Skip to content

Support for Carvel ytt

What is YTT

ytt is a powerful tool used for templating and patching YAML files. If you want to use Carvel ytt in conjunction with Sveltos, you can install the ytt controller by executing the below command:

$ kubectl apply -f https://raw.githubusercontent.com/gianlucam76/ytt-controller/main/manifest/manifest.yaml

The above will install the necessary components for ytt controller.

The ytt controller offers the capability to process Carvel ytt files using different sources, such as Flux Sources (GitRepository/OCIRepository/Bucket), ConfigMap, or Secret. It then programmatically invokes Carvel ytt module and stores the output in its Status section making it available for Sveltos.

Option 1: GitRepository

Sveltos managing clusters

We can leverage the GitRepository as a source for the ytt controller2. For example, in the provided GitHub repository ytt-examples, we can find the ytt files that Flux will sync. To instruct the ytt controller to fetch files from this repository, create a YttSource CRD instance with the below configuration:

---
apiVersion: extension.projectsveltos.io/v1beta1
kind: YttSource
metadata:
  name: yttsource-flux
spec:
  namespace: flux-system
  name: flux-system
  kind: GitRepository
  path: ./deployment/

The path field specifies the location within the Git repository where the ytt files are stored. Once Flux detects changes in the repository and syncs it, the ytt-controller will automatically invoke the ytt module and store the output in the Status section of the YttSource instance.

At this point, you can use the Sveltos' template feature to deploy the output of ytt (Kubernetes resources) to a managed cluster. The Kubernetes add-on controller will take care of deploying it1.

ClusterProfile

Example - ClusterProfile and Resources Definition

---
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
  name: deploy-ytt-resources
spec:
  clusterSelector:
    matchLabels:
      env: fv
  templateResourceRefs:
  - resource:
      apiVersion: extension.projectsveltos.io/v1beta1
      kind: YttSource
      name: yttsource-flux
      namespace: default
    identifier: YttSource
  policyRefs:
  - kind: ConfigMap
    name: ytt-resources
    namespace: default
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: ytt-resources
  namespace: default
  annotations:
    projectsveltos.io/template: "true"  # add annotation to indicate Sveltos content is a template
data:
  resource.yaml: |
    {{ (getResource "YttSource").status.resources }}

The above configuration instructs Sveltos to deploy the resources generated by ytt to the selected managed clusters.

$ sveltosctl show addons 
+-------------------------------------+-----------------+-----------+----------------------+---------+-------------------------------+------------------+
|               CLUSTER               |  RESOURCE TYPE  | NAMESPACE |         NAME         | VERSION |             TIME              | CLUSTER PROFILES |
+-------------------------------------+-----------------+-----------+----------------------+---------+-------------------------------+------------------+
| default/sveltos-management-workload | :Service        | staging   | sample-app           | N/A     | 2023-05-22 08:00:28 -0700 PDT | deploy-resources |
| default/sveltos-management-workload | apps:Deployment | staging   | sample-app           | N/A     | 2023-05-22 08:00:28 -0700 PDT | deploy-resources |
| default/sveltos-management-workload | :Secret         | staging   | application-settings | N/A     | 2023-05-22 08:00:28 -0700 PDT | deploy-resources |
+-------------------------------------+-----------------+-----------+----------------------+---------+-------------------------------+------------------+

Option 2: ConfigMap/Secret

Alternatively, you can use ConfigMap/Secret as a source for ytt controller.

Step 1: Create a tarball containing the ytt files

$ tar -czf ytt.tar.gz -C ~mgianluc/go/src/github.com/gianlucam76/ytt-examples/deployment .

Step 2: Create a ConfigMap with the tarball

$ kubectl create configmap ytt --from-file=ytt.tar.gz=ytt.tar.gz 

Step 3: Create a YttSource instance that references this ConfigMap

---
apiVersion: extension.projectsveltos.io/v1beta1
kind: YttSource
metadata:
  name: yttsource-sample
spec:
  namespace: default
  name: ytt
  kind: ConfigMap
  path: ./

Outcome will be same as seen above with Flux GitRepository:

---
apiVersion: extension.projectsveltos.io/v1beta1
kind: YttSource
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"extension.projectsveltos.io/v1beta1","kind":"YttSource","metadata":{"annotations":{},"name":"yttsource-sample","namespace":"default"},"spec":{"kind":"ConfigMap","name":"ytt","namespace":"default","path":"./"}}
  creationTimestamp: "2023-05-22T06:27:31Z"
  generation: 1
  name: yttsource-sample
  namespace: default
  resourceVersion: "94517"
  uid: 4b0b4efb-57b4-4ffd-ab32-dc56fee21a09
spec:
  kind: ConfigMap
  name: ytt
  namespace: default
  path: ./
status:
  resources: |
    apiVersion: v1
    kind: Service
    metadata:
      name: sample-app
      labels:
        environment: staging
    spec:
      selector:
        app: sample-app
      ports:
      - protocol: TCP
        port: 80
        targetPort: 8080
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: sample-app
      labels:
        environment: staging
    spec:
      replicas: 1
      selector:
        matchLabels:
          environment: staging
      template:
        metadata:
          labels:
            environment: staging
        spec:
          containers:
          - name: sample-app
            image: nginx:latest
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 8080
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      name: application-settings
    stringData:
      app_mode: staging
      certificates: /etc/ssl/staging
      db_user: staging-user
      db_password: staging-password
  ---
  apiVersion: source.toolkit.fluxcd.io/v1
  kind: GitRepository
  metadata:
    finalizers:
    - finalizers.fluxcd.io
    name: flux-system
    namespace: flux-system
  spec:
    interval: 1m0s
    ref:
      branch: main
    secretRef:
      name: flux-system
    timeout: 60s
    url: ssh://git@github.com/gianlucam76/ytt-examples

  1. Instructing Sveltos involves the initial step of retrieving a resource from the management cluster, which is the YttSource instance named yttsource-flux in the default namespace. Sveltos is then responsible for deploying the resources found within the ytt-resources ConfigMap. However, this ConfigMap acts as a template, requiring instantiation before deployment. Within the Data section of the ConfigMap, there is a single entry called resource.yaml. After instantiation, this entry will contain the content that the ytt controller has stored in the YttSource instance. 

  2. Flux is present in the management cluster and it is used to sync from GitHub repository. The GitRepository instance is the below.