Skip to content

Latest commit

 

History

History
100 lines (70 loc) · 3.84 KB

k8s_namespace.md

File metadata and controls

100 lines (70 loc) · 3.84 KB

k8s_namespace

k8s_namespace(name, gcp_gke_project, gcp_sa, gcp_sa_project, kubernetes_context, kubernetes_sa,
              namespace_name, workload_identity_namespace)

Create a kubernetes namespace in a kubernetes cluster with workload identity support. You can also configure GKE Workload Identity with it.

To load the rule use:

load("//k8s:defs.bzl", "k8s_namespace")

You can annotate the kubernetes namespace with a kubernetes service account, and bind the service account with gcp workload identity.

This rule uses kubectl client to create and annotate the kubernetes namespace and gcloud sdk to create the bindings between the kubernetes service account and the gcp workload identity user.

This rule builds an executable. Use run instead of build to be create the namespace.

load("//k8s:defs.bzl", "k8s_namespace")

k8s_namespace(
    name = "namespace",
    namespace_name = "ft-sesame-${DEPLOY_BRANCH}",
    kubernetes_sa = "default",
    gcp_sa_project = "mm-odissey-dev",
    gcp_sa = "odissey-dev@mm-odissey-dev.iam.gserviceaccount.com",
    gcp_gke_project = "mm-k8s-dev-01",
    workload_identity_namespace = "mm-k8s-dev-01.svc.id.goog",
    kubernetes_context = "mm-k8s-context",
)

You can use k8s_namespace in combination with helm_release trough napesmace_dep attribute.

Example of use with helm_release:

  load("//k8s:defs.bzl", "k8s_namespace")

  k8s_namespace(
    name = "test-namespace",
    namespace_name = "test-namespace",
    kubernetes_sa = "test-kubernetes-sa",
    kubernetes_context = "mm-k8s-context",
  )
  helm_release(
      name = "chart_install",
      chart = ":chart",
      namespace_dep = ":test-namespace",
      tiller_namespace = "tiller-system",
      release_name = "release-name",
      values_yaml = glob(["charts/myapp/values.yaml"]),
      kubernetes_context = "mm-k8s-context",
  )

ATTRIBUTES

Name Description Type Mandatory Default
name A unique name for this target. Name required
gcp_gke_project - String optional ""
gcp_sa GCP Service Account in e-mail format. String optional ""
gcp_sa_project CP project name where Service Account lives. String optional ""
kubernetes_context - String optional ""
kubernetes_sa Kubernetes Service Account to associate with Workload Identity. String optional ""
namespace_name Name of the namespace to be created. String required
workload_identity_namespace Workload Identity Namespace e.g clustername.svc.id.goog String optional ""

NamespaceDataInfo

NamespaceDataInfo(namespace)

FIELDS

Name Description
namespace (Undocumented)