mirror of
https://github.com/dhall-lang/dhall-kubernetes.git
synced 2024-09-17 10:27:08 +03:00
Update the Nix build for dhall
... and generate the files based on that
This commit is contained in:
parent
044d6715d7
commit
2db84bb673
@ -25,5 +25,5 @@
|
|||||||
-}
|
-}
|
||||||
|
|
||||||
env:DHALL_PRELUDE
|
env:DHALL_PRELUDE
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall
|
||||||
|
@ -71,7 +71,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -143,7 +143,7 @@ Things to note in the following example:
|
|||||||
-- examples/ingress.dhall
|
-- examples/ingress.dhall
|
||||||
|
|
||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -156,31 +156,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
@ -238,7 +238,7 @@ apiVersion: extensions/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -16,18 +16,11 @@ let heritage = "dhall"
|
|||||||
in kubernetes.DaemonSet::{
|
in kubernetes.DaemonSet::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
, labels = Some
|
, labels = Some (toMap { app = name, chart, release, heritage })
|
||||||
( toMap
|
|
||||||
{ app = name
|
|
||||||
, chart = chart
|
|
||||||
, release = release
|
|
||||||
, heritage = heritage
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.DaemonSetSpec::{
|
, spec = Some kubernetes.DaemonSetSpec::{
|
||||||
, selector = kubernetes.LabelSelector::{
|
, selector = kubernetes.LabelSelector::{
|
||||||
, matchLabels = Some (toMap { app = name, release = release })
|
, matchLabels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
@ -37,68 +30,68 @@ in kubernetes.DaemonSet::{
|
|||||||
, name = Some name
|
, name = Some name
|
||||||
, annotations = Some
|
, annotations = Some
|
||||||
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
||||||
, labels = Some (toMap { app = name, release = release })
|
, labels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.PodSpec::{
|
, spec = Some kubernetes.PodSpec::{
|
||||||
, hostNetwork = Some True
|
, hostNetwork = Some True
|
||||||
, nodeSelector = Some
|
, nodeSelector = Some
|
||||||
(toMap { `node-role.kubernetes.io/master` = "" })
|
(toMap { `node-role.kubernetes.io/master` = "" })
|
||||||
, tolerations = Some
|
, tolerations = Some
|
||||||
[ kubernetes.Toleration::{
|
[ kubernetes.Toleration::{
|
||||||
, effect = Some "NoSchedule"
|
, effect = Some "NoSchedule"
|
||||||
, key = Some "node-role.kubernetes.io/master"
|
, key = Some "node-role.kubernetes.io/master"
|
||||||
}
|
}
|
||||||
, kubernetes.Toleration::{
|
, kubernetes.Toleration::{
|
||||||
, effect = Some "CriticalAddonsOnly"
|
, effect = Some "CriticalAddonsOnly"
|
||||||
, key = Some "Exists"
|
, key = Some "Exists"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, containers =
|
, containers =
|
||||||
[ kubernetes.Container::{
|
[ kubernetes.Container::{
|
||||||
, name = fullName
|
, name = fullName
|
||||||
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
||||||
, args = Some
|
, args = Some
|
||||||
[ "server"
|
[ "server"
|
||||||
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
||||||
, "--state-dir=/var/aws-iam-authenticator"
|
, "--state-dir=/var/aws-iam-authenticator"
|
||||||
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
||||||
]
|
]
|
||||||
, volumeMounts = Some
|
, volumeMounts = Some
|
||||||
[ kubernetes.VolumeMount::{
|
[ kubernetes.VolumeMount::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, mountPath = "/etc/aws-iam-authenticator/"
|
, mountPath = "/etc/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "state"
|
, name = "state"
|
||||||
, mountPath = "/var/aws-iam-authenticator/"
|
, mountPath = "/var/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "output"
|
, name = "output"
|
||||||
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, volumes = Some
|
, volumes = Some
|
||||||
[ kubernetes.Volume::{
|
[ kubernetes.Volume::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
}
|
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "output"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "output"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "state"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "state"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:f94bc36de9bc672f01cba5ef8fc2e12a2ad33a3a70e1d74abc88b15e14bc20d2
|
../package.dhall sha256:f94bc36de9bc672f01cba5ef8fc2e12a2ad33a3a70e1d74abc88b15e14bc20d2
|
||||||
@ -16,9 +16,9 @@ let deployment =
|
|||||||
, strategy = Some kubernetes.DeploymentStrategy::{
|
, strategy = Some kubernetes.DeploymentStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
, rollingUpdate = Some
|
, rollingUpdate = Some
|
||||||
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
||||||
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
, template = kubernetes.PodTemplateSpec::{
|
, template = kubernetes.PodTemplateSpec::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
@ -32,11 +32,11 @@ let deployment =
|
|||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, imagePullPolicy = Some "Always"
|
, imagePullPolicy = Some "Always"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
, resources = Some
|
, resources = Some
|
||||||
{ limits = Some (toMap { cpu = "500m" })
|
{ limits = Some (toMap { cpu = "500m" })
|
||||||
, requests = Some (toMap { cpu = "10m" })
|
, requests = Some (toMap { cpu = "10m" })
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -12,31 +12,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
|
@ -15,7 +15,7 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ""
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
labels:
|
labels:
|
||||||
app: aws-iam-authenticator
|
app: aws-iam-authenticator
|
||||||
release: wintering-rodent
|
release: wintering-rodent
|
||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
name: output
|
name: output
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ''
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
|
@ -27,6 +27,6 @@ spec:
|
|||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: "500m"
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: "10m"
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: extensions/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:f94bc36de9bc672f01cba5ef8fc2e12a2ad33a3a70e1d74abc88b15e14bc20d2
|
../package.dhall sha256:f94bc36de9bc672f01cba5ef8fc2e12a2ad33a3a70e1d74abc88b15e14bc20d2
|
||||||
@ -8,11 +8,11 @@ let spec =
|
|||||||
{ selector = Some (toMap { app = "nginx" })
|
{ selector = Some (toMap { app = "nginx" })
|
||||||
, type = Some "NodePort"
|
, type = Some "NodePort"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ServicePort::{
|
[ kubernetes.ServicePort::{
|
||||||
