Update module to Timoni v0.14 APIs

Signed-off-by: Stefan Prodan <[email protected]>

.github/workflows/release.yml

@@ -85,7 +85,7 @@ jobs:
           timoni mod push ./timoni/podinfo oci://ghcr.io/stefanprodan/modules/podinfo \
           --sign cosign \
           --version ${{ steps.prep.outputs.VERSION }} \
-          --source https://github.com/stefanprodan/podinfo  \
+          -a 'org.opencontainers.image.source=https://github.com/stefanprodan/podinfo' \
           -a 'org.opencontainers.image.licenses=Apache-2.0' \
           -a 'org.opencontainers.image.description=A timoni.sh module for deploying Podinfo.' \
           -a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/podinfo/blob/main/timoni/podinfo/README.md'

README.md

@@ -20,7 +20,7 @@ Specifications:
 * 12-factor app with viper
 * Fault injection (random errors and latency)
 * Swagger docs
-* [Timoni](http://github.com/stefanprodan/timoni), Helm and Kustomize installers
+* Timoni, Helm and Kustomize installers
 * End-to-End testing with Kubernetes Kind and Helm
 * Multi-arch container image with Docker buildx and Github Actions
 * Container image signing with Sigstore cosign
@@ -66,18 +66,23 @@ To access the Swagger UI open `<podinfo-host>/swagger/index.html` in a browser.
 
 ### Guides
 
-* [GitOps Progressive Deliver with Flagger, Helm v3 and Linkerd](https://helm.workshop.flagger.dev/intro/)
-* [GitOps Progressive Deliver on EKS with Flagger and AppMesh](https://eks.handson.flagger.dev/prerequisites/)
-* [Automated canary deployments with Flagger and Istio](https://medium.com/google-cloud/automated-canary-deployments-with-flagger-and-istio-ac747827f9d1)
-* [Kubernetes autoscaling with Istio metrics](https://medium.com/google-cloud/kubernetes-autoscaling-with-istio-metrics-76442253a45a)
-* [Autoscaling EKS on Fargate with custom metrics](https://aws.amazon.com/blogs/containers/autoscaling-eks-on-fargate-with-custom-metrics/)
-* [Managing Helm releases the GitOps way](https://medium.com/google-cloud/managing-helm-releases-the-gitops-way-207a6ac6ff0e)
-* [Securing EKS Ingress With Contour And Let’s Encrypt The GitOps Way](https://aws.amazon.com/blogs/containers/securing-eks-ingress-contour-lets-encrypt-gitops/)
+* [Getting started with Timoni](https://timoni.sh/quickstart/)
+* [Getting started with Flux](https://fluxcd.io/flux/get-started/)
+* [Progressive Deliver with Flagger and Linkerd](https://docs.flagger.app/tutorials/linkerd-progressive-delivery)
+* [Automated canary deployments with Kubernetes Gateway API](https://docs.flagger.app/tutorials/gatewayapi-progressive-delivery)
 
 ### Install
 
 To install Podinfo on Kubernetes the minimum required version is **Kubernetes v1.23**.
 
+#### Timoni
+
+Install with [Timoni](https://timoni.sh):
+
+```bash
+timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo
+```
+
 #### Helm
 
 Install from github.io:
@@ -106,14 +111,6 @@ helm upgrade --install --wait podinfo --namespace default \
 oci://ghcr.io/stefanprodan/charts/podinfo
 ```
 
-#### Timoni
-
-Install with [Timoni](https://timoni.sh):
-
-```bash
-timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo
-```
-
 #### Kustomize
 
 ```bash

timoni/podinfo/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue

@@ -1,19 +1,44 @@
+// Copyright 2023 Stefan Prodan
+// SPDX-License-Identifier: Apache-2.0
+
 package v1alpha1
 
-// Image defines the schema for an OCI image reference.
+import "strings"
+
+// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image.
 #Image: {
+
+	// Repository is the address of a container registry repository.
+	// An image repository is made up of slash-separated name components, optionally
+	// prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH.
 	repository!: string
-	tag!:        string
-	digest!:     string
 
