cashapp / cmmc Goto Github PK
View Code? Open in Web Editor NEWK8S ConfigMap Merging Controller
Home Page: https://cashapp.github.io/cmmc
License: Apache License 2.0
K8S ConfigMap Merging Controller
Home Page: https://cashapp.github.io/cmmc
License: Apache License 2.0
Currently, cmmc only supports doing JSONSchema validation.
It would be nice to support something like a custom validators via some syntax in the MergeTarget
like:
# ....
data:
key:
validator:
url: <...>
For this to be usable, this should also have a proto definition of a request/response spec of a sort.
Possibly have this configured by an argument or an environment variable.
docs: MaxConcurrentReconciles
Move the kube-system/aws-auth
example from the README to docs/
I have a config map with mapRoles
and mapUsers
define that I want CMMC to merge in the aws-auth
configmap. Unfortunately, it only merge the mapUsers
and ignore the mapRoles
.
Here is my configmap CMMC will grab
apiVersion: v1
data:
mapRoles: |
- "groups":
- "system:masters"
"rolearn": "arn:aws:iam::261357321482:role/shuffle-labs-atlantis-dev-ecs_task_execution"
"username": "atlantis"
mapUsers: |
- "groups":
- "system:masters"
"userarn": "arn:aws:iam::261357321482:user/ben"
"username": "ben"
kind: ConfigMap
metadata:
annotations:
config.cmmc.k8s.cash.app/watched-by-merge-source: kube-system/aws-auth-map-users
labels:
cmmc.k8s.cash.app/merge: aws-auth-map
name: aws-auth-mapping-cmmc
namespace: kube-system
Here is the merged aws-auth
configmap
apiVersion: v1
data:
mapRoles: |
- groups:
- system:bootstrappers
- system:nodes
rolearn: arn:aws:iam::261357321482:role/shuffle-labs-private_eks-dev-eks-node
username: system:node:{{EC2PrivateDNSName}}
mapUsers: |
- "groups":
- "system:masters"
"userarn": "arn:aws:iam::261357321482:user/ben"
"username": "ben"
kind: ConfigMap
metadata:
annotations:
config.cmmc.k8s.cash.app/managed-by-merge-target: kube-system/kube-system-aws-auth
name: aws-auth
namespace: kube-system
After #10, the controller tests are fairly brittle and hard to change/read. Need to invest some time into cleaning them up so they are easier to understand.
Currently, we support adding JSONSchema
as a field that is an inlined string, it would be nice to also be able to reference a ConfigMap here so it can be managed separately.
This is not super important, but can be a nice to have.
Document the custom metrics that are emitted by CMMC.
Lines 17 to 32 in b3d8bd9
I wanna use cmmc for managing my eks auth but I did not find any information explaining how to deploy it on a kubernetes cluster.
Is there any guide I can follow?
Thanks
Currently, once a MergeTarget
manages a ConfigMap
, any changes to the managed resource will be overwritten by CMMC. It might be useful to allow a permissive mode to the MergeTarget
(probably per key), so that a change to the target, as long as it doesn't intersect with anything that CMMC is writing, will be persisted.
Rough notes here on how this could work during reconciliation:
MergeTarget.ReduceDataState
MergeSourceList
, and we can make sure that this has a deterministic order as well (a subtask).Init
state.Init
state to reflect this.A simple workaround for this right now is to remove the MergeTarget
and then create it without the missing key.
Ideally the behavior is that the key is reverted as if ^ the above action is taken.
I'd like to debug this issue by myself but there is no information about how to contribute / how to run the project locally.
This should either probably be resolved, or included in the design for:
Because JSON is a subset of YAML, we do YAML parse of everything that has a JSONSchema.
cmmc/util/validator/validator.go
Line 12 in b3d8bd9
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.