multiple config files to allow spreading of configuration
This commit is contained in:
parent
5659d7c18c
commit
c522f16d64
@ -79,6 +79,12 @@ type Config struct {
|
|||||||
Communications []*Communication `yaml:"communications,omitempty"`
|
Communications []*Communication `yaml:"communications,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Config) Update(config *Config) {
|
||||||
|
c.Namespaces = append(c.Namespaces, config.Namespaces...)
|
||||||
|
c.Networks = append(c.Networks, config.Networks...)
|
||||||
|
c.Communications = append(c.Communications, config.Communications...)
|
||||||
|
}
|
||||||
|
|
||||||
func (c Config) Validate() error {
|
func (c Config) Validate() error {
|
||||||
|
|
||||||
errs := make([]error, 0)
|
errs := make([]error, 0)
|
||||||
@ -173,10 +179,6 @@ func LoadConfig(file string) (*Config, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Error parsing YAML: %v", err)
|
return nil, fmt.Errorf("Error parsing YAML: %v", err)
|
||||||
}
|
}
|
||||||
err = config.Validate()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// every application must have its namespace field set
|
// every application must have its namespace field set
|
||||||
for _, ns := range config.Namespaces {
|
for _, ns := range config.Namespaces {
|
||||||
|
|||||||
@ -1,9 +1,7 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"io"
|
"io"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -56,8 +54,6 @@ type Egress struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func Generate(writer io.Writer, generator Generator, config *Config) error {
|
func Generate(writer io.Writer, generator Generator, config *Config) error {
|
||||||
|
|
||||||
log.Printf("CONFIG %+v", config)
|
|
||||||
for _, ns := range config.Namespaces {
|
for _, ns := range config.Namespaces {
|
||||||
err := generator.GenerateNamespace(os.Stdout, ns)
|
err := generator.GenerateNamespace(os.Stdout, ns)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -104,9 +100,6 @@ func Generate(writer io.Writer, generator Generator, config *Config) error {
|
|||||||
for app, ingress := range ingresses {
|
for app, ingress := range ingresses {
|
||||||
egress := egresses[app]
|
egress := egresses[app]
|
||||||
if !ingress.Empty() || !egress.Empty() {
|
if !ingress.Empty() || !egress.Empty() {
|
||||||
fmt.Fprintf(os.Stderr, "RULE %s\n", app)
|
|
||||||
fmt.Fprintf(os.Stderr, " IN %s\n", ingress)
|
|
||||||
fmt.Fprintf(os.Stderr, " OUT %s\n", egress)
|
|
||||||
err := generator.GenerateCommunicationRule(writer, applications[app], ingress, egress)
|
err := generator.GenerateCommunicationRule(writer, applications[app], ingress, egress)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
@ -17,27 +17,35 @@ func execute(files []string, options *Options) error {
|
|||||||
if len(files) == 0 {
|
if len(files) == 0 {
|
||||||
return fmt.Errorf("File expected")
|
return fmt.Errorf("File expected")
|
||||||
}
|
}
|
||||||
|
config := &Config{}
|
||||||
for _, file := range files {
|
for _, file := range files {
|
||||||
config, err := LoadConfig(file)
|
log.Printf("LOADING %s\n", file)
|
||||||
|
configNew, err := LoadConfig(file)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
config.Update(configNew)
|
||||||
policyTemplates, err := NewPolicyTemplates()
|
err = config.Validate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("Error loading config %s: %w", file, err)
|
||||||
}
|
}
|
||||||
var generator Generator
|
log.Printf("Namespaces %v", config.Namespaces)
|
||||||
generator = NetworkPolicyGenerrator{
|
|
||||||
config: config,
|
|
||||||
policyTemplates: policyTemplates,
|
|
||||||
}
|
|
||||||
