-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
## Description Document the sdk helpers in the Pepr docs. ... ## Related Issue Fixes #751 <!-- or --> Relates to # ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://docs.pepr.dev/main/contribute/contributor-guide/#submitting-a-pull-request) followed --------- Co-authored-by: Case Wylie <cmwylie19@defenseunicorns.com>
- Loading branch information
1 parent
b1337ae
commit 2c5c47e
Showing
7 changed files
with
198 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
# Pepr SDK | ||
|
||
## `containers` | ||
|
||
Returns list of all containers in a pod. Accepts the following parameters: | ||
|
||
- **@param peprValidationRequest** The request/pod to get the containers from | ||
- **@param containerType** The type of container to get | ||
|
||
**Usage:** | ||
|
||
**_Get all containers_** | ||
|
||
```typescript | ||
let result = containers(peprValidationRequest) | ||
``` | ||
|
||
**_Get only the standard containers_** | ||
|
||
```typescript | ||
let result = containers(peprValidationRequest, "containers") | ||
``` | ||
|
||
**_Get only the init containers_** | ||
|
||
```typescript | ||
let result = containers(peprValidationRequest, "initContainers") | ||
``` | ||
|
||
**_Get only the ephemeral containers_** | ||
|
||
```typescript | ||
let result = containers(peprValidationRequest, "ephemeralContainers") | ||
``` | ||
|
||
--- | ||
|
||
## `getOwnerRefFrom` | ||
|
||
Returns the owner reference for a Kubernetes resource. Accepts the following parameters: | ||
|
||
- **@param kubernetesResource: GenericKind** The Kubernetes resource to get the owner reference for | ||
|
||
**Usage:** | ||
|
||
```typescript | ||
const ownerRef = getOwnerRefFrom(kubernetesResource); | ||
|
||
--- | ||
|
||
## `writeEvent` | ||
|
||
Write a K8s event for a CRD. Accepts the following parameters: | ||
|
||
- **@param kubernetesResource: GenericKind** The Kubernetes resource to write the event for | ||
- **@param event** The event to write, should contain a human-readable message for the event | ||
- **@param eventType** The type of event to write, for example "Warning" | ||
- **@param eventReason** The reason for the event, for example "ReconciliationFailed" | ||
- **@param reportingComponent** The component that is reporting the event, for example "uds.dev/operator" | ||
- **@param reportingInstance** The instance of the component that is reporting the event, for example process.env.HOSTNAME | ||
|
||
**Usage:** | ||
|
||
```typescript | ||
writeEvent( | ||
kubernetesResource, | ||
event, | ||
"Warning", | ||
"ReconciliationFailed", | ||
"uds.dev/operator", | ||
process.env.HOSTNAME, | ||
); | ||
``` | ||
|
||
--- | ||
|
||
## `sanitizeResourceName` | ||
|
||
Returns a sanitized resource name to make the given name a valid Kubernetes resource name. Accepts the following parameter: | ||
|
||
- **@param resourceName** The name of the resource to sanitize | ||
|
||
**Usage:** | ||
|
||
```typescript | ||
const sanitizedResourceName = sanitizeResourceName(resourceName) | ||
``` | ||
|
||
--- | ||
|
||
## See Also | ||
|
||
Looking for information on the Pepr mutate helpers? See [Helpers](./030_actions/010_mutate.md) for information on helpers for mutate actions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
# Mutate | ||
|
||
Mutating admission webhooks are invoked first and can modify objects sent to the API server to enforce custom defaults. After an object is sent to Pepr's Mutating Admission Webhook, Pepr will [annotate the object](https://github.com/defenseunicorns/pepr/blob/f01f5eeda16c13ecd0d51b26b8a16ed7e4c1b080/src/lib/mutate-processor.ts#L64) to indicate the status. | ||
|
||
After a successful mutation of an object in a module with UUID static-test, and capability name hello-pepr, expect to see this annotation: `static-test.pepr.dev/hello-pepr: succeeded`. | ||
