Skip to main content

Kubernetes templating engine based on Jinja2

Project description

k8t

Pronounced katie [ˈkeɪti]

CircleCI PyPi version PyPi downloads CLARK Open Source

Simple cluster and environment specific aware templating for kubernetes manifests.

Table of Contents generated with DocToc

Installation

run this

$ pip install --user --upgrade k8t

run the following to install ujson as a dependency

$ pip install --user --upgrade k8t[ujson]

note: k8t is not Python 2 compatible

Docker

You can also run k8t via docker

$ docker run clarksource/k8t:latest

hint: the docker image comes with aws-cli, kubectl and kubeval.

Completion

Run the following and store the file in your distribution/OS specific spot

bash:

$ _K8T_COMPLETE=source k8t > k8t-completion.sh

zsh:

$ _K8T_COMPLETE=source_zsh k8t > k8t-completion.sh

Concepts

By combining those concepts you can quickly add completely new environments to your deployment pipeline just by modifying specializing values and sharing the rest.

Check out our examples here.

Clusters and Environments

k8t comes with a builtin framework for clusters and environments (e.g. production, staging). This came from the need to be able to deploy the same application over multiple clusters and in different environments with completely different setups and values. This idea is helped by the fact that k8t deep-merges values and configs, allowing easy variation through different stages of your application deployment.

Both clusters and environments are intentionally working the same way and can be used to add another degree of freedom when combined. Environments however are also available globally, meaning clusters can share environment specific configuration while specifying differences in those environments.

Templating

Templating is supported via Jinja. k8t also comes with some additional helper functions and a validation function with verbose output to quickly verify the written templates.

Template helper functions

  • random_password(N: int) - generate a random string of length N
  • envvar(key: str, [default]) - get a value from any environment variable with optional default
  • b64encode(value: str) - encodes a value in base64 (usually required for secrets)
  • b64decode(value: str) - decodes a value from base64
  • hash(value: str, [method: str]) - hashes a given value (default using sha256)
  • get_secret(key: str) - provides a secret value from a given provider (see here)
  • bool(value: Any) - casts value to boolean ("true", "on", "yes", "1", 1 are considered as True)
  • sanitize_label(value: str) - sanitizes label values according to kubernetes spec

Configuration inheritance

Configuration, values and templates are used according to the scope they are in. The following snippet shows an example project with low scores (1) and high scores (4) for evaluation order.

So variables and templates will be overridden from project -> environments -> clusters -> cluster-environments resulting in more specific configuration overriding lower values.

.                                           (1) # k8t new project .
├── clusters
│   ├── foo                                 (3) # k8t new cluster foo      ├── config.yaml
│      ├── values.yaml
│      ├── environments
│          ├── production                 (4) # k8t new environment production -c foo             ├── config.yaml
│             └── values.yaml
│          └── staging                    (4) # k8t new environment staging -c foo              ├── config.yaml
│              ├── values.yaml
│              └── templates
│                 └── deployment.yaml.j2  (4) # k8t new template deployment -c foo -e staging      └── templates
│         └── deployment.yaml.j2           (3) # k8t new template deployment -c foo   └── bar                                 (3) # k8t new cluster bar       ├── config.yaml
│       └── values.yaml
├── environments
│   ├── production                          (2) # k8t new environment production      ├── config.yaml
│      └── values.yaml
│   └── staging                             (2) # k8t new environment staging       ├── config.yaml
│       └── values.yaml
├── config.yaml                             (1)
└── values.yaml                             (1)

Usage

Scaffolding

Create a new project folder with a cluster directory and an empty defaults file

$ k8t new project .

Create a new cluster

$ k8t new cluster MyCluster

Create a new global environment

$ k8t new environment staging

And a new cluster environment

k8t new environment staging -c MyCluster

Generate a new deployment template for cluster MyCluster (for a list of available templates see the k8t new template --help)

$ k8t new template deployment -c MyCluster -e staging

Config management

To ease file access a little bit k8t can open config and value files in your $EDITOR or fallback to a sensible default.

