combo

command module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 11, 2022 License: Apache-2.0 Imports: 4 Imported by: 0

README

combo

combo is a Kubernetes controller that generates and applies resources for all combinations of a manifest template and its arguments.

What on earth does "all combinations" mean!?

For example, say combo is given a template containing 1 parameter -- i.e. distinct token to replaced -- and 2 arguments for that parameter (value to replace a parameter with), then combo will output 2 evaluations (one for each argument).

e.g.

template:

PARAM_1

arguments:

PARAM_1:
- a
- b

evaluations:

---
a
---
b

Simple enough, right? What about something more advanced...

Suppose we give combo a template with 2 parameters and 3 arguments for each parameter.

e.g.

template:

PARAM_1: PARAM_2

arguments:

PARAM_1:
- a
- b
PARAM_2:
- c
- d
- e

evaluations:

---
a: c
---
a: d
---
a: e
---
b: c
---
b: d
---
b: e

Wait, can't Helm do this?

It could, but getting this experience from Helm would require:

  • the use of nested Go Template loops
  • carrying along the rest of the ecosystem; e.g. I don't want to think about Helm charts for something this simple

Can I generate combinations locally?

Yes! There is a built in CLI interaction via the binary. Let's look at the same example we used for the controller in this context.

First, create a simple YAML file that defines two arguments.

# ./sample_input.yaml
PARAM_1: PARAM_2

Next, go ahead and run the eval subcommand.

make build-cli
./combo eval -r PARAM_1=a,b -r PARAM_2=c,d,e sample_input.yaml

This will run the same logic that the controller utilizes to generate combinations and output them to stdout. The above command will produce the following:

---
a: c
---
a: d
---
a: e
---
b: c
---
b: d
---
b: e

Primary use cases

To parameterize RBAC and other namespace-scoped resources so they can be stamped out as necessary later on.

$ cat <<EOF | kubectl create -f -
apiVersion: combo.io/v1alpha1
kind: Template
metadata:
  name: feature
spec:
  body: |
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: feature-controller
      namespace: TARGET_NAMESPACE
    subjects:
    - kind: ServiceAccount
      name: controller
      namespace: feature
    roleRef:
      kind: ClusterRole
      name: feature-controller
      apiGroup: rbac.authorization.k8s.io
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      generateName: feature-user-
      namespace: TARGET_NAMESPACE
    subjects:
    - kind: Group
      name: TARGET_GROUP
      namespace: TARGET_NAMESPACE
      apiGroup: rbac.authorization.k8s.io
    roleRef:
      kind: ClusterRole
      name: feature-user
      apiGroup: rbac.authorization.k8s.io
  parameters:
  - TARGET_GROUP
  - TARGET_NAMESPACE
EOF

Assuming the existence of the feature-controller and feature-user ClusterRoles as well as the feature, staging, and prod Namespaces, instantiate all resource/argument combinations with a Combination:

$ cat <<EOF | kubectl create -f -
apiVersion: combo.io/v1alpha1
kind: Combination
metadata:
  name: enable-feature
spec:
  template: feature
  arguments:
  - key: TARGET_GROUP
    values:
    - "sre"
    - "system:serviceaccounts:ci"
  - key: TARGET_NAMESPACE
    values:
    - staging
    - prod
EOF

combo then surfaces the evaluated template in the status:

$ kubectl get combination -o yaml
apiVersion: combo.io/v1alpha1
kind: Combination
metadata:
  name: enable-feature
spec:
  template:
    name: feature
  arguments:
  - key: TARGET_GROUP
    values:
    - "sre"
    - "system:serviceaccounts:ci"
  - key: TARGET_NAMESPACE
    values:
    - staging
    - prod
status:
  evaluated:
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: feature-controller
      namespace: staging
    subjects:
    - kind: ServiceAccount
      name: controller
      namespace: feature
    roleRef:
      kind: ClusterRole
      name: feature-controller
      apiGroup: rbac.authorization.k8s.io
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      generateName: feature-user-
      namespace: staging
    subjects:
    - kind: Group
      name: sre
      namespace: staging
      apiGroup: rbac.authorization.k8s.io
    roleRef:
      kind: ClusterRole
      name: feature-user
      apiGroup: rbac.authorization.k8s.io
      ...

Ulterior motives

Our "hidden" agenda with combo is for it to:

  • serve as an example of best-practices when building operators
  • be used to dog food operator-framework packaging formats (e.g. OLM, rukpak, etc)
  • become a dependency of operators that require post-install configuration (e.g. RBAC scoping, secret creation, etc)
  • serve as a cruft-free way to up-skill new maintainers through easy contributions

Planned Features

The combo project is currently in active development and you can find up-to-date, tracked work in the Combo Project Board.

Introducing or discussing new roadmap items can be done by opening an issue.

Before opening an issue, it's recommended to check whether a similar issue is already open to avoid duplicating roadmap efforts.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
api
Package api contains type definitions for all external versions of combo's APIs.
Package api contains type definitions for all external versions of combo's APIs.
v1alpha1
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
pkg
test

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL