docs draft from AI rerendered shell-operator docs

Signed-off-by: Pavel Okhlopkov <[email protected]>

Author: ldmonster

docs/book.toml

@@ -0,0 +1,10 @@
+[book]
+authors = ["The Shell-Operator Maintainers"]
+language = "en"
+multilingual = false
+src = "src"
+title = "Shell-operator"
+
+[output.html]
+curly-quotes = true
+git-repository-url = "https://github.com/flant/shell-operator"

docs/src/HOOKS.md

@@ -0,0 +1,233 @@
+# Modifying Kubernetes objects
+
+You can delegate Kubernetes object manipulation to the module-sdk.
+
+To do this, you have to write one or more JSON or YAML documents describing operation type and its parameters to a file.
+List of possible operations and corresponding JSON specifications can be found below.
+
+The path to the file is found in the `$KUBERNETES_PATCH_PATH` environment variable.
+
+## Operations
+
+### Create
+
+* `operation` — specifies an operation's type.
+  * `CreateOrUpdate` — accept a Kubernetes object.
+    It retrieves an object, and if it already exists, computes a JSON Merge Patch and applies it (will not update .status field).
+    If it does not exist, we create the object.
+  * `Create` — will fail if an object already exists
+  * `CreateIfNotExists` — create an object if such an object does not already
+    exist by namespace/name.
+* `object` — full object specification including "apiVersion", "kind" and all necessary metadata. Can be a normal JSON or YAML object or a stringified JSON or YAML object.
+
+#### Example
+
+```json
+{
+  "operation": "CreateOrUpdate",
+  "object": {
+  "apiVersion": "apps/v1",
+  "kind": "DaemonSet",
+  "metadata": {
+    "name": "flannel",
+    "namespace": "d8-flannel"
+  },
+  "spec": {
+    "selector": {
+    "matchLabels": {
+      "app": "flannel"
+    }
+    },
+    "template": {
+    "metadata": {
+      "labels": {
+      "app": "flannel",
+      "tier": "node"
+      }
+    },
+    "spec": {
+      "containers": [
+      {
+        "args": [
+        "--ip-masq",
+        "--kube-subnet-mgr"
+        ],
+        "image": "flannel:v0.11",
+        "name": "kube-flannel",
+        "securityContext": {
+        "privileged": true
+        }
+      }
+      ],
+      "hostNetwork": true,
+      "imagePullSecrets": [
+      {
+        "name": "registry"
+      }
+      ],
+      "terminationGracePeriodSeconds": 5
+    }
+    },
+    "updateStrategy": {
+    "type": "RollingUpdate"
+    }
+  }
+  }
+}
+```
+
+```yaml
+operation: Create
+object:
+  apiVersion: v1
+  kind: ConfigMap
+  metadata:
+  namespace: default
+  name: testcm
+  data: ...
+```
+
+```yaml
+operation: Create
+object: |
+  {"apiVersion":"v1", "kind":"ConfigMap",
+   "metadata":{"namespace":"default","name":"testcm"},
+   "data":{"foo": "bar"}}
+```
+
+### Delete
+
+* `operation` — specifies an operation's type. Deletion types map directly to Kubernetes
+  DELETE's [`propagationPolicy`][controller-gc].
+  * `Delete` — foreground deletion. Module-sdk will block the queue until the referenced object and all its descendants are deleted.
+  * `DeleteInBackground` — will delete the referenced object immediately. All its descendants will be removed by Kubernetes'
+  garbage collector.
+  * `DeleteNonCascading` — will delete the referenced object immediately, and orphan all its descendants.
+* `apiVersion` — optional field that specifies object's apiVersion. If not present, we'll use preferred apiVersion
+  for the given kind.
+* `kind` — object's Kind.
+* `namespace` — object's namespace. If empty, implies operation on a cluster-level resource.
+* `name` — object's name.
+* `subresource` — a subresource name if subresource is to be transformed. For example, `status`.
+
+#### Example
+
+```json
+{
+  "operation": "Delete",
+  "kind": "Pod",
+  "namespace": "default",
+  "name": "nginx"
+}
+```
+
+### Patch
+
+Use `JQPatch` for almost everything. Consider using `MergePatch` or `JSONPatch` if you are attempting to modify 
+rapidly changing object, for example `status` field with many concurrent changes (and incrementing `resourceVersion`).
+
+Be careful, when updating a `.status` field. If a `/status` subresource is enabled on a resource,
+it'll ignore updates to the `.status` field if you haven't specified `subresource: status` in the operation spec.
+More info [here][spec-and-status].
+
+#### JQPatch
+
+* `operation` — specifies an operation's type.
+* `apiVersion` — optional field that specifies object's apiVersion. If not present, we'll use preferred apiVersion
+  for the given kind.
+* `kind` — object's Kind.
+* `namespace` — object's Namespace. If empty, implies operation on a Cluster-level resource.
+* `name` — object's name.
+* `jqFilter` — describes transformations to perform on an object.
+* `subresource` — a subresource name if subresource is to be transformed. For example, `status`.
+##### Example
+
+```json
+{
+  "operation": "JQPatch",
+  "kind": "Deployment",
+  "namespace": "default",
+  "name": "nginx",
+  "jqFilter": ".spec.replicas = 1"
+}
+```
+
+#### MergePatch
+
+* `operation` — specifies an operation's type.
+* `apiVersion` — optional field that specifies object's apiVersion. If not present, we'll use preferred apiVersion
+  for the given kind.
+* `kind` — object's Kind.
+* `namespace` — object's Namespace. If empty, implies operation on a Cluster-level resource.
+* `name` — object's name.
+* `mergePatch` — describes transformations to perform on an object. Can be a normal JSON or YAML object or a stringified JSON or YAML object.
+* `subresource` — e.g., `status`.
+* `ignoreMissingObject` — set to true to ignore error when patching non existent object.
+
+##### Example
+
+```json
+{
+  "operation": "MergePatch",
+  "kind": "Deployment",
+  "namespace": "default",
+  "name": "nginx",
+  "mergePatch": {
+  "spec": {
+    "replicas": 1
+  }
+  }
+}
+```
+
+```yaml
+operation: MergePatch
+kind: Deployment
+namespace: default
+name: nginx
+ignoreMissingObject: true
+mergePatch: |
+  spec:
+  replicas: 1
+```
+
+#### JSONPatch
+
+* `operation` — specifies an operation's type.
+* `apiVersion` — optional field that specifies object's apiVersion. If not present, we'll use preferred apiVersion
+  for the given kind.
+* `kind` — object's Kind.
+* `namespace` — object's Namespace. If empty, implies operation on a Cluster-level resource.
+* `name` — object's name.
+* `jsonPatch` — describes transformations to perform on an object. Can be a normal JSON or YAML array or a stringified JSON or YAML array.
+* `subresource` — a subresource name if subresource is to be transformed. For example, `status`.
+* `ignoreMissingObject` — set to true to ignore error when patching non existent object.
+
+##### Example
+
+```json
+{
+  "operation": "JSONPatch",
+  "kind": "Deployment",
+  "namespace": "default",
+  "name": "nginx",
+  "jsonPatch": [
+  {"op": "replace", "path":  "/spec/replicas", "value":  1}
+  ]
+}
+```
+
+```json
+{
+  "operation": "JSONPatch",
+  "kind": "Deployment",
+  "namespace": "default",
+  "name": "nginx",
+  "jsonPatch": "[
+  {\"op\": \"replace\", \"path\":  \"/spec/replicas\", \"value\":  1}
+  ]"
+}
+```
+
+[controller-gc]: https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/
+[spec-and-status]: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

