x95castle1/01-overlay.yaml

## 01-overlay.yaml
#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")
#@ load("@ytt:yaml", "yaml")

#@ def convention_template():
kind: ClusterConfigTemplate
metadata:
  name: convention-template
#@ end

#@overlay/match by=overlay.subset (convention_template())
---
spec:
  #@overlay/replace via=lambda left, right: left + right
  ytt: "\n      #@ if hasattr(data.values.workload.metadata, \"labels\") and hasattr(data.values.workload.metadata.labels, \"apps.tanzu.vmware.com/workload-type\") and data.values.workload.metadata.labels[\"apps.tanzu.vmware.com/workload-type\"] != \"web\":\n      topologySpreadConstraints:\n      - maxSkew: 1\n        whenUnsatisfiable: ScheduleAnyway \n        topologyKey: topology.kubernetes.io/zone\n        labelSelector:\n          matchLabels: #@ merge_labels({ \"app.kubernetes.io/component\": \"run\", \"carto.run/workload-name\": data.values.workload.metadata.name })\n      #@ end"

## 02-clusterconfigtemplate.yaml
#@ load("@ytt:data", "data")
#@ load("@ytt:json", "json")

---
apiVersion: carto.run/v1alpha1
kind: ClusterConfigTemplate
metadata:
  name: convention-template
spec:
  params:
    - name: serviceAccount
      default: default
    - name: ports
      default:
      - containerPort: 8080
        port: 8080

  configPath: .status.template

  healthRule:
    singleConditionType: Ready


  #@ label_exclusions = "[\"" + "\", \"".join(["kapp.k14s.io/app", "kapp.k14s.io/association"]) + "\"]"

  #@yaml/text-templated-strings
  ytt: |
    #@ load("@ytt:data", "data")
    #@ load("@ytt:assert", "assert")

    #@ def param(key):
    #@   if not key in data.values.params:
    #@     return None
    #@   end
    #@   return data.values.params[key]
    #@ end

    #@ def maven_param(key):
    #@   if not key in data.values.params["maven"]:
    #@     return None
    #@   end
    #@   return data.values.params["maven"][key]
    #@ end

    #@ def maven_repository_url():
    #@   if maven_param("repository") and "url" in maven_param("repository"):
    #@     return maven_param("repository")["url"]
    #@   elif param("maven_repository_url"):
    #@     return param("maven_repository_url")
    #@   else:
    #@     return None
    #@   end
    #@ end

    #@ def merge_labels(fixed_values):
    #@   labels = {}
    #@   if hasattr(data.values.workload.metadata, "labels"):
    #@     exclusions = (@= label_exclusions @)
    #@     for k,v in dict(data.values.workload.metadata.labels).items():
    #@       if k not in exclusions:
    #@         labels[k] = v
    #@       end
    #@     end
    #@   end
    #@   labels.update(fixed_values)
    #@   return labels
    #@ end

    #@ def build_fixed_annotations():
    #@   fixed_annotations = { "developer.conventions/target-containers": "workload", "apps.tanzu.vmware.com/correlationid": correlationId() }
    #@   if param("debug"):
    #@     fixed_annotations["apps.tanzu.vmware.com/debug"] = param("debug")
    #@   end
    #@   if param("live-update"):
    #@     fixed_annotations["apps.tanzu.vmware.com/live-update"] = param("live-update")
    #@   end
    #@   return fixed_annotations
    #@ end

    #@ def merge_annotations(fixed_values):
    #@   annotations = {}
    #@   if hasattr(data.values.workload.metadata, "annotations"):
    #@     # DEPRECATED: remove in a future release
    #@     annotations.update(data.values.workload.metadata.annotations)
    #@   end
    #@   if type(param("annotations")) == "dict" or type(param("annotations")) == "struct":
    #@     annotations.update(param("annotations"))
    #@   end
    #@   annotations.update(fixed_values)
    #@   return annotations
    #@ end

    #@ def isWorkloadType(type):
    #@   return data.values.workload.metadata.labels["apps.tanzu.vmware.com/workload-type"] == type
    #@ end