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
||||||
, port = 80
|
, port = 80
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
let service
|
let service
|
||||||
|
@ -25,5 +25,5 @@
|
|||||||
-}
|
-}
|
||||||
|
|
||||||
env:DHALL_PRELUDE
|
env:DHALL_PRELUDE
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall
|
||||||
|
@ -71,7 +71,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -143,7 +143,7 @@ Things to note in the following example:
|
|||||||
-- examples/ingress.dhall
|
-- examples/ingress.dhall
|
||||||
|
|
||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -156,31 +156,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
@ -238,7 +238,7 @@ apiVersion: extensions/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -16,18 +16,11 @@ let heritage = "dhall"
|
|||||||
in kubernetes.DaemonSet::{
|
in kubernetes.DaemonSet::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
, labels = Some
|
, labels = Some (toMap { app = name, chart, release, heritage })
|
||||||
( toMap
|
|
||||||
{ app = name
|
|
||||||
, chart = chart
|
|
||||||
, release = release
|
|
||||||
, heritage = heritage
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.DaemonSetSpec::{
|
, spec = Some kubernetes.DaemonSetSpec::{
|
||||||
, selector = kubernetes.LabelSelector::{
|
, selector = kubernetes.LabelSelector::{
|
||||||
, matchLabels = Some (toMap { app = name, release = release })
|
, matchLabels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
@ -37,68 +30,68 @@ in kubernetes.DaemonSet::{
|
|||||||
, name = Some name
|
, name = Some name
|
||||||
, annotations = Some
|
, annotations = Some
|
||||||
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
||||||
, labels = Some (toMap { app = name, release = release })
|
, labels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.PodSpec::{
|
, spec = Some kubernetes.PodSpec::{
|
||||||
, hostNetwork = Some True
|
, hostNetwork = Some True
|
||||||
, nodeSelector = Some
|
, nodeSelector = Some
|
||||||
(toMap { `node-role.kubernetes.io/master` = "" })
|
(toMap { `node-role.kubernetes.io/master` = "" })
|
||||||
, tolerations = Some
|
, tolerations = Some
|
||||||
[ kubernetes.Toleration::{
|
[ kubernetes.Toleration::{
|
||||||
, effect = Some "NoSchedule"
|
, effect = Some "NoSchedule"
|
||||||
, key = Some "node-role.kubernetes.io/master"
|
, key = Some "node-role.kubernetes.io/master"
|
||||||
}
|
}
|
||||||
, kubernetes.Toleration::{
|
, kubernetes.Toleration::{
|
||||||
, effect = Some "CriticalAddonsOnly"
|
, effect = Some "CriticalAddonsOnly"
|
||||||
, key = Some "Exists"
|
, key = Some "Exists"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, containers =
|
, containers =
|
||||||
[ kubernetes.Container::{
|
[ kubernetes.Container::{
|
||||||
, name = fullName
|
, name = fullName
|
||||||
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
||||||
, args = Some
|
, args = Some
|
||||||
[ "server"
|
[ "server"
|
||||||
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
||||||
, "--state-dir=/var/aws-iam-authenticator"
|
, "--state-dir=/var/aws-iam-authenticator"
|
||||||
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
||||||
]
|
]
|
||||||
, volumeMounts = Some
|
, volumeMounts = Some
|
||||||
[ kubernetes.VolumeMount::{
|
[ kubernetes.VolumeMount::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, mountPath = "/etc/aws-iam-authenticator/"
|
, mountPath = "/etc/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "state"
|
, name = "state"
|
||||||
, mountPath = "/var/aws-iam-authenticator/"
|
, mountPath = "/var/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "output"
|
, name = "output"
|
||||||
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, volumes = Some
|
, volumes = Some
|
||||||
[ kubernetes.Volume::{
|
[ kubernetes.Volume::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
}
|
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "output"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "output"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "state"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "state"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:6966f60104bbdcbab6f6472b89710599e58ced14421ebb28885b34b94f439dae
|
../package.dhall sha256:6966f60104bbdcbab6f6472b89710599e58ced14421ebb28885b34b94f439dae
|
||||||
@ -16,9 +16,9 @@ let deployment =
|
|||||||
, strategy = Some kubernetes.DeploymentStrategy::{
|
, strategy = Some kubernetes.DeploymentStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
, rollingUpdate = Some
|
, rollingUpdate = Some
|
||||||
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
||||||
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
, template = kubernetes.PodTemplateSpec::{
|
, template = kubernetes.PodTemplateSpec::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
@ -32,11 +32,11 @@ let deployment =
|
|||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, imagePullPolicy = Some "Always"
|
, imagePullPolicy = Some "Always"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
, resources = Some
|
, resources = Some
|
||||||
{ limits = Some (toMap { cpu = "500m" })
|
{ limits = Some (toMap { cpu = "500m" })
|
||||||
, requests = Some (toMap { cpu = "10m" })
|
, requests = Some (toMap { cpu = "10m" })
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -12,31 +12,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
|
@ -15,7 +15,7 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ""
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
labels:
|
labels:
|
||||||
app: aws-iam-authenticator
|
app: aws-iam-authenticator
|
||||||
release: wintering-rodent
|
release: wintering-rodent
|
||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
name: output
|
name: output
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ''
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
|
@ -27,6 +27,6 @@ spec:
|
|||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: "500m"
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: "10m"
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: extensions/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:6966f60104bbdcbab6f6472b89710599e58ced14421ebb28885b34b94f439dae
|
../package.dhall sha256:6966f60104bbdcbab6f6472b89710599e58ced14421ebb28885b34b94f439dae
|
||||||
@ -8,11 +8,11 @@ let spec =
|
|||||||
{ selector = Some (toMap { app = "nginx" })
|
{ selector = Some (toMap { app = "nginx" })
|
||||||
, type = Some "NodePort"
|
, type = Some "NodePort"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ServicePort::{
|
[ kubernetes.ServicePort::{
|
||||||
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
||||||
