-
Notifications
You must be signed in to change notification settings - Fork 226
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
klippy: a controller that auto-instantiates packages
This controller will automatically create draft package instances where the bindings are satisfied. If the bindings are sufficiently constraining, this can act as a guided workflow to help users do the next right thing.
- Loading branch information
Showing
9 changed files
with
659 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| # Overview | ||
|
|
||
| klippy is a controller that proposes creating packages as a child of a | ||
| parent package, where all the bindings can be satisfied. | ||
|
|
||
| The idea is that packages in this "proposed by robot" state can | ||
| provide a guided authoring experience, and we can communicate these | ||
| paths through the existing API. | ||
|
|
||
| The controller and the idea of package proposals should be considered | ||
| exploration / experimental. | ||
|
|
||
| # Bindings | ||
|
|
||
| The idea of bindings is that a blueprint author can include some | ||
| objects that are specially marked with the | ||
| `config.kubernetes.io/local-config` = `binding` annotation. Those are | ||
| binding objects. | ||
|
|
||
| Because those binding objects are `local-config`, they will not be | ||
| applied to the cluster as part of the package. Instead, those objects | ||
| normally come from a parent package. | ||
|
|
||
| The value of a binding object comes when we replace the placeholder | ||
| values with the actual values from the parent. We do a semantically | ||
| aware rename, so - for example - if a binding objects is a namespace, | ||
| all the objects in the binding placeholder namespace would be changed | ||
| to be in the newly bound namespace. | ||
|
|
||
| If the object is something like a ConfigMap, we would update all the | ||
| references to that ConfigMap, for example in pod volumes. | ||
|
|
||
| # klippy: auto-binding | ||
|
|
||
| The idea of the klippy controller therefore is to eagerly look for | ||
| places where we can instantiate a child package under a parent | ||
| package, where all the bindings can be satisfied. | ||
|
|
||
| We match bindings based on the Group/Version/Kind. Additionally, if | ||
| the binding object has labels, we'll look for those labels on the | ||
| parent package object (this was needed because otherwise we were | ||
| over-proposing on common objects like Namespaces, in practice we need | ||
| some sort of "intent" label on Namespaces or GCP Projects/Folders, | ||
| that indicates what we expect them to contain) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| # Copyright 2022 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRole | ||
| metadata: | ||
| creationTimestamp: null | ||
| name: porch-controllers-klippy | ||
| rules: | ||
| - apiGroups: | ||
| - porch.kpt.dev | ||
| resources: | ||
| - packagerevisionresources | ||
| verbs: | ||
| - create | ||
| - delete | ||
| - get | ||
| - list | ||
| - patch | ||
| - update | ||
| - watch | ||
| - apiGroups: | ||
| - porch.kpt.dev | ||
| resources: | ||
| - packagerevisionresources/status | ||
| verbs: | ||
| - get | ||
| - patch | ||
| - update | ||
| - apiGroups: | ||
| - porch.kpt.dev | ||
| resources: | ||
| - packagerevisions | ||
| verbs: | ||
| - create | ||
| - delete | ||
| - get | ||
| - list | ||
| - patch | ||
| - update | ||
| - watch | ||
| - apiGroups: | ||
| - porch.kpt.dev | ||
| resources: | ||
| - packagerevisions/status | ||
| verbs: | ||
| - get | ||
| - patch | ||
| - update |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # Copyright 2022 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRoleBinding | ||
| metadata: | ||
| name: porch-system:porch-controllers-klippy | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: porch-controllers-klippy | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: porch-controllers | ||
| namespace: porch-system |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| // Copyright 2022 Google LLC | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||
| // you may not use this file except in compliance with the License. | ||
| // You may obtain a copy of the License at | ||
| // | ||
| // http://www.apache.org/licenses/LICENSE-2.0 | ||
| // | ||
| // Unless required by applicable law or agreed to in writing, software | ||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| package klippy | ||
|
|
||
| //go:generate go run sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0 rbac:roleName=porch-controllers-klippy webhook paths="./..." output:rbac:artifacts:config=config/rbac |
Oops, something went wrong.