resourcegen: unique names for initializer and tls certs volume

docs/docs/components/service-mesh.md

@@ -56,19 +56,19 @@ spec:
     spec:
       runtimeClassName: contrast-cc
       initContainers:
-        - name: initializer
+        - name: contrast-initializer
           image: "ghcr.io/edgelesssys/contrast/initializer@sha256:..."
           env:
             - name: COORDINATOR_HOST
               value: coordinator
           volumeMounts:
-            - name: tls-certs
+            - name: contrast-tls-certs-volume
               mountPath: /tls-config
         - name: sidecar
           image: "ghcr.io/edgelesssys/contrast/service-mesh-proxy@sha256:..."
           restartPolicy: Always
           volumeMounts:
-            - name: tls-certs
+            - name: contrast-tls-certs-volume
               mountPath: /tls-config
           env:
             - name: EDG_INGRESS_PROXY_CONFIG
@@ -87,10 +87,10 @@ spec:
             - containerPort: 7890
               name: metrics
           volumeMounts:
-            - name: tls-certs
+            - name: contrast-tls-certs-volume
               mountPath: /tls-config
       volumes:
-        - name: tls-certs
+        - name: contrast-tls-certs-volume
           emptyDir: {}
 ```
 
@@ -128,19 +128,19 @@ spec:
     spec:
       runtimeClassName: contrast-cc
       initContainers:
-        - name: initializer
+        - name: contrast-initializer
           image: "ghcr.io/edgelesssys/contrast/initializer@sha256:..."
           env:
             - name: COORDINATOR_HOST
               value: coordinator
           volumeMounts:
-            - name: tls-certs
+            - name: contrast-tls-certs-volume
               mountPath: /tls-config
         - name: sidecar
           image: "ghcr.io/edgelesssys/contrast/service-mesh-proxy@sha256:..."
           restartPolicy: Always
           volumeMounts:
-            - name: tls-certs
+            - name: contrast-tls-certs-volume
               mountPath: /tls-config
           env:
             - name: EDG_EGRESS_PROXY_CONFIG
@@ -154,9 +154,9 @@ spec:
         - name: currency-conversion
           image: ghcr.io/edgelesssys/conversion:v1.2.3@...
           volumeMounts:
-            - name: tls-certs
+            - name: contrast-tls-certs-volume
               mountPath: /tls-config
       volumes:
-        - name: tls-certs
+        - name: contrast-tls-certs-volume
           emptyDir: {}
 ```

docs/docs/deployment.md

@@ -67,22 +67,22 @@ To specify that a workload (pod, deployment, etc.) should be deployed as confide
 add `runtimeClassName: contrast-cc` to the pod spec (pod definition or template).
 This is a placeholder name that will be replaced by a versioned `runtimeClassName` when generating policies.
 In addition, add the Contrast Initializer as `initContainers` to these workloads and configure the
-workload to use the certificates written to a `volumeMount` named `tls-certs`.
+workload to use the certificates written to a `volumeMount` named `contrast-tls-certs-volume`.
 
 ```yaml
 spec: # v1.PodSpec
   runtimeClassName: contrast-cc
   initContainers:
-  - name: initializer
+  - name: contrast-initializer
     image: "ghcr.io/edgelesssys/contrast/initializer:latest"
     env:
     - name: COORDINATOR_HOST
       value: coordinator
     volumeMounts:
-    - name: tls-certs
+    - name: contrast-tls-certs-volume
       mountPath: /tls-config
   volumes:
-  - name: tls-certs
+  - name: contrast-tls-certs-volume
     emptyDir: {}
 ```
 
@@ -120,7 +120,7 @@ spec: # v1.PodSpec
     - name: EDG_EGRESS_PROXY_CONFIG
       value: "backend#127.0.0.2:4001#backend.default:4001"
     volumeMounts:
-    - name: tls-certs
+    - name: contrast-tls-certs-volume
       mountPath: /tls-config
 ```
 

internal/kuberesource/parts.go

@@ -260,14 +260,14 @@ func PortForwarderForService(svc *applycorev1.ServiceApplyConfiguration) *applyc
 // Initializer creates a new InitializerConfig.
 func Initializer() *applycorev1.ContainerApplyConfiguration {
 	return applycorev1.Container().
-		WithName("initializer").
+		WithName("contrast-initializer").
 		WithImage("ghcr.io/edgelesssys/contrast/initializer:latest").
 		WithResources(ResourceRequirements().
 			WithMemoryRequest(50),
 		).
 		WithEnv(NewEnvVar("COORDINATOR_HOST", "coordinator")).
 		WithVolumeMounts(VolumeMount().
-			WithName("tls-certs").
+			WithName("contrast-tls-certs-volume").
 			WithMountPath("/tls-config"),
 		)
 }
@@ -279,7 +279,7 @@ func ServiceMeshProxy() *applycorev1.ContainerApplyConfiguration {
 		WithImage("ghcr.io/edgelesssys/contrast/service-mesh-proxy:latest").
 		WithRestartPolicy(corev1.ContainerRestartPolicyAlways).
 		WithVolumeMounts(VolumeMount().
-			WithName("tls-certs").
+			WithName("contrast-tls-certs-volume").
 			WithMountPath("/tls-config"),
 		).
 		WithSecurityContext(SecurityContext().

rfc/005-generate-injection.md

@@ -39,7 +39,7 @@ Here is a proposed way to do this that optimizes for the common case where most
 To make `contrast generate` idempotent and handle potential edge cases, we will implement the following behavior:
 
 1. *Container name conflict:*
-   - Use a highly unique name for the initializer container, like `contrast-initializer-container.` This virtually eliminates the chances of name conflicts with user containers.
+   - Use a highly unique name for the initializer container, like `contrast-initializer.` This virtually eliminates the chances of name conflicts with user containers.
    - If an `initContainer` with the same unique name already exists, overwrite it with the current version of the Contrast initializer.
    - If no matching `initContainer` is found, inject a new one using the current version of the Contrast initializer and the unique name.
    - If other `initContainers` exist, insert the Contrast initializer as the first one in the list.