, port = 80
|
, port = 80
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
let service
|
let service
|
||||||
|
@ -25,5 +25,5 @@
|
|||||||
-}
|
-}
|
||||||
|
|
||||||
env:DHALL_PRELUDE
|
env:DHALL_PRELUDE
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall
|
||||||
|
@ -71,7 +71,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -143,7 +143,7 @@ Things to note in the following example:
|
|||||||
-- examples/ingress.dhall
|
-- examples/ingress.dhall
|
||||||
|
|
||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -156,31 +156,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
@ -238,7 +238,7 @@ apiVersion: networking.k8s.io/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -16,18 +16,11 @@ let heritage = "dhall"
|
|||||||
in kubernetes.DaemonSet::{
|
in kubernetes.DaemonSet::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
, labels = Some
|
, labels = Some (toMap { app = name, chart, release, heritage })
|
||||||
( toMap
|
|
||||||
{ app = name
|
|
||||||
, chart = chart
|
|
||||||
, release = release
|
|
||||||
, heritage = heritage
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.DaemonSetSpec::{
|
, spec = Some kubernetes.DaemonSetSpec::{
|
||||||
, selector = kubernetes.LabelSelector::{
|
, selector = kubernetes.LabelSelector::{
|
||||||
, matchLabels = Some (toMap { app = name, release = release })
|
, matchLabels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
@ -37,68 +30,68 @@ in kubernetes.DaemonSet::{
|
|||||||
, name = Some name
|
, name = Some name
|
||||||
, annotations = Some
|
, annotations = Some
|
||||||
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
||||||
, labels = Some (toMap { app = name, release = release })
|
, labels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.PodSpec::{
|
, spec = Some kubernetes.PodSpec::{
|
||||||
, hostNetwork = Some True
|
, hostNetwork = Some True
|
||||||
, nodeSelector = Some
|
, nodeSelector = Some
|
||||||
(toMap { `node-role.kubernetes.io/master` = "" })
|
(toMap { `node-role.kubernetes.io/master` = "" })
|
||||||
, tolerations = Some
|
, tolerations = Some
|
||||||
[ kubernetes.Toleration::{
|
[ kubernetes.Toleration::{
|
||||||
, effect = Some "NoSchedule"
|
, effect = Some "NoSchedule"
|
||||||
, key = Some "node-role.kubernetes.io/master"
|
, key = Some "node-role.kubernetes.io/master"
|
||||||
}
|
}
|
||||||
, kubernetes.Toleration::{
|
, kubernetes.Toleration::{
|
||||||
, effect = Some "CriticalAddonsOnly"
|
, effect = Some "CriticalAddonsOnly"
|
||||||
, key = Some "Exists"
|
, key = Some "Exists"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, containers =
|
, containers =
|
||||||
[ kubernetes.Container::{
|
[ kubernetes.Container::{
|
||||||
, name = fullName
|
, name = fullName
|
||||||
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
||||||
, args = Some
|
, args = Some
|
||||||
[ "server"
|
[ "server"
|
||||||
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
||||||
, "--state-dir=/var/aws-iam-authenticator"
|
, "--state-dir=/var/aws-iam-authenticator"
|
||||||
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
||||||
]
|
]
|
||||||
, volumeMounts = Some
|
, volumeMounts = Some
|
||||||
[ kubernetes.VolumeMount::{
|
[ kubernetes.VolumeMount::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, mountPath = "/etc/aws-iam-authenticator/"
|
, mountPath = "/etc/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "state"
|
, name = "state"
|
||||||
, mountPath = "/var/aws-iam-authenticator/"
|
, mountPath = "/var/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "output"
|
, name = "output"
|
||||||
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, volumes = Some
|
, volumes = Some
|
||||||
[ kubernetes.Volume::{
|
[ kubernetes.Volume::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
}
|
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "output"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "output"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "state"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "state"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:ca5ddb1035b4740948ee91b380beb10253ff0cd042353cb2ca685de5c0ecec0a
|
../package.dhall sha256:ca5ddb1035b4740948ee91b380beb10253ff0cd042353cb2ca685de5c0ecec0a
|
||||||
@ -16,9 +16,9 @@ let deployment =
|
|||||||
, strategy = Some kubernetes.DeploymentStrategy::{
|
, strategy = Some kubernetes.DeploymentStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
, rollingUpdate = Some
|
, rollingUpdate = Some
|
||||||
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
||||||
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
, template = kubernetes.PodTemplateSpec::{
|
, template = kubernetes.PodTemplateSpec::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
@ -32,11 +32,11 @@ let deployment =
|
|||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, imagePullPolicy = Some "Always"
|
, imagePullPolicy = Some "Always"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
, resources = Some
|
, resources = Some
|
||||||
{ limits = Some (toMap { cpu = "500m" })
|
{ limits = Some (toMap { cpu = "500m" })
|
||||||
, requests = Some (toMap { cpu = "10m" })
|
, requests = Some (toMap { cpu = "10m" })
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -12,31 +12,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
|
@ -15,7 +15,7 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ""
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
labels:
|
labels:
|
||||||
app: aws-iam-authenticator
|
app: aws-iam-authenticator
|
||||||
release: wintering-rodent
|
release: wintering-rodent
|
||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
name: output
|
name: output
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ''
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
|
@ -27,6 +27,6 @@ spec:
|
|||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: "500m"
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: "10m"
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:ca5ddb1035b4740948ee91b380beb10253ff0cd042353cb2ca685de5c0ecec0a
|
../package.dhall sha256:ca5ddb1035b4740948ee91b380beb10253ff0cd042353cb2ca685de5c0ecec0a
|
||||||
@ -8,11 +8,11 @@ let spec =
|
|||||||
{ selector = Some (toMap { app = "nginx" })
|
{ selector = Some (toMap { app = "nginx" })
|
||||||
, type = Some "NodePort"
|
, type = Some "NodePort"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ServicePort::{
|
[ kubernetes.ServicePort::{
|
||||||
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
||||||
, port = 80
|
, port = 80
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
let service
|
let service
|
||||||
|
