Parameters
The parent key for all of the following parameters is espejote.
manifests_version
| type |
string |
| default |
|
The Git reference to the controller deployment manifests. The default is the tag of the controller image.
jsonnetLibraries
| type |
dictionary
|
The jsonnet libraries to deploy.
|
Only shared libraries, i.e. libraries in the component’s namespace, are supported. |
managedResources
| type |
dictionary |
| default |
{} |
The managed resources to deploy.
The keys are parsed as namespaced names <namespace>/<name> and used as names and namespaces of the managed resource.
If no namespace is provided the managed resource is created in the fallback namespace provided in the namespace parameter.
managedResources.<name>.metadata / managedResources.<name>.spec
| type |
dictionary |
||||||
| example |
|
The metadata and spec of the managed resource.
|
The component will automatically create the service account for the managed resource. If no service account is provided in the spec, the component will create a new one with the same name as the managed resource. |
|
The component will automatically create roles and cluster roles (and their bindings) to read the resources defined in the |
managedResources.<name>.clusterRules / managedResources.<name>.rules
| type |
dictionary |
||||
| example |
|
The keys of the rules and clusterRules dicts are ignored by the component, but can be used in the hierarchy to edit existing rules.
The component looks for keys apiGroups, resources and verbs in each value of the rules and clusterRules dicts.
Each value is transformed into an entry of the role’s rules list.
The component expects that the values of fields apiGroups, resources and verbs are lists, and removes entries prefixed with a tilde (~) from the final value used for the entry in the role’s rules list.
|
The component will create a role and a role binding for the given service account from the |
managedResources.<name>.clusterRoles / managedResources.<name>.roles
| type |
list |
||||
| example |
|
The clusterRoles and roles keys have the same behavior, one creates role bindings for the given roles and the other creates role bindings for the given cluster roles.
alerts
| type |
dictionary |
| example |
|
alerts defines the alerts to be installed.
The dictionary key is used as the name of the alert.
alerts.<name>.rule
| type |
dict |
Holds the configuration of the alert rule.
See Prometheus Alerting Rules for details.
Example
managedResources:
my-namespace/inject-configmap:
metadata:
annotations:
description: |
Adds a config map called test to any namespace with the label "managedresource-sample.espejote.io/inject-cm".
If the reconcile was triggered by a trigger as defined in `triggers` it only renders the required config map.
If the trigger is unknown or the managed resource itself was changed all config maps are rendered and applied.
spec:
serviceAccountRef:
name: espejote-inject-configmap
triggers:
- name: namespace
watchResource:
apiVersion: v1
kind: Namespace
labelSelector:
matchExpressions:
- key: managedresource-sample.espejote.io/inject-cm
operator: Exists
context:
- name: namespaces
resource:
apiVersion: v1
kind: Namespace
labelSelector:
matchExpressions:
- key: managedresource-sample.espejote.io/inject-cm
operator: Exists
template: |
local esp = import "espejote.libsonnet";
local samplelib = import "jsonnetlibrary-sample/sample.libsonnet";
local namespaces = esp.context().namespaces;
local cmForNs = function(ns) {
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
name: 'test',
namespace: ns.metadata.name,
},
data: {
sample: samplelib.Sample,
nsLabel: std.get(ns.metadata.labels, "managedresource-sample.espejote.io/inject-cm"),
},
};
if esp.triggerName() == "namespace" then [
cmForNs(esp.triggerData().resource),
] else [
cmForNs(ns) for ns in namespaces
]