Add some nested diagrams (#102)

* Add some nested diagrams Signed-off-by: Kevin Fox <[email protected]> * Fix typo Signed-off-by: Kevin Fox <[email protected]> * Add md Signed-off-by: Kevin Fox <[email protected]> * Apply suggestions from code review Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]> --------- Signed-off-by: Kevin Fox <[email protected]> Signed-off-by: kfox1111 <[email protected]> Co-authored-by: Faisal Memon <[email protected]>
spiffe · Nov 13, 2023 · 8f542f2 · 8f542f2
1 parent 889d0af
commit 8f542f2
Show file tree

Hide file tree

Showing 6 changed files with 131 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -63,3 +63,8 @@ test-example-%:
 
 .PHONY: test-examples
 test-examples: $(patsubst examples/%/values.yaml,test-example-%,$(wildcard examples/*/values.yaml)) ## Run `helm install` and `helm test` for all the examples containing `run-tests.sh`
+
+.PHONY: diagrams
+diagrams: ## Builds diagrams
+	@dot -Tpng examples/nested/singlehardened.dot > examples/nested/singlehardened.png
+	@dot -Tpng examples/nested/multicluster.dot > examples/nested/multicluster.png
diff --git a/examples/nested/README.md b/examples/nested/README.md
@@ -0,0 +1,10 @@
+# Possible Nesting Configurations
+
+There are multiple ways of configuring the chart depending on what you want to use nesting for.
+
+## Nesting across Kubernetes clusters:
+![Multiple Kubernetes Cluster](./multicluster.png)
+
+## Nesting within a Kubernetes cluster:
+![Single Hardened](./singlehardened.png)
+
diff --git a/examples/nested/multicluster.dot b/examples/nested/multicluster.dot
@@ -0,0 +1,61 @@
+digraph G {
+  subgraph cluster_root {
+    label="Cluster: Root K8S";
+    subgraph cluster_root_release {
+      label="Helm Release: Namespace=spire-root Name=spire"
+      spireRoot [label="Root Spire Server"];
+    }
+  }
+  subgraph cluster_nested1 {
+    label="Cluster: K8S Workload 1";
+    subgraph cluster_nested1_release {
+      label="Helm Release: Namespace=spire-server Name=spire"
+      subgraph cluster_nested1_ns1 {
+        label="Namespace: spire-system"
+        spireUpstreamAgent1 [label="Upstream Spire Agent/CSI"];
+      }
+      subgraph cluster_nested1_ns2 {
+        label="Namespace: spire-server"
+        spireServerNested1 [label="Nested Spire Server"];
+      }
+      subgraph cluster_nested1_ns3 {
+        label="Namespace: spire-system"
+        spireDownstreamAgent1 [label="Downstream Spire Agent/CSI"];
+      }
+    }
+    subgraph cluster_nested1_user {
+      label="Namespace: user"
+      userWorkload1 [label="User Workload"];
+    }
+  }
+  subgraph cluster_nested2 {
+    label="Cluster: K8S Workload 2";
+    subgraph cluster_nested2_release {
+      label="Helm Release: Namespace=spire-server Name=spire"
+      subgraph cluster_nested2_ns1 {
+        label="Namespace: spire-system"
+        spireUpstreamAgent2 [label="Upstream Spire Agent/CSI"];
+      }
+      subgraph cluster_nested2_ns2 {
+        label="Namespace: spire-server"
+        spireServerNested2 [label="Nested Spire Server"];
+      }
+      subgraph cluster_nested2_ns3 {
+        label="Namespace: spire-system"
+        spireDownstreamAgent2 [label="Downstream Spire Agent/CSI"];
+      }
+    }
+    subgraph cluster_nested2_user {
+      label="Namespace: user"
+      userWorkload2 [label="Other User Workload"];
+    }
+  }
+  spireRoot -> spireUpstreamAgent1;
+  spireRoot -> spireUpstreamAgent2;
+  spireUpstreamAgent1 -> spireServerNested1;
+  spireServerNested1 -> spireDownstreamAgent1;
+  spireDownstreamAgent1 -> userWorkload1;
+  spireUpstreamAgent2 -> spireServerNested2;
+  spireServerNested2 -> spireDownstreamAgent2;
+  spireDownstreamAgent2 -> userWorkload2;
+}
diff --git a/examples/nested/multicluster.png b/examples/nested/multicluster.png
diff --git a/examples/nested/singlehardened.dot b/examples/nested/singlehardened.dot
@@ -0,0 +1,55 @@
+digraph G {
+  subgraph cluster_baremetal {
+     label="(Bare Metal|Virtual) Node"
+    spireDownstreamAgent3 [label="Downstream Spire Agent"];
+    userWorkload3 [label="External User Workload"];
+  }
+  subgraph cluster_k8s {
+    label="Cluster: K8S";
+    subgraph cluster_root_release {
+      label="Helm Release: Namespace=spire-root Name=spire";
+      subgraph cluster_ns_root {
+        label="Namespace: spire-root"
+        spireRoot [label="Root Spire Server"];
+      }
+      subgraph cluster_ns_1_system {
+        label="Namespace: spire-system"
+        spireUpstreamAgent1 [label="Upstream Spire Agent/CSI"];
+      }
+    }
+    subgraph cluster_nested1_release {
+      label="Helm Release: Namespace=spire-server Name=spire"
+      subgraph cluster_ns_nested_server {
+        label="Namespace: spire-server";
+        spireServerNested1 [label="Internal Nested Spire Server"];
+      }
+      subgraph cluster_ns_nested_system {
+        label="Namespace: spire-system";
+        spireDownstreamAgent1 [label="Downstream Spire Agent/CSI"];
+      }
+    }
+    subgraph cluster_ns_nested_system {
+      label="Namespace: user";
+      userWorkload1 [label="User Workload"];
+    }
+    subgraph cluster_ns_nested2_system {
+      label="Namespace: user-other";
+      userWorkload2 [label="Other User Workload"];
+    }
+    subgraph cluster_nested3_release {
+      label="Helm Release: Namespace=spire-external Name=spire"
+      subgraph cluster_ns_nested2_system {
+        label="Namespace: spire-external";
+        spireServerNested2 [label="External Nested Spire Server"];
+      }
+    }
+    spireRoot -> spireUpstreamAgent1;
+    spireUpstreamAgent1 -> spireServerNested1;
+    spireServerNested1 -> spireDownstreamAgent1;
+    spireDownstreamAgent1 -> userWorkload1;
+    spireDownstreamAgent1 -> userWorkload2;
+    spireUpstreamAgent1 -> spireServerNested2;
+    spireServerNested2 -> spireDownstreamAgent3;
+    spireDownstreamAgent3 -> userWorkload3;
+  }
+}
diff --git a/examples/nested/singlehardened.png b/examples/nested/singlehardened.png