Skiperator is an operator intended to make the setup of applications simple from
the users' point of view. When using the operator an application developer can
set up all associated resources for an optimal deployment using a simple custom
resource called Application
.
- The Dockerfile must build an image where the user ID is set to
150
as this UID is hard coded in Skiperator
Below you will find a list of all accepted input parameters to the Application
custom resource.
To see explanations and requirements for all inputs, see the documentation under the API documentation.
apiVersion: skiperator.kartverket.no/v1alpha1
kind: Application
metadata:
name: teamname-frontend
namespace: yournamespace
spec:
# Required, everything beyond image and port is optional
image: "kartverket/example"
port: 8080
priority: medium
additionalPorts:
- name: metrics-port
port: 8181
protocol: TCP
- name: another-port
port: 8282
protocol: TCP
command:
- node
- ./server.js
ingresses:
- testapp.dev.skip.statkart.no
replicas: 2
# or
replicas:
min: 2
max: 5
targetCpuUtilization: 80
gcp:
auth:
serviceAccount: some-serviceaccount@some-project-id.iam.gserviceaccount.com
env:
- name: ENV
value: PRODUCTION
- name: USERNAME
valueFrom:
configMapKeyRef:
name: some-configmap
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: some-secret
key: password
envFrom:
- configMap: some-configmap
- secret: some-secret
filesFrom:
- emptyDir: temp-dir
mountPath: /tmp
- configMap: some-configmap
mountPath: /var/run/configmap
- secret: some-secret
mountPath: /var/run/secret
- persistentVolumeClaim: some-pvc
mountPath: /var/run/volume
strategy:
type: RollingUpdate
liveness:
path: "/"
port: 8080
failureThreshold: 3
timeout: 1
initialDelay: 0
readiness:
# Readiness has the same options as liveness
path: ..
startup:
# Startup has the same options as liveness
path: ..
labels:
someLabel: some-label
resourceLabels:
Deployment:
labelKey: A value for the label
Service:
labelKeyOne: A value for the one label
labelKeyTwo: A value for the two label
prometheus:
port: 8181
path: "/metrics"
authorizationSettings:
allowAll: false
allowList:
- "/actuator/health"
- "/actuator/info"
resources:
limits:
cpu: 1000m # Avoid using this
memory: 1G
requests:
cpu: 25m
memory: 250M
enablePDB: true
accessPolicy:
inbound:
# The rules list specifies a list of applications. When no namespace is
# specified it refers to an app in the current namespace. For apps in
# other namespaces, namespace is required. Alternately you can define
# namespacesByLabel as a value-map of namespace labels. If both
# namespace and namespacesByLabel are defined for an application,
# namespacesByLabel is ignored
rules:
- application: other-app
- application: third-app
namespace: other-namespace
- application: fourth-app
namespacesByLabel:
somelabel: somevalue
anotherlabel: anothervalue
# outbound specifies egress rules. Which apps on the cluster and the
# internet are the Application allowed to send requests to? Alternately
# you can define namespacesByLabel as a value-map of namespace labels.
# If both namespace and namespacesByLabel are defined for an application,
# namespacesByLabel is ignored
outbound:
rules:
- application: some-app
namespacesByLabel:
somelabel: somevalue
- application: other-app
external:
- host: nrk.no
- host: smtp.mailgrid.com
ip: "123.123.123.123"
ports:
- name: smtp
protocol: TCP
port: 587
# podSettings are used to apply specific settings to the Pod Template used by Skiperator to create Deployments.
podSettings:
annotations:
some-annotation: some-value
terminationGracePeriodSeconds: 30
disablePodSpreadTopologyConstraints: false
# istioSettings are used to configure istio specific resources. Currently, adjusting sampling interval for tracing is
# the only supported option.
istioSettings:
telemetry:
tracing:
- randomSamplingPercentage: 10
Below you will find a list of all accepted input parameters to the SKIPJob
custom resource. Only types are shown here. The fields are documented in the API, see the API
apiVersion: skiperator.kartverket.no/v1alpha1
kind: SKIPJob
metadata:
namespace: sample
name: sample-job
spec:
cron:
schedule: "* * * * *"
suspend: false
startingDeadlineSeconds: 10
job:
activeDeadlineSeconds: 10
backoffLimit: 10
suspend: false
ttlSecondsAfterFinished:
prometheus:
path: /metrics
port: 8080
container:
# Pod
image: ""
command:
- ""
resources:
requests:
cpu: 10m
memory: 128Mi
limits:
memory: 256Mi
# Networking
accessPolicy:
inbound:
rules:
- application: ""
namespace: ""
outbound:
external:
- host: ""
ip: ""
ports:
- name: ""
port: 10
protocol: ""
additionalPorts:
- name: ""
port: 10
protocol: ""
# Volumes / environment
env:
- name: ""
value: ""
envFrom:
- configMap: ""
- secret: ""
filesFrom:
- mountPath: ""
# + one of:
secret: ""
configMap: ""
emptyDir: ""
persistentVolumeClaim: ""
gcp:
auth:
serviceAccount: ""
# Probes
startup:
path: ""
port: 0
failureThreshold: 0
initialDelay: 0
period: 0
successThreshold: 0
timeout: 0
# Same as startup
liveness:
...
readiness:
...
# Miscellaneous
priority: ""
restartPolicy: ""
Routing is a separate custom resource that can be used set ut path based routing for a Skiperator application. Use this
instead of the ingresses
field in the Application
custom resource. The routes are processed in order, so the last
route should be a catch-all route. This will only work for applications in the same namespace as the Routing resource.
Below you will find a list of all accepted input parameters to the Routing
custom resource. Only types are shown here. The fields are documented in the API, see the API
apiVersion: skiperator.kartverket.no/v1alpha1
kind: Routing
metadata:
name: sample-routing
namespace: sample
spec:
hostname: app.example.com
routes:
- pathPrefix: /api
rewriteUri: true
targetApp: backend-app
- pathPrefix: /
rewriteUri: false
targetApp: frontend-app
See CONTRIBUTING.md for information on how to develop the Skiperator.