@ -25,5 +25,5 @@
|
|||||||
-}
|
-}
|
||||||
|
|
||||||
env:DHALL_PRELUDE
|
env:DHALL_PRELUDE
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall
|
||||||
|
@ -71,7 +71,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -143,7 +143,7 @@ Things to note in the following example:
|
|||||||
-- examples/ingress.dhall
|
-- examples/ingress.dhall
|
||||||
|
|
||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -156,31 +156,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
@ -238,7 +238,7 @@ apiVersion: networking.k8s.io/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -16,18 +16,11 @@ let heritage = "dhall"
|
|||||||
in kubernetes.DaemonSet::{
|
in kubernetes.DaemonSet::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
, labels = Some
|
, labels = Some (toMap { app = name, chart, release, heritage })
|
||||||
( toMap
|
|
||||||
{ app = name
|
|
||||||
, chart = chart
|
|
||||||
, release = release
|
|
||||||
, heritage = heritage
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.DaemonSetSpec::{
|
, spec = Some kubernetes.DaemonSetSpec::{
|
||||||
, selector = kubernetes.LabelSelector::{
|
, selector = kubernetes.LabelSelector::{
|
||||||
, matchLabels = Some (toMap { app = name, release = release })
|
, matchLabels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
@ -37,68 +30,68 @@ in kubernetes.DaemonSet::{
|
|||||||
, name = Some name
|
, name = Some name
|
||||||
, annotations = Some
|
, annotations = Some
|
||||||
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
||||||
, labels = Some (toMap { app = name, release = release })
|
, labels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.PodSpec::{
|
, spec = Some kubernetes.PodSpec::{
|
||||||
, hostNetwork = Some True
|
, hostNetwork = Some True
|
||||||
, nodeSelector = Some
|
, nodeSelector = Some
|
||||||
(toMap { `node-role.kubernetes.io/master` = "" })
|
(toMap { `node-role.kubernetes.io/master` = "" })
|
||||||
, tolerations = Some
|
, tolerations = Some
|
||||||
[ kubernetes.Toleration::{
|
[ kubernetes.Toleration::{
|
||||||
, effect = Some "NoSchedule"
|
, effect = Some "NoSchedule"
|
||||||
, key = Some "node-role.kubernetes.io/master"
|
, key = Some "node-role.kubernetes.io/master"
|
||||||
}
|
}
|
||||||
, kubernetes.Toleration::{
|
, kubernetes.Toleration::{
|
||||||
, effect = Some "CriticalAddonsOnly"
|
, effect = Some "CriticalAddonsOnly"
|
||||||
, key = Some "Exists"
|
, key = Some "Exists"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, containers =
|
, containers =
|
||||||
[ kubernetes.Container::{
|
[ kubernetes.Container::{
|
||||||
, name = fullName
|
, name = fullName
|
||||||
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
||||||
, args = Some
|
, args = Some
|
||||||
[ "server"
|
[ "server"
|
||||||
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
||||||
, "--state-dir=/var/aws-iam-authenticator"
|
, "--state-dir=/var/aws-iam-authenticator"
|
||||||
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
||||||
]
|
]
|
||||||
, volumeMounts = Some
|
, volumeMounts = Some
|
||||||
[ kubernetes.VolumeMount::{
|
[ kubernetes.VolumeMount::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, mountPath = "/etc/aws-iam-authenticator/"
|
, mountPath = "/etc/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "state"
|
, name = "state"
|
||||||
, mountPath = "/var/aws-iam-authenticator/"
|
, mountPath = "/var/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "output"
|
, name = "output"
|
||||||
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, volumes = Some
|
, volumes = Some
|
||||||
[ kubernetes.Volume::{
|
[ kubernetes.Volume::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
}
|
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "output"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "output"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "state"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "state"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:ae33004411e418e80644ff44593639fcd03216d667817b92db205796afeccd83
|
../package.dhall sha256:ae33004411e418e80644ff44593639fcd03216d667817b92db205796afeccd83
|
||||||
@ -16,9 +16,9 @@ let deployment =
|
|||||||
, strategy = Some kubernetes.DeploymentStrategy::{
|
, strategy = Some kubernetes.DeploymentStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
, rollingUpdate = Some
|
, rollingUpdate = Some
|
||||||
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
||||||
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
, template = kubernetes.PodTemplateSpec::{
|
, template = kubernetes.PodTemplateSpec::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
@ -32,11 +32,11 @@ let deployment =
|
|||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, imagePullPolicy = Some "Always"
|
, imagePullPolicy = Some "Always"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
, resources = Some
|
, resources = Some
|
||||||
{ limits = Some (toMap { cpu = "500m" })
|
{ limits = Some (toMap { cpu = "500m" })
|
||||||
, requests = Some (toMap { cpu = "10m" })
|
, requests = Some (toMap { cpu = "10m" })
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -12,31 +12,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
|
@ -15,7 +15,7 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ""
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
labels:
|
labels:
|
||||||
app: aws-iam-authenticator
|
app: aws-iam-authenticator
|
||||||
release: wintering-rodent
|
release: wintering-rodent
|
||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
name: output
|
name: output
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ''
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
|
@ -27,6 +27,6 @@ spec:
|
|||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: "500m"
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: "10m"
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:ae33004411e418e80644ff44593639fcd03216d667817b92db205796afeccd83
|
../package.dhall sha256:ae33004411e418e80644ff44593639fcd03216d667817b92db205796afeccd83
|
||||||
@ -8,11 +8,11 @@ let spec =
|
|||||||
{ selector = Some (toMap { app = "nginx" })
|
{ selector = Some (toMap { app = "nginx" })
|
||||||
, type = Some "NodePort"
|
, type = Some "NodePort"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ServicePort::{
|
[ kubernetes.ServicePort::{
|
||||||
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
||||||
, port = 80
|
, port = 80
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
let service
|
let service
|
||||||
|
@ -25,5 +25,5 @@
|
|||||||
-}
|
-}
|
||||||
|
|
||||||
env:DHALL_PRELUDE
|
env:DHALL_PRELUDE
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall
