enable creation/modification of mappings through helm configuration m…

…echanism e.g. at install time
cloudtruth · May 3, 2021 · 4e5703b · 4e5703b
1 parent c5ec773
commit 4e5703b
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ your system if you gave `helm install` a different release name.
 ## Uninstall
 
 ```shell
-helm delete my-kubetruth-name
+helm delete kubetruth
 helm repo remove cloudtruth
 ```
 
@@ -41,6 +41,17 @@ Parameterize the helm install with `--set appSettings.**` to control how kubetru
 | appSettings.environment | The cloudtruth environment to lookup parameter values for.  Use a separate helm install for each environment | string | `default` | yes |
 | appSettings.pollingInterval | Interval to poll cloudtruth api for changes | integer | 300 | no |
 | appSettings.debug | Debug logging | flag | n/a | no |
+| projectMappings.root.project_selector | A regexp to limit the projects acted against (client-side).  Supplies any named matches for template evaluation | string | "" | no |
+| projectMappings.root.key_selector | A regexp to limit the keys acted against (client-side).  Supplies any named matches for template evaluation | string | "" | no |
+| projectMappings.root.key_filter | Limits the keys fetched to contain the given substring (server-side, api search param) | string | "" | no |
+| projectMappings.root.configmap_name_template | The template to use in generating ConfigMap names | string | "{{project \| dns_safe}}" | no |
+| projectMappings.root.secret_name_template | The template to use in generating Secret names | string | "{{project \| dns_safe}}" | no |
+| projectMappings.root.namespace_template | The template to use in generating namespace names | string | "" | no |
+| projectMappings.root.key_template | The template to use in generating key names | string | "{{key}}" | no |
+| projectMappings.root.skip | Skips the generation of resources for the selected projects | flag | false | no |
+| projectMappings.root.skip_secrets | Prevent transfer of secrets to kubernetes Secrets | flag | false | no |
+| projectMappings.root.included_projects | Include the parameters from other projects into the selected ones.  This is non-recursive, so if A imports B and B imports C, then A will only get B's parameters.  For key conflicts, if A includes [B, C], then the precendence is A overrides C overrides B. | list | [] | no |
+| projectMappings.<override_name>.* | Define override mappings to override settings from the root selector for specific projects. When doing this on the command-line (e.g. for `helm install`), it may be more convenient to use `--values <file>` instead of `--set` for large data sets | map | {} | no |
 
 By default, Kubetruth maps the parameters from CloudTruth Projects into
 ConfigMaps and Secrets of the same names as the Projects. Kubetruth will not

diff --git a/helm/kubetruth/crds/projectmapping.yaml b/helm/kubetruth/crds/projectmapping.yaml
@@ -43,7 +43,7 @@ spec:
                   description: The template to use in generating key names
                 skip:
                   type: boolean
-                  description: Skips the generation of resources for the selected projects.  Useful for excluding projects that should only be included into others.
+                  description: Skips the generation of resources for the selected projects
                 skip_secrets:
                   type: boolean
                   description: Prevent transfer of secrets to kubernetes Secrets

diff --git a/helm/kubetruth/templates/projectmappings.yaml b/helm/kubetruth/templates/projectmappings.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.projectMappings }}
+{{- range $k, $v := .Values.projectMappings }}
+---
+apiVersion: kubetruth.cloudtruth.com/v1
+kind: ProjectMapping
+metadata:
+  name: {{ include "kubetruth.fullname" $ }}-{{$k}}
+  namespace:  {{ $.Release.Namespace }}
+  labels:
+    {{- include "kubetruth.labels" $ | nindent 4 }}
+spec:
+  {{- toYaml $v | nindent 2 }}
+{{- end }}
+{{- end -}}
diff --git a/helm/kubetruth/templates/rootprojectmapping.yaml b/helm/kubetruth/templates/rootprojectmapping.yaml
diff --git a/helm/kubetruth/values.yaml b/helm/kubetruth/values.yaml
@@ -72,3 +72,26 @@ appSettings:
   pollingInterval:
   debug: false
   config:
+
+# Create instances of the ProjectMapping CRD.  A single mapping with scope=root
+# is required (named root below.  You can also add multiple override mappings
+# (scope=override), any properties not overriden are inherited from the root
+# mapping.  An example override mapping could look like:
+#  my-override-name:
+#    scope: "override"
+#    project_selector: "common"
+#    skip: true
+#
+projectMappings:
+  root:
+    scope: "root"
+    project_selector: ""
+    key_selector: ""
+    key_filter: ""
+    configmap_name_template: "{{project | dns_safe}}"
+    secret_name_template: "{{project | dns_safe}}"
+    namespace_template: ""
+    key_template: "{{key}}"
+    skip: false
+    skip_secrets: false
+    included_projects: []