Add a basic ghost package #3381
Conversation
yuwenma
requested review from
droot,
justinsb,
mengqiy,
mortent and
natasha41575
as code owners
| config.kubernetes.io/local-config: "true" | ||
| labels: | ||
| app.kubernetes.io/name: ghost | ||
| app.kubernetes.io/instance: example |
There was a problem hiding this comment.
I think this label is interesting. We want this to be coming from package-context.data.name. Is this wired currently ? if not, we should take this out ? because example will not represent an instance in our solution.
There was a problem hiding this comment.
It's not wired. The first user that tried to use kpt for an application ran into this. You provided an ApplyReplacements solution on slack.
There was a problem hiding this comment.
Yeah, I was wondering if the current package wires using the ApplyReplacements or Starlark.
There was a problem hiding this comment.
It is not wired. My plan for this package is to start from helm charts to discover as many feature gaps as possible. So this package contains some helm assumptions like configMap to pass in INI file , secret in auto roll deployment, secret reference and usage in livenessProbe and readiness probe.
For this specific value, helm assumes the namespace is "default" (which is convenience because users can install the charts without dealing w/ namespace), and this instance is the helm release name which is used to "differentiate releases for different app". I'm wondering what can be a good equivalent filter on kpt side.
There was a problem hiding this comment.
On the kpt side, the deployment package name is similar to the release name.
| annotations: | ||
| config.kubernetes.io/local-config: "true" | ||
| data: | ||
| name: example |
There was a problem hiding this comment.
so variant constructor pattern isn't support well (or tested :)) for nested packages, so will be interesting to see how this plays out.
There was a problem hiding this comment.
A user in slack has encountered similar issues using Config Connector subpackages (e.g., CloudSQL).
package-examples/ghost/mariadb/serviceaccount-example-mariadb.yaml
Outdated
Show resolved
Hide resolved
| preferredDuringSchedulingIgnoredDuringExecution: | ||
| - podAffinityTerm: | ||
| namespaces: | ||
| - "example" |
There was a problem hiding this comment.
Does set-namespace know about this field?
There was a problem hiding this comment.
set-namespace misses this field and also misses the podAffinityTerm.namespaceSelector, which means kustomize does not handle this field either.
I need to do a sanity check across 1.24 core/v1/types.go
| name: ghost | ||
| annotations: | ||
| config.kubernetes.io/local-config: "true" | ||
| labels: |
There was a problem hiding this comment.
😞 no spec. I think all custom functionConfig type do not follow the spec status rule. The argument is that those resources won't be deployed to the cluster so it is not a strict spec/status. Skipping spec saves some manual editing.
I'm more happy to add the spec to functionConfig, because it does help answering questions like "what fields & resources a user could be interested in modifying" https://kubernetes.slack.com/archives/C0155NSPJSZ/p1657561360040189
There was a problem hiding this comment.
This KRM format has at least 4-6 lines of boilerplate even without the spec line (apiVersion, kind, metadata, name, annotations), so we'll want to figure out how to make it easy to generate, such as via the UI and/or a CLI with autocomplete.
There was a problem hiding this comment.
Or generate it given the function name, if we have a catalog that can map between functions and input types.
There was a problem hiding this comment.
I really like the idea of autogenerating function config for users by only requiring users to provide the function name. Even from my own experience, writing a function config is a big bottleneck to use KRM functions.
Put this as a feature request in #3379
| config.kubernetes.io/local-config: "true" | ||
| labels: | ||
| app.kubernetes.io/name: ghost | ||
| app.kubernetes.io/instance: example |
There was a problem hiding this comment.
Yeah, I was wondering if the current package wires using the ApplyReplacements or Starlark.
yuwenma
force-pushed
the
ghost
branch
3 times, most recently
from
11448ee to
2040d0d
Compare
There was a problem hiding this comment.
Package updated, please take another look @bgrant0607 @droot
Some key changes:
- Removed secrets and the references (env in pod template, checksum/secret annotation, livenessProbe).
- Added CRD for PrometheusRule under
crds, this should be the only CRD needs to install. - Dropped name prefix
example-and updated the file names. - Dropped the
app.kubernetes.io/instancelabel, I leave a question about the kpt equivalence. - Updated README to guide users get, hydrate and deploy the package.
package-examples/ghost/mariadb/serviceaccount-example-mariadb.yaml
Outdated
Show resolved
Hide resolved
| config.kubernetes.io/local-config: "true" | ||
| labels: | ||
| app.kubernetes.io/name: ghost | ||
| app.kubernetes.io/instance: example |
There was a problem hiding this comment.
It is not wired. My plan for this package is to start from helm charts to discover as many feature gaps as possible. So this package contains some helm assumptions like configMap to pass in INI file , secret in auto roll deployment, secret reference and usage in livenessProbe and readiness probe.
For this specific value, helm assumes the namespace is "default" (which is convenience because users can install the charts without dealing w/ namespace), and this instance is the helm release name which is used to "differentiate releases for different app". I'm wondering what can be a good equivalent filter on kpt side.
|
Thanks. LGTM if the application works. |
| ```bash | ||
| export NAMESPACE=<YOUR NAMESPACE> | ||
| # make sure the namespace is correct and exists. Otherwise, create the namespace | ||
| kubectl create namespace ${NAMESPACE} |
There was a problem hiding this comment.
why can't we add namespace to the package itself ?
If you used helm chart to get the manifests, you can use --create-namespace arg to add it.
That will make the workflow truly declarative.
There was a problem hiding this comment.
The ability to create a namespace would imply that the app team had cluster admin privilege. It also would bring in the need for the flexibility of the namespace provisioning scenario we've been working on: resource quota, limit range, network policy, etc.
There was a problem hiding this comment.
We should have an example namespace blueprint for this, which could be used instead of kubectl create namespace.
There was a problem hiding this comment.
The ability to create a namespace would imply that the app team had cluster admin privilege. It also would bring in the need for the flexibility of the namespace provisioning scenario we've been working on: resource quota, limit range, network policy, etc.
Aah.. completely missed that. Good pt.
* Add ghost basic package * update ghost pacakge * remove set-labels
This package is originated from helm chart bitnami/ghost, which uses MariaDB.
By default, the ghost helmchart does not have the ghost, nor does it enable ingress, volumePermissions, networkPolicy, prometheus.
When rendering the ghost helm chart, we include the ghost host (
DeploymentandPersistentVolumeClaim), as well as the other services (NetworkPolicyIngressPrometheusRule).Follow up work is tracked in #3379