$ k8t edit values --environment staging
$ k8t edit config --cluster MyCluster

Validate templates

While validation is done before generating, templates can be validated for environment files easily.

$ k8t validate

To validate for clusters/environments the usual options can be used

$ k8t validate -c MyCluster -e production

Shortcomings

The validation is currently not a 100% correct and can miss certain edge cases. If you notice any other issues please let us know.

is defined

The following will result in a false negative for foobar being defined

{{ foobar }}

{% if foobar is defined %}
{{ foobar }}
{% endif %}

To avoid this make sure that the is defined test is applied to all instances of the variable.

The following may result in a false positive for bar being undefined

{% if foobar is defined %}
{{ bar }}
{% endif %}

Generate manifests

The --cluster flag will load variables from a directory. By default the file default.yaml in that directory will be loaded, however an environment can be specified with --environment.

$ k8t gen -c MyCluster -e staging

Additionally k8t will attempt to load a file defaults.yaml in the root directory. This way a set of default variables can be specified and selectively overriden via cluster and environment.

Additional values can be given via flag --value-file in the form of a file or --value KEY VALUE, both can be supplied multiple times.

Variables will be merged via deep merging. Default merge strategy is left-to-right.

Overriding templates

Templates can be overriden on a cluster/environment level.

If a file application.yaml exists in the root templates folder, simply add a file with the same name to the cluster/environment template folder.

Managing secrets

Secrets can be interpolated with the helper function get_secret. It requires a key as first argument and providers are configurable by environment/cluster.

foobar: "{{ get_secret('/my-key') }}"

Providers

SSM

Setup secrets on SSM

secrets:
  provider: ssm
  region: "eu-central-1"
  prefix: "/foobar"

Keep in mind that SSM parameter names can be formed as a path and they can only consist of sub-paths divided by slash symbol; each sub-path can be formed as a mix of letters, numbers and the following 3 symbols: .-_

Be careful to follow this format when setting up the provider prefix and get_secret(key).

Random

Random secrets can be generated easily by using the random provider. This provider uses a global dictionary to store results for the time of the run in python so keys should always produce the same result.

secrets:
  provider: random
Hash

In case consistent (fake) secrets are needed, the hash provider can be used that hashes the secret key for the value.

secrets:
  provider: hash

TODO

  • testing needs to be expanded
  • the ability to add additional template directories via the CLI
  • validation functions for template values (e.g. memory/cpu values)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

k8t-0.7.3.tar.gz (39.1 kB view details)

Uploaded Source

Built Distribution

k8t-0.7.3-py3-none-any.whl (28.2 kB view details)

Uploaded Python 3

File details

Details for the file k8t-0.7.3.tar.gz.

File metadata

  • Download URL: k8t-0.7.3.tar.gz
  • Upload date:
  • Size: 39.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.0 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.9

File hashes

Hashes for k8t-0.7.3.tar.gz
Algorithm Hash digest
SHA256 c6afaef825eec6da7cb8aeba3ca7ceb3220fb9e5d19f489b3dc6e6648ec1f56a
MD5 8c39628b5df9b4b37fc76b1a9a8e9b67
BLAKE2b-256 564dede61b3705bc22eaaf1a69734edd576479fd365b1f52545face834230359

See more details on using hashes here.

File details

Details for the file k8t-0.7.3-py3-none-any.whl.

File metadata

  • Download URL: k8t-0.7.3-py3-none-any.whl
  • Upload date:
  • Size: 28.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.0 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.9

File hashes

Hashes for k8t-0.7.3-py3-none-any.whl
Algorithm Hash digest
SHA256 cb46f37d6f17dc27f849ee64567a359ac7c4a804dff62a7416403ee378b1aa99
MD5 13df54f6ae2a2d41fceef0e7fee765de
BLAKE2b-256 4e3503b6f425c091bf364824adc90bcb6e74b5fe28268fcbdbd4deb9d0d852fd

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page