err = Generate(os.Stdout, generator, config)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
policyTemplates, err := NewPolicyTemplates()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
var generator Generator
|
||||||
|
generator = NetworkPolicyGenerrator{
|
||||||
|
config: config,
|
||||||
|
policyTemplates: policyTemplates,
|
||||||
|
}
|
||||||
|
err = Generate(os.Stdout, generator, config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -3,7 +3,6 @@ package main
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"slices"
|
"slices"
|
||||||
)
|
)
|
||||||
@ -17,7 +16,6 @@ func (g NetworkPolicyGenerrator) GenerateNamespace(writer io.Writer, namespace *
|
|||||||
fmt.Fprintf(os.Stderr, "Namespace %s\n", namespace.Name)
|
fmt.Fprintf(os.Stderr, "Namespace %s\n", namespace.Name)
|
||||||
|
|
||||||
templates := g.policyTemplates.NamespaceTemplates("netpol", namespace.Capabilities)
|
templates := g.policyTemplates.NamespaceTemplates("netpol", namespace.Capabilities)
|
||||||
log.Printf("Got %d templates", len(templates))
|
|
||||||
|
|
||||||
for _, template := range templates {
|
for _, template := range templates {
|
||||||
err := template.Execute(writer, &namespace)
|
err := template.Execute(writer, &namespace)
|
||||||
@ -64,14 +62,12 @@ func (g NetworkPolicyGenerrator) GenerateCommunicationRule(
|
|||||||
for _, pre := range egress.Predefined {
|
for _, pre := range egress.Predefined {
|
||||||
allPredefined[pre] = true
|
allPredefined[pre] = true
|
||||||
}
|
}
|
||||||
log.Printf("ALl PREDEFINED %v", allPredefined)
|
|
||||||
|
|
||||||
for predefined, _ := range allPredefined {
|
for predefined, _ := range allPredefined {
|
||||||
tmpl := g.policyTemplates.PredefineApplicationPolicyTemplate("netpol", predefined)
|
tmpl := g.policyTemplates.PredefineApplicationPolicyTemplate("netpol", predefined)
|
||||||
if tmpl == nil {
|
if tmpl == nil {
|
||||||
return fmt.Errorf("Could not find predefined template for netpol/%s", predefined)
|
return fmt.Errorf("Could not find predefined template for netpol/%s", predefined)
|
||||||
}
|
}
|
||||||
log.Printf("PREDEFINED FOR %s", app.Name)
|
|
||||||
err := tmpl.Execute(writer, map[string]any{
|
err := tmpl.Execute(writer, map[string]any{
|
||||||
"app": app,
|
"app": app,
|
||||||
"ingress": slices.Contains(ingress.Predefined, predefined),
|
"ingress": slices.Contains(ingress.Predefined, predefined),
|
||||||
|
|||||||
@ -55,7 +55,6 @@ func showContents(files fs.FS) {
|
|||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
for _, entry := range entries {
|
for _, entry := range entries {
|
||||||
fmt.Fprintf(os.Stderr, "entry %s %s\n", entry.Name(), entry.Type())
|
|
||||||
if entry.Type().IsDir() {
|
if entry.Type().IsDir() {
|
||||||
subdir, err := fs.Sub(files, entry.Name())
|
subdir, err := fs.Sub(files, entry.Name())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
kind: CiliumNetworkPolicy
|
kind: CiliumNetworkPolicy
|
||||||
apiVersion: cilium.io/v2
|
apiVersion: cilium.io/v2
|
||||||
metadata:
|
metadata:
|
||||||
name: {{.app.Name}}
|
name: {{.app.Name}}-apiserver
|
||||||
namespace: {{.app.Namespace.Name}}
|
namespace: {{.app.Namespace.Name}}
|
||||||
labels: {{ .labels | toYaml | nindent 4 }}
|
labels: {{ .labels | toYaml | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
|
|||||||
@ -61,7 +61,7 @@ spec:
|
|||||||
|
|
||||||
{{- if or .egress.Applications .egress.Networks }}
|
{{- if or .egress.Applications .egress.Networks }}
|
||||||
egress:
|
egress:
|
||||||
tp:
|
to:
|
||||||
{{- template "peers" .egress }}
|
{{- template "peers" .egress }}
|
||||||
{{- template "networks" .egress }}
|
{{- template "networks" .egress }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user