Resource Locker Operator: A Commodore component to manage Resource Locker Operator

The Resource Locker Operator: A Commodore component to manage Resource Locker Operator allows you to specify a set of configurations that the operator will "keep in place" (lock) preventing any drifts.

The component provides the Jsonnet library resource-locker.libjsonnet, which other components can use to provide configurations for the operator.

The component library generates unique names for the Kubernetes resources required to apply a patch. The resource names are generated to be unique, even if multiple components try to patch the same target object.

Additionally, the component library adds labels and annotations containing human-readable information about the resource to patch and the component managing the patch.

A brief usage example which creates a configuration for the operator which enforces the presence of a resource quota object in namespace default:

local kube = 'import lib/kube.libjsonnet';
local rl = 'import lib/resource-locker.libjsonnet';

local quota = kube._Object('v1', 'ResourceQuota', 'test-quota') {
  metadata+: {
    namespace: 'default',
  },
  spec: {
    hard: {
      'requests.cpu': '4',
      'requests.memory': '4Gi',
    },
  },
};

{
  '10_default_resourcequota': rl.Resource(quota),
}

An example which patches the version of the kube-proxy DaemonSet in the kube-system namespace for AWS EKS clusters:

This example assumes that the inventory contains a key eks which holds the EKS cluster version in eks.version, a list of AWS/EKS docker registries in eks.registry.<cloud-region> and the kube-proxy version for each supported EKS version in eks.addons.kube-proxy.<eks-version>. For this example, the format of the eks.version field must match the keys in eks.addons.kube-proxy.

local kube = import 'lib/kube.libjsonnet';
local rl = import 'lib/resource-locker.libjsonnet';

local target = kube.DaemonSet('kube-proxy') {
  metadata+: {
    namespace: 'kube-system'
  }
};

local registry = '602401143452.dkr.ecr.%s.amazonaws.com" % inv.parameters.facts.region;
local image = "%s/eks/kube-proxy:%s" %
  [registry, inv.parameters.eks.addons.kube_proxy[inv.parameters.eks.version]];

local patch = {
  spec: {
    template: {
      spec: {
        containers: [{
          name: 'kube-proxy',
          image: image,
        }],
      }
    }
  }
};

{
  '10_default_patch_version': rl.Patch(quota),
}