KPT Functions are client-side programs that make it easy to operate on a repository of Kubernetes configuration files.
Use cases:
- Configuration Validation: e.g. Require all
Namespace
configurations to have acost-center
label. - Configuration Generation: e.g. Provide a blueprint for new services by generating a
Namespace
with organization-mandated defaults forRBAC
,ResourceQuota
, etc. - Configuration Transformation: e.g. Update all
PodSecurityPolicy
configurations to improve the security posture.
KPT functions can be run locally or as part of a CI/CD pipeline.
In GitOps workflows, KPT functions read and write configuration files from a Git repo. Changes to the system authored by humans and mutating KPT functions are reviewed before being committed to the repo. KPT functions can be run as pre-commit or post-commit steps to validate configurations before they are applied to a cluster.
- Learn about the concepts
- Develop a KPT Function using the Typescript SDK