Support KRM in Kustomize plugin - PolicyGenerator

[aabouzaid]

Intro

Kustomize (the official tool to create K8s IaC) adopted the new Kubernetes declarative configurations known as KRM Functions. The new style is used as a unified way to interact with Kustomize plugins. There are 2 ways to use KRM in the plugins: Containerized KRM Functions and Exec KRM functions.

Not all Kustomize plugins adopted the new format; hence the goal of this task is to support the new method in existing plugins, namely, PolicyGenerator.

Acquired Skills

By doing this task, you will gain the following skills:

• Golang coding skills.
• Kustomize plugin ecosystem.
• Unerstanding of Kubernetes Resource Model (KRM).

The Challange

Support KRM in PolicyGenerator Kustomize plugin.

The Task

• Create an issue in PolicyGenerator to propose supporting KRM.
• Fork the PolicyGenerator repo and create a new branch to work on the task.
• Create a PR in the forked repo and assign me (@aabouzaid) as a reviewer.

Notes and Tips

• Get into KRM: Kustomize Enhancement with KRM Functions
• There are 2 libs to support KRM, kpt-functions-sdk/go/fn from Google and another kyaml/fn/framework from the Kustomize project. Please use the one from Kustomize. It makes it easy to write KRM functions.
• A good example of using kyaml/fn/framework (the one from Kustomize) is kustomize-plugin-merger.

Related Links

• TBA

[hamza-m-masood]

I will attempt to do this task.

[hamza-m-masood]

I am not able to get the kustomize-plugin-kubeconform project to run. I noticed this line in the go.mod file:

replace github.com/yannh/kubeconform => ../kubeconform

ref

I assumed that I needed your fork to run this plugin. So I went to your profile and grabbed your fork: https://github.com/aabouzaid/kubeconform

After cloning the fork, I get the following error:

main.go:11:2: import "github.com/yannh/kubeconform/cmd/kubeconform" is a program, not an importable package

[hamza-m-masood]

I'm still seeing what the best way would be to run introduce KRM functions to that PolicyGenerator project. I need a deeper understanding of KRM functions.

[hamza-m-masood]

I just read your blog post about krm functions: https://tech.aabouzaid.com/2022/07/notes-about-krm-functions-kustomize.html

The PR you made in the Kustomize repo to fix the exec feature is very impressive!! Nice job!!

[aabouzaid]

Thanks @hamza-m-masood 🙌

Take a look at the PR I created to support KRM in SopsSecretGenerator.
It will give you some directions about how to implement it.

[aabouzaid]

You can also check Kustomize Merger as a good example of using kyaml/fn/framework.

[hamza-m-masood]

To be honest, I am a bit overwhelmed. I am very slowly making progress. I am still quite shaky on how KRM functions actually work and how the resourceList type is generated. I am not sure if the resourceList is made by kustomize and then passed to the go binary/container, or does the go program itself make the resourceList? I need to do more research to find out.

I made this program to learn more: https://gist.github.com/hamza-m-masood/077d34a35a5892fcdab93eba4524f4e2
I modified the annotation and label using KRM functions in the kyaml package.

@aabouzaid Looking at my program above, would setAnnotationFn and setLabelFn be considered KRM functions?

[aabouzaid]

@hamza-m-masood It's a good start 👌
Let's have a paring session next week.