Support for Carvel ytt
What is YTT
ytt is a powerful tool used for templating and patching YAML files. If you want to use Carvel ytt in conjunction with Sveltos, you can install the ytt controller by executing the below command:
$ kubectl apply -f https://raw.githubusercontent.com/gianlucam76/ytt-controller/main/manifest/manifest.yaml
The above will install the necessary components for ytt controller.
The ytt controller offers the capability to process Carvel ytt files using different sources, such as Flux Sources (GitRepository/OCIRepository/Bucket), ConfigMap, or Secret. It then programmatically invokes Carvel ytt module and stores the output in its Status section making it available for Sveltos.
Option 1: GitRepository
We can leverage the GitRepository as a source for the ytt controller2. For example, in the provided GitHub repository ytt-examples, we can find the ytt files that Flux will sync. To instruct the ytt controller to fetch files from this repository, create a YttSource CRD instance with the below configuration:
---
apiVersion: extension.projectsveltos.io/v1beta1
kind: YttSource
metadata:
name: yttsource-flux
spec:
namespace: flux-system
name: flux-system
kind: GitRepository
path: ./deployment/
The path field specifies the location within the Git repository where the ytt files are stored. Once Flux detects changes in the repository and syncs it, the ytt-controller will automatically invoke the ytt module and store the output in the Status section of the YttSource instance.
At this point, you can use the Sveltos' template feature to deploy the output of ytt (Kubernetes resources) to a managed cluster. The Kubernetes add-on controller will take care of deploying it1.
ClusterProfile
Example - ClusterProfile and Resources Definition
---
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
name: deploy-ytt-resources
spec:
clusterSelector:
matchLabels:
env: fv
templateResourceRefs:
- resource:
apiVersion: extension.projectsveltos.io/v1beta1
kind: YttSource
name: yttsource-flux
namespace: default
identifier: YttSource
policyRefs:
- kind: ConfigMap
name: ytt-resources
namespace: default
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ytt-resources
namespace: default
annotations:
projectsveltos.io/template: "true" # add annotation to indicate Sveltos content is a template
data:
resource.yaml: |
{{ (getResource "YttSource").status.resources }}
The above configuration instructs Sveltos to deploy the resources generated by ytt to the selected managed clusters.
$ sveltosctl show addons
+-------------------------------------+-----------------+-----------+----------------------+---------+-------------------------------+------------------+
| CLUSTER | RESOURCE TYPE | NAMESPACE | NAME | VERSION | TIME | CLUSTER PROFILES |
+-------------------------------------+-----------------+-----------+----------------------+---------+-------------------------------+------------------+
| default/sveltos-management-workload | :Service | staging | sample-app | N/A | 2023-05-22 08:00:28 -0700 PDT | deploy-resources |
| default/sveltos-management-workload | apps:Deployment | staging | sample-app | N/A | 2023-05-22 08:00:28 -0700 PDT | deploy-resources |
| default/sveltos-management-workload | :Secret | staging | application-settings | N/A | 2023-05-22 08:00:28 -0700 PDT | deploy-resources |
+-------------------------------------+-----------------+-----------+----------------------+---------+-------------------------------+------------------+
Option 2: ConfigMap/Secret
Alternatively, you can use ConfigMap/Secret as a source for ytt controller.
Step 1: Create a tarball containing the ytt files
Step 2: Create a ConfigMap with the tarball
Step 3: Create a YttSource instance that references this ConfigMap
---
apiVersion: extension.projectsveltos.io/v1beta1
kind: YttSource
metadata:
name: yttsource-sample
spec:
namespace: default
name: ytt
kind: ConfigMap
path: ./
Outcome will be same as seen above with Flux GitRepository:
---
apiVersion: extension.projectsveltos.io/v1beta1
kind: YttSource
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extension.projectsveltos.io/v1beta1","kind":"YttSource","metadata":{"annotations":{},"name":"yttsource-sample","namespace":"default"},"spec":{"kind":"ConfigMap","name":"ytt","namespace":"default","path":"./"}}
creationTimestamp: "2023-05-22T06:27:31Z"
generation: 1
name: yttsource-sample
namespace: default
resourceVersion: "94517"
uid: 4b0b4efb-57b4-4ffd-ab32-dc56fee21a09
spec:
kind: ConfigMap
name: ytt
namespace: default
path: ./
status:
resources: |
apiVersion: v1
kind: Service
metadata:
name: sample-app
labels:
environment: staging
spec:
selector:
app: sample-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-app
labels:
environment: staging
spec:
replicas: 1
selector:
matchLabels:
environment: staging
template:
metadata:
labels:
environment: staging
spec:
containers:
- name: sample-app
image: nginx:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Secret
metadata:
name: application-settings
stringData:
app_mode: staging
certificates: /etc/ssl/staging
db_user: staging-user
db_password: staging-password
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
finalizers:
- finalizers.fluxcd.io
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: main
secretRef:
name: flux-system
timeout: 60s
url: ssh://git@github.com/gianlucam76/ytt-examples
-
Instructing Sveltos involves the initial step of retrieving a resource from the management cluster, which is the YttSource instance named
yttsource-fluxin thedefaultnamespace. Sveltos is then responsible for deploying the resources found within theytt-resourcesConfigMap. However, this ConfigMap acts as a template, requiring instantiation before deployment. Within the Data section of the ConfigMap, there is a single entry calledresource.yaml. After instantiation, this entry will contain the content that the ytt controller has stored in the YttSource instance. ↩ -
Flux is present in the management cluster and it is used to sync from GitHub repository. The GitRepository instance is the below. ↩