|
||||||
|
@ -71,7 +71,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -143,7 +143,7 @@ Things to note in the following example:
|
|||||||
-- examples/ingress.dhall
|
-- examples/ingress.dhall
|
||||||
|
|
||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -156,31 +156,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
@ -238,7 +238,7 @@ apiVersion: networking.k8s.io/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -16,18 +16,11 @@ let heritage = "dhall"
|
|||||||
in kubernetes.DaemonSet::{
|
in kubernetes.DaemonSet::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
, labels = Some
|
, labels = Some (toMap { app = name, chart, release, heritage })
|
||||||
( toMap
|
|
||||||
{ app = name
|
|
||||||
, chart = chart
|
|
||||||
, release = release
|
|
||||||
, heritage = heritage
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.DaemonSetSpec::{
|
, spec = Some kubernetes.DaemonSetSpec::{
|
||||||
, selector = kubernetes.LabelSelector::{
|
, selector = kubernetes.LabelSelector::{
|
||||||
, matchLabels = Some (toMap { app = name, release = release })
|
, matchLabels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
@ -37,68 +30,68 @@ in kubernetes.DaemonSet::{
|
|||||||
, name = Some name
|
, name = Some name
|
||||||
, annotations = Some
|
, annotations = Some
|
||||||
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
||||||
, labels = Some (toMap { app = name, release = release })
|
, labels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.PodSpec::{
|
, spec = Some kubernetes.PodSpec::{
|
||||||
, hostNetwork = Some True
|
, hostNetwork = Some True
|
||||||
, nodeSelector = Some
|
, nodeSelector = Some
|
||||||
(toMap { `node-role.kubernetes.io/master` = "" })
|
(toMap { `node-role.kubernetes.io/master` = "" })
|
||||||
, tolerations = Some
|
, tolerations = Some
|
||||||
[ kubernetes.Toleration::{
|
[ kubernetes.Toleration::{
|
||||||
, effect = Some "NoSchedule"
|
, effect = Some "NoSchedule"
|
||||||
, key = Some "node-role.kubernetes.io/master"
|
, key = Some "node-role.kubernetes.io/master"
|
||||||
}
|
}
|
||||||
, kubernetes.Toleration::{
|
, kubernetes.Toleration::{
|
||||||
, effect = Some "CriticalAddonsOnly"
|
, effect = Some "CriticalAddonsOnly"
|
||||||
, key = Some "Exists"
|
, key = Some "Exists"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, containers =
|
, containers =
|
||||||
[ kubernetes.Container::{
|
[ kubernetes.Container::{
|
||||||
, name = fullName
|
, name = fullName
|
||||||
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
||||||
, args = Some
|
, args = Some
|
||||||
[ "server"
|
[ "server"
|
||||||
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
||||||
, "--state-dir=/var/aws-iam-authenticator"
|
, "--state-dir=/var/aws-iam-authenticator"
|
||||||
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
||||||
]
|
]
|
||||||
, volumeMounts = Some
|
, volumeMounts = Some
|
||||||
[ kubernetes.VolumeMount::{
|
[ kubernetes.VolumeMount::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, mountPath = "/etc/aws-iam-authenticator/"
|
, mountPath = "/etc/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "state"
|
, name = "state"
|
||||||
, mountPath = "/var/aws-iam-authenticator/"
|
, mountPath = "/var/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "output"
|
, name = "output"
|
||||||
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, volumes = Some
|
, volumes = Some
|
||||||
[ kubernetes.Volume::{
|
[ kubernetes.Volume::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
}
|
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "output"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "output"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "state"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "state"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:1b741038994df16ced6eaa17908bfedf535634c7a0ac4f82ce48cde26bc07a76
|
../package.dhall sha256:1b741038994df16ced6eaa17908bfedf535634c7a0ac4f82ce48cde26bc07a76
|
||||||
@ -16,9 +16,9 @@ let deployment =
|
|||||||
, strategy = Some kubernetes.DeploymentStrategy::{
|
, strategy = Some kubernetes.DeploymentStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
, rollingUpdate = Some
|
, rollingUpdate = Some
|
||||||
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
||||||
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
, template = kubernetes.PodTemplateSpec::{
|
, template = kubernetes.PodTemplateSpec::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
@ -32,11 +32,11 @@ let deployment =
|
|||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, imagePullPolicy = Some "Always"
|
, imagePullPolicy = Some "Always"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
, resources = Some
|
, resources = Some
|
||||||
{ limits = Some (toMap { cpu = "500m" })
|
{ limits = Some (toMap { cpu = "500m" })
|
||||||
, requests = Some (toMap { cpu = "10m" })
|
, requests = Some (toMap { cpu = "10m" })
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -12,31 +12,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
|
@ -15,7 +15,7 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ""
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
labels:
|
labels:
|
||||||
app: aws-iam-authenticator
|
app: aws-iam-authenticator
|
||||||
release: wintering-rodent
|
release: wintering-rodent
|
||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
name: output
|
name: output
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ''
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
|
@ -27,6 +27,6 @@ spec:
|
|||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: "500m"
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: "10m"
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:1b741038994df16ced6eaa17908bfedf535634c7a0ac4f82ce48cde26bc07a76
|
../package.dhall sha256:1b741038994df16ced6eaa17908bfedf535634c7a0ac4f82ce48cde26bc07a76
|
||||||
@ -8,11 +8,11 @@ let spec =
|
|||||||
{ selector = Some (toMap { app = "nginx" })
|
{ selector = Some (toMap { app = "nginx" })
|
||||||
, type = Some "NodePort"
|
, type = Some "NodePort"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ServicePort::{
|
[ kubernetes.ServicePort::{
|
||||||
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
||||||
, port = 80
|
, port = 80
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
let service
|
let service
|
||||||
|
@ -25,5 +25,5 @@
|
|||||||
-}
|
-}
|
||||||
|
|
||||||
env:DHALL_PRELUDE
|
env:DHALL_PRELUDE
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall
|
||||||
|
@ -71,7 +71,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -143,7 +143,7 @@ Things to note in the following example:
