airship/airshipctl
Code Issues Proposed changes
master
airshipctl/krm-functions/toolbox/README.md
Sean Eagan a65a7e155b Externalize KRM function versions 
Relates-To: #524
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: I7e811835ae1e5ab2cab65c398c53126f3a632405
2021-05-26 20:18:49 +00:00

74 lines
3.7 KiB
Markdown
Raw Permalink Blame History

# Toolbox
This is KRM function written in `go` and uses the `kyaml` library for executing binaries inside container. It helps to run scripts in container as a `airshipctl` phase.
The toolbox image has pre-installed `sh` shell,`kubectl` and `calicoctl`.
## How to run your script as `airshipctl` phase
`NOTE`: All file paths in the following steps depend on the site you are working with and differ depending on the environment.
1. Create a phase document (kind: Phase)
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: kubectl-wait-node-ephemeral
clusterName: ephemeral-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: GenericContainer
name: kubectl-get-node
2. Create executor document (kind: GenericContainer). The [executor](https://github.com/airshipit/airshipctl/blob/master/manifests/phases/executors.yaml) use `configRef` to reference `ConfigMap` that will be generated using `configMapGenerator`. `configRef` must reference a Kubernetes ConfigMap with data key `script` with the script you want to execute. You can use kustomize [`configMapGenerator`](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/configmapgenerator/#configmap-from-file) to create ConfigMaps ([see example](https://github.com/airshipit/airshipctl/blob/master/manifests/function/phase-helpers/wait_node/kustomization.yaml)).
apiVersion: airshipit.org/v1alpha1
kind: GenericContainer
metadata:
name: kubectl-get-node
labels:
airshipit.org/deploy-k8s: "false"
spec:
type: krm
image: localhost/toolbox
hostNetwork: true
envVars
MY_ENV # airshipctl will populate this value from your current env, you can pass credentials like this
MY_ENV_TWO="my-value"
configRef:
kind: ConfigMap
name: kubectl-get-node
apiVersion: v1
3. Add your script as a ConfigMap. Scripts inside container have access to site kubeconfig in `${KUBECONFIG}` and to context of the cluster in `${KCTL_CONTEXT}` environment variables.
apiVersion: v1
kind: ConfigMap
metadata:
name: kubectl-get-node
data:
script: |
#!/bin/sh
calicoctl apply --context ${KTCL_CONTEXT} -f $RENDERED_BUNDLE_PATH
kubectl apply --context ${KTCL_CONTEXT} -f $RENDERED_BUNDLE_PATH
1. add kustomize resources
2. include them into PhaseConfigBundle
4. Make sure it is added to the bundle:
1. `airshipctl phase render --source config -k ConfigMap` find your configmap in the output
2. `airshipctl phase render --source config -k Phase` find your phase in output
3. `airshipctl phase render --source config -k GenericContainer` find your executor in output
5) Run your phase:
`airshipctl phase run kubectl-wait-node-ephemeral`
## Input bundle usage
The KRM function writes to filesystem input bundle specified in `documentEntryPoint` in phase declaration and imports the path to this bundle in `RENDERED_BUNDLE_PATH` environment variable. For example it can be used with `calicoctl` as `calicoctl apply -f $RENDERED_BUNDLE_PATH`
Documents can be filtered by group, version and kind. You need to set `RESOURCE_GROUP_FILTER`, `RESOURCE_VERSION_FILTER` and/or`RESOURCE_KIND_FILTER` in executor definition to enable filtering.
## Important notes
1. The script must write to STDOUT valid yaml or redirect output to STDERR otherwise phase will fail with `mapping values are not allowed in this context`
2. All shell scripts must begin with `set -xe`. This allows errors to be passed from the container to the airshipctl itself. Without this flags the container will never fail.
View Git Blame Copy Permalink