-	// Reference is the image address computed from
-	// repository, tag and digest.
+	// Tag identifies an image in the repository.
+	// A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes.
+	// A tag name may not start with a period or a dash and may contain a maximum of 128 characters.
+	tag!: string & strings.MaxRunes(128)
+
+	// Digest uniquely and immutably identifies an image in the repository.
+	// Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests.
+	digest!: string
+
+	// Reference is the image address computed from repository, tag and digest
+	// in the format [REPOSITORY]:[TAG]@[DIGEST].
 	reference: string
 
-	if digest != "" {
+	if digest != "" && tag != "" {
 		reference: "\(repository):\(tag)@\(digest)"
 	}
-	if digest == "" {
+
+	if digest != "" && tag == "" {
+		reference: "\(repository)@\(digest)"
+	}
+
+	if digest == "" && tag != "" {
 		reference: "\(repository):\(tag)"
 	}
+
+	if digest == "" && tag == "" {
+		reference: "\(repository):latest"
+	}
 }

timoni/podinfo/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue

@@ -1,9 +1,15 @@
+// Copyright 2023 Stefan Prodan
+// SPDX-License-Identifier: Apache-2.0
+
 package v1alpha1
 
 import "strings"
 
-// Metadata defines the schema for the Kubernetes object metadata.
+// Metadata defines the schema for Kubernetes object metadata.
 #Metadata: {
+	// Version should be in the strict semver format. Is required when creating resources.
+	#Version!: string & strings.MaxRunes(63)
+
 	// Name must be unique within a namespace. Is required when creating resources.
 	// Name is primarily intended for creation idempotence and configuration definition.
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
@@ -13,27 +19,18 @@ import "strings"
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
 	namespace!: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)
 
-	// Version should be in the strict semver format. Is required when creating resources.
-	version!: string & strings.MaxRunes(63)
-
 	// Annotations is an unstructured key value map stored with a resource that may be
-	// set o store and retrieve arbitrary metadata.
+	// set to store and retrieve arbitrary metadata.
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
-	annotations?: {[string]: string}
+	annotations?: {[string & =~"^(([A-Za-z0-9][-A-Za-z0-9_./]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)]: string}
 
-	// Map of string keys and values that can be used to organize and categorize
-	// (scope and select) objects.
+	// Map of string keys and values that can be used to organize and categorize (scope and select) objects.
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
-	labels: {[string]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)}
+	labels: {[string & =~"^(([A-Za-z0-9][-A-Za-z0-9_./]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)}
 
 	// Standard Kubernetes labels: app name and version.
 	labels: {
 		"app.kubernetes.io/name":    name
-		"app.kubernetes.io/version": version
+		"app.kubernetes.io/version": #Version
 	}
-
-	// Labels used to select pods for Kubernetes Deployment, Service, Job, etc.
-	labelSelector: *{
-			"app.kubernetes.io/name": name
-	} | {[ string]: string}
 }

timoni/podinfo/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue

@@ -0,0 +1,21 @@
+// Copyright 2023 Stefan Prodan
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import "strings"
+
+// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc.
+#Selector: {
+	// Name must be unique within a namespace. Is required when creating resources.
+	// Name is primarily intended for creation idempotence and configuration definition.
+	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+	#Name!: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63)
+
+	// Map of string keys and values that can be used to organize and categorize (scope and select) objects.
+	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+	labels: {[string & =~"^(([A-Za-z0-9][-A-Za-z0-9_./]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)}
+
+	// Standard Kubernetes label: app name.
+	labels: "app.kubernetes.io/name": #Name
+}

timoni/podinfo/templates/config.cue

@@ -19,8 +19,10 @@ import (
 	kubeVersion!:   string
 
 	// Metadata (common to all resources)
-	metadata: timoniv1.#Metadata
-	metadata: version: moduleVersion
+	metadata: timoniv1.#Metadata & {#Version: moduleVersion}
+
+	// Label selector (common to all resources)
+	selector: timoniv1.#Selector & {#Name: metadata.name}
 