|
|||||||
-- examples/ingress.dhall
|
-- examples/ingress.dhall
|
||||||
|
|
||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -156,31 +156,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
@ -238,7 +238,7 @@ apiVersion: networking.k8s.io/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -16,18 +16,11 @@ let heritage = "dhall"
|
|||||||
in kubernetes.DaemonSet::{
|
in kubernetes.DaemonSet::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
, labels = Some
|
, labels = Some (toMap { app = name, chart, release, heritage })
|
||||||
( toMap
|
|
||||||
{ app = name
|
|
||||||
, chart = chart
|
|
||||||
, release = release
|
|
||||||
, heritage = heritage
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.DaemonSetSpec::{
|
, spec = Some kubernetes.DaemonSetSpec::{
|
||||||
, selector = kubernetes.LabelSelector::{
|
, selector = kubernetes.LabelSelector::{
|
||||||
, matchLabels = Some (toMap { app = name, release = release })
|
, matchLabels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
, updateStrategy = Some kubernetes.DaemonSetUpdateStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
@ -37,68 +30,68 @@ in kubernetes.DaemonSet::{
|
|||||||
, name = Some name
|
, name = Some name
|
||||||
, annotations = Some
|
, annotations = Some
|
||||||
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
(toMap { `scheduler.alpha.kubernetes.io/critical-pod` = "" })
|
||||||
, labels = Some (toMap { app = name, release = release })
|
, labels = Some (toMap { app = name, release })
|
||||||
}
|
}
|
||||||
, spec = Some kubernetes.PodSpec::{
|
, spec = Some kubernetes.PodSpec::{
|
||||||
, hostNetwork = Some True
|
, hostNetwork = Some True
|
||||||
, nodeSelector = Some
|
, nodeSelector = Some
|
||||||
(toMap { `node-role.kubernetes.io/master` = "" })
|
(toMap { `node-role.kubernetes.io/master` = "" })
|
||||||
, tolerations = Some
|
, tolerations = Some
|
||||||
[ kubernetes.Toleration::{
|
[ kubernetes.Toleration::{
|
||||||
, effect = Some "NoSchedule"
|
, effect = Some "NoSchedule"
|
||||||
, key = Some "node-role.kubernetes.io/master"
|
, key = Some "node-role.kubernetes.io/master"
|
||||||
}
|
}
|
||||||
, kubernetes.Toleration::{
|
, kubernetes.Toleration::{
|
||||||
, effect = Some "CriticalAddonsOnly"
|
, effect = Some "CriticalAddonsOnly"
|
||||||
, key = Some "Exists"
|
, key = Some "Exists"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, containers =
|
, containers =
|
||||||
[ kubernetes.Container::{
|
[ kubernetes.Container::{
|
||||||
, name = fullName
|
, name = fullName
|
||||||
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
, image = Some "gcr.io/heptio-images/authenticator:v0.1.0"
|
||||||
, args = Some
|
, args = Some
|
||||||
[ "server"
|
[ "server"
|
||||||
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
, "--config=/etc/aws-iam-authenticator/config.yaml"
|
||||||
, "--state-dir=/var/aws-iam-authenticator"
|
, "--state-dir=/var/aws-iam-authenticator"
|
||||||
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
, "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml"
|
||||||
]
|
]
|
||||||
, volumeMounts = Some
|
, volumeMounts = Some
|
||||||
[ kubernetes.VolumeMount::{
|
[ kubernetes.VolumeMount::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, mountPath = "/etc/aws-iam-authenticator/"
|
, mountPath = "/etc/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "state"
|
, name = "state"
|
||||||
, mountPath = "/var/aws-iam-authenticator/"
|
, mountPath = "/var/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.VolumeMount::{
|
, kubernetes.VolumeMount::{
|
||||||
, name = "output"
|
, name = "output"
|
||||||
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
, mountPath = "/etc/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
, volumes = Some
|
, volumes = Some
|
||||||
[ kubernetes.Volume::{
|
[ kubernetes.Volume::{
|
||||||
, name = "config"
|
, name = "config"
|
||||||
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
, configMap = Some kubernetes.ConfigMapVolumeSource::{
|
||||||
, name = Some fullName
|
, name = Some fullName
|
||||||
}
|
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "output"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "output"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
, kubernetes.Volume::{
|
}
|
||||||
, name = "state"
|
, kubernetes.Volume::{
|
||||||
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
, name = "state"
|
||||||
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
, hostPath = Some kubernetes.HostPathVolumeSource::{
|
||||||
}
|
, path = "/srv/kubernetes/aws-iam-authenticator/"
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:7150ac4309a091740321a3a3582e7695ee4b81732ce8f1ed1691c1c52791daa1
|
../package.dhall sha256:7150ac4309a091740321a3a3582e7695ee4b81732ce8f1ed1691c1c52791daa1
|
||||||
@ -16,9 +16,9 @@ let deployment =
|
|||||||
, strategy = Some kubernetes.DeploymentStrategy::{
|
, strategy = Some kubernetes.DeploymentStrategy::{
|
||||||
, type = Some "RollingUpdate"
|
, type = Some "RollingUpdate"
|
||||||
, rollingUpdate = Some
|
, rollingUpdate = Some
|
||||||
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
{ maxSurge = Some (kubernetes.IntOrString.Int 5)
|
||||||
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
, maxUnavailable = Some (kubernetes.IntOrString.Int 0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
, template = kubernetes.PodTemplateSpec::{
|
, template = kubernetes.PodTemplateSpec::{
|
||||||
, metadata = kubernetes.ObjectMeta::{
|
, metadata = kubernetes.ObjectMeta::{
|
||||||
@ -32,11 +32,11 @@ let deployment =
|
|||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, imagePullPolicy = Some "Always"
|
, imagePullPolicy = Some "Always"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
, resources = Some
|
, resources = Some
|
||||||
{ limits = Some (toMap { cpu = "500m" })
|
{ limits = Some (toMap { cpu = "500m" })
|
||||||
, requests = Some (toMap { cpu = "10m" })
|
, requests = Some (toMap { cpu = "10m" })
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@ let deployment =
|
|||||||
, name = "nginx"
|
, name = "nginx"
|
||||||
, image = Some "nginx:1.15.3"
|
, image = Some "nginx:1.15.3"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
[ kubernetes.ContainerPort::{ containerPort = 80 } ]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let map = Prelude.List.map
|
let map = Prelude.List.map
|
||||||
|
|
||||||
@ -12,31 +12,31 @@ let services = [ { name = "foo", host = "foo.example.com", version = "2.3" } ]
|
|||||||
|
|
||||||
let makeTLS
|
let makeTLS
|
||||||
