Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(kubernetes): --omit-namespaces support #498

Merged
merged 1 commit into from
May 24, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletions docs/commands.md
Original file line number Diff line number Diff line change
Expand Up @@ -2113,6 +2113,8 @@ When no context is configured for an account the 'current-context' in your kubec
* `--namespaces`: (*Default*: `[]`) A list of namespaces this Spinnaker account can deploy to and will cache.
When no namespaces are configured, this defaults to 'all namespaces'.
* `--no-validate`: (*Default*: `false`) Skip validation.
* `--omit-namespaces`: (*Default*: `[]`) A list of namespaces this Spinnaker account cannot deploy to or cache.
This can only be set when no --namespaces are provided.
* `--required-group-membership`: (*Default*: `[]`) A user must be a member of at least one specified group in order to make changes to this account's cloud resources.

---
Expand Down Expand Up @@ -2141,6 +2143,7 @@ hal config provider kubernetes account edit ACCOUNT [parameters]
`ACCOUNT`: The name of the account to operate on.
* `--add-docker-registry`: Add this docker registry to the list of docker registries to use as a source of images.
* `--add-namespace`: Add this namespace to the list of namespaces to manage.
* `--add-omit-namespace`: Add this namespace to the list of namespaces to omit.
* `--add-required-group-membership`: Add this group to the list of required group memberships.
* `--all-namespaces`: (*Default*: `false`) Set the list of namespaces to cache and deploy to every namespace available to your supplied credentials.
* `--clear-context`: (*Default*: `false`) Removes the currently configured context, defaulting to 'current-context' in your kubeconfig.See http://kubernetes.io/docs/user-guide/kubeconfig-file/#context for more information.
Expand All @@ -2151,8 +2154,11 @@ When no context is configured for an account the 'current-context' in your kubec
* `--namespaces`: (*Default*: `[]`) A list of namespaces this Spinnaker account can deploy to and will cache.
When no namespaces are configured, this defaults to 'all namespaces'.
* `--no-validate`: (*Default*: `false`) Skip validation.
* `--omit-namespaces`: (*Default*: `[]`) A list of namespaces this Spinnaker account cannot deploy to or cache.
This can only be set when no --namespaces are provided.
* `--remove-docker-registry`: Remove this docker registry from the list of docker registries to use as a source of images.
* `--remove-namespace`: Remove this namespace to the list of namespaces to manage.
* `--remove-omit-namespace`: Remove this namespace to the list of namespaces to omit.
* `--remove-required-group-membership`: Remove this group from the list of required group memberships.
* `--required-group-membership`: A user must be a member of at least one specified group in order to make changes to this account's cloud resources.

Expand Down Expand Up @@ -3015,7 +3021,7 @@ hal config storage gcs edit [parameters]
* `--json-path`: A path to a JSON service account with permission to read and write to the bucket to be used as a backing store.
* `--no-validate`: (*Default*: `false`) Skip validation.
* `--project`: The Google Cloud Platform project you are using to host the GCS bucket as a backing store.
* `--root-folder`: (*Default*: `spinnaker`) The root folder in the chosen bucket to place all of Spinnaker's persistent data in.
* `--root-folder`: The root folder in the chosen bucket to place all of Spinnaker's persistent data in.

---
## hal config storage oraclebmcs
Expand Down Expand Up @@ -3078,7 +3084,7 @@ hal config storage s3 edit [parameters]
* `--bucket`: The name of a storage bucket that your specified account has access to. If not specified, a random name will be chosen. If you specify a globally unique bucket name that doesn't exist yet, Halyard will create that bucket for you.
* `--no-validate`: (*Default*: `false`) Skip validation.
* `--region`: This is only required if the bucket you specify doesn't exist yet. In that case, the bucket will be created in that region. See http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region.
* `--root-folder`: (*Default*: `spinnaker`) The root folder in the chosen bucket to place all of Spinnaker's persistent data in.
* `--root-folder`: The root folder in the chosen bucket to place all of Spinnaker's persistent data in.

---
## hal config version
Expand All @@ -3105,7 +3111,7 @@ hal config version edit [parameters]
```
#### Parameters
* `--no-validate`: (*Default*: `false`) Skip validation.
* `--version`: (*Required*) Must be either a version number "X.Y.Z" for a specific release of Spinnaker, "latest" for the most recently validated Spinnaker, or "nightly" for the most recently built (unvalidated) Spinnaker.
* `--version`: (*Required*) Must be either a version number "X.Y.Z" for a specific release of Spinnaker, or "$BRANCH-latest-unvalidated" for the most recently built (unvalidated) Spinnaker on $BRANCH.

---
## hal deploy
Expand Down Expand Up @@ -3297,8 +3303,10 @@ All Spinnaker releases that have been fully validated are listed here. You can p

#### Usage
```
hal version list
hal version list [parameters]
```
#### Parameters
* `--no-validate`: (*Default*: `false`) Skip validation.

---

Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,13 @@ protected String getProviderName() {
)
public List<String> namespaces = new ArrayList<>();

@Parameter(
names = "--omit-namespaces",
variableArity = true,
description = KubernetesCommandProperties.OMIT_NAMESPACES_DESCRIPTION
)
public List<String> omitNamespaces = new ArrayList<>();

@Parameter(
names = "--docker-registries",
required = true,
Expand All @@ -66,6 +73,7 @@ protected Account buildAccount(String accountName) {
account.setContext(context);
account.setKubeconfigFile(kubeconfigFile);
account.setNamespaces(namespaces);
account.setOmitNamespaces(omitNamespaces);
dockerRegistries.forEach(registryName -> account.getDockerRegistries().add(new DockerRegistryReference().setAccountName(registryName)));
return account;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ public class KubernetesCommandProperties {
static final String NAMESPACES_DESCRIPTION = "A list of namespaces this Spinnaker account can deploy to and will cache.\n"
+ "When no namespaces are configured, this defaults to 'all namespaces'.";

static final String OMIT_NAMESPACES_DESCRIPTION = "A list of namespaces this Spinnaker account cannot deploy to or cache.\n"
+ "This can only be set when no --namespaces are provided.";

static final String DOCKER_REGISTRIES_DESCRIPTION = "A list of the Spinnaker docker registry account names this Spinnaker account can use as image sources. "
+ "These docker registry accounts must be registered in your halconfig before you can add them here.";

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import com.netflix.spinnaker.halyard.config.model.v1.node.Account;
import com.netflix.spinnaker.halyard.config.model.v1.providers.kubernetes.DockerRegistryReference;
import com.netflix.spinnaker.halyard.config.model.v1.providers.kubernetes.KubernetesAccount;

import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
Expand Down Expand Up @@ -78,6 +79,25 @@ protected String getProviderName() {
)
private String removeNamespace;

@Parameter(
names = "--omit-namespaces",
variableArity = true,
description = KubernetesCommandProperties.OMIT_NAMESPACES_DESCRIPTION
)
private List<String> omitNamespaces = new ArrayList<>();

@Parameter(
names = "--add-omit-namespace",
description = "Add this namespace to the list of namespaces to omit."
)
private String addOmitNamespace;

@Parameter(
names = "--remove-omit-namespace",
description = "Remove this namespace to the list of namespaces to omit."
)
private String removeOmitNamespace;

@Parameter(
names = "--docker-registries",
variableArity = true,
Expand Down Expand Up @@ -117,6 +137,13 @@ protected Account editAccount(KubernetesAccount account) {
throw new IllegalArgumentException("Set either --namespace or --[add/remove]-namespace");
}

try {
account.setOmitNamespaces(
updateStringList(account.getOmitNamespaces(), omitNamespaces, addOmitNamespace, removeOmitNamespace));
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException("Set either --omit-namespace or --[add/remove]-omit-namespace");
}

try {
List<String> oldRegistries = account.getDockerRegistries()
.stream()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ public class KubernetesAccount extends Account implements Cloneable {
String cluster;
String user;
List<String> namespaces = new ArrayList<>();
List<String> omitNamespaces = new ArrayList<>();
List<DockerRegistryReference> dockerRegistries = new ArrayList<>();
@LocalFile String kubeconfigFile;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,14 @@
package com.netflix.spinnaker.halyard.config.validate.v1.providers.kubernetes;

import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesConfigParser;
import com.netflix.spinnaker.halyard.config.model.v1.node.Account;
import com.netflix.spinnaker.halyard.config.model.v1.node.DeploymentConfiguration;
import com.netflix.spinnaker.halyard.config.model.v1.node.Node;
import com.netflix.spinnaker.halyard.config.model.v1.node.Provider;
import com.netflix.spinnaker.halyard.config.model.v1.node.Validator;
import com.netflix.spinnaker.halyard.config.model.v1.providers.dockerRegistry.DockerRegistryProvider;
import com.netflix.spinnaker.halyard.config.model.v1.providers.kubernetes.DockerRegistryReference;
import com.netflix.spinnaker.halyard.config.model.v1.providers.kubernetes.KubernetesAccount;
import com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemBuilder;
import com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder;
import com.netflix.spinnaker.halyard.config.validate.v1.providers.dockerRegistry.DockerRegistryReferenceValidation;
import com.netflix.spinnaker.halyard.config.validate.v1.util.ValidatingFileReader;
import com.netflix.spinnaker.halyard.core.job.v1.JobExecutor;
import com.netflix.spinnaker.halyard.core.job.v1.JobRequest;
Expand All @@ -43,7 +40,9 @@

import java.io.File;
import java.io.IOException;
import java.util.*;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;

Expand Down Expand Up @@ -78,11 +77,20 @@ private void validateKubeconfig(ConfigProblemSetBuilder psBuilder, KubernetesAcc
String cluster = account.getCluster();
String user = account.getUser() ;
List<String> namespaces = account.getNamespaces();
List<String> omitNamespaces = account.getOmitNamespaces();

// This indicates if a first pass at the config looks OK. If we don't see any serious problems, we'll do one last check
// against the requested kubernetes cluster to ensure that we can run spinnaker.
boolean smoketest = true;

boolean namespacesProvided = namespaces != null && !namespaces.isEmpty();
boolean omitNamespacesProvided = omitNamespaces != null && !omitNamespaces.isEmpty();

if (namespacesProvided && omitNamespacesProvided) {
psBuilder.addProblem(ERROR, "At most one of \"namespaces\" and \"omitNamespaces\" can be supplied.");
smoketest = false;
}

// TODO(lwander) find a good resource / list of resources for generating kubeconfig files to link to here.
try {
if (ValidatingFileReader.contents(psBuilder, kubeconfigFile) == null) {
Expand Down