Resource Locker Operator: A Commodore component to manage Resource Locker Operator
The Resource Locker Operator: A Commodore component to manage Resource Locker Operator allows you to specify a set of configurations that the operator will "keep in place" (lock) preventing any drifts.
The component provides the Jsonnet library resource-locker.libjsonnet
, which other components can use to provide configurations for the operator.
The component library generates unique names for the Kubernetes resources required to apply a patch. The resource names are generated to be unique, even if multiple components try to patch the same target object. Additionally, the component library adds labels and annotations containing human-readable information about the resource to patch and the component managing the patch. |
The component library will grant a manager ServiceAccount For the same reason, the library will grant a manager ServiceAccount The component doesn’t actually grant the ServiceAccount the |
A brief usage example which creates a configuration for the operator which enforces the presence of a resource quota object in namespace default
:
local kube = 'import lib/kube.libjsonnet';
local rl = 'import lib/resource-locker.libjsonnet';
local quota = kube._Object('v1', 'ResourceQuota', 'test-quota') {
metadata+: {
namespace: 'default',
},
spec: {
hard: {
'requests.cpu': '4',
'requests.memory': '4Gi',
},
},
};
{
'10_default_resourcequota': rl.Resource(quota),
}
An example which patches the version of the kube-proxy
DaemonSet in the kube-system
namespace for AWS EKS clusters:
This example assumes that the inventory contains a key eks
which holds the EKS cluster version in eks.version
, a list of AWS/EKS docker registries in eks.registry.<cloud-region>
and the kube-proxy version for each supported EKS version in eks.addons.kube-proxy.<eks-version>
.
For this example, the format of the eks.version
field must match the keys in eks.addons.kube-proxy
.
local kube = import 'lib/kube.libjsonnet';
local rl = import 'lib/resource-locker.libjsonnet';
local target = kube.DaemonSet('kube-proxy') {
metadata+: {
namespace: 'kube-system'
}
};
local registry = '602401143452.dkr.ecr.%s.amazonaws.com" % inv.parameters.facts.region;
local image = "%s/eks/kube-proxy:%s" %
[registry, inv.parameters.eks.addons.kube_proxy[inv.parameters.eks.version]];
local patch = {
spec: {
template: {
spec: {
containers: [{
name: 'kube-proxy',
image: image,
}],
}
}
}
};
{
'10_default_patch_version': rl.Patch(quota),
}