This operator can be used to create any kubernetes object dynamically. Build your own templates using Kubernetes specs and set parameters to create new objects based on it.
Many kubernetes clusters are shared among many applications and teams. Sometimes services are available within the cluster scope and teams can use it to create or configure services using kubernetes spec (such as ConfigMap, Secret, PrometheusRule, ExternalDNS, etc.). Some of these specs are too complex or contains some configurations that we do not want to expose. You can automate it's creation using this operator.
This operator can create kubernete objects based on templates specs and simple namespaced parameters. You can give permissions to user create parameters specs but forbid templates specs and created objects from developers or users using the default Kubernetes RBAC system.
Use the file specs/object-template-operator.yaml to start deploy this operator with all permissions (dev/test mode). For production, see section about roles bellow.
kubectl apply -f https://raw.githubusercontent.com/ericogr/k8s-object-template-operator/master/specs/object-template-operator.yaml
This operator should be allowed to create objects defined in templates. With default permission, it can create any object, but it can be a bit tricky. The ClusterRole k8s-ot-manager-role
can be used to set permissions as needed.
See this example to add ConfigMap permission to this operator:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: k8s-ot-manager-role
rules:
# >> HERE, ADDED CONFIGMAP PERMISSIONS
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- list
- patch
- update
# <<
- apiGroups:
- template.k8s.ericogr.com.br
resources:
- objecttemplateparams
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- template.k8s.ericogr.com.br
resources:
- objecttemplateparams/status
verbs:
- get
- patch
- update
- apiGroups:
- template.k8s.ericogr.com.br
resources:
- objecttemplates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- template.k8s.ericogr.com.br
resources:
- objecttemplates/status
verbs:
- get
- patch
- update
You have two new CRD's: ObjectTemplate and ObjectTemplateParameters.
ObjectTemplate (non namespaced): template used to create kubernetes objects at users namespaces (can be used by k8s admins)
ObjectTemplateParameters (namespaced): parameters used to create objects in their namespace (can be used by k8s users/devs)
Use templates to scaffold kubernetes objects. Users can set your own parameters to create new objects based on pre confired templates.
---
apiVersion: template.k8s.ericogr.com.br/v1
kind: ObjectTemplate
metadata:
name: objecttemplate-configmap-test
spec:
description: ConfigMap test
parameters:
- name: name
default: Maria
- name: age
objects:
- kind: ConfigMap
apiVersion: v1
metadata:
labels:
label1: labelvalue1
label2: labelvalue2
annotations:
annotation1: annotationvalue1
annotation2: annotationvalue2
name: configmap-test
templateBody: |-
data:
name: '{{ .name }}'
age: '{{ .age }}'
You can use sintax like {{ .variable }}
to replace parameters. Let's say you created a template parameter with name/value name: foo
. You can use {{ .name }}
inside templateBody
template to be replaced in runtime. If you need to scape braces, use {{"{{anything}}"}}
.
There are many template functions library available to use. See some examples:
Remove spaces, convert to lowercase and truncate to 5 chars:
{{ .username | trim | lower | trunc 5 }}
Convert text to base64:
{{ .password | b64enc }}
Add 10 to age:
{{ .age | add 10 }}
More information: http://masterminds.github.io/sprig/
Name | Description |
---|---|
__namespace | Current namespace |
__apiVersion | API Version |
__kind | The name of kind |
__name | Name of object |
Users can define your own parameters to create new objects based on templates in their namespace.
---
apiVersion: template.k8s.ericogr.com.br/v1
kind: ObjectTemplateParams
metadata:
name: objecttemplateparams-sample
namespace: default
spec:
templates:
- name: objecttemplate-configmap-test
values:
name: foo
age: '32'