Introduction to Templates
Introduction to Templates
Sveltos lets you define add-ons and applications using templates. Before deploying any resource down the managed clusters, Sveltos instantiates the templates using information gathered from the management cluster.
Template Functions
Sveltos supports the template functions included from the Sprig open source project. The Sprig library provides over 70 template functions for Go’s template language. Some of the functions are listed below. For the full list, have a look at the Spring Github page.
- String Functions: trim, wrap, randAlpha, plural, etc.
- String List Functions: splitList, sortAlpha, etc.
- Integer Math Functions: add, max, mul, etc.
- Integer Slice Functions: until, untilStep
- Float Math Functions: addf, maxf, mulf, etc.
- Date Functions: now, date, etc.
- Defaults Functions: default, empty, coalesce, fromJson, toJson, toPrettyJson, toRawJson, ternary
- Encoding Functions: b64enc, b64dec, etc.
- Lists and List Functions: list, first, uniq, etc.
- Dictionaries and Dict Functions: get, set, dict, hasKey, pluck, dig, deepCopy, etc.
- Type Conversion Functions: atoi, int64, toString, etc.
- Path and Filepath Functions: base, dir, ext, clean, isAbs, osBase, osDir, osExt, osClean, osIsAbs
- Flow Control Functions: fail
Extra Template Functions
- toToml: It an interface, marshals it to toml, and returns a string. It will always return a string, even on marshal error (empty string)
- toYaml: It takesn an interface, marshals it to yaml, and returns a string. It will always return a string, even on marshal error (empty string)
- toJson: It an interface, marshals it to json, and returns a string. It will always return a string, even on marshal error (empty string)
- fromToml: It converts a TOML document into a map[string]interface{}
- fromYaml: It converts a YAML document into a map[string]interface{}
- fromYamlArray: It converts a YAML array into a []interface{}
- fromJson: It converts a YAML document into a map[string]interface{}
- fromJsonArray: It converts a JSON array into a []interface{}
Variables
By default, the templates have access to the below managment cluster resources.
- CAPI Cluster instance. The keyword is
Cluster
- CAPI Cluster infrastructure provider. The keyword is
InfrastructureProvider
- CAPI Cluster kubeadm provider. The keyword is
KubeadmControlPlane
- For cluster registered with Sveltos, the SveltosCluster instance. The keyword is
Cluster
Sveltos can fetch any resource from the management cluster. We just need to include the templateResourceRefs in the ClusterProfile/Profile Spec section.
RBAC
Sveltos adheres to the least privilege principle concept. That means Sveltos does not have all the necessary permissions to fetch resources from the management cluster by default. Therefore, when using templateResourceRefs
, we need to provide Sveltos with the correct RBAC definition.
Providing the necessary RBACs to Sveltos is a straightforward process. The Sveltos ServiceAccount
is tied to the addon-controller-role-extra ClusterRole. To grant Sveltos the necessary permissions, simply edit the role.
If the ClusterProfile
is created by a tenant administrator as part of a multi-tenant setup, Sveltos will act on behalf of (impersonate) the ServiceAccount that represents the tenant. This ensures that Kubernetes RBACs are enforced, which restricts the tenant's access to only authorized resources.
templateResourceRefs: Namespace and Name
When using templateResourceRefs
to find resources in the management cluster, the namespace field is optional.
- If you provide a namespace (like default), Sveltos will look for the resource in that specific namespace.
- Leaving the namespace field blank tells Sveltos to search for the resource in the same namespace as the cluster during deployment.
The name field in templateResourceRefs
can also be a template. This allows users to dynamically generate names based on information available during deployment.
Available cluster information :
- cluster namespace: use
.Cluster.metadata.namespace
- cluster name:
.Cluster.metadata.name
- cluster type:
.Cluster.kind
For example, the below template will create a name by combining the cluster's namespace and name:
Embedding Go Templates in Sveltos
When incorporating Go template logic into Sveltos templates, utilize the escape syntax.
apiVersion: v1
kind: ConfigMap
metadata:
name: meilisearch-proxy-secrets
namespace: default
annotations:
projectsveltos.io/template: "true"
data:
secrets.yaml: |
{{ $cluster := .Cluster.metadata.name }}
{{- range $env := (list "production" "staging") }}
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: meilisearch-proxy
namespace: {{ $env }}
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: meilisearch-proxy
template:
engineVersion: v2
data:
MEILISEARCH_HOST: https://meilisearch.{{ $cluster }}
MEILISEARCH_MASTER_KEY: '{{`{{ .master_key }}`}}'
PROXY_MASTER_KEY_OVERRIDE: "false"
CACHE_ENGINE: "redis"
CACHE_TTL: "300"
CACHE_URL: "redis://meilisearch-proxy-redis:6379"
PORT: "80"
LOG_LEVEL: "info"
data:
- secretKey: 'master_key'
remoteRef:
key: 'search'
property: '{{ $env }}.master_key'
{{- end }}
Continue Reading
- Helm Chart and Resources as Templates - Examples: Checkout the template examples here
- Helm Charts: See the "Example: Express Helm Values as Templates" section in here
- YAML & JSON: refer to the "Example Template with Git Repository/Bucket Content" section in here
- Kustomize: Substitution and templating are explained here