docs/src/KUBERNETES.md

@@ -0,0 +1,144 @@
+# Quickstart
+
+> You need to have a Kubernetes cluster, and the `kubectl` must be configured to communicate with your cluster.
+
+The simplest setup of module-sdk in your cluster consists of these steps:
+
+- build an image with your module
+- create necessary RBAC objects (for Kubernetes access)
+- deploy your module to the cluster
+
+For more configuration options see [RUNNING](RUNNING.md).
+
+## Build an image with your module
+
+A module is a component that implements specific functionality using the module-sdk framework. [Learn more](MODULE_DEVELOPMENT.md) about module development.
+
+Let's create a small module that will watch for all Pods in all Namespaces and simply log the name of a new Pod.
+
+Create a basic module structure with a handler that responds to Pod creation events. Create the `pod-watcher.go` file with the following content:
+
+```go
+package main
+
+import (
+  "fmt"
+  "github.com/your-org/module-sdk/pkg/module"
+  corev1 "k8s.io/api/core/v1"
+  "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+  "k8s.io/client-go/kubernetes/scheme"
+)
+
+func main() {
+  mod := module.New("pod-watcher")
+  
+  mod.RegisterEventHandler("v1", "Pod", module.EventHandlerConfig{
+    EventTypes: []string{"Added"},
+    Handler: func(obj *unstructured.Unstructured) error {
+      // Convert unstructured to Pod
+      pod := &corev1.Pod{}
+      err := scheme.Scheme.Convert(obj, pod, nil)
+      if err != nil {
+        return err
+      }
+      
+      fmt.Printf("Pod '%s' added\n", pod.Name)
+      return nil
+    },
+  })
+  
+  mod.Run()
+}
+```
+
+Create the following `Dockerfile` in the directory where you created the `pod-watcher.go` file:
+
+```dockerfile
+FROM golang:1.19 as builder
+WORKDIR /app
+COPY . .
+RUN go mod init pod-watcher && \
+  go mod tidy && \
+  CGO_ENABLED=0 go build -o /pod-watcher
+
+FROM alpine:3.16
+COPY --from=builder /pod-watcher /pod-watcher
+ENTRYPOINT ["/pod-watcher"]
+```
+
+Build an image (change image tag according to your Docker registry):
+
+```sh
+docker build -t "registry.mycompany.com/module-sdk:pod-watcher" .
+```
+
+Push image to the Docker registry accessible by the Kubernetes cluster:
+
+```sh
+docker push registry.mycompany.com/module-sdk:pod-watcher
+```
+
+## Create RBAC objects
+
+We need to watch for Pods in all Namespaces. That means that we need specific RBAC definitions for our module:
+
+```sh
+kubectl create namespace example-pod-watcher
+kubectl create serviceaccount pod-watcher-acc --namespace example-pod-watcher
+kubectl create clusterrole pod-watcher --verb=get,watch,list --resource=pods
+kubectl create clusterrolebinding pod-watcher --clusterrole=pod-watcher --serviceaccount=example-pod-watcher:pod-watcher-acc
+```
+
+## Deploy your module to the cluster
+
+Module-sdk modules can be deployed as a Pod or Deployment. Put this manifest into the `pod-watcher.yaml` file:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-watcher
+spec:
+  containers:
+  - name: pod-watcher
+  image: registry.mycompany.com/module-sdk:pod-watcher
+  imagePullPolicy: Always
+  serviceAccountName: pod-watcher-acc
+```
+
+Deploy your module by applying the `pod-watcher.yaml` file:
+
+```sh
+kubectl -n example-pod-watcher apply -f pod-watcher.yaml
+```
+
+## It all comes together
+
+Let's deploy a [kubernetes-dashboard][kubernetes-dashboard] to trigger the registered event handler in our module:
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
+```
+
+Now run `kubectl -n example-pod-watcher logs po/pod-watcher` and observe that the module will print dashboard pod name:
+
+```plain
+...
+2023/06/22 12:30:45 Registered event handler for v1/Pod
+2023/06/22 12:30:45 Starting informers...
+2023/06/22 12:30:50 Pod 'kubernetes-dashboard-775dd7f59c-hr7kj' added
+...
+```
+
+To clean up a cluster, delete namespace and RBAC objects:
+
+```sh
+kubectl delete ns example-pod-watcher
+kubectl delete clusterrole pod-watcher
+kubectl delete clusterrolebinding pod-watcher
+```
+
+This example is also available in /examples: [pod-watcher-example][pod-watcher-example].
+
+[kubernetes-dashboard]: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
+[pod-watcher-example]: https://github.com/your-org/module-sdk/tree/main/examples/pod-watcher