Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mega Feature: Add support for external references #72

Open
candonov opened this issue Oct 30, 2024 · 5 comments
Open

Mega Feature: Add support for external references #72

candonov opened this issue Oct 30, 2024 · 5 comments
Labels
kind/feature

Comments

@candonov
Copy link
Collaborator

candonov commented Oct 30, 2024
edited
Loading

Add ability to reference fields from external to the ResourceGroups resources that exist in the cluster.

For example, reference data from an existing ConfigMap:

Sample ConfigMap:

❯ k get configmap this -o yaml
apiVersion: v1
kind: ConfigMap
data:
  awsAccountID: "111122223333"
  clusterName: test-cluster
  eksOIDC: oidc.eks.us-east-1.amazonaws.com/id/EXAMPLE0123456789
  region: us-east-1
  subnetIDs: subnet-1111aaaa2222bbbbb,subnet-1111aaaa2222bbbbb,subnet-1111aaaa2222bbbbb
  vpcID: <vpc-1111aaaa2222bbbbb>

Option 1: Import an external resource explicitly without taking over control of it and reference values from other resources. Import by one of three options 1/ name, 2/ labels, 3/ annotations

spec:
  schema:
    apiVersion: v1alpha1
    kind: s3podidentity
    spec:
...
  resources: 
  - name: externalConfigmap
    externalRef: 
      apiVersion: v1
      kind: ConfigMap
      metadata:
          namespace: default
          name: my-config-map-name
          labels:
             prod: my-prod-label
          annotations:
             prod: my-prod-annotation
....
  - name: anyResource
    var: ${externalConfigmap.data.region}

Option 2: just reference it inline.

...
spec:
  schema:
    apiVersion: v1alpha1
    kind: s3podidentity
    spec:
      name: string
      namespace: string | default="default"
      region: string | default=${externalref.configmap.default.this.data.region}
      clusterName: string | default=${externalref.configmap.default.this.data.clusterName}

Option 1 contains more lines of yaml but is readable and easier to implement hence it is the preferred option.
@candonov candonov changed the title Add external references Mega Feature: Add support for external references Nov 10, 2024
@rahtr
Copy link

rahtr commented Nov 21, 2024
edited
Loading

Great idea! This approach can also streamline creating roles and policies. Instead of duplicating the same IAM policy or role, we can use a centralized ConfigMap and reference it across kro applications object and only override the values that are distinct.

@amirahav
Copy link

amirahav commented Dec 9, 2024

This would be a very beneficial feature that would greatly improve the usability of kro.
It would allow the referencing of configuration from configmaps, and if ACK implements read only resources, would allow referencing of other AWS resources.

@kubernetes-stuff
Copy link

Definitely agree - option 2 is my preferred approach if that is feasible. I can see cases where we would want a cluster owner would want to onboard a tenant and reference a resource created before running through the kro-orchestration tenant onboarding flow

@khalilj
Copy link

khalilj commented Dec 15, 2024

+1

@newtondev
Copy link
Contributor

newtondev commented Jan 6, 2025
edited
Loading

Good suggestion. Definitely need this feature. Just as long as you have the correct permissions (RBAC) to read from the external reference, then it will be quite a secure solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@newtondev @khalilj @amirahav @candonov @rahtr @kubernetes-stuff