Merge pull request #228 from projectsyn/feat/cluster-info-configmap

Deploy configmap containing the cluster's Project Syn ID and tenant ID

Author: simu

class/argocd.yml

@@ -9,6 +9,10 @@ parameters:
         input_type: jsonnet
         input_paths:
           - argocd/component/namespace.jsonnet
+      - output_path: argocd/02_cluster_info/
+        input_type: jsonnet
+        input_paths:
+          - argocd/component/cluster-info.jsonnet
       - output_path: argocd/20_rbac/
         input_type: jsonnet
         input_paths:

component/cluster-info.jsonnet

@@ -0,0 +1,55 @@
+local kap = import 'lib/kapitan.libjsonnet';
+local kube = import 'lib/kube.libjsonnet';
+local inv = kap.inventory();
+local params = inv.parameters.argocd;
+
+local cluster_info_configmap =
+  kube.ConfigMap('cluster-info') {
+    metadata+: {
+      namespace: params.namespace,
+      annotations+: {
+        'syn.tools/description':
+          'The cluster-info config map contains a selection of Project Syn metadata associated with the cluster. All authenticated users can access this configmap.',
+      },
+    },
+    data: {
+      cluster_id: inv.parameters.cluster.name,
+      tenant_id: inv.parameters.cluster.tenant,
+    },
+  };
+
+local cluster_info_configmap_role = kube.Role('cluster-info-access') {
+  metadata+: {
+    namespace: params.namespace,
+  },
+  rules: [
+    {
+      apiGroups: [ '' ],
+      resources: [ 'configmaps' ],
+      resourceNames: [ cluster_info_configmap.metadata.name ],
+      verbs: [ 'get' ],
+    },
+  ],
+};
+
+local cluster_info_configmap_rolebinding = kube.RoleBinding('cluster-info-access') {
+  metadata+: {
+    namespace: params.namespace,
+  },
+  subjects: [
+    {
+      apiGroup: 'rbac.authorization.k8s.io',
+      kind: 'Group',
+      name: 'system:authenticated',
+    },
+  ],
+  roleRef_: cluster_info_configmap_role,
+};
+
+{
+  configmap: cluster_info_configmap,
+  rbac: [
+    cluster_info_configmap_role,
+    cluster_info_configmap_rolebinding,
+  ],
+}

docs/modules/ROOT/pages/references/parameters.adoc

@@ -10,6 +10,13 @@ default:: `syn`
 
 The namespace in which to deploy this component.
 
+[TIP]
+====
+The component deploys a configmap called `cluster-info` in this namespace.
+The configmap contains some Project Syn metadata associated with the cluster.
+All authenticated users (group `system:authenticated`) can read this configmap.
+====
+
 == `distribution`
 
 [horizontal]

tests/golden/defaults/argocd/argocd/02_cluster_info/configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data:
+  cluster_id: c-green-test-1234
+  tenant_id: t-silent-test-1234
+kind: ConfigMap
+metadata:
+  annotations:
+    syn.tools/description: The cluster-info config map contains a selection of Project
+      Syn metadata associated with the cluster. All authenticated users can access
+      this configmap.
+  labels:
+    name: cluster-info
+  name: cluster-info
+  namespace: syn

tests/golden/defaults/argocd/argocd/02_cluster_info/rbac.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+rules:
+  - apiGroups:
+      - ''
+    resourceNames:
+      - cluster-info
+    resources:
+      - configmaps
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cluster-info-access
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:authenticated

tests/golden/https-catalog/argocd/argocd/02_cluster_info/configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data:
+  cluster_id: c-green-test-1234
+  tenant_id: t-silent-test-1234
+kind: ConfigMap
+metadata:
+  annotations:
+    syn.tools/description: The cluster-info config map contains a selection of Project
+      Syn metadata associated with the cluster. All authenticated users can access
+      this configmap.
+  labels:
+    name: cluster-info
+  name: cluster-info
+  namespace: syn

tests/golden/https-catalog/argocd/argocd/02_cluster_info/rbac.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+rules:
+  - apiGroups:
+      - ''
+    resourceNames:
+      - cluster-info
+    resources:
+      - configmaps
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cluster-info-access
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:authenticated

tests/golden/openshift/argocd/argocd/02_cluster_info/configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data:
+  cluster_id: c-green-test-1234
+  tenant_id: t-silent-test-1234
+kind: ConfigMap
+metadata:
+  annotations:
+    syn.tools/description: The cluster-info config map contains a selection of Project
+      Syn metadata associated with the cluster. All authenticated users can access
+      this configmap.
+  labels:
+    name: cluster-info
+  name: cluster-info
+  namespace: syn

tests/golden/openshift/argocd/argocd/02_cluster_info/rbac.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+rules:
+  - apiGroups:
+      - ''
+    resourceNames:
+      - cluster-info
+    resources:
+      - configmaps
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cluster-info-access
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:authenticated

tests/golden/params/argocd/argocd/02_cluster_info/configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data:
+  cluster_id: c-green-test-1234
+  tenant_id: t-silent-test-1234
+kind: ConfigMap
+metadata:
+  annotations:
+    syn.tools/description: The cluster-info config map contains a selection of Project
+      Syn metadata associated with the cluster. All authenticated users can access
+      this configmap.
+  labels:
+    name: cluster-info
+  name: cluster-info
+  namespace: syn

tests/golden/params/argocd/argocd/02_cluster_info/rbac.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+rules:
+  - apiGroups:
+      - ''
+    resourceNames:
+      - cluster-info
+    resources:
+      - configmaps
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cluster-info-access
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:authenticated

tests/golden/prometheus/argocd/argocd/02_cluster_info/configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data:
+  cluster_id: c-green-test-1234
+  tenant_id: t-silent-test-1234
+kind: ConfigMap
+metadata:
+  annotations:
+    syn.tools/description: The cluster-info config map contains a selection of Project
+      Syn metadata associated with the cluster. All authenticated users can access
+      this configmap.
+  labels:
+    name: cluster-info
+  name: cluster-info
+  namespace: syn

tests/golden/prometheus/argocd/argocd/02_cluster_info/rbac.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+rules:
+  - apiGroups:
+      - ''
+    resourceNames:
+      - cluster-info
+    resources:
+      - configmaps
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cluster-info-access
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:authenticated

tests/golden/syn-teams/argocd/argocd/02_cluster_info/configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data:
+  cluster_id: c-green-test-1234
+  tenant_id: t-silent-test-1234
+kind: ConfigMap
+metadata:
+  annotations:
+    syn.tools/description: The cluster-info config map contains a selection of Project
+      Syn metadata associated with the cluster. All authenticated users can access
+      this configmap.
+  labels:
+    name: cluster-info
+  name: cluster-info
+  namespace: syn

tests/golden/syn-teams/argocd/argocd/02_cluster_info/rbac.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+rules:
+  - apiGroups:
+      - ''
+    resourceNames:
+      - cluster-info
+    resources:
+      - configmaps
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: cluster-info-access
+  name: cluster-info-access
+  namespace: syn
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cluster-info-access
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:authenticated