Skip to content

kartverket/skiperator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Skiperator

Skiperator is an operator intended to make the setup of applications simple from the users' point of view. When using the operator an application developer can set up all associated resources for an optimal deployment using a simple custom resource called Application.

Prerequisites

  • The Dockerfile must build an image where the user ID is set to 150 as this UID is hard coded in Skiperator

Application reference

Below you will find a list of all accepted input parameters to the Application custom resource.

To see explanations and requirements for all inputs, see the documentation under the API documentation.

apiVersion: skiperator.kartverket.no/v1alpha1
kind: Application
metadata:
  name: teamname-frontend
  namespace: yournamespace
spec:
  # Required, everything beyond image and port is optional
  image: "kartverket/example"
  port: 8080
  
  priority: medium
  
  additionalPorts:
    - name: metrics-port
      port: 8181
      protocol: TCP
    - name: another-port
      port: 8282
      protocol: TCP
      
  command:
    - node
    - ./server.js
     
  ingresses:
    - testapp.dev.skip.statkart.no
    
  replicas: 2
  # or
  replicas:
    min: 2
    max: 5
    targetCpuUtilization: 80
    
  gcp:
    auth:
      serviceAccount: some-serviceaccount@some-project-id.iam.gserviceaccount.com
      
  env:
    - name: ENV
      value: PRODUCTION
    - name: USERNAME
      valueFrom:
        configMapKeyRef:
          name: some-configmap
          key: username
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: some-secret
          key: password
          
  envFrom:
    - configMap: some-configmap
    - secret: some-secret
  filesFrom:
    - emptyDir: temp-dir
      mountPath: /tmp
    - configMap: some-configmap
      mountPath: /var/run/configmap
    - secret: some-secret
      mountPath: /var/run/secret
    - persistentVolumeClaim: some-pvc
      mountPath: /var/run/volume
  
  strategy:
    type: RollingUpdate
  
  liveness:
    path: "/"
    port: 8080
    failureThreshold: 3
    timeout: 1
    initialDelay: 0
  readiness:
    # Readiness has the same options as liveness
    path: ..
  startup:
    # Startup has the same options as liveness
    path: ..
    
  labels:
    someLabel: some-label
    
  resourceLabels:
    Deployment:
      labelKey: A value for the label
    Service:
      labelKeyOne: A value for the one label
      labelKeyTwo: A value for the two label
      
  prometheus:
    port: 8181
    path: "/metrics"
  authorizationSettings:
    allowAll: false
    allowList:
      - "/actuator/health"
      - "/actuator/info"

  resources:
    limits:
      cpu: 1000m # Avoid using this
      memory: 1G
    requests:
      cpu: 25m
      memory: 250M
  
  enablePDB: true
  
  accessPolicy:
    inbound:
      # The rules list specifies a list of applications. When no namespace is
      # specified it refers to an app in the current namespace. For apps in
      # other namespaces, namespace is required. Alternately you can define
      # namespacesByLabel as a value-map of namespace labels. If both
      # namespace and namespacesByLabel are defined for an application,
      # namespacesByLabel is ignored
      rules:
        - application: other-app
        - application: third-app
          namespace: other-namespace
        - application: fourth-app
          namespacesByLabel:
            somelabel: somevalue
            anotherlabel: anothervalue
    # outbound specifies egress rules. Which apps on the cluster and the
    # internet are the Application allowed to send requests to? Alternately
    # you can define namespacesByLabel as a value-map of namespace labels.
    # If both namespace and namespacesByLabel are defined for an application,
    # namespacesByLabel is ignored
    outbound:
      rules:
        - application: some-app
          namespacesByLabel:
            somelabel: somevalue
        - application: other-app
      external:
        - host: nrk.no
        - host: smtp.mailgrid.com
          ip: "123.123.123.123"
          ports:
            - name: smtp
              protocol: TCP
              port: 587
  # podSettings are used to apply specific settings to the Pod Template used by Skiperator to create Deployments.
  podSettings:
    annotations:
      some-annotation: some-value
    terminationGracePeriodSeconds: 30
    disablePodSpreadTopologyConstraints: false
  # istioSettings are used to configure istio specific resources. Currently, adjusting sampling interval for tracing is 
  # the only supported option.
  istioSettings:
    telemetry:
      tracing:
        - randomSamplingPercentage: 10
      

SKIPJob reference

Below you will find a list of all accepted input parameters to the SKIPJob custom resource. Only types are shown here. The fields are documented in the API, see the API

apiVersion: skiperator.kartverket.no/v1alpha1
kind: SKIPJob
metadata:
  namespace: sample
  name: sample-job
spec:
  cron:
    schedule: "* * * * *"
    suspend: false 
    startingDeadlineSeconds: 10
  
  job: 
    activeDeadlineSeconds: 10
    backoffLimit: 10
    suspend: false
    ttlSecondsAfterFinished: 
    
  prometheus:
    path: /metrics
    port: 8080  
  
  container:
    # Pod
    image: ""
    command:
      - ""
    resources:
      requests:
        cpu: 10m
        memory: 128Mi
      limits:
        memory: 256Mi
    
    # Networking
    accessPolicy:
      inbound:
        rules:
          - application: ""
            namespace: ""
      outbound:
        external:
          - host: ""
            ip: ""
            ports:
              - name: ""
                port: 10
                protocol: ""
    additionalPorts:
      - name: ""
        port: 10
        protocol: ""
        
    # Volumes / environment    
    env:
      - name: ""
        value: ""
    envFrom:
      - configMap: ""
      - secret: ""
    filesFrom:
      - mountPath: ""
        # + one of:
        secret: ""
        configMap: ""
        emptyDir: ""
        persistentVolumeClaim: ""
      
    gcp:
      auth:
        serviceAccount: ""

    # Probes
    startup:
      path: ""
      port: 0
      failureThreshold: 0
      initialDelay: 0
      period: 0
      successThreshold: 0
      timeout: 0
    # Same as startup
    liveness:
      ...
    readiness:
      ...

    # Miscellaneous
    priority: ""    
    restartPolicy: ""

Routing reference

Routing is a separate custom resource that can be used set ut path based routing for a Skiperator application. Use this instead of the ingresses field in the Application custom resource. The routes are processed in order, so the last route should be a catch-all route. This will only work for applications in the same namespace as the Routing resource.

Below you will find a list of all accepted input parameters to the Routing custom resource. Only types are shown here. The fields are documented in the API, see the API

apiVersion: skiperator.kartverket.no/v1alpha1
kind: Routing
metadata:
  name: sample-routing
  namespace: sample
spec:
  hostname: app.example.com
  routes:
  - pathPrefix: /api
    rewriteUri: true
    targetApp: backend-app
  - pathPrefix: /
    rewriteUri: false
    targetApp: frontend-app

Developing

See CONTRIBUTING.md for information on how to develop the Skiperator.