rfc(template): remove custom Jinja templating
See original GitHub issueAs Reana uses Helm to install Traefik, I was thinking why not use Helm for back-end kubernetes instead of using custom templates with jinja. Since Helm is an industry standard for reusable Kubernetes packages, it can open up opportunities for independent deployment without a reana-cluster
and allow the use of packages such as stable/postgresql
.
I look forward to contributing more π₯°
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:8 (3 by maintainers)
Top Results From Across the Web
[RFC] Scaffolder: Unify templating syntax used in ... - GitHub
When writing a new Software Template, users need to understand two templating syntaxes, one for template.yaml (handlebars) and one for theΒ ...
Read more >Jinja2 templates and filters - Pexip Infinity Docs
For more complicated search and replace patterns, use the custom Pexip pex_regex_replace filter described below. Custom Pexip filters. In addition to the jinja...
Read more >Template Designer Documentation - Jinja
This document describes the syntax and semantics of the template engine and will be most useful as reference to those creating Jinja templates....
Read more >Jinja | FlexGet
You can use jinja filters to do formatting on fields from the entry. ... When using Jinja2 templates, you can use the following...
Read more >Built-in template tags and filters - Django documentation
Defines a block that can be overridden by child templates. ... See Custom tag and filter libraries for more information. ... r, RFC...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Indeed Helmβs current model require special care when used on a Kubernetes cluster with Role-based access control (RBAC) enabled, which is the case for example on Googleβs managed clusters (GKE). Following Helmβs official documentation on RBAC, some Kubernetes resources (service account, cluster role and binding, β¦) are required and must be created before deploying Tiller.
If you are interested, I can submit the configuration required for Helm to deploy Reana in a RBAC-enabled cluster.
Hello @everyone
Of course, to start with, I started the project using Helm since it is the tool I used the most. Since September, I have moved all my work to Kustomize. I will objectively state below the reason and how Kustomize solved my problems and why i now exclusively use Kustomize.
Helm is one of the first package managers for Kubernetes and is an industry standard for the moment after the vanilla Kubernetes YAML manifest. Like Ksonnet, Helm uses a programmatic model instead of a declarative model to produce Kubernetes manifests.
On the other hand, Kustomize is template-free and declarative to extend the manifests and is natively supported by Kubernetes.
Organization
Helm 2
Helm uses the
Chart.yaml
file as an entry point that defines the version, name, description⦠of the Chart. Andvalues.yaml
is where the parameters are defined to be passed down to the template.And it allows you to conditionally import nested subcharts and third-party charts.
./requirements.yaml:
Kustomize
A Kustomize project structure is more minimalist and is unopinionated, using
kustomization.yaml
as the entry point for the package, structurally similar to Terraform. Kustomize allows us to model our structure according to our needs.Environment oriented structure :
Overlays:
Kustomize in constrast is more declarative,
kustomization.yaml
hold every Kubernetes manifests in theresources
list and other package imports in thebases
using Hashicorp go getter format. And have several other utility such as:commonLabel
to put a common every children resources;*Generator
to create secret or configmap directly from litteral or from a file path../base/kustomization.yaml:
./base/postgresql/kustomization.yaml
Configuration
Helm
One of the main restrictions of templating is that itβs not extensible by default. Historically, templating is good for ahead known configuration but in case of infrastructure deployment thatβs not the case, sometime we need to pass certain environment variable or volume based on various variables. Which lead to template a configuration to be configured on the Chart level.
./charts/reanaserver/templates/deployment.yaml
./values.yaml
Kustomize
This is where Kustomize shine, it use template-free Kubernetes manifest and extend it by applying the superposition.
./base/postgresql/deploy.yaml
./prod/cern/postgresql/deploy-patch.yaml
Deployment and security
Helm
Firstly Helm 2 manages its releases via the tiller, which is a security issue by itself in the same way as the RBAC security issues of the Kubenetes dashboard. Partially solved in the Helm 3 by using an opaque configmap instead of Tiller.
helm install --name reana-test ./chart
Kustomize
In contrast, Kustomize is natively supported by Kubernetes and is easier to deploy by simply using the following command on a directory that contains a file
kustomization.yaml
:kubectl apply/create/delete -k ./manifests
Apply and prune all deleted resources:
kubectl apply --prune -k ./manifests
Conclution
At each step Kustomize feels more Kubernetes. With or without Kustomize, all the manifests written are valid vanilla Kubernetes manifest and are extensible by default without requiring to fork or create a pull request.
Helm is harsh and feels magical where Kustomize is declarative following the Kubernetes philosophy. The resources declared in Kustomize are ordered by priority such as CRD then configmap then⦠(https://github.com/helm/helm/issues/5871). Helm templates (*.tpl) are also another pain point point and cannot be shared or have strange behaviors between charts (https://github.com/helm/helm/issues/3920)