This purpose of this organisation is to provide generally usable functions for operating on configuration-as-code using the Kubernetes Resource Model (KRM) as defined in KRM Functions Specification.
For a general introduction to using KRM functions see Replacing Helm and Kustomize with KRM Functions — a New Approach to Configuration Management.
For an broader description on how to use and develop new KRM functions see the kpt book.
Functions:
| Name | Description |
|---|---|
| apply-setters | A re-implementation and improvement of the baseline apply-setters function, which supports merge of multiple sources of apply-setters configuration and accepts configuration through both function-config and primary resource list. Also supports reading setter values from other resources. |
| digester | A function that can lookup container image digests for Helm charts and write-back digests into chart values. |
| gatekeeper | A re-implementation of the baseline gatekeeper function, which suppors newer variants of the Rego language (e.g. as used in the gatekeeper-library) and which support gatekeeper expansions |
| helm-upgrader | Function for automating upgrades of Helm chart specifications in e.g. KRM RenderHelmChart format. Supports upgrade constraints. |
| kubeconform | Function for validating resource schemas. Replacement for kubeval. |
| render-helm-chart | A re-implementation of the baseline render-helm-chart function, which can be used in declarative pipelines through Kptfiles. |
| source-packages | Declarative management of fleets of kpt packages, similar to helmfile |
| source-helm-chart | A function that implements sourcing of helm charts to support rendering using declarative pipelines. This function augments render-helm-chart. |
Function images are signed using Cosign and provenance can be verified as e.g.:
export FUNCTION_IMAGE=ghcr.io/krm-functions/source-packages@sha256:sha256:30e52b8976e867d50d0a1745e2577c806790987befb477e3ca8ea53bd0aa3859
export BUILDER=https://github.com/krm-functions/catalog/.github/workflows/build.yaml
cosign verify --certificate-identity $BUILDER@refs/heads/main --certificate-oidc-issuer https://token.actions.githubusercontent.com $FUNCTION_IMAGE
See below for latest image digests and builders.
| Function | Digest | Builder |
|---|---|---|
| apply-setters | ghcr.io/krm-functions/apply-setters@sha256:sha256:18c6f1b3ad30ed6599ff13388e9632945fcb2d32d26c7284235b85c3c295de78 |
1 |
| digester | ghcr.io/krm-functions/digester@sha256:sha256:f08710681314ca57a308ef8b5b0f373e2be0468c1ae83faf98e4f1b0f7f22834 |
1 |
| gatekeeper | ghcr.io/krm-functions/gatekeeper@sha256:8c4524d8538e6d50842c3eec70c932672457189e09f2e10ee6616b9b74d867e6 |
2 |
| helm-upgrader | ghcr.io/krm-functions/helm-upgrader@sha256:sha256:8a31e20c5a02eb992d67b1705aea4bb9eeefe4c93b0bf9d95677584180b04062 |
1 |
| kubeconform | ghcr.io/krm-functions/kubeconform@sha256:sha256:aab67e8b52eebd95cb068314818bbc3b05059ff3b71d3de84a661a1df4718b73 |
1 |
| render-helm-chart | ghcr.io/krm-functions/render-helm-chart@sha256:sha256:2594819377e5409a053db7a903f76ae9ac64622c7daf361bbafa1fd28cc9f9db |
1 |
| source-packages | ghcr.io/krm-functions/source-packages@sha256:sha256:30e52b8976e867d50d0a1745e2577c806790987befb477e3ca8ea53bd0aa3859 |
1 |
| source-helm-chart | ghcr.io/krm-functions/source-helm-chart@sha256:sha256:1ec2a7070b7b0d01dd8c457299887c1d751bb148c5ec0317f9945e94782f8679 |
1 |
Builders:
1: https://github.com/krm-functions/catalog/.github/workflows/build.yaml
2: https://github.com/krm-functions/gatekeeper/.github/workflows/build.yaml
The following are references to other KRM functions. These functions
are not associated with this krm-functions organization.
Generally there is also several functions available as 'kustomize plugins'.