kpt icon indicating copy to clipboard operation
kpt copied to clipboard

Published 20 hours ago verified publisher icon kptdev

Create a way to pass non-KRM files through function input/output

Open bgrant0607 opened this issue 2 years ago • 4 comments

This came up in the slack channel: https://kubernetes.slack.com/archives/C0155NSPJSZ/p1651968001107699

There are cases where users would like non-KRM files to be available to functions.

Examples that have come up include:

  • including code files, such as Starlark functions or Rego in Gatekeeper ConstraintTemplates: #2350
  • generating or updating documentation markdown
  • inputs for generating ConfigMaps, as kustomize does (e.g, env files)
  • other generator inputs: #2528
  • kustomize-style strategic merge patches

I'm sure there are more.

I imagine we could do this with KRM wrappers and SDK library functions to unwrap/wrap the files, so they could be included in the ResourceList.

Where we can identify common file types, it would be useful to give them dedicated KRM types rather than generic File kinds.

I'd be open to more radical changes to the ResourceList, but that would require a KEP to kustomize (https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli).

Speaking of which, with kustomize moving towards KRM functions, how is it planning to deal with this? Mounting filesystems and/or pulling files over the network is maybe necessary in some cases (e.g., helm charts), but seems suboptimal for common cases.

bgrant0607 avatar May 10 '22 16:05 bgrant0607

This came up in the slack channel: https://kubernetes.slack.com/archives/C0155NSPJSZ/p1651968001107699

/cc @yuwenma

droot avatar May 17 '22 18:05 droot

I was working on KRM support in SopsSecretGenerator and found that it's not possible because the plugin reads external files (like .env files) to generate the Secrets.

Without support for non-KRM files, all K8s resources that use local files will not be supported by KRM functions.

aabouzaid avatar May 26 '22 11:05 aabouzaid

We need this for ConfigMap generation: #3119

bgrant0607 avatar Jul 22 '22 18:07 bgrant0607

Some updates: we did POC about passing non-KRM files through functions input/output.

Demo1: https://drive.google.com/file/d/1BMYH3HcTzUcnSTk0iO0oO_O4O_RiUhF7/view Demo2: https://drive.google.com/file/d/1yvrWxDQJRGqCdzvvT0zmR-Cr6nUR3nMc/view The graph below explains the high level workflow, more context can be found in the CUJ and Strawman doc
Screen Shot 2022-08-26 at 14 49 45

yuwenma avatar Aug 26 '22 21:08 yuwenma