    #@ def correlationId():
    #@   if hasattr(data.values.workload, "annotations") and hasattr(data.values.workload.annotations, "apps.tanzu.vmware.com/correlationid"):
    #@     return data.values.workload.annotations["apps.tanzu.vmware.com/correlationid"]
    #@   end
    #@   url = ""
    #@   if hasattr(data.values.workload.spec, "source"):
    #@     if hasattr(data.values.workload.spec.source, "git"):
    #@       url = data.values.workload.spec.source.git.url
    #@     elif hasattr(data.values.workload.spec.source, "image"):
    #@       url = data.values.workload.spec.source.image.split("@")[0]
    #@     end
    #@     url = url + "?sub_path=" + getattr(data.values.workload.spec.source, "subPath", "/")
    #@   end
    #@   if param("maven"):
    #@     url = maven_repository_url() + "/" + maven_param("groupId").replace(".", "/") + "/" + maven_param("artifactId")
    #@   end
    #@   if hasattr(data.values.workload.spec, "image"):
    #@     url = data.values.workload.spec.image.split("@",1)[0]
    #@     url = url.split(":",1)[0]
    #@   end
    #@   return url
    #@ end

    apiVersion: conventions.carto.run/v1alpha1
    kind: PodIntent
    metadata:
      name: #@ data.values.workload.metadata.name
      labels: #@ merge_labels({ "app.kubernetes.io/component": "intent" })
    spec:
      serviceAccountName: #@ data.values.params.serviceAccount
      template:
        metadata:
          annotations: #@ merge_annotations(build_fixed_annotations())
          labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name })
        spec:
          serviceAccountName: #@ data.values.params.serviceAccount
          containers:
            - name: workload
              image: #@ data.values.image
              securityContext:
                allowPrivilegeEscalation: false
                runAsUser: 1000
                runAsNonRoot: true
                capabilities:
                  drop:
                  - ALL
                seccompProfile:
                  type: RuntimeDefault
              #! apply ports configuration for server workloads only
              #@ if hasattr(data.values.workload.metadata, "labels") and isWorkloadType("server"):
              #@ hasattr(data.values.params, "ports") and len(data.values.params.ports) or assert.fail("one or more ports param must be provided.")
              ports:
              #@ for p in data.values.params.ports:
              #@   cp = getattr(p, "containerPort", p.port)
              #@   type(cp) in ("string", "int") or fail("containerPort must be a string or int")
              - containerPort: #@ int(cp)
              #@ end
              #@ end
              #@ if hasattr(data.values.workload.spec, "env"):
              env:
                #@ for var in data.values.workload.spec.env:
                - name: #@ var.name
                  #@ if/end hasattr(var, "value"):
                  value: #@ var.value
                  #@ if/end hasattr(var, "valueFrom"):
                  valueFrom: #@ var.valueFrom
                #@ end
              #@ end
              #@ if/end hasattr(data.values.workload.spec, "resources"):
              resources: #@ data.values.workload.spec["resources"]
	#@ load("@ytt:overlay", "overlay")
	#@ load("@ytt:data", "data")
	#@ load("@ytt:yaml", "yaml")

	#@ def convention_template():
	kind: ClusterConfigTemplate
	metadata:
	name: convention-template
	#@ end

	#@overlay/match by=overlay.subset (convention_template())
	---
	spec:
	#@overlay/replace via=lambda left, right: left + right
	ytt: "\n #@ if hasattr(data.values.workload.metadata, \"labels\") and hasattr(data.values.workload.metadata.labels, \"apps.tanzu.vmware.com/workload-type\") and data.values.workload.metadata.labels[\"apps.tanzu.vmware.com/workload-type\"] != \"web\":\n topologySpreadConstraints:\n - maxSkew: 1\n whenUnsatisfiable: ScheduleAnyway \n topologyKey: topology.kubernetes.io/zone\n labelSelector:\n matchLabels: #@ merge_labels({ \"app.kubernetes.io/component\": \"run\", \"carto.run/workload-name\": data.values.workload.metadata.name })\n #@ end"
	#@ load("@ytt:data", "data")
	#@ load("@ytt:json", "json")

	---
	apiVersion: carto.run/v1alpha1
	kind: ClusterConfigTemplate
	metadata:
	name: convention-template
	spec:
	params:
	- name: serviceAccount
	default: default
	- name: ports
	default:
	- containerPort: 8080
	port: 8080

	configPath: .status.template

	healthRule:
	singleConditionType: Ready


	#@ label_exclusions = "[\"" + "\", \"".join(["kapp.k14s.io/app", "kapp.k14s.io/association"]) + "\"]"

	#@yaml/text-templated-strings
	ytt: \|
	#@ load("@ytt:data", "data")
	#@ load("@ytt:assert", "assert")

	#@ def param(key):
	#@ if not key in data.values.params:
	#@ return None
	#@ end
	#@ return data.values.params[key]
	#@ end

	#@ def maven_param(key):
	#@ if not key in data.values.params["maven"]:
	#@ return None
	#@ end
	#@ return data.values.params["maven"][key]
	#@ end

	#@ def maven_repository_url():
	#@ if maven_param("repository") and "url" in maven_param("repository"):
	#@ return maven_param("repository")["url"]
	#@ elif param("maven_repository_url"):
	#@ return param("maven_repository_url")
	#@ else:
	#@ return None
	#@ end
	#@ end

	#@ def merge_labels(fixed_values):
	#@ labels = {}
	#@ if hasattr(data.values.workload.metadata, "labels"):
	#@ exclusions = (@= label_exclusions @)
	#@ for k,v in dict(data.values.workload.metadata.labels).items():
	#@ if k not in exclusions:
	#@ labels[k] = v
	#@ end
	#@ end
	#@ end
	#@ labels.update(fixed_values)
	#@ return labels
	#@ end

	#@ def build_fixed_annotations():
	#@ fixed_annotations = { "developer.conventions/target-containers": "workload", "apps.tanzu.vmware.com/correlationid": correlationId() }
	#@ if param("debug"):
	#@ fixed_annotations["apps.tanzu.vmware.com/debug"] = param("debug")
	#@ end
	#@ if param("live-update"):
	#@ fixed_annotations["apps.tanzu.vmware.com/live-update"] = param("live-update")
	#@ end
	#@ return fixed_annotations
	#@ end

	#@ def merge_annotations(fixed_values):
	#@ annotations = {}
	#@ if hasattr(data.values.workload.metadata, "annotations"):
	#@ # DEPRECATED: remove in a future release
	#@ annotations.update(data.values.workload.metadata.annotations)
	#@ end
	#@ if type(param("annotations")) == "dict" or type(param("annotations")) == "struct":
	#@ annotations.update(param("annotations"))
	#@ end
	#@ annotations.update(fixed_values)
	#@ return annotations
	#@ end

	#@ def isWorkloadType(type):
	#@ return data.values.workload.metadata.labels["apps.tanzu.vmware.com/workload-type"] == type
	#@ end

	#@ def correlationId():
	#@ if hasattr(data.values.workload, "annotations") and hasattr(data.values.workload.annotations, "apps.tanzu.vmware.com/correlationid"):
	#@ return data.values.workload.annotations["apps.tanzu.vmware.com/correlationid"]
	#@ end
	#@ url = ""
	#@ if hasattr(data.values.workload.spec, "source"):
	#@ if hasattr(data.values.workload.spec.source, "git"):
	#@ url = data.values.workload.spec.source.git.url
	#@ elif hasattr(data.values.workload.spec.source, "image"):
	#@ url = data.values.workload.spec.source.image.split("@")[0]
	#@ end
	#@ url = url + "?sub_path=" + getattr(data.values.workload.spec.source, "subPath", "/")
	#@ end
	#@ if param("maven"):
	#@ url = maven_repository_url() + "/" + maven_param("groupId").replace(".", "/") + "/" + maven_param("artifactId")
	#@ end
	#@ if hasattr(data.values.workload.spec, "image"):
	#@ url = data.values.workload.spec.image.split("@",1)[0]
	#@ url = url.split(":",1)[0]
	#@ end
	#@ return url
	#@ end

	apiVersion: conventions.carto.run/v1alpha1
	kind: PodIntent
	metadata:
	name: #@ data.values.workload.metadata.name
	labels: #@ merge_labels({ "app.kubernetes.io/component": "intent" })
	spec:
	serviceAccountName: #@ data.values.params.serviceAccount
	template:
	metadata:
	annotations: #@ merge_annotations(build_fixed_annotations())
	labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name })
	spec:
	serviceAccountName: #@ data.values.params.serviceAccount
	containers:
	- name: workload
	image: #@ data.values.image
	securityContext:
	allowPrivilegeEscalation: false
	runAsUser: 1000
	runAsNonRoot: true
	capabilities:
	drop:
	- ALL
	seccompProfile:
	type: RuntimeDefault
	#! apply ports configuration for server workloads only
	#@ if hasattr(data.values.workload.metadata, "labels") and isWorkloadType("server"):
	#@ hasattr(data.values.params, "ports") and len(data.values.params.ports) or assert.fail("one or more ports param must be provided.")
	ports:
	#@ for p in data.values.params.ports:
	#@ cp = getattr(p, "containerPort", p.port)
	#@ type(cp) in ("string", "int") or fail("containerPort must be a string or int")
	- containerPort: #@ int(cp)
	#@ end
	#@ end
	#@ if hasattr(data.values.workload.spec, "env"):
	env:
	#@ for var in data.values.workload.spec.env:
	- name: #@ var.name
	#@ if/end hasattr(var, "value"):
	value: #@ var.value
	#@ if/end hasattr(var, "valueFrom"):
	valueFrom: #@ var.valueFrom
	#@ end
	#@ end
	#@ if/end hasattr(data.values.workload.spec, "resources"):
	resources: #@ data.values.workload.spec["resources"]