diff --git a/Makefile b/Makefile index e9608d50..38281cc3 100644 --- a/Makefile +++ b/Makefile @@ -36,7 +36,10 @@ cue-fmt: ## Format CUE schemas. vet: ## Vet Go code. go vet ./... -lint-samples: build cue-fmt ## Lint the CUE samples. +cue-vet: ## Vet CUE schemas. + cue vet ./schemas/... + +lint-samples: build cue-vet cue-fmt ## Lint the CUE samples. ./bin/timoni mod lint ./examples/minimal ./bin/timoni mod lint ./examples/redis ./bin/timoni mod lint ./cmd/timoni/testdata/module diff --git a/schemas/timoni.sh/core/v1alpha1/image.cue b/schemas/timoni.sh/core/v1alpha1/image.cue index 3c6b93c5..ec500aa1 100644 --- a/schemas/timoni.sh/core/v1alpha1/image.cue +++ b/schemas/timoni.sh/core/v1alpha1/image.cue @@ -3,7 +3,10 @@ package v1alpha1 -import "strings" +import ( + "encoding/base64" + "strings" +) // Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. #Image: { @@ -22,6 +25,10 @@ import "strings" // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. digest!: string + // PullPolicy defines the pull policy for the image. + // By default, it is set to IfNotPresent. + pullPolicy: *"IfNotPresent" | "Always" | "Never" + // Reference is the image address computed from repository, tag and digest // in the format [REPOSITORY]:[TAG]@[DIGEST]. reference: string @@ -42,3 +49,53 @@ import "strings" reference: "\(repository):latest" } } + +// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. +// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. +#ImagePullSecret: { + // Metadata is the Kubernetes object's metadata generated by Timoni. + meta=metadata: #Metadata + + // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. + registry!: string + + // Username is the username used to authenticate to the container registry. + username!: string + + // Password is the password used to authenticate to the container registry. + password!: string + + // Optional suffix used to generate the Secret name. + suffix: *"" | string + + let auth = base64.Encode(null, username+":"+password) + + // The object is a read-only struct that contains the generated + // Kubernetes Secret of type kubernetes.io/dockerconfigjson. + object: { + apiVersion: "v1" + kind: "Secret" + type: "kubernetes.io/dockerconfigjson" + metadata: { + name: meta.name + suffix + namespace: meta.namespace + labels: meta.labels + if meta.annotations != _|_ { + annotations: meta.annotations + } + } + stringData: { + ".dockerconfigjson": #""" + { + "auths": { + "\#(registry)": { + "username": "\#(username)", + "password": "\#(password)", + "auth": "\#(auth)" + } + } + } + """# + } + } +} diff --git a/schemas/timoni.sh/core/v1alpha1/selector.cue b/schemas/timoni.sh/core/v1alpha1/selector.cue index 1724e67f..ed141f44 100644 --- a/schemas/timoni.sh/core/v1alpha1/selector.cue +++ b/schemas/timoni.sh/core/v1alpha1/selector.cue @@ -3,8 +3,6 @@ package v1alpha1 -import "strings" - // Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. #Selector: { // Name must be unique within a namespace. Is required when creating resources.