: Service → kubernetes.IngressTLS.Type
|
: Service → kubernetes.IngressTLS.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { hosts = Some [ service.host ]
|
{ hosts = Some [ service.host ]
|
||||||
, secretName = Some "${service.name}-certificate"
|
, secretName = Some "${service.name}-certificate"
|
||||||
}
|
}
|
||||||
|
|
||||||
let makeRule
|
let makeRule
|
||||||
: Service → kubernetes.IngressRule.Type
|
: Service → kubernetes.IngressRule.Type
|
||||||
= λ(service : Service)
|
= λ(service : Service) →
|
||||||
→ { host = Some service.host
|
{ host = Some service.host
|
||||||
, http = Some
|
, http = Some
|
||||||
{ paths =
|
{ paths =
|
||||||
[ { backend =
|
[ { backend =
|
||||||
{ serviceName = service.name
|
{ serviceName = service.name
|
||||||
, servicePort = kubernetes.IntOrString.Int 80
|
, servicePort = kubernetes.IntOrString.Int 80
|
||||||
}
|
|
||||||
, path = None Text
|
|
||||||
}
|
}
|
||||||
]
|
, path = None Text
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mkIngress
|
let mkIngress
|
||||||
: List Service → kubernetes.Ingress.Type
|
: List Service → kubernetes.Ingress.Type
|
||||||
= λ(inputServices : List Service)
|
= λ(inputServices : List Service) →
|
||||||
→ let annotations =
|
let annotations =
|
||||||
toMap
|
toMap
|
||||||
{ `kubernetes.io/ingress.class` = "nginx"
|
{ `kubernetes.io/ingress.class` = "nginx"
|
||||||
, `kubernetes.io/ingress.allow-http` = "false"
|
, `kubernetes.io/ingress.allow-http` = "false"
|
||||||
|
@ -15,7 +15,7 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ""
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
labels:
|
labels:
|
||||||
app: aws-iam-authenticator
|
app: aws-iam-authenticator
|
||||||
release: wintering-rodent
|
release: wintering-rodent
|
||||||
@ -38,7 +38,7 @@ spec:
|
|||||||
name: output
|
name: output
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ''
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
|
@ -27,6 +27,6 @@ spec:
|
|||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: "500m"
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: "10m"
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1beta1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: 'false'
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
name: nginx
|
name: nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
let Prelude =
|
let Prelude =
|
||||||
../Prelude.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
../Prelude.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
|
|
||||||
let kubernetes =
|
let kubernetes =
|
||||||
../package.dhall sha256:7150ac4309a091740321a3a3582e7695ee4b81732ce8f1ed1691c1c52791daa1
|
../package.dhall sha256:7150ac4309a091740321a3a3582e7695ee4b81732ce8f1ed1691c1c52791daa1
|
||||||
@ -8,11 +8,11 @@ let spec =
|
|||||||
{ selector = Some (toMap { app = "nginx" })
|
{ selector = Some (toMap { app = "nginx" })
|
||||||
, type = Some "NodePort"
|
, type = Some "NodePort"
|
||||||
, ports = Some
|
, ports = Some
|
||||||
[ kubernetes.ServicePort::{
|
[ kubernetes.ServicePort::{
|
||||||
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
, targetPort = Some (kubernetes.IntOrString.Int 80)
|
||||||
, port = 80
|
, port = 80
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
let service
|
let service
|
||||||
|
@ -25,5 +25,5 @@
|
|||||||
-}
|
-}
|
||||||
|
|
||||||
env:DHALL_PRELUDE
|
env:DHALL_PRELUDE
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall sha256:10db3c919c25e9046833df897a8ffe2701dc390fa0893d958c3430524be5a43e
|
||||||
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall
|
? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v17.0.0/Prelude/package.dhall
|
||||||
|
@ -24,8 +24,8 @@ executable dhall-kubernetes-generator
|
|||||||
aeson >= 1.0.0.0 && < 1.5 ,
|
aeson >= 1.0.0.0 && < 1.5 ,
|
||||||
containers >= 0.5.0.0 && < 0.7 ,
|
containers >= 0.5.0.0 && < 0.7 ,
|
||||||
dhall >= 1.22.0 && < 1.34 ,
|
dhall >= 1.22.0 && < 1.34 ,
|
||||||
megaparsec >= 7.0 && < 7.1 ,
|
megaparsec >= 7.0 && < 8.1 ,
|
||||||
optparse-applicative >= 0.14.3.0 && < 0.15 ,
|
optparse-applicative >= 0.14.3.0 && < 0.16 ,
|
||||||
parser-combinators >= 1.0.3 && < 1.3 ,
|
parser-combinators >= 1.0.3 && < 1.3 ,
|
||||||
prettyprinter >= 1.2.0.1 && < 1.7 ,
|
prettyprinter >= 1.2.0.1 && < 1.7 ,
|
||||||
sort >= 1.0 && < 1.1 ,
|
sort >= 1.0 && < 1.1 ,
|
||||||
|
@ -11,6 +11,7 @@ import Data.Text (Text, pack)
|
|||||||
import Data.Void (Void)
|
import Data.Void (Void)
|
||||||
import Data.Yaml
|
import Data.Yaml
|
||||||
import Dhall.Core (Expr(..))
|
import Dhall.Core (Expr(..))
|
||||||
|
import Dhall.Format (Format(..))
|
||||||
import Dhall.Kubernetes.Data (patchCyclicImports)
|
import Dhall.Kubernetes.Data (patchCyclicImports)
|
||||||
import Numeric.Natural (Natural)
|
import Numeric.Natural (Natural)
|
||||||
import Text.Megaparsec (Parsec, some, parse, (<|>), errorBundlePretty)
|
import Text.Megaparsec (Parsec, some, parse, (<|>), errorBundlePretty)
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
{ mkDerivation, aeson, aeson-pretty, base, bytestring, cborg
|
|
||||||
, criterion, deepseq, directory, process, scientific, stdenv, text
|
|
||||||
, unordered-containers, vector, zlib
|
|
||||||
}:
|
|
||||||
mkDerivation {
|
|
||||||
pname = "cborg-json";
|
|
||||||
version = "0.2.2.0";
|
|
||||||
sha256 = "ab68a2457cb71a76699d7a8df07a880ea70c51d2c1a891b12669ca9ccfa7517b";
|
|
||||||
libraryHaskellDepends = [
|
|
||||||
aeson aeson-pretty base cborg scientific text unordered-containers
|
|
||||||
vector
|
|
||||||
];
|
|
||||||
benchmarkHaskellDepends = [
|
|
||||||
aeson base bytestring cborg criterion deepseq directory process
|
|
||||||
zlib
|
|
||||||
];
|
|
||||||
homepage = "https://github.com/well-typed/cborg";
|
|
||||||
description = "A library for encoding JSON as CBOR";
|
|
||||||
license = stdenv.lib.licenses.bsd3;
|
|
||||||
}
|
|
@ -1,29 +0,0 @@
|
|||||||
{ mkDerivation, aeson, aeson-pretty, aeson-yaml, ansi-terminal
|
|
||||||
, base, bytestring, containers, dhall, exceptions, filepath
|
|
||||||
, optparse-applicative, prettyprinter, prettyprinter-ansi-terminal
|
|
||||||
, scientific, stdenv, tasty, tasty-hunit, text
|
|
||||||
, unordered-containers, vector
|
|
||||||
}:
|
|
||||||
mkDerivation {
|
|
||||||
pname = "dhall-json";
|
|
||||||
version = "1.6.1";
|
|
||||||
sha256 = "3ce9b0a9d3a946beb021bb42589426ceb4c44cf5f104e5bdf120659ccb5109c9";
|
|
||||||
revision = "1";
|
|
||||||
editedCabalFile = "07h7vldqd623y7jf15j87mhs3nnbwl3a0121ajqc56qc0vvpgywp";
|
|
||||||
isLibrary = true;
|
|
||||||
isExecutable = true;
|
|
||||||
libraryHaskellDepends = [
|
|
||||||
