Parameters
The parent key for all of the following parameters is espejote
.
manifests_version
type |
string |
default |
|
The Git reference to the controller deployment manifests. The default is the tag of the controller image.
jsonnetLibraries
type |
dictionary |
||||||||
example |
|
The jsonnet libraries to deploy. Can be shared, if set without namespace prefix or namespaced if the key contains a namespace prefix.
managedResources
type |
dictionary |
default |
{} |
The managed resources to deploy.
The keys are parsed as namespaced names <namespace>/<name>
and used as names and namespaces of the managed resource.
If no namespace is provided the managed resource is created in the fallback namespace provided in the namespace
parameter.
managedResources.<name>.metadata
/ managedResources.<name>.spec
type |
dictionary |
||||||
example |
|
The metadata and spec of the managed resource.
The component will automatically create the service account for the managed resource. If no service account is provided in the spec, the component will create a new one with the same name as the managed resource. |
The component will automatically create roles and cluster roles (and their bindings) to read the resources defined in the The library guesses the resource name and scope from the kind.
Those parameters can’t be guessed reliably without access to the cluster API.
The guess can be overridden with the
|
managedResources.<name>._roles
/ managedResources.<name>._clusterRoles
type |
dictionary |
||||||
example |
|
The keys of the _roles
and _clusterRoles
are the names of the roles and cluster roles to create.
The names are prefixed with the namespace and the name of the managed resource to prevent name collisions.
The values are the manifests of the roles and cluster roles.
A role binding or cluster role binding is automatically created for the roles and cluster roles with the service account of the managed resource.
managedResources.<name>._clusterRoleBindings
/ managedResources.<name>._roleBindings
type |
list |
||||
example |
|
The _clusterRoleBindings
and _roleBindings
keys have the same behavior, one creates role bindings for the given roles and the other creates role bindings for the given cluster roles.
alerts
type |
dictionary |
example |
|
alerts
defines the alerts to be installed.
The dictionary key is used as the name of the alert.
alerts.<name>.rule
type |
dict |
Holds the configuration of the alert rule.
See Prometheus Alerting Rules for details.
Example
managedResources:
my-namespace/inject-configmap:
metadata:
annotations:
description: |
Adds a config map called test to any namespace with the label "managedresource-sample.espejote.io/inject-cm".
If the reconcile was triggered by a trigger as defined in `triggers` it only renders the required config map.
If the trigger is unknown or the managed resource itself was changed all config maps are rendered and applied.
spec:
serviceAccountRef:
name: espejote-inject-configmap
triggers:
- name: namespace
watchResource:
apiVersion: v1
kind: Namespace
labelSelector:
matchExpressions:
- key: managedresource-sample.espejote.io/inject-cm
operator: Exists
context:
- name: namespaces
resource:
apiVersion: v1
kind: Namespace
labelSelector:
matchExpressions:
- key: managedresource-sample.espejote.io/inject-cm
operator: Exists
template: |
local esp = import "espejote.libsonnet";
local samplelib = import "jsonnetlibrary-sample/sample.libsonnet";
local namespaces = esp.context().namespaces;
local cmForNs = function(ns) {
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
name: 'test',
namespace: ns.metadata.name,
},
data: {
sample: samplelib.Sample,
nsLabel: std.get(ns.metadata.labels, "managedresource-sample.espejote.io/inject-cm"),
},
};
if esp.triggerName() == "namespace" then [
cmForNs(esp.triggerData().resource),
] else [
cmForNs(ns) for ns in namespaces
]