cue-flux-controller

README

cue-controller

The cue-controller is an experimental Kubernetes controller for the CUE language. It integrates with Flux using the GitOps Toolkit and enables building GitOps pipelines directly in CUE.

The cue-controller is heavily based on the codebase for kustomize-controller and will aim for feature parity insofar as it makes sense to do so.

Use cases:

• GitOps Kubernetes resources using pure CUE, CUE+yaml or yaml alone
• Validate CUE or yaml with policies written in CUE
• Manage applications and infrastructure using modules & packages
• Single policy language to rule them all: write policy for local development, CI and last-mile in CUE

Development Roadmap: Phase 1

• Build CUE instances from a source repository
• Specify the CUE working directory and module root
• Specify the CUE expression(s) from which the instance will build
• Set CUE tags and tag variables for the instance
• Specify module root, package and directory variables for CUE instance
• Apply manifests from a CUE instance
• Impersonation via ServiceAccount
• Remote cluster access via kubeconfig
• Prune Kubernetes resources removed from the CUE source
• Support for non-CUE files
• Policy-mode (use CUE only for schema validation, with configurable failure modes)
• Validation failure notifications (via notification controller)
• Dependency ordering using dependsOn
• Health checks for deployed workloads
• Support for decrypting secrets with Mozilla SOPS
• (TBD: Support for CUE tooling or workflows...)

Specifications:

• API

For more on CUE visit: https://cuelang.org/ For more on Flux visit: https://fluxcd.io/

Examples

Checkout https://github.com/phoban01/cuedemo for examples and patterns of using the cue-controller to build GitOps pipelines.

Usage

The cue-controller requires that you already have the GitOps toolkit controllers installed in your cluster. Visit https://fluxcd.io/docs/get-started/ for information on getting started if you are new to flux.

Installation

To install the latest release of the controller execute the following:

RELEASE=$(gh release list -R phoban01/cue-flux-controller -L 1 | awk '{print $1}')
RELEASE_MANIFESTS=https://github.com/phoban01/cue-flux-controller/releases/download/$RELEASE
kubectl apply -f "$RELEASE_MANIFESTS/cue-controller.crds.yaml"
kubectl apply -f "$RELEASE_MANIFESTS/cue-controller.rbac.yaml"
kubectl apply -f "$RELEASE_MANIFESTS/cue-controller.deployment.yaml"

This will install the cue-controller in the flux-system namespace.

Usage

Define a Git repository source

Create a source object that points to a Git repository containing Kubernetes manifests and a Cue module:

apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
  name: cuedemo
  namespace: default
spec:
  interval: 5m
  url: https://github.com/phoban01/cuedemo
  ref:
    branch: main

Define a CueInstance

Create a CueInstance resource that references the GitRepository source previously defined. The CueInstance specifies the module root and the expression we wish to build.

apiVersion: cue.contrib.flux.io/v1alpha1
kind: CueInstance
metadata:
  name: podinfo
  namespace: default
spec:
  interval: 5m
  root: "./examples/podinfo"
  expressions:
  - out
  tags:
  - name: hpa
  prune: true
  sourceRef:
    kind: GitRepository
    name: cuedemo

Verify that the resources have been deployed:

kubectl -n default get sa,po,svc,hpa -l app=podinfo

Should return similar to the following:

NAME                     SECRETS   AGE
serviceaccount/podinfo   1         10s

NAME                           READY   STATUS    RESTARTS   AGE
pod/podinfo-59b967cb85-vd42l   1/1     Running   0          11s

NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/podinfo   ClusterIP   10.96.171.221   <none>        9898/TCP   5s

NAME                                          REFERENCE            TARGETS                          MINPODS   MAXPODS   REPLICAS   AGE
horizontalpodautoscaler.autoscaling/podinfo   Deployment/podinfo   <unknown>/500Mi, <unknown>/75%   1         4         1          10s

License