From 273eef1e4c56c15b3a27e4cdbc8f055315232b11 Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Wed, 31 Jul 2019 11:08:09 -0500 Subject: [PATCH] @ihcsim feedback and: - I moved `Identity` from `Proxy` to `InjectValues`, according to `values.yaml` - In both `Proxy` and `ProxyInit` I replaced `MountPaths []*MountPath` with `SAMountPath *SAMountPath` given we're only adding a mount for the ServiceAccount so no need of a slice here - I created a separate `Issuer` struct to be able to instantiate that piece Signed-off-by: Alejandro Pedraza --- pkg/inject/template-values.go | 92 +++++++++++++++++++++++------------ 1 file changed, 60 insertions(+), 32 deletions(-) diff --git a/pkg/inject/template-values.go b/pkg/inject/template-values.go index 45ca50dbcd186..a34b3d94f05db 100644 --- a/pkg/inject/template-values.go +++ b/pkg/inject/template-values.go @@ -1,6 +1,42 @@ package inject type ( + // InjectValues contains the top-level elements in the Helm charts + InjectValues struct { + Namespace string + ClusterDomain string + HighAvailability bool + Identity *Identity + + Proxy *Proxy + ProxyInit *ProxyInit + } + + // Proxy contains the fields to set the proxy sidecar container + Proxy struct { + Capabilities *Capabilities + Component string + DisableIdentity bool + DisableTap bool + EnableExternalProfile bool + Image *Image + LogLevel string + SAMountPath *SAMountPath + Ports *Ports + Resources *Resources + UID int64 + } + + // ProxyInit contains the fields to set the proxy-init container + ProxyInit struct { + Capabilities *Capabilities + IgnoreInboundPorts string + IgnoreOutboundPorts string + Image Image + SAMountPath *SAMountPath + Resources *Resources + } + // Image contains the details to define a container image Image struct { Name string @@ -8,14 +44,12 @@ type ( Version string } - // Port contains all the port-related setups - Port struct { - Admin int32 - Control int32 - Inbound int32 - Outbound int32 - IgnoreInboundPorts string - IgnoreOutboundPorts string + // Ports contains all the port-related setups + Ports struct { + Admin int32 + Control int32 + Inbound int32 + Outbound int32 } // Constraints wraps the Limit and Request settings for computational resources @@ -24,6 +58,19 @@ type ( Request string } + // Capabilities contains the SecurityContext capabilities to add/drop into the injected + // containers + Capabilities struct { + Add []string + Drop []string + } + + // SAMountPath contains the details for ServiceAccount volume mount + SAMountPath struct { + Name string + MountPath string + } + // Resources represents the computational resources setup for a given container Resources struct { CPU Constraints @@ -33,31 +80,12 @@ type ( // Identity contains the fields to set the identity variables in the proxy // sidecar container Identity struct { - TrustDomain string - TrustAnchors string + Issuer Issuer + TrustDomain string } - // Proxy contains the fields to set the proxy sidecar container - Proxy struct { - Component string - ClusterDomain string - DisableIdentity bool - EnableExternalProfile bool - HighAvailability bool - Identity *Identity - Image Image - LogLevel string - ControlPlaneNamespace string - Port Port - UID int64 - ResourceRequirements *Resources - } - - // ProxyInit contains the fields to set the proxy-init container - ProxyInit struct { - Image Image - Port Port - UID int64 - ResourceRequirements *Resources + // Issuer contains the trust root certificate for Identity + Issuer struct { + CrtPEM string } )