The cue-controller is an experimental Kubernetes controller for the CUE language. It integrates with Flux using the GitOps Toolkit and enables building GitOps pipelines directly in CUE.
The cue-controller is heavily based on the codebase for kustomize-controller and will aim for feature parity insofar as it makes sense to do so.
Use cases:
- GitOps Kubernetes resources using pure CUE, CUE+yaml or yaml alone
- Validate CUE or yaml with policies written in CUE
- Manage applications and infrastructure using modules & packages
- Single policy language to rule them all: write policy for local development, CI and last-mile in CUE
- Build CUE instances from a source repository
- Specify the CUE working directory and module root
- Specify the CUE expression(s) from which the instance will build
- Set CUE tags and tag variables for the instance
- Specify module root, package and directory variables for CUE instance
- Apply manifests from a CUE instance
- Impersonation via ServiceAccount
- Remote cluster access via kubeconfig
- Prune Kubernetes resources removed from the CUE source
- Support for non-CUE files
- Policy-mode (use CUE only for schema validation, with configurable failure modes)
- Validation failure notifications (via notification controller)
- Dependency ordering using
dependsOn - Health checks for deployed workloads
- Gate deployments using CUE expressions
- Support for decrypting secrets with Mozilla SOPS
Specifications:
For more on CUE visit: https://cuelang.org/ For more on Flux visit: https://fluxcd.io/
Checkout https://github.com/phoban01/cuedemo for examples and patterns of using the cue-controller to build GitOps pipelines.
The cue-controller requires that you already have the GitOps toolkit
controllers installed in your cluster. Visit https://fluxcd.io/docs/get-started/ for information on getting started if you are new to flux.
To install the latest release of the controller execute the following:
RELEASE=$(gh release list -R phoban01/cue-flux-controller -L 1 | awk '{print $1}')
RELEASE_MANIFESTS=https://github.com/phoban01/cue-flux-controller/releases/download/$RELEASE
kubectl apply -f "$RELEASE_MANIFESTS/cue-controller.crds.yaml"
kubectl apply -f "$RELEASE_MANIFESTS/cue-controller.rbac.yaml"
kubectl apply -f "$RELEASE_MANIFESTS/cue-controller.deployment.yaml"This will install the cue-controller in the flux-system namespace.
Create a source object that points to a Git repository containing Kubernetes manifests and a Cue module:
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: cuedemo
namespace: default
spec:
interval: 5m
url: https://github.com/phoban01/cuedemo
ref:
branch: mainCreate a CueInstance resource that references the GitRepository source previously defined. The CueInstance specifies the module root and the expression we wish to build.
apiVersion: cue.contrib.flux.io/v1alpha1
kind: CueInstance
metadata:
name: podinfo
namespace: default
spec:
interval: 5m
root: "./examples/podinfo"
expressions:
- out
tags:
- name: hpa
prune: true
sourceRef:
kind: GitRepository
name: cuedemoVerify that the resources have been deployed:
kubectl -n default get sa,po,svc,hpa -l app=podinfoShould return similar to the following:
NAME SECRETS AGE
serviceaccount/podinfo 1 10s
NAME READY STATUS RESTARTS AGE
pod/podinfo-59b967cb85-vd42l 1/1 Running 0 11s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/podinfo ClusterIP 10.96.171.221 <none> 9898/TCP 5s
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/podinfo Deployment/podinfo <unknown>/500Mi, <unknown>/75% 1 4 1 10s