aeson aeson-pretty aeson-yaml base bytestring containers dhall
|
|
||||||
exceptions filepath optparse-applicative prettyprinter scientific
|
|
||||||
text unordered-containers vector
|
|
||||||
];
|
|
||||||
executableHaskellDepends = [
|
|
||||||
aeson aeson-pretty ansi-terminal base bytestring dhall exceptions
|
|
||||||
optparse-applicative prettyprinter prettyprinter-ansi-terminal text
|
|
||||||
];
|
|
||||||
testHaskellDepends = [
|
|
||||||
aeson base bytestring dhall tasty tasty-hunit text
|
|
||||||
];
|
|
||||||
description = "Convert between Dhall and JSON or YAML";
|
|
||||||
license = stdenv.lib.licenses.bsd3;
|
|
||||||
}
|
|
@ -1,49 +0,0 @@
|
|||||||
{ mkDerivation, aeson, aeson-pretty, ansi-terminal, atomic-write
|
|
||||||
, base, bytestring, case-insensitive, cborg, cborg-json, containers
|
|
||||||
, contravariant, cryptonite, data-fix, deepseq, Diff, directory
|
|
||||||
, doctest, dotgen, either, exceptions, filepath, foldl, gauge
|
|
||||||
, generic-random, hashable, haskeline, http-client, http-client-tls
|
|
||||||
, http-types, lens-family-core, megaparsec, memory, mockery, mtl
|
|
||||||
, network-uri, optparse-applicative, parsers, pretty-simple
|
|
||||||
, prettyprinter, prettyprinter-ansi-terminal, profunctors
|
|
||||||
, QuickCheck, quickcheck-instances, repline, scientific, semigroups
|
|
||||||
, serialise, special-values, spoon, stdenv, tasty
|
|
||||||
, tasty-expected-failure, tasty-hunit, tasty-quickcheck
|
|
||||||
, template-haskell, text, th-lift-instances, transformers
|
|
||||||
, transformers-compat, turtle, unordered-containers, uri-encode
|
|
||||||
, vector
|
|
||||||
}:
|
|
||||||
mkDerivation {
|
|
||||||
pname = "dhall";
|
|
||||||
version = "1.29.0";
|
|
||||||
sha256 = "c73e59717ff15707c77f3ff582f5adf68fc7abc68dbf70aa77ce65333637e7f6";
|
|
||||||
revision = "2";
|
|
||||||
editedCabalFile = "1qksvk63vmypqcd9hasacmqw7gsqcggs5lk85x7w2731mh3c3sa8";
|
|
||||||
isLibrary = true;
|
|
||||||
isExecutable = true;
|
|
||||||
libraryHaskellDepends = [
|
|
||||||
aeson aeson-pretty ansi-terminal atomic-write base bytestring
|
|
||||||
case-insensitive cborg cborg-json containers contravariant
|
|
||||||
cryptonite data-fix deepseq Diff directory dotgen either exceptions
|
|
||||||
filepath hashable haskeline http-client http-client-tls http-types
|
|
||||||
lens-family-core megaparsec memory mtl network-uri
|
|
||||||
optparse-applicative parsers pretty-simple prettyprinter
|
|
||||||
prettyprinter-ansi-terminal profunctors repline scientific
|
|
||||||
serialise template-haskell text th-lift-instances transformers
|
|
||||||
transformers-compat unordered-containers uri-encode vector
|
|
||||||
];
|
|
||||||
executableHaskellDepends = [ base ];
|
|
||||||
testHaskellDepends = [
|
|
||||||
base bytestring cborg containers data-fix deepseq directory doctest
|
|
||||||
either filepath foldl generic-random lens-family-core megaparsec
|
|
||||||
mockery prettyprinter QuickCheck quickcheck-instances scientific
|
|
||||||
semigroups serialise special-values spoon tasty
|
|
||||||
tasty-expected-failure tasty-hunit tasty-quickcheck text
|
|
||||||
transformers turtle unordered-containers vector
|
|
||||||
];
|
|
||||||
benchmarkHaskellDepends = [
|
|
||||||
base bytestring containers directory gauge serialise text
|
|
||||||
];
|
|
||||||
description = "A configuration language guaranteed to terminate";
|
|
||||||
license = stdenv.lib.licenses.bsd3;
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
{ mkDerivation, ansi-wl-pprint, base, base-compat, bytestring
|
|
||||||
, containers, deepseq, doctest, gauge, mtl, pgp-wordlist
|
|
||||||
, QuickCheck, quickcheck-instances, random, stdenv, tasty
|
|
||||||
, tasty-hunit, tasty-quickcheck, text, transformers
|
|
||||||
}:
|
|
||||||
mkDerivation {
|
|
||||||
pname = "prettyprinter";
|
|
||||||
version = "1.6.0";
|
|
||||||
sha256 = "fdaa85aeaff852c3d96f1ac2a323bc1dd96e0061185d11cdc4d1cdb269f5f2f5";
|
|
||||||
isLibrary = true;
|
|
||||||
isExecutable = true;
|
|
||||||
libraryHaskellDepends = [ base text ];
|
|
||||||
testHaskellDepends = [
|
|
||||||
base bytestring doctest pgp-wordlist QuickCheck
|
|
||||||
quickcheck-instances tasty tasty-hunit tasty-quickcheck text
|
|
||||||
];
|
|
||||||
benchmarkHaskellDepends = [
|
|
||||||
ansi-wl-pprint base base-compat containers deepseq gauge mtl
|
|
||||||
QuickCheck random text transformers
|
|
||||||
];
|
|
||||||
homepage = "http://github.com/quchen/prettyprinter";
|
|
||||||
description = "A modern, easy to use, well-documented, extensible pretty-printer";
|
|
||||||
license = stdenv.lib.licenses.bsd2;
|
|
||||||
}
|
|
@ -1,7 +1,9 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs.git",
|
"url": "https://github.com/NixOS/nixpkgs.git",
|
||||||
"rev": "8f3ca4ec1686251bab083c37d0a4e96f45bc495f",
|
"rev": "2cd2e7267e5b9a960c2997756cb30e86f0958a6b",
|
||||||
"date": "2019-12-10T15:32:27-05:00",
|
"date": "2020-06-23T09:46:29+03:00",
|
||||||
"sha256": "0f09m8kp6akxx8m6z9iw95njsja37ihhkwpldmh24zvgaclgv5qj",
|
"sha256": "0ir3rk776wldyjz6l6y5c5fs8lqk95gsik6w45wxgk6zdpsvhrn5",
|
||||||
"fetchSubmodules": false
|
"fetchSubmodules": false,
|
||||||
|
"deepClone": false,
|
||||||
|
"leaveDotGit": false
|
||||||
}
|
}
|
||||||
|
@ -109,8 +109,6 @@ let
|
|||||||
previous = old.overrides or (_: _: {});
|
previous = old.overrides or (_: _: {});
|
||||||
|
|
||||||
packages = pkgsNew.haskell.lib.packageSourceOverrides {
|
packages = pkgsNew.haskell.lib.packageSourceOverrides {
|
||||||
dhall-json = "1.5.0";
|
|
||||||
|
|
||||||
dhall-kubernetes-generator = ../dhall-kubernetes-generator;
|
dhall-kubernetes-generator = ../dhall-kubernetes-generator;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -119,20 +117,16 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
manual = haskellPackagesNew: haskellPackagesOld: {
|
manual = haskellPackagesNew: haskellPackagesOld: {
|
||||||
dhall = pkgsNew.haskell.lib.dontCheck haskellPackagesOld.dhall;
|
dhall = haskellPackagesOld.dhall_1_33_0;
|
||||||
|
|
||||||
dhall-json =
|
dhall-json = haskellPackagesOld.dhall-json_1_7_0;
|
||||||
pkgsNew.haskell.lib.dontCheck haskellPackagesOld.dhall-json;
|
|
||||||
|
|
||||||
prettyprinter =
|
|
||||||
pkgsNew.haskell.lib.dontCheck haskellPackagesOld.prettyprinter;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
pkgsNew.lib.fold pkgsNew.lib.composeExtensions (_: _: {})
|
pkgsNew.lib.fold pkgsNew.lib.composeExtensions (_: _: {})
|
||||||
[ previous
|
[ previous
|
||||||
packages
|
packages
|
||||||
packagesFromDirectory
|
# packagesFromDirectory
|
||||||
manual
|
manual
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user