|
||
## Mutate Helpers | ||
|
||
### `SetLabel` | ||
|
||
`SetLabel` is used to set a lable on a Kubernetes object as part of a Pepr Mutate action. | ||
|
||
For example, to add a label when a ConfigMap is created: | ||
|
||
```typescript | ||
When(a.ConfigMap) | ||
.IsCreated() | ||
.Mutate(request => { | ||
request | ||
// Here we are adding a label to the ConfigMap. | ||
.SetLabel("pepr", "was-here") | ||
|
||
// Note that we are not returning anything here. This is because Pepr is tracking the changes in each action automatically. | ||
}); | ||
``` | ||
|
||
### `RemoveLabel` | ||
|
||
`RemoveLabel` is used to remove a label on a Kubernetes object as part of a Pepr Mutate action. | ||
|
||
For example, to remove a label when a ConfigMap is updated: | ||
|
||
```typescript | ||
When(a.ConfigMap) | ||
.IsCreated() | ||
.Mutate(request => { | ||
request | ||
// Here we are removing a label from the ConfigMap. | ||
.RemoveLabel("remove-me") | ||
|
||
// Note that we are not returning anything here. This is because Pepr is tracking the changes in each action automatically. | ||
}); | ||
``` | ||
|
||
### `SetAnnotation` | ||
|
||
`SetAnnotation` is used to set an annotation on a Kubernetes object as part of a Pepr Mutate action. | ||
|
||
For example, to add an annotation when a ConfigMap is created: | ||
|
||
```typescript | ||
When(a.ConfigMap) | ||
.IsCreated() | ||
.Mutate(request => { | ||
request | ||
// Here we are adding an annotation to the ConfigMap. | ||
.SetAnnotation("pepr.dev", "annotations-work-too"); | ||
|
||
// Note that we are not returning anything here. This is because Pepr is tracking the changes in each action automatically. | ||
}); | ||
``` | ||
|
||
### `RemoveAnnotation` | ||
|
||
`RemoveAnnotation` is used to remove an annotation on a Kubernetes object as part of a Pepr Mutate action. | ||
|
||
For example, to remove an annotation when a ConfigMap is updated: | ||
|
||
```typescript | ||
When(a.ConfigMap) | ||
.IsUpdated() | ||
.Mutate(request => { | ||
request | ||
// Here we are removing an annotation from the ConfigMap. | ||
.RemoveAnnotation("remove-me"); | ||
|
||
// Note that we are not returning anything here. This is because Pepr is tracking the changes in each action automatically. | ||
}); | ||
``` | ||
|
||
## See Also | ||
|
||
See also [SDK](../130_sdk.md) for information on the Pepr SDK. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# Validate | ||
|
||
After the Mutation phase comes the Validation phase where the validating admission webhooks are invoked and can reject requests to enforce custom policies. | ||
|
||
Validate does not annotate the objects that are allowed into the cluster, but the validation webhook can be audited with `npx pepr monitor`. Read the [monitoring docs](https://docs.pepr.dev/main/best-practices/#monitoring) for more information. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Reconcile | ||
|
||
Reconcile functions the same as Watch but is tailored for building Kubernetes Controllers and Operators because it processes callback operations in a [Queue](https://github.com/defenseunicorns/pepr/blob/f01f5eeda16c13ecd0d51b26b8a16ed7e4c1b080/src/lib/watch-processor.ts#L86), guaranteeing ordered and synchronous processing of events, even when the system may be under heavy load. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Watch | ||
|
||
[Kubernetes](https://kubernetes.io/docs/reference/using-api/api-concepts) supports efficient change notifications on resources via watches. Pepr uses the Watch action for monitoring resources that previously existed in the cluster and for performing long-running asynchronous events upon receiving change notifications on resources, as watches are not limited by [timeouts](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters