kubernetes.define_service_account( metadata { name: fixed.name, @@ -285,22 +286,22 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu selector=metadata.name, env=mappings.get_env_from_svc(srv.name) ) for srv in services] + - if !helm_mode then [] else [if std.objectHas(srv, 'expose') && srv.expose then kubernetes.define_ingress( + if istio_mode then [] else [if std.objectHas(srv, 'expose') && srv.expose then kubernetes.define_ingress( metadata { name: srv.name, annotations: ingress_annotations + { - 'kubernetes.io/ingress.class': '{{ .Values.ingressClass | default !"!" }}', + 'kubernetes.io/ingress.class': if helm_mode then '{{ .Values.ingressClass | default !"!" }}' else 'kong', // Secure only by default // This produces https, grpcs, etc. // todo(mustafa): check if we need to add an exemption to a protocol (TCP comes to mind) - 'konghq.com/protocols': '{{ .Values.kongProtocols | default !"%ss!"' % std.strReplace(std.strReplace(std.strReplace(srv.name, metadata.name, ''), stage, ''), '-', ''), + 'konghq.com/protocols': (if helm_mode then '{{ .Values.kongProtocols | default !"%ss!" }}' else '%ss') % std.strReplace(std.strReplace(std.strReplace(srv.name, metadata.name, ''), stage, ''), '-', ''), } }, host=if helm_mode then '{{ .Values.%s.ingressHost }}' % srv.portName else mappings.get(srv.name, user), port=srv.port, srvName=srv.name + '-service', ) else null for srv in services] + - if helm_mode then [] else [kubernetes.define_virtual_service(metadata { name: srv.name + '-internal' }, { + if !istio_mode then [] else [kubernetes.define_virtual_service(metadata { name: srv.name + '-internal' }, { hosts: [vshost(srv)], gateways: [], http: [ @@ -317,7 +318,7 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu }, ], },) for srv in services] + - if helm_mode then [] else [if std.objectHas(srv, 'expose') && srv.expose then kubernetes.define_virtual_service( + if !istio_mode then [] else [if std.objectHas(srv, 'expose') && srv.expose then kubernetes.define_virtual_service( metadata { name: srv.name, annotations: { @@ -342,7 +343,7 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu ], } ) else null for srv in services] + - if helm_mode then [] else [{ + if !istio_mode then [] else [{ apiVersion: 'security.istio.io/v1beta1', kind: 'RequestAuthentication', metadata: metadata { @@ -363,7 +364,7 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu }] else [], }, } for srv in services] + - if helm_mode then [] else [{ + if !istio_mode then [] else [{ apiVersion: 'security.istio.io/v1beta1', kind: 'AuthorizationPolicy', metadata: metadata { @@ -388,7 +389,7 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu }], }, } for srv in services] + - if helm_mode then [] else [kubernetes.define_destination_rule(metadata { name: srv.name }, { + if !istio_mode then [] else [kubernetes.define_destination_rule(metadata { name: srv.name }, { host: vshost(srv), trafficPolicy: { tls: { diff --git a/ci/service_mappings.jsonnet b/ci/service_mappings.jsonnet index 75429b2..87f1961 100644 --- a/ci/service_mappings.jsonnet +++ b/ci/service_mappings.jsonnet @@ -1,6 +1,7 @@ -# sync-ignore-file: true +local local_domain = std.extVar("local_domain"); + { - local_domain: '.pdev.resf.localhost', + local_domain: local_domain, default_domain: '.build.resf.org', service_mappings: { 'peridotserver-http': { diff --git a/rules_resf/defs.bzl b/rules_resf/defs.bzl index b90c928..a19516c 100644 --- a/rules_resf/defs.bzl +++ b/rules_resf/defs.bzl @@ -53,6 +53,7 @@ def gen_from_jsonnet(name, src, outs, tags, force_normal_tags, helm_mode, **kwar "domain_user": "{STABLE_DOMAIN_USER}", "registry_secret": "{STABLE_REGISTRY_SECRET}", "site": "{STABLE_SITE}", + "local_domain": "{STABLE_LOCAL_DOMAIN}", "helm_mode": "false", } if helm_mode: @@ -84,6 +85,7 @@ def gen_from_jsonnet(name, src, outs, tags, force_normal_tags, helm_mode, **kwar "domain_user", "registry_secret", "site", + "local_domain", ], multiple_outputs = True, extra_args = ["-S"], diff --git a/tools/status.sh b/tools/status.sh index b93452d..0fe7ba4 100755 --- a/tools/status.sh +++ b/tools/status.sh @@ -41,4 +41,5 @@ STABLE_OCI_REGISTRY_DOCKER ${STABLE_OCI_REGISTRY_DOCKER:-docker.io} STABLE_REGISTRY_SECRET ${STABLE_REGISTRY_SECRET:-none} STABLE_OCI_REGISTRY_NO_NESTED_SUPPORT_IN_2022_SHAME_ON_YOU_AWS ${STABLE_OCI_REGISTRY_NO_NESTED_SUPPORT_IN_2022_SHAME_ON_YOU_AWS:-false} STABLE_SITE ${STABLE_SITE:-normal} +STABLE_LOCAL_DOMAIN ${STABLE_LOCAL_DOMAIN:-.pdev.resf.localhost} EOF