Remove shortcode 'code' (#19035)

A long time ago, we added a new shortcode `codenew` as a replacement of the `code` shortcode. The intention was to consolidate all example manifests to a single subdirectory, i.e. `content/<lang>/examples`. Now this transition is almost over. We have only two instances where the old `code` shortcode is referenced. This PR makes the `policy.rego` file inlined content so that all referenes to `code` are killed. We can safely drop the `code` shortcode. If desired, we can rename the `codenew` shortcode to `code` in a (series of) separate PR(s).
2020-02-11 11:52:00 +08:00 · 2020-02-11 11:52:00 +08:00 · b550c6c051
parent 2faf1024d9
commit b550c6c051
5 changed files with 152 additions and 188 deletions
--- a/content/en/docs/tasks/federation/policy.rego
+++ b/content/en/docs/tasks/federation/policy.rego
@ -1,74 +0,0 @@
-# OPA supports a high-level declarative language named Rego for authoring and
-# enforcing policies. For more information on Rego, visit
-# http://openpolicyagent.org.
-
-# Rego policies are namespaced by the "package" directive.
-package kubernetes.placement
-
-# Imports provide aliases for data inside the policy engine. In this case, the
-# policy simply refers to "clusters" below.
-import data.kubernetes.clusters
-
-# The "annotations" rule generates a JSON object containing the key
-# "federation.kubernetes.io/replica-set-preferences" mapped to <preferences>.
-# The preferences values is generated dynamically by OPA when it evaluates the
-# rule.
-#
-# The SchedulingPolicy Admission Controller running inside the Federation API
-# server will merge these annotations into incoming Federated resources. By
-# setting replica-set-preferences, we can control the placement of Federated
-# ReplicaSets.
-#
-# Rules are defined to generate JSON values (booleans, strings, objects, etc.)
-# When OPA evaluates a rule, it generates a value IF all of the expressions in
-# the body evaluate successfully. All rules can be understood intuitively as
-# <head> if <body> where <body> is true if <expr-1> AND <expr-2> AND ...
-# <expr-N> is true (for some set of data.)
-annotations["federation.kubernetes.io/replica-set-preferences"] = preferences {
-    input.kind = "ReplicaSet"
-    value = {"clusters": cluster_map, "rebalance": true}
-    json.marshal(value, preferences)
-}
-
-# This "annotations" rule generates a value for the "federation.alpha.kubernetes.io/cluster-selector"
-# annotation.
-#
-# In English, the policy asserts that resources in the "production" namespace
-# that are not annotated with "criticality=low" MUST be placed on clusters
-# labelled with "on-premises=true".
-annotations["federation.alpha.kubernetes.io/cluster-selector"] = selector {
-    input.metadata.namespace = "production"
-    not input.metadata.annotations.criticality = "low"
-    json.marshal([{
-        "operator": "=",
-        "key": "on-premises",
-        "values": "[true]",
-    }], selector)
-}
-
-# Generates a set of cluster names that satisfy the incoming Federated
-# ReplicaSet's requirements. In this case, just PCI compliance.
-replica_set_clusters[cluster_name] {
-    clusters[cluster_name]
-    not insufficient_pci[cluster_name]
-}
-
-# Generates a set of clusters that must not be used for Federated ReplicaSets
-# that request PCI compliance.
-insufficient_pci[cluster_name] {
-    clusters[cluster_name]
-    input.metadata.annotations["requires-pci"] = "true"
-    not pci_clusters[cluster_name]
-}
-
-# Generates a set of clusters that are PCI certified. In this case, we assume
-# clusters are annotated to indicate if they have passed PCI compliance audits.
-pci_clusters[cluster_name] {
-    clusters[cluster_name].metadata.annotations["pci-certified"] = "true"
-}
-
-# Helper rule to generate a mapping of desired clusters to weights. In this
-# case, weights are static.
-cluster_map[cluster_name] = {"weight": 1} {
-    replica_set_clusters[cluster_name]
-}
--- a/content/en/docs/tasks/federation/set-up-placement-policies-federation.md
+++ b/content/en/docs/tasks/federation/set-up-placement-policies-federation.md
@ -108,7 +108,82 @@ Create the namespace if it does not already exist:

 Configure a sample policy to test the external policy engine:

-{{< code file="policy.rego" >}}
+```
+# OPA supports a high-level declarative language named Rego for authoring and
+# enforcing policies. For more information on Rego, visit
+# http://openpolicyagent.org.
+
+# Rego policies are namespaced by the "package" directive.
+package kubernetes.placement
+
+# Imports provide aliases for data inside the policy engine. In this case, the
+# policy simply refers to "clusters" below.
+import data.kubernetes.clusters
+
+# The "annotations" rule generates a JSON object containing the key
+# "federation.kubernetes.io/replica-set-preferences" mapped to <preferences>.
+# The preferences values is generated dynamically by OPA when it evaluates the
+# rule.
+#
+# The SchedulingPolicy Admission Controller running inside the Federation API
+# server will merge these annotations into incoming Federated resources. By
+# setting replica-set-preferences, we can control the placement of Federated
+# ReplicaSets.
+#
+# Rules are defined to generate JSON values (booleans, strings, objects, etc.)
+# When OPA evaluates a rule, it generates a value IF all of the expressions in
+# the body evaluate successfully. All rules can be understood intuitively as
+# <head> if <body> where <body> is true if <expr-1> AND <expr-2> AND ...
+# <expr-N> is true (for some set of data.)
+annotations["federation.kubernetes.io/replica-set-preferences"] = preferences {
+    input.kind = "ReplicaSet"
+    value = {"clusters": cluster_map, "rebalance": true}
+    json.marshal(value, preferences)
+}
+
+# This "annotations" rule generates a value for the "federation.alpha.kubernetes.io/cluster-selector"
+# annotation.
+#
+# In English, the policy asserts that resources in the "production" namespace
+# that are not annotated with "criticality=low" MUST be placed on clusters
+# labelled with "on-premises=true".
+annotations["federation.alpha.kubernetes.io/cluster-selector"] = selector {
+    input.metadata.namespace = "production"
+    not input.metadata.annotations.criticality = "low"
+    json.marshal([{
+        "operator": "=",
+        "key": "on-premises",
+        "values": "[true]",
+    }], selector)
+}
+
+# Generates a set of cluster names that satisfy the incoming Federated
+# ReplicaSet's requirements. In this case, just PCI compliance.
+replica_set_clusters[cluster_name] {
+    clusters[cluster_name]
+    not insufficient_pci[cluster_name]
+}
+
+# Generates a set of clusters that must not be used for Federated ReplicaSets
+# that request PCI compliance.
+insufficient_pci[cluster_name] {
+    clusters[cluster_name]
+    input.metadata.annotations["requires-pci"] = "true"
+    not pci_clusters[cluster_name]
+}
+
+# Generates a set of clusters that are PCI certified. In this case, we assume
+# clusters are annotated to indicate if they have passed PCI compliance audits.
+pci_clusters[cluster_name] {
+    clusters[cluster_name].metadata.annotations["pci-certified"] = "true"
+}
+
+# Helper rule to generate a mapping of desired clusters to weights. In this
+# case, weights are static.
+cluster_map[cluster_name] = {"weight": 1} {
+    replica_set_clusters[cluster_name]
+}
+```

 Shown below is the command to create the sample policy:

--- a/content/zh/docs/tasks/federation/policy.rego
+++ b/content/zh/docs/tasks/federation/policy.rego
@ -1,74 +0,0 @@
-# OPA supports a high-level declarative language named Rego for authoring and
-# enforcing policies. For more information on Rego, visit
-# http://openpolicyagent.org.
-
-# Rego policies are namespaced by the "package" directive.
-package kubernetes.placement
-
-# Imports provide aliases for data inside the policy engine. In this case, the
-# policy simply refers to "clusters" below.
-import data.kubernetes.clusters
-
-# The "annotations" rule generates a JSON object containing the key
-# "federation.kubernetes.io/replica-set-preferences" mapped to <preferences>.
-# The preferences values is generated dynamically by OPA when it evaluates the
-# rule.
-#
-# The SchedulingPolicy Admission Controller running inside the Federation API
-# server will merge these annotations into incoming Federated resources. By
-# setting replica-set-preferences, we can control the placement of Federated
-# ReplicaSets.
-#
-# Rules are defined to generate JSON values (booleans, strings, objects, etc.)
-# When OPA evaluates a rule, it generates a value IF all of the expressions in
-# the body evaluate successfully. All rules can be understood intuitively as
-# <head> if <body> where <body> is true if <expr-1> AND <expr-2> AND ...
-# <expr-N> is true (for some set of data.)
-annotations["federation.kubernetes.io/replica-set-preferences"] = preferences {
-    input.kind = "ReplicaSet"
-    value = {"clusters": cluster_map, "rebalance": true}
-    json.marshal(value, preferences)
-}
-
-# This "annotations" rule generates a value for the "federation.alpha.kubernetes.io/cluster-selector"
-# annotation.
-#
-# In English, the policy asserts that resources in the "production" namespace
-# that are not annotated with "criticality=low" MUST be placed on clusters
-# labelled with "on-premises=true".
-annotations["federation.alpha.kubernetes.io/cluster-selector"] = selector {
-    input.metadata.namespace = "production"
-    not input.metadata.annotations.criticality = "low"
-    json.marshal([{
-        "operator": "=",
-        "key": "on-premises",
-        "values": "[true]",
-    }], selector)
-}
-
-# Generates a set of cluster names that satisfy the incoming Federated
-# ReplicaSet's requirements. In this case, just PCI compliance.
-replica_set_clusters[cluster_name] {
-    clusters[cluster_name]
-    not insufficient_pci[cluster_name]
-}
-
-# Generates a set of clusters that must not be used for Federated ReplicaSets
-# that request PCI compliance.
-insufficient_pci[cluster_name] {
-    clusters[cluster_name]
-    input.metadata.annotations["requires-pci"] = "true"
-    not pci_clusters[cluster_name]
-}
-
-# Generates a set of clusters that are PCI certified. In this case, we assume
-# clusters are annotated to indicate if they have passed PCI compliance audits.
-pci_clusters[cluster_name] {
-    clusters[cluster_name].metadata.annotations["pci-certified"] = "true"
-}
-
-# Helper rule to generate a mapping of desired clusters to weights. In this
-# case, weights are static.
-cluster_map[cluster_name] = {"weight": 1} {
-    replica_set_clusters[cluster_name]
-}
--- a/content/zh/docs/tasks/federation/set-up-placement-policies-federation.md
+++ b/content/zh/docs/tasks/federation/set-up-placement-policies-federation.md
@ -188,7 +188,82 @@ Configure a sample policy to test the external policy engine:
 -->
 配置一个示例策略来测试外部策略引擎:

-{{< code file="policy.rego" >}}
+```
+# OPA supports a high-level declarative language named Rego for authoring and
+# enforcing policies. For more information on Rego, visit
+# http://openpolicyagent.org.
+
+# Rego policies are namespaced by the "package" directive.
+package kubernetes.placement
+
+# Imports provide aliases for data inside the policy engine. In this case, the
+# policy simply refers to "clusters" below.
+import data.kubernetes.clusters
+
+# The "annotations" rule generates a JSON object containing the key
+# "federation.kubernetes.io/replica-set-preferences" mapped to <preferences>.
+# The preferences values is generated dynamically by OPA when it evaluates the
+# rule.
+#
+# The SchedulingPolicy Admission Controller running inside the Federation API
+# server will merge these annotations into incoming Federated resources. By
+# setting replica-set-preferences, we can control the placement of Federated
+# ReplicaSets.
+#
+# Rules are defined to generate JSON values (booleans, strings, objects, etc.)
+# When OPA evaluates a rule, it generates a value IF all of the expressions in
+# the body evaluate successfully. All rules can be understood intuitively as
+# <head> if <body> where <body> is true if <expr-1> AND <expr-2> AND ...
+# <expr-N> is true (for some set of data.)
+annotations["federation.kubernetes.io/replica-set-preferences"] = preferences {
+    input.kind = "ReplicaSet"
+    value = {"clusters": cluster_map, "rebalance": true}
+    json.marshal(value, preferences)
+}
+
+# This "annotations" rule generates a value for the "federation.alpha.kubernetes.io/cluster-selector"
+# annotation.
+#
+# In English, the policy asserts that resources in the "production" namespace
+# that are not annotated with "criticality=low" MUST be placed on clusters
+# labelled with "on-premises=true".
+annotations["federation.alpha.kubernetes.io/cluster-selector"] = selector {
+    input.metadata.namespace = "production"
+    not input.metadata.annotations.criticality = "low"
+    json.marshal([{
+        "operator": "=",
+        "key": "on-premises",
+        "values": "[true]",
+    }], selector)
+}
+
+# Generates a set of cluster names that satisfy the incoming Federated
+# ReplicaSet's requirements. In this case, just PCI compliance.
+replica_set_clusters[cluster_name] {
+    clusters[cluster_name]
+    not insufficient_pci[cluster_name]
+}
+
+# Generates a set of clusters that must not be used for Federated ReplicaSets
+# that request PCI compliance.
+insufficient_pci[cluster_name] {
+    clusters[cluster_name]
+    input.metadata.annotations["requires-pci"] = "true"
+    not pci_clusters[cluster_name]
+}
+
+# Generates a set of clusters that are PCI certified. In this case, we assume
+# clusters are annotated to indicate if they have passed PCI compliance audits.
+pci_clusters[cluster_name] {
+    clusters[cluster_name].metadata.annotations["pci-certified"] = "true"
+}
+
+# Helper rule to generate a mapping of desired clusters to weights. In this
+# case, weights are static.
+cluster_map[cluster_name] = {"weight": 1} {
+    replica_set_clusters[cluster_name]
+}
+```

 <!--
 Shown below is the command to create the sample policy:
--- a/layouts/shortcodes/code.html
+++ b/layouts/shortcodes/code.html
@ -1,38 +0,0 @@
-{{ $p := .Page }}
-{{ $file := .Get "file" }}
-{{ $codelang := .Get "language" | default (path.Ext $file | strings.TrimPrefix ".") }} 
-{{ $fileDir := path.Split $file }}
-{{ $bundlePath := path.Join .Page.File.Dir $fileDir.Dir }}
-{{ $filename := path.Join $p.File.Dir $file }}
-{{ $ghlink := printf "https://%s/blob/master/content/%s/%s" site.Params.githubwebsiterepo .Page.Lang $filename | safeURL }}
-{{/* First assume this is a bundle and the file is inside it. */}}
-{{ $resource := $p.Resources.GetMatch (printf "%s*" $file ) }}
-{{ with $resource }}
-{{ $.Scratch.Set "content" .Content }}
-{{ else }}
-{{/* Read the file relative to the content root. */}}
-{{ $resource := readFile $filename}}
-{{ with $resource }}{{ $.Scratch.Set "content" . }}{{ end }}
-{{ end }}
-{{ if not ($.Scratch.Get "content") }}
-{{ errorf "[%s] %q not found in %q" site.Language.Lang $fileDir.File $bundlePath }}
-{{ end }}
-{{ with $.Scratch.Get "content" }}
-<table class="includecode" id="{{ $file | anchorize }}">
-    <thead>
-        <tr>
-            <th>
-                {{ with $ghlink }}<a href="{{ . }}" download="{{ $file }}">{{ end }}
-                    <code>{{ $file }} {{ $bundlePath }}</code>
-                {{ if $ghlink }}</a>{{ end }}
-                <img src="{{ "images/copycode.svg" | relURL }}" style="max-height:24px" onclick="copyCode('{{ $file | anchorize }}')" title="Copy {{ $file }} to clipboard">
-            </th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>{{ highlight . $codelang "" }}  </td>
-        </tr>
-    </tbody>
-</table>
-{{ end }}