Razee: component to use the Mustache template processor on kubernetes resource configurations.
Usage no npm install needed!
<script type="module">
import razeeMustachetemplate from 'https://cdn.skypack.dev/@razee/mustachetemplate';
</script>
README
MustacheTemplate
MustacheTemplate is the next step of complexity when working with Razee. With
MustacheTemplate we can inject cluster specific environment variables into
resources before applying them to a cluster. We even use this injection method
as the mechanism for version control of our resources.
The basic operation of MustacheTemplate is to collect all values defined in
.spec.envFrom and .spec.env, then use those values to process all yaml
defined in the .spec.templates, and finally apply the processed yaml to the cluster.
Description: Impersonates a user for the given resource. This includes all
actions the controller must make related to the resource (fetching envs, getting
resources, applying resources, etc.). The RazeeDeploy resource must be created in
the razeedeploy namespace in order to use impersonateUser, all other namespaces
will ignore impersonateUser and default to the razeedeploy user (eg. no user impersonation).
ImpersonateUser only applies to the single RazeeDeploy resource that it has been
added to.
Note:: If cluster owners want to prevent users, with direct cluster access, from
using user-impersonation, they should prevent those users from creating RazeeDeploy
resources in the razeedeploy namespace. In the future we will have an Admission
Controller that should improve security and eliminate the need for the razeedeploy
namespace scoping. razeedeploy-core #189
Description: Specifying custom tags will override the default mustache tags.
This can be useful when you need to reserve {{ }} for some other processing.
Description: Allows you to pull in all values from a resource's .data section
to be used in template processing. ie. ConfigMaps would use the configMapRef key
and CRDs with a high level .data section can be pulled in by using the
genericMapRef key. The keys pulled from the resource are what you would use
to match values into your templates.
Note: values are loaded in from .spec.envFrom before .spec.env, and
top down. Any values with the same key/name will be overwritten, last in wins.
Description: If fetching env/envFrom resource fails, MustacheTemplate will stop
execution and report error to .status. You can allow execution to continue by
marking a reference as optional.
Schema:
optional:
type: boolean
Default:false
Env
Path:.spec.env
Description: Allows you to pull in a single value from a resource's .data
section to be used in template processing. ie. ConfigMaps would use the
configMapKeyRef key and CRDs with a high level .data section can be pulled
from by using the genericKeyRef key. .spec.env.name is what you would use to
match values into your templates. You can also specify a type that we will
convert your fetched string into, before injecting into your template (one of
[number, boolean, json, jsonString, base64]). Note: when no type is specified,
the value will be treated as a normal string.
Note: values are loaded in from .spec.envFrom before .spec.env, and
top down. Any values with the same key/name will be overwritten, last in wins.
If you want to have json values merged, specify overrideStrategy: merge
Description: If fetching env/envFrom resource fails, MustacheTemplate will stop
execution and report error to .status. You can allow execution to continue by
marking a reference as optional: true.
Schema:
optional:
type: boolean
Default:false
Env Default
Path:.spec.env[].default
Description: If fetching env/envFrom resource fails, but .spec.env[].optional
is true and .spec.env[].default is defined, the default value will be used.
Schema:
default:
x-kubernetes-int-or-string: true
Env OverrideStrategy
Path:.spec.env[].overrideStrategy
Description: If you are loading envs as json, and you want to allow overrided
values to merge instead of just replacing, specify overrideStrategy: merge.
Note: If either env defined is not a json object when merge is specified, the
behavior will revert to replace instead of merge (ie. a json object is loaded first,
then a jsonString is loaded second with overrideStrategy: merge specified. the
jsonString will replace the first json object instead of trying to merge with it.)
A razeedeploy resource (parent) will clean up a resources it applies (child)
when either the child is no longer in the parent resource definition or the
parent is deleted.
false
This behavior can be overridden when a child's resource definition has
the label deploy.razee.io/Reconcile=false.
Razeedeploy resources default to merge patching children. This behavior can be
overridden when a child's resource definition has the label
deploy.razee.io/mode=<mode>
Mode options:
DEFAULT: MergePatch
A simple merge, that will merge objects and replace arrays. Items previously
defined, then removed from the definition, will be removed from the live resource.
"As defined in RFC7386, a Merge Patch
is essentially a partial representation of the resource. The submitted JSON is
"merged" with the current resource to create a new one, then the new one is
saved. For more details on how to use Merge Patch, see the RFC." Reference
StrategicMergePatch
A more complicated merge, the kubernetes apiServer has defined keys to be
able to intelligently merge arrays it knows about.
"Strategic Merge Patch is a custom implementation of Merge Patch. For a
detailed explanation of how it works and why it needed to be introduced, see
StrategicMergePatch."
Reference
Treats the live resource as EnsureExist. If any Kapitan component is enforcing
the resource, and the label deploy.razee.io/debug: true exists on the live
resource, it will treat the resource as ensure exist and not override any changes.
This is useful for when you need to debug a live resource and don't want Kapitan
overriding your changes. Note: this will only work when you add it to live resources.
If you want to have the EnsureExist behavior, see Resource Update Mode.
Prevents the controller from updating resources on the cluster. If this is the
first time creating the razeedeploy-config ConfigMap, you must delete the running
controller pods so the deployment can mount the ConfigMap as a volume. If the
razeedeploy-config ConfigMap already exists, just add the pair lock-cluster: true.