-
Notifications
You must be signed in to change notification settings - Fork 38
/
Copy pathnamespace.ts
190 lines (156 loc) · 4.93 KB
/
namespace.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
import { ApiObject, Lazy } from 'cdk8s';
import { Construct, IConstruct } from 'constructs';
import * as base from './base';
import * as k8s from './imports/k8s';
import * as networkpolicy from './network-policy';
import * as pod from './pod';
/**
* Configuration for selecting namespaces.
*/
export interface NamespaceSelectorConfig {
/**
* A selector to select namespaces by labels.
*/
readonly labelSelector?: pod.LabelSelector;
/**
* A list of names to select namespaces by names.
*/
readonly names?: string[];
}
/**
* Represents an object that can select namespaces.
*/
export interface INamespaceSelector extends IConstruct {
/**
* Return the configuration of this selector.
*/
toNamespaceSelectorConfig(): NamespaceSelectorConfig;
}
/**
* Properties for `Namespace`.
*/
export interface NamespaceProps extends base.ResourceProps {}
/**
* In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster.
* Names of resources need to be unique within a namespace, but not across namespaces.
* Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and
* not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).
*/
export class Namespace extends base.Resource implements INamespaceSelector, networkpolicy.INetworkPolicyPeer {
/**
* @see https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#automatic-labelling
*/
public static readonly NAME_LABEL = 'kubernetes.io/metadata.name';
/**
* @see base.Resource.apiObject
*/
protected readonly apiObject: ApiObject;
public readonly resourceType: string = 'namespaces';
private readonly _pods: pod.Pods;
public constructor(scope: Construct, id: string, props: NamespaceProps = {}) {
super(scope, id);
this.apiObject = new k8s.KubeNamespace(this, 'Resource', {
metadata: props.metadata,
spec: Lazy.any({ produce: () => this._toKube() }),
});
this._pods = pod.Pods.all(this, 'Pods', {
namespaces: Namespaces.select(this, 'Namespaces', { names: [this.name] }),
});
}
/**
* @see INamespaceSelector.toNamespaceSelectorConfig()
*/
public toNamespaceSelectorConfig(): NamespaceSelectorConfig {
return { names: [this.name] };
}
/**
* @see INetworkPolicyPeer.toNetworkPolicyPeerConfig()
*/
public toNetworkPolicyPeerConfig(): networkpolicy.NetworkPolicyPeerConfig {
return this._pods.toNetworkPolicyPeerConfig();
}
/**
* @see INetworkPolicyPeer.toPodSelector()
*/
public toPodSelector(): pod.IPodSelector | undefined {
return this._pods.toPodSelector();
}
/**
* @internal
*/
public _toKube(): k8s.NamespaceSpec {
return {};
}
}
/**
* Options for `Namespaces.select`.
*/
export interface NamespacesSelectOptions {
/**
* Labels the namespaces must have.
* This is equivalent to using an 'Is' selector.
*
* @default - no strict labels requirements.
*/
readonly labels?: { [key: string]: string };
/**
* Namespaces must satisfy these selectors.
* The selectors query labels, just like the `labels` property, but they
* provide a more advanced matching mechanism.
*
* @default - no selector requirements.
*/
readonly expressions?: pod.LabelExpression[];
/**
* Namespaces names must be one of these.
*
* @default - no name requirements.
*/
readonly names?: string[];
}
/**
* Represents a group of namespaces.
*/
export class Namespaces extends Construct implements INamespaceSelector, networkpolicy.INetworkPolicyPeer {
/**
* Select specific namespaces.
*/
public static select(scope: Construct, id: string, options: NamespacesSelectOptions): Namespaces {
return new Namespaces(scope, id, options.expressions, options.names, options.labels);
}
/**
* Select all namespaces.
*/
public static all(scope: Construct, id: string): Namespaces {
return Namespaces.select(scope, id, { expressions: [], labels: {} });
}
private readonly _pods: pod.Pods;
constructor(scope: Construct, id: string,
private readonly expressions?: pod.LabelExpression[],
private readonly names?: string[],
private readonly labels?: { [key: string]: string }) {
super(scope, id);
this._pods = pod.Pods.all(this, 'Pods', { namespaces: this });
}
/**
* @see INamespaceSelector.toNamespaceSelectorConfig()
*/
public toNamespaceSelectorConfig(): NamespaceSelectorConfig {
return {
labelSelector: pod.LabelSelector.of({ expressions: this.expressions, labels: this.labels } ),
names: this.names,
};
}
/**
* @see INetworkPolicyPeer.toNetworkPolicyPeerConfig()
*/
public toNetworkPolicyPeerConfig(): networkpolicy.NetworkPolicyPeerConfig {
return this._pods.toNetworkPolicyPeerConfig();
}
/**
* @see INetworkPolicyPeer.toPodSelector()
*/
public toPodSelector(): pod.IPodSelector | undefined {
return this._pods.toPodSelector();
}
}