diff --git a/api/v1alpha1/cozystackresourcedefinitions_types.go b/api/v1alpha1/cozystackresourcedefinitions_types.go index c318318f..989440ee 100644 --- a/api/v1alpha1/cozystackresourcedefinitions_types.go +++ b/api/v1alpha1/cozystackresourcedefinitions_types.go @@ -103,6 +103,7 @@ type CozystackResourceDefinitionRelease struct { // The resourceNames field supports Go templates with the following variables available: // - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) // - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) +// - {{ .namespace }}: The namespace of the resource being processed // // Example YAML: // secrets: diff --git a/internal/lineagecontrollerwebhook/matcher.go b/internal/lineagecontrollerwebhook/matcher.go index 66d88082..1a21f5ca 100644 --- a/internal/lineagecontrollerwebhook/matcher.go +++ b/internal/lineagecontrollerwebhook/matcher.go @@ -2,32 +2,35 @@ package lineagecontrollerwebhook import ( "bytes" + "context" "text/template" cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "sigs.k8s.io/controller-runtime/pkg/log" ) // matchName checks if the provided name matches any of the resource names in the array. // Each entry in resourceNames is treated as a Go template that gets rendered using the passed context. // A nil resourceNames array matches any string. -func matchName(name string, context map[string]string, resourceNames []string) bool { +func matchName(ctx context.Context, name string, templateContext map[string]string, resourceNames []string) bool { if resourceNames == nil { return true } + logger := log.FromContext(ctx) for _, templateStr := range resourceNames { tmpl, err := template.New("resourceName").Parse(templateStr) if err != nil { - // TODO: emit warning if error + logger.Error(err, "failed to parse resource name template", "template", templateStr) continue } var buf bytes.Buffer - err = tmpl.Execute(&buf, context) + err = tmpl.Execute(&buf, templateContext) if err != nil { - // TODO: emit warning if error + logger.Error(err, "failed to execute resource name template", "template", templateStr, "context", templateContext) continue } @@ -39,31 +42,31 @@ func matchName(name string, context map[string]string, resourceNames []string) b return false } -func matchResourceToSelector(name string, ctx, l map[string]string, s *cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { - // TODO: emit warning if error +func matchResourceToSelector(ctx context.Context, name string, templateContext, l map[string]string, s *cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { sel, err := metav1.LabelSelectorAsSelector(&s.LabelSelector) if err != nil { + log.FromContext(ctx).Error(err, "failed to convert label selector to selector") return false } labelMatches := sel.Matches(labels.Set(l)) - nameMatches := matchName(name, ctx, s.ResourceNames) + nameMatches := matchName(ctx, name, templateContext, s.ResourceNames) return labelMatches && nameMatches } -func matchResourceToSelectorArray(name string, ctx, l map[string]string, ss []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { +func matchResourceToSelectorArray(ctx context.Context, name string, templateContext, l map[string]string, ss []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { for _, s := range ss { - if matchResourceToSelector(name, ctx, l, s) { + if matchResourceToSelector(ctx, name, templateContext, l, s) { return true } } return false } -func matchResourceToExcludeInclude(name string, ctx, l map[string]string, ex, in []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { - if matchResourceToSelectorArray(name, ctx, l, ex) { +func matchResourceToExcludeInclude(ctx context.Context, name string, templateContext, l map[string]string, ex, in []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { + if matchResourceToSelectorArray(ctx, name, templateContext, l, ex) { return false } - if matchResourceToSelectorArray(name, ctx, l, in) { + if matchResourceToSelectorArray(ctx, name, templateContext, l, in) { return true } return false diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index aa41089d..fb7647fd 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -134,8 +134,9 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc "apps.cozystack.io/application.name": obj.GetName(), } templateLabels := map[string]string{ - "kind": strings.ToLower(obj.GetKind()), - "name": obj.GetName(), + "kind": strings.ToLower(obj.GetKind()), + "name": obj.GetName(), + "namespace": o.GetNamespace(), } if o.GetAPIVersion() != "v1" || o.GetKind() != "Secret" { return labels, err @@ -149,7 +150,7 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc return corev1alpha1.TenantResourceLabelValue } return "false" - }(matchResourceToExcludeInclude(o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) + }(matchResourceToExcludeInclude(ctx, o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) return labels, err } diff --git a/packages/apps/rabbitmq/templates/rabbitmq.yaml b/packages/apps/rabbitmq/templates/rabbitmq.yaml index 7708a3af..b111285e 100644 --- a/packages/apps/rabbitmq/templates/rabbitmq.yaml +++ b/packages/apps/rabbitmq/templates/rabbitmq.yaml @@ -58,6 +58,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $.Release.Name }}-{{ kebabcase $user }}-credentials + labels: + apps.cozystack.io/user-secret: "true" type: Opaque stringData: username: {{ $user }} diff --git a/packages/extra/info/templates/dashboard-resourcemap.yaml b/packages/extra/info/templates/dashboard-resourcemap.yaml index fda98c9f..39da1b37 100644 --- a/packages/extra/info/templates/dashboard-resourcemap.yaml +++ b/packages/extra/info/templates/dashboard-resourcemap.yaml @@ -10,11 +10,11 @@ rules: resources: - secrets resourceNames: - - {{- if eq $oidcEnabled "true" -}} - kubeconfig-{{ .Release.Namespace }} - {{- else -}} - tenant-{{ .Release.Namespace }} - {{- end }} + {{- if eq $oidcEnabled "true" }} + - kubeconfig-{{ .Release.Namespace }} + {{- else }} + - {{ .Release.Namespace }} + {{- end }} verbs: ["get", "list", "watch"] --- kind: RoleBinding diff --git a/packages/system/cozystack-api/cozyrds/bootbox.yaml b/packages/system/cozystack-api/cozyrds/bootbox.yaml index 579d3dec..3235e3cc 100644 --- a/packages/system/cozystack-api/cozyrds/bootbox.yaml +++ b/packages/system/cozystack-api/cozyrds/bootbox.yaml @@ -30,4 +30,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "whitelistHTTP"], ["spec", "whitelist"], ["spec", "machines"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/bucket.yaml b/packages/system/cozystack-api/cozyrds/bucket.yaml index 8bb57046..d8f5b20b 100644 --- a/packages/system/cozystack-api/cozyrds/bucket.yaml +++ b/packages/system/cozystack-api/cozyrds/bucket.yaml @@ -31,4 +31,7 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - bucket-{{ .name }} + - bucket-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/clickhouse.yaml b/packages/system/cozystack-api/cozyrds/clickhouse.yaml index 5862326e..b41d44e8 100644 --- a/packages/system/cozystack-api/cozyrds/clickhouse.yaml +++ b/packages/system/cozystack-api/cozyrds/clickhouse.yaml @@ -29,4 +29,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "shards"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "logStorageSize"], ["spec", "logTTL"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"], ["spec", "clickhouseKeeper"], ["spec", "clickhouseKeeper", "enabled"], ["spec", "clickhouseKeeper", "size"], ["spec", "clickhouseKeeper", "resourcesPreset"], ["spec", "clickhouseKeeper", "replicas"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - clickhouse-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/etcd.yaml b/packages/system/cozystack-api/cozyrds/etcd.yaml index dc67a07b..e27aba33 100644 --- a/packages/system/cozystack-api/cozyrds/etcd.yaml +++ b/packages/system/cozystack-api/cozyrds/etcd.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resources", "cpu"], ["spec", "resources", "memory"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/ferretdb.yaml b/packages/system/cozystack-api/cozyrds/ferretdb.yaml index 976e35d6..9afce618 100644 --- a/packages/system/cozystack-api/cozyrds/ferretdb.yaml +++ b/packages/system/cozystack-api/cozyrds/ferretdb.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "quorum"], ["spec", "quorum", "minSyncReplicas"], ["spec", "quorum", "maxSyncReplicas"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "schedule"], ["spec", "backup", "retentionPolicy"], ["spec", "backup", "endpointURL"], ["spec", "backup", "destinationPath"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "bootstrap"], ["spec", "bootstrap", "enabled"], ["spec", "bootstrap", "recoveryTime"], ["spec", "bootstrap", "oldName"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - ferretdb-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/http-cache.yaml b/packages/system/cozystack-api/cozyrds/http-cache.yaml index ca05dc81..583d8fa8 100644 --- a/packages/system/cozystack-api/cozyrds/http-cache.yaml +++ b/packages/system/cozystack-api/cozyrds/http-cache.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "endpoints"], ["spec", "haproxy"], ["spec", "haproxy", "replicas"], ["spec", "haproxy", "resources"], ["spec", "haproxy", "resourcesPreset"], ["spec", "nginx"], ["spec", "nginx", "replicas"], ["spec", "nginx", "resources"], ["spec", "nginx", "resourcesPreset"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/info.yaml b/packages/system/cozystack-api/cozyrds/info.yaml index cb17a653..43cda091 100644 --- a/packages/system/cozystack-api/cozyrds/info.yaml +++ b/packages/system/cozystack-api/cozyrds/info.yaml @@ -31,4 +31,7 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - kubeconfig-{{ .namespace }} + - "{{ .namespace }}" diff --git a/packages/system/cozystack-api/cozyrds/ingress.yaml b/packages/system/cozystack-api/cozyrds/ingress.yaml index f23ea218..84263b43 100644 --- a/packages/system/cozystack-api/cozyrds/ingress.yaml +++ b/packages/system/cozystack-api/cozyrds/ingress.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "whitelist"], ["spec", "cloudflareProxy"], ["spec", "resources"], ["spec", "resourcesPreset"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/kafka.yaml b/packages/system/cozystack-api/cozyrds/kafka.yaml index 5d8c775d..7c4820cb 100644 --- a/packages/system/cozystack-api/cozyrds/kafka.yaml +++ b/packages/system/cozystack-api/cozyrds/kafka.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "topics"], ["spec", "kafka"], ["spec", "kafka", "replicas"], ["spec", "kafka", "resources"], ["spec", "kafka", "resourcesPreset"], ["spec", "kafka", "size"], ["spec", "kafka", "storageClass"], ["spec", "zookeeper"], ["spec", "zookeeper", "replicas"], ["spec", "zookeeper", "resources"], ["spec", "zookeeper", "resourcesPreset"], ["spec", "zookeeper", "size"], ["spec", "zookeeper", "storageClass"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - kafka-{{ .name }}-clients-ca diff --git a/packages/system/cozystack-api/cozyrds/kubernetes.yaml b/packages/system/cozystack-api/cozyrds/kubernetes.yaml index 56aa3ea8..f7f32be7 100644 --- a/packages/system/cozystack-api/cozyrds/kubernetes.yaml +++ b/packages/system/cozystack-api/cozyrds/kubernetes.yaml @@ -31,4 +31,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "storageClass"], ["spec", "version"], ["spec", "host"], ["spec", "nodeGroups"], ["spec", "nodeGroups", "md0"], ["spec", "nodeGroups", "md0", "minReplicas"], ["spec", "nodeGroups", "md0", "maxReplicas"], ["spec", "nodeGroups", "md0", "instanceType"], ["spec", "nodeGroups", "md0", "ephemeralStorage"], ["spec", "nodeGroups", "md0", "roles"], ["spec", "nodeGroups", "md0", "resources"], ["spec", "nodeGroups", "md0", "gpus"], ["spec", "addons"], ["spec", "addons", "certManager"], ["spec", "addons", "certManager", "enabled"], ["spec", "addons", "certManager", "valuesOverride"], ["spec", "addons", "cilium"], ["spec", "addons", "cilium", "valuesOverride"], ["spec", "addons", "gatewayAPI"], ["spec", "addons", "gatewayAPI", "enabled"], ["spec", "addons", "ingressNginx"], ["spec", "addons", "ingressNginx", "enabled"], ["spec", "addons", "ingressNginx", "exposeMethod"], ["spec", "addons", "ingressNginx", "hosts"], ["spec", "addons", "ingressNginx", "valuesOverride"], ["spec", "addons", "gpuOperator"], ["spec", "addons", "gpuOperator", "enabled"], ["spec", "addons", "gpuOperator", "valuesOverride"], ["spec", "addons", "fluxcd"], ["spec", "addons", "fluxcd", "enabled"], ["spec", "addons", "fluxcd", "valuesOverride"], ["spec", "addons", "monitoringAgents"], ["spec", "addons", "monitoringAgents", "enabled"], ["spec", "addons", "monitoringAgents", "valuesOverride"], ["spec", "addons", "verticalPodAutoscaler"], ["spec", "addons", "verticalPodAutoscaler", "valuesOverride"], ["spec