Skip to content
/ k8s-object-template-operator Public

Kubernetes operator used to create Kubernetes objects based on templates specs and user namespaced parameters specs.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ericogr/k8s-object-template-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits

.circleci

.circleci

 
 

.vscode

.vscode

 
 

apis/v1

apis/v1

 
 

config

config

 
 

controllers/template

controllers/template

 
 

hack

hack

 
 

img

img

 
 

specs

specs

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

Makefile

Makefile

 
 

PROJECT

PROJECT

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

rbac-general.go

rbac-general.go

 
 

Repository files navigation

K8S Object Template Operator CircleCI

This operator can be used to create any kubernetes object dynamically. Build your own templates using Kubernetes specs and set parameters to create new objects based on it.

Use case

Many kubernetes clusters are shared among many applications and teams. Sometimes services are available within the cluster scope and teams can use it to create or configure services using kubernetes spec (such as ConfigMap, Secret, PrometheusRule, ExternalDNS, etc.). Some of these specs are too complex or contains some configurations that we do not want to expose. You can automate it's creation using this operator.

This operator can create kubernete objects based on templates specs and simple namespaced parameters. You can give permissions to user create parameters specs but forbid templates specs and created objects from developers or users using the default Kubernetes RBAC system.

Installation

Use the file specs/object-template-operator.yaml to start deploy this operator with all permissions (dev/test mode). For production, see section about roles bellow.

kubectl apply -f https://raw.githubusercontent.com/ericogr/k8s-object-template-operator/master/specs/object-template-operator.yaml

Additionals Kubernetes Roles

This operator should be allowed to create objects defined in templates. With default permission, it can create any object, but it can be a bit tricky. The ClusterRole k8s-ot-manager-role can be used to set permissions as needed.

See this example to add ConfigMap permission to this operator:

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: k8s-ot-manager-role
rules:
# >> HERE, ADDED CONFIGMAP PERMISSIONS
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - create
  - get
  - list
  - patch
  - update
# <<
- apiGroups:
  - template.k8s.ericogr.com.br
  resources:
  - objecttemplateparams
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - template.k8s.ericogr.com.br
  resources:
  - objecttemplateparams/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - template.k8s.ericogr.com.br
  resources:
  - objecttemplates
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - template.k8s.ericogr.com.br
  resources:
  - objecttemplates/status
  verbs:
  - get
  - patch
  - update

New Custom Resource Definitions (CRD's)

You have two new CRD's: ObjectTemplate and ObjectTemplateParameters.

ObjectTemplate (non namespaced): template used to create kubernetes objects at users namespaces (can be used by k8s admins)

ObjectTemplateParameters (namespaced): parameters used to create objects in their namespace (can be used by k8s users/devs)

Templates (ObjectTemplate)

Use templates to scaffold kubernetes objects. Users can set your own parameters to create new objects based on pre confired templates.

Template example

---
apiVersion: template.k8s.ericogr.com.br/v1
kind: ObjectTemplate
metadata:
  name: objecttemplate-configmap-test
spec:
  description: ConfigMap test
  parameters:
  - name: name
    default: Maria
  - name: age
  objects:
  - kind: ConfigMap
    apiVersion: v1
    metadata:
      labels:
        label1: labelvalue1
        label2: labelvalue2
      annotations:
        annotation1: annotationvalue1
        annotation2: annotationvalue2
    name: configmap-test
    templateBody: |-
      data:
        name: '{{ .name }}'
        age: '{{ .age }}'

Basic Template Substitution System

You can use sintax like {{ .variable }} to replace parameters. Let's say you created a template parameter with name/value name: foo. You can use {{ .name }} inside templateBody template to be replaced in runtime. If you need to scape braces, use {{"{{anything}}"}}.

Library template functions (by Sprig)

There are many template functions library available to use. See some examples:

Remove spaces, convert to lowercase and truncate to 5 chars:

{{ .username | trim | lower | trunc 5 }}

Convert text to base64:

{{ .password | b64enc }}

Add 10 to age:

{{ .age | add 10 }}

More information: http://masterminds.github.io/sprig/

System Runtime Variables

Name Description
__namespace Current namespace
__apiVersion API Version
__kind The name of kind
__name Name of object

Parameters (ObjectTemplateParams)

Users can define your own parameters to create new objects based on templates in their namespace.

Parameters example

---
apiVersion: template.k8s.ericogr.com.br/v1
kind: ObjectTemplateParams
metadata:
  name: objecttemplateparams-sample
  namespace: default
spec:
  templates:
  - name: objecttemplate-configmap-test
    values:
      name: foo
      age: '32'

About

Kubernetes operator used to create Kubernetes objects based on templates specs and user namespaced parameters specs.

Topics

kubernetes template controller object operator k8s operators crd kubebuilder kubernetes-objects

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 6

v0.0.6 Latest
Mar 29, 2021
+ 5 releases

Packages

No packages published

Languages