kryptonian.dev / k8s-cluster
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Steal vaskozl's experimental script

Skyler Mäntysaari 7f63ef43 f6a92aff

+100
+100
scripts/app-template-convert.pl
··· 1 + use strict; 2 + use warnings; 3 + 4 + use feature qw(say); 5 + 6 + use YAML::XS qw(LoadFile Dump DumpFile); 7 + 8 + my $h = LoadFile($ARGV[0]); 9 + my $name = $h->{metadata}{name}; 10 + 11 + my $o = $h->{spec}{values}; 12 + 13 + $o->{defaultPodOptions}{securityContext} = delete $o->{podSecurityContext} if $o->{podSecurityContext}; 14 + $o->{defaultPodOptions}{nodeSelector}= delete $o->{nodeSelector} if $o->{nodeSelector}; 15 + 16 + $o->{controllers}{$name}{containers}{app}{image} = delete $o->{image}; 17 + $o->{controllers}{$name}{containers}{app}{args} = delete $o->{args} if $o->{args}; 18 + $o->{controllers}{$name}{containers}{app}{command} = delete $o->{command} if $o->{command}; 19 + $o->{controllers}{$name}{containers}{app}{env} = delete $o->{env} if $o->{env}; 20 + $o->{controllers}{$name}{containers}{app}{resources} = delete $o->{resources} if $o->{resources}; 21 + 22 + $o->{ingress}{main}{className} = delete $o->{ingress}{main}{ingressClassName} if $o->{ingress}{main}{ingressClassName}; 23 + delete $o->{ingress}{main}{enabled}; 24 + 25 + my $hosts = $o->{ingress}{main}{hosts}; 26 + for my $host (@$hosts) { 27 + $host->{paths}->[0]->{service}{identifier} = 'app'; 28 + $host->{paths}->[0]->{service}{port} = 'http'; 29 + } 30 + 31 + my $persistence = $o->{persistence} || {}; 32 + for (keys %$persistence) { 33 + delete $o->{persistence}{$_}{enabled}; 34 + if ($o->{persistence}{$_}{mountPath}) { 35 + $o->{persistence}{$_}{globalMounts} = [ { path => delete $o->{persistence}{$_}{mountPath} }]; 36 + if ($o->{persistence}{$_}{subPath}) { 37 + $o->{persistence}{$_}{globalMounts}->[0]->{subPath} = delete $o->{persistence}{$_}{subPath}; 38 + } 39 + } 40 + } 41 + 42 + 43 + $o->{controllers}{$name}{containers}{app}{probes} = delete $o->{probes} if $o->{probes}; 44 + 45 + if ($o->{volumeClaimTemplates}) { 46 + $o->{controllers}{$name}{type} = 'statefulset'; 47 + $o->{controllers}{$name}{statefulset}{podManagementPolicy} = 'Parallel'; 48 + $o->{controllers}{$name}{statefulset}{volumeClaimTemplates} = delete $o->{volumeClaimTemplates}; 49 + my $vc = $o->{controllers}{$name}{statefulset}{volumeClaimTemplates}; 50 + $vc->[0]->{globalMounts} = [ 51 + { path => delete $vc->[0]->{mountPath} } 52 + ]; 53 + } 54 + 55 + if (delete $o->{hostNetwork}) { 56 + $o->{defaultPodOptions}{hostNetwork} = builtin::true; 57 + } 58 + 59 + $h->{spec}{chart}{spec}{version} = '3.0.4'; 60 + 61 + 62 + $o->{controllers}{$name}{containers}{app}{securityContext} = delete $o->{securityContext} if $o->{securityContext}; 63 + if ($h->{metadata}{annotations}{'patch.sko.ai/app-security'}) { 64 + $o->{controllers}{$name}{containers}{app}{securityContext} = { 65 + allowPrivilegeEscalation => builtin::false, 66 + readOnlyRootFilesystem => builtin::true, 67 + capabilities => { 68 + drop => ["ALL"], 69 + } 70 + #add => ["NET_BIND_SERVICE"] 71 + }; 72 + 73 + $o->{defaultPodOptions}{securityContext} = { 74 + runAsNonRoot => builtin::true, 75 + runAsUser => 568, 76 + runAsGroup => 568, 77 + fsGroup => 568, 78 + seccompProfile => { 79 + type => 'RuntimeDefault' 80 + } 81 + }; 82 + } 83 + 84 + delete $h->{metadata}{annotations}; 85 + 86 + 87 + $o->{controllers}{$name}{containers}{app}{probes} = { 88 + liveness => { enabled => builtin::true }, 89 + readiness => { enabled => builtin::true }, 90 + }; 91 + 92 + $o->{ingress}{app} = delete $o->{ingress}{main}; 93 + $o->{service}{app} = delete $o->{service}{main}; 94 + $o->{service}{app}{controller} = $name; 95 + 96 + if ($ARGV[1] eq 'write') { 97 + DumpFile($ARGV[0], $h); 98 + } else { 99 + print Dump $h; 100 + }