Skip to main content

Default template for PDM package

Project description

nyl

Nyl is a versatile Kubernetes resource management tool that fulfills various functions to enable reusable deployment configurations.

Features

  • Generate Kubernetes manifests from a simple YAML configuration with templating support.
  • Inject secrets into Kubernetes manifests as time of generation.
  • Bootstrap a cluster and transfer control to ArgoCD or use it to manage a cluster from CI/CD or locally.
  • Connect to a Kubernetes cluster via an SSH tunnel.

Roadmap

  • Integrate as an ArgoCD ConfigManagementPlugin.
  • Diffing
  • How to work around fields owned by a different field manager (e.g. MetalLB CRD conversion..caBundle) or Job resources?

Concepts

Packages

A package is similar to a Helm chart in that it is a source for Kubernetes resources that can make use of templating to conditionally render resources and inject values into them. Resources generated by packages may make use of Nyl-specific resource kinds that are only available time of resource generation (see the Templating > Resource Kinds section below).

Nyl packages can be checked into a source repository in a DRY form, but can be compiled to a bundle (e.g. including other referenced packages or Helm charts) for deployment when needed (e.g. for shipping to an air-gapped environment).

Packages may have a nyl-package.yaml file that defines a schema for the package parameters and additional metadata. A package without this file may still accept and use parameters in its templates.

Applications

An application is an instance of one package that is deployed to a Kubernetes cluster and are in turn defined also in a Nyl package. Packages instantiated as applications may not produce other applications. Applications are usually accompanied by a nyl-deployment.yaml file that defines the top-level templating context for the package(s), such as the secret store.

When deploying a package as an application, the package must not generated resources other than applications, as all deployed resources must be owned by an application.

Deployment

A deployment is where things get together: This is the place where you define the applications that should be deployed to a Kubernetes cluster, which cluster they are being deployed to, as well as sourcing secrets from a secret store. The configuration for a deployment is defined in a nyl-deployment.yaml file.

apiVersion: nyl/v1
kind: Deployment
spec:
  secretStores:
    default:
      type: Sops
      path: secrets.yaml

Spec

  • secrets (array): The secret stores to make available in the templating context of the deployment. Any secrets need to be injected from these stores into the application values at templating time.

Templating

Nyl uses Jinja2 as a templating engine, and as such is slightly different from Helm.

Injecting secrets

Secrets are only available at the deployment level and need to be propagated further down.

apiVersion: nyl/v1
kind: Application
metadata:
  name: my-app
spec:
  package: ./path/to/package
  values:
    theSecret: {{ Secrets.default.get("my-secret") }}

Resource kinds

At templating time, Nyl supports special resource kinds that will be expanded to more Kubernetes resources.

templating.nyl/v1/HelmChart

This resource can be used to instantiate Helm charts as part of a package.

apiVersion: templating.nyl/v1
kind: HelmChart
spec:
  repository: https://kubernetes.github.io/ingress-nginx
  chart: ingress-nginx
  version: 4.10.1
  releaseName: ingress-nginx
  releaseNamespace: ingress-nginx
  values: {}

Spec

  • repository (string): The Helm repository URL, OCI registry URL (sans the chart name), a local path or a Git repository clone URL.
  • chart (string): The name of the chart in the repository, the chart name to append to the OCI registry URL, the name of the chart in the local path or the path to the chart in the Git repository.
  • version (string): The version of the chart to use. Only relevant for Helm/OCI repositories.
  • releaseName (string): The name of the Helm release.
  • releaseNamespace (string): The namespace to install the Helm release into. If any resources generated by the chart have no metadata.namespace field, it will be set to this value.
  • values (object): The values to pass to the Helm chart.

templating.nyl/v1/Package

Use this resource to instantiate another package.

apiVersion: templating.nyl/v1
kind: Package
spec:
  package: ./path/to/package
  values: {}

Spec

  • package (string): The path to the package to instantiate. Must be prefixed with ./ to be resolved relative to the package that references it. Otherwise, it will be resolved in a search path that is defined in the nyl-deployment.yaml file.
  • values (object): The values to pass to the package.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nyl-0.0.1.tar.gz (25.9 kB view details)

Uploaded Source

Built Distribution

nyl-0.0.1-py3-none-any.whl (33.2 kB view details)

Uploaded Python 3

File details

Details for the file nyl-0.0.1.tar.gz.

File metadata

  • Download URL: nyl-0.0.1.tar.gz
  • Upload date:
  • Size: 25.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: pdm/2.17.0 CPython/3.10.14 Linux/6.5.0-1023-azure

File hashes

Hashes for nyl-0.0.1.tar.gz
Algorithm Hash digest
SHA256 5777b877e14cab5e792ff7d4208379a3fa07200aaeb9d0fa00e21f22546d38f8
MD5 c39cfc131c0b1612ccbe0b173c3790a3
BLAKE2b-256 5e23da801a6f3b04401693a213c3ac1b7861565f7321c913f696f7196de7ae7f

See more details on using hashes here.

File details

Details for the file nyl-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: nyl-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 33.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: pdm/2.17.0 CPython/3.10.14 Linux/6.5.0-1023-azure

File hashes

Hashes for nyl-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 0c3fdb45432943c2fb44dcd4d210cd21a0b92f67d11fbded8eb1f360a6e694fb
MD5 f3a9b0ea71abe446e41e7682c2d5a588
BLAKE2b-256 3d34fc284dfb50c34b05bfb439b36b15896bcddbf75305a8b0d0065f1a1cab2b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page