", "addons", "velero"], ["spec", "addons", "velero", "enabled"], ["spec", "addons", "velero", "valuesOverride"], ["spec", "addons", "coredns"], ["spec", "addons", "coredns", "valuesOverride"], ["spec", "controlPlane"], ["spec", "controlPlane", "replicas"], ["spec", "controlPlane", "apiServer"], ["spec", "controlPlane", "apiServer", "resources"], ["spec", "controlPlane", "apiServer", "resourcesPreset"], ["spec", "controlPlane", "controllerManager"], ["spec", "controlPlane", "controllerManager", "resourcesPreset"], ["spec", "controlPlane", "controllerManager", "resources"], ["spec", "controlPlane", "scheduler"], ["spec", "controlPlane", "scheduler", "resourcesPreset"], ["spec", "controlPlane", "scheduler", "resources"], ["spec", "controlPlane", "konnectivity"], ["spec", "controlPlane", "konnectivity", "server"], ["spec", "controlPlane", "konnectivity", "server", "resourcesPreset"], ["spec", "controlPlane", "konnectivity", "server", "resources"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - kubernetes-{{ .name }}-admin-kubeconfig diff --git a/packages/system/cozystack-api/cozyrds/mysql.yaml b/packages/system/cozystack-api/cozyrds/mysql.yaml index fbfa836b..ed1d20a7 100644 --- a/packages/system/cozystack-api/cozyrds/mysql.yaml +++ b/packages/system/cozystack-api/cozyrds/mysql.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "databases"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - mysql-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/nats.yaml b/packages/system/cozystack-api/cozyrds/nats.yaml index 3b83f880..b406b439 100644 --- a/packages/system/cozystack-api/cozyrds/nats.yaml +++ b/packages/system/cozystack-api/cozyrds/nats.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "jetstream"], ["spec", "jetstream", "enabled"], ["spec", "jetstream", "size"], ["spec", "config"], ["spec", "config", "merge"], ["spec", "config", "resolver"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - nats-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/postgres.yaml b/packages/system/cozystack-api/cozyrds/postgres.yaml index eebd3e3a..12e3c9a8 100644 --- a/packages/system/cozystack-api/cozyrds/postgres.yaml +++ b/packages/system/cozystack-api/cozyrds/postgres.yaml @@ -40,5 +40,4 @@ spec: exclude: [] include: - resourceNames: - - postgres-{{ .name }}-app - postgres-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml index 2f09d9db..28844a4b 100644 --- a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml +++ b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml @@ -30,4 +30,8 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "vhosts"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - rabbitmq-{{ .name }}-default-user + - matchLabels: + apps.cozystack.io/user-secret: "true" diff --git a/packages/system/cozystack-api/cozyrds/redis.yaml b/packages/system/cozystack-api/cozyrds/redis.yaml index 261da934..0c502370 100644 --- a/packages/system/cozystack-api/cozyrds/redis.yaml +++ b/packages/system/cozystack-api/cozyrds/redis.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "authEnabled"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - redis-{{ .name }}-auth diff --git a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml index fb51db19..3d3119e1 100644 --- a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml +++ b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "topology"], ["spec", "replicationFactor"], ["spec", "db"], ["spec", "db", "replicas"], ["spec", "db", "size"], ["spec", "db", "storageClass"], ["spec", "db", "resources"], ["spec", "db", "resourcesPreset"], ["spec", "master"], ["spec", "master", "replicas"], ["spec", "master", "resources"], ["spec", "master", "resourcesPreset"], ["spec", "filer"], ["spec", "filer", "replicas"], ["spec", "filer", "resources"], ["spec", "filer", "resourcesPreset"], ["spec", "filer", "grpcHost"], ["spec", "filer", "grpcPort"], ["spec", "filer", "whitelist"], ["spec", "volume"], ["spec", "volume", "replicas"], ["spec", "volume", "size"], ["spec", "volume", "storageClass"], ["spec", "volume", "resources"], ["spec", "volume", "resourcesPreset"], ["spec", "volume", "zones"], ["spec", "s3"], ["spec", "s3", "replicas"], ["spec", "s3", "resources"], ["spec", "s3", "resourcesPreset"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml b/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml index f32eb06a..a8544ff4 100644 --- a/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml +++ b/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml @@ -30,4 +30,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "httpAndHttps"], ["spec", "httpAndHttps", "mode"], ["spec", "httpAndHttps", "targetPorts"], ["spec", "httpAndHttps", "targetPorts", "http"], ["spec", "httpAndHttps", "targetPorts", "https"], ["spec", "httpAndHttps", "endpoints"], ["spec", "whitelistHTTP"], ["spec", "whitelist"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/tenant.yaml b/packages/system/cozystack-api/cozyrds/tenant.yaml index da4efabf..25c3a92a 100644 --- a/packages/system/cozystack-api/cozyrds/tenant.yaml +++ b/packages/system/cozystack-api/cozyrds/tenant.yaml @@ -28,4 +28,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "seaweedfs"], ["spec", "isolated"], ["spec", "resourceQuotas"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/virtual-machine.yaml b/packages/system/cozystack-api/cozyrds/virtual-machine.yaml index 0c4377b6..f786678e 100644 --- a/packages/system/cozystack-api/cozyrds/virtual-machine.yaml +++ b/packages/system/cozystack-api/cozyrds/virtual-machine.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "systemDisk"], ["spec", "systemDisk", "image"], ["spec", "systemDisk", "storage"], ["spec", "systemDisk", "storageClass"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/vm-disk.yaml b/packages/system/cozystack-api/cozyrds/vm-disk.yaml index a9893506..66a2e940 100644 --- a/packages/system/cozystack-api/cozyrds/vm-disk.yaml +++ b/packages/system/cozystack-api/cozyrds/vm-disk.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "source"], ["spec", "optical"], ["spec", "storage"], ["spec", "storageClass"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/vm-instance.yaml b/packages/system/cozystack-api/cozyrds/vm-instance.yaml index 384a7cf8..b120c720 100644 --- a/packages/system/cozystack-api/cozyrds/vm-instance.yaml +++ b/packages/system/cozystack-api/cozyrds/vm-instance.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "disks"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/vpn.yaml b/packages/system/cozystack-api/cozyrds/vpn.yaml index 723ae66c..ca9e187d 100644 --- a/packages/system/cozystack-api/cozyrds/vpn.yaml +++ b/packages/system/cozystack-api/cozyrds/vpn.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "host"], ["spec", "users"], ["spec", "externalIPs"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - vpn-{{ .name }}-urls diff --git a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml index 13aaf89d..4c221281 100644 --- a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml +++ b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml @@ -188,6 +188,7 @@ spec: The resourceNames field supports Go templates with the following variables available: - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed Example YAML: secrets: @@ -269,6 +270,7 @@ spec: The resourceNames field supports Go templates with the following variables available: - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed Example YAML: secrets: diff --git a/packages/system/dashboard/templates/keycloakclient.yaml b/packages/system/dashboard/templates/keycloakclient.yaml index 2779b2d8..55ebc5d5 100644 --- a/packages/system/dashboard/templates/keycloakclient.yaml +++ b/packages/system/dashboard/templates/keycloakclient.yaml @@ -45,6 +45,8 @@ data: --- +{{- if .Capabilities.APIVersions.Has "v1.edp.epam.com/v1" }} +--- apiVersion: v1.edp.epam.com/v1 kind: KeycloakClient metadata: @@ -71,3 +73,4 @@ spec: {{- range $i, $v := $extraRedirectUris }} - "{{ $v }}" {{- end }} +{{- end }} diff --git a/pkg/lineage/lineage_test.go b/pkg/lineage/lineage_test.go index 7ae2a00c..a705f26c 100644 --- a/pkg/lineage/lineage_test.go +++ b/pkg/lineage/lineage_test.go @@ -46,7 +46,7 @@ func TestWalkingOwnershipGraph(t *testing.T) { if err != nil { t.Fatal(err) } - nodes := WalkOwnershipGraph(ctx, dynClient, mapper, obj) + nodes := WalkOwnershipGraph(ctx, dynClient, mapper, &stubMapper{}, obj) for _, node := range nodes { fmt.Printf("%#v\n", node) }