 	// Deployment
 	replicas: *1 | int & >=0

timoni/podinfo/templates/deployment.cue

@@ -9,26 +9,19 @@ import (
 	_config:    #Config
 	apiVersion: "apps/v1"
 	kind:       "Deployment"
-	metadata: {
-		name:      _config.metadata.name
-		namespace: _config.metadata.namespace
-		labels:    _config.metadata.labels
-		if _config.metadata.annotations != _|_ {
-			annotations: _config.metadata.annotations
-		}
-	}
-	spec: appsv1.#DeploymentSpec & {
+	metadata:   _config.metadata
+	spec:       appsv1.#DeploymentSpec & {
 		if !_config.autoscaling.enabled {
 			replicas: _config.replicas
 		}
 		strategy: {
 			type: "RollingUpdate"
 			rollingUpdate: maxUnavailable: "50%"
 		}
-		selector: matchLabels: _config.metadata.labelSelector
+		selector: matchLabels: _config.selector.labels
 		template: {
 			metadata: {
-				labels: _config.metadata.labelSelector
+				labels: _config.selector.labels
 				if _config.podAnnotations != _|_ {
 					annotations: _config.podAnnotations
 				}

timoni/podinfo/templates/hpa.cue

@@ -8,14 +8,7 @@ import (
 	_config:    #Config
 	apiVersion: "autoscaling/v2"
 	kind:       "HorizontalPodAutoscaler"
-	metadata: {
-		name:      _config.metadata.name
-		namespace: _config.metadata.namespace
-		labels:    _config.metadata.labels
-		if _config.metadata.annotations != _|_ {
-			annotations: _config.metadata.annotations
-		}
-	}
+	metadata:   _config.metadata
 	spec: {
 		scaleTargetRef: {
 			apiVersion: "apps/v1"

timoni/podinfo/templates/ingress.cue

@@ -8,16 +8,11 @@ import (
 	_config:    #Config
 	apiVersion: "networking.k8s.io/v1"
 	kind:       "Ingress"
+	metadata:   _config.metadata
 	metadata: {
-		name:      _config.metadata.name
-		namespace: _config.metadata.namespace
-		labels:    _config.metadata.labels
 		if _config.ingress.labels != _|_ {
 			labels: _config.ingress.labels
 		}
-		if _config.metadata.annotations != _|_ {
-			annotations: _config.metadata.annotations
-		}
 		if _config.ingress.annotations != _|_ {
 			annotations: _config.ingress.annotations
 		}

timoni/podinfo/templates/service.cue

@@ -8,23 +8,18 @@ import (
 	_config:    #Config
 	apiVersion: "v1"
 	kind:       "Service"
+	metadata:   _config.metadata
 	metadata: {
-		name:      _config.metadata.name
-		namespace: _config.metadata.namespace
-		labels:    _config.metadata.labels
 		if _config.service.labels != _|_ {
 			labels: _config.service.labels
 		}
-		if _config.metadata.annotations != _|_ {
-			annotations: _config.metadata.annotations
-		}
 		if _config.service.annotations != _|_ {
 			annotations: _config.service.annotations
 		}
 	}
 	spec: corev1.#ServiceSpec & {
 		type:     corev1.#ServiceTypeClusterIP
-		selector: _config.metadata.labelSelector
+		selector: _config.selector.labels
 		ports: [
 			{
 				name:       "http"

timoni/podinfo/templates/serviceaccount.cue

@@ -8,12 +8,5 @@ import (
 	_config:    #Config
 	apiVersion: "v1"
 	kind:       "ServiceAccount"
-	metadata: {
-		name:      _config.metadata.name
-		namespace: _config.metadata.namespace
-		labels:    _config.metadata.labels
-		if _config.metadata.annotations != _|_ {
-			annotations: _config.metadata.annotations
-		}
-	}
+	metadata:   _config.metadata
 }

timoni/podinfo/templates/servicemonitor.cue

@@ -5,22 +5,15 @@ import (
 )
 
 #ServiceMonitor: promv1.#ServiceMonitor & {
-	_config: #Config
-	metadata: {
-		name:      _config.metadata.name
-		namespace: _config.metadata.namespace
-		labels:    _config.metadata.labels
-		if _config.metadata.annotations != _|_ {
-			annotations: _config.metadata.annotations
-		}
-	}
+	_config:  #Config
+	metadata: _config.metadata
 	spec: {
 		endpoints: [{
 			path:     "/metrics"
 			port:     "http-metrics"
 			interval: "\(_config.monitoring.interval)s"
 		}]
 		namespaceSelector: matchNames: [_config.metadata.namespace]
-		selector: matchLabels: _config.metadata.labelSelector
+		selector: matchLabels: _config.selector.labels
 	}
 }