This repository has been archived by the owner on Dec 15, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 752
/
kubeless-non-rbac.jsonnet
101 lines (88 loc) · 3.9 KB
/
kubeless-non-rbac.jsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
local k = import "ksonnet.beta.1/k.libsonnet";
local runtimesSrc = import "runtimes.jsonnet";
local objectMeta = k.core.v1.objectMeta;
local deployment = k.apps.v1beta1.deployment;
local container = k.core.v1.container;
local service = k.core.v1.service;
local serviceAccount = k.core.v1.serviceAccount;
local configMap = k.core.v1.configMap;
local namespace = "kubeless";
local controller_account_name = "controller-acct";
local controllerEnv = [
{
name: "KUBELESS_INGRESS_ENABLED",
valueFrom: {configMapKeyRef: {"name": "kubeless-config", key: "ingress-enabled"}}
},
{
name: "KUBELESS_SERVICE_TYPE",
valueFrom: {configMapKeyRef: {"name": "kubeless-config", key: "service-type"}}
},
{
name: "KUBELESS_NAMESPACE",
valueFrom: {fieldRef: {fieldPath: "metadata.namespace"}}
},
{
name: "KUBELESS_CONFIG",
value: "kubeless-config"
},
];
local functionControllerContainer =
container.default("kubeless-function-controller", "kubeless/function-controller:latest") +
container.imagePullPolicy("IfNotPresent") +
container.env(controllerEnv);
local httpTriggerControllerContainer =
container.default("http-trigger-controller", "kubeless/http-trigger-controller:v1.0.3") +
container.imagePullPolicy("IfNotPresent") +
container.env(controllerEnv);
local cronjobTriggerContainer =
container.default("cronjob-trigger-controller", "kubeless/cronjob-trigger-controller:v1.0.3") +
container.imagePullPolicy("IfNotPresent") +
container.env(controllerEnv);
local kubelessLabel = {kubeless: "controller"};
local controllerAccount =
serviceAccount.default(controller_account_name, namespace);
local controllerDeployment =
deployment.default("kubeless-controller-manager", [functionControllerContainer, httpTriggerControllerContainer, cronjobTriggerContainer], namespace) +
{apiVersion: "apps/v1"} +
{metadata+:{labels: kubelessLabel}} +
{spec+: {selector: {matchLabels: kubelessLabel}}} +
{spec+: {template+: {spec+: {serviceAccountName: controllerAccount.metadata.name}}}} +
{spec+: {template+: {metadata: {labels: kubelessLabel}}}};
local crd = [
{
apiVersion: "apiextensions.k8s.io/v1beta1",
kind: "CustomResourceDefinition",
metadata: objectMeta.name("functions.kubeless.io"),
spec: {group: "kubeless.io", version: "v1beta1", scope: "Namespaced", names: {plural: "functions", singular: "function", kind: "Function"}},
},
{
apiVersion: "apiextensions.k8s.io/v1beta1",
kind: "CustomResourceDefinition",
metadata: objectMeta.name("httptriggers.kubeless.io"),
spec: {group: "kubeless.io", version: "v1beta1", scope: "Namespaced", names: {plural: "httptriggers", singular: "httptrigger", kind: "HTTPTrigger"}},
},
{
apiVersion: "apiextensions.k8s.io/v1beta1",
kind: "CustomResourceDefinition",
metadata: objectMeta.name("cronjobtriggers.kubeless.io"),
spec: {group: "kubeless.io", version: "v1beta1", scope: "Namespaced", names: {plural: "cronjobtriggers", singular: "cronjobtrigger", kind: "CronJobTrigger"}},
}
];
local deploymentConfig = '{}';
local kubelessConfig = configMap.default("kubeless-config", namespace) +
configMap.data({"ingress-enabled": "false"}) +
configMap.data({"service-type": "ClusterIP"})+
configMap.data({"deployment": std.toString(deploymentConfig)})+
configMap.data({"runtime-images": std.toString(runtimesSrc)})+
configMap.data({"enable-build-step": "false"})+
configMap.data({"function-registry-tls-verify": "true"})+
configMap.data({"provision-image": "kubeless/unzip@sha256:e867f9b366ffb1a25f14baf83438db426ced4f7add56137b7300d32507229b5a"})+
configMap.data({"provision-image-secret": ""})+
configMap.data({"builder-image": "kubeless/function-image-builder:latest"})+
configMap.data({"builder-image-secret": ""});
{
controllerAccount: k.util.prune(controllerAccount),
controller: k.util.prune(controllerDeployment),
crd: k.util.prune(crd),
cfg: k.util.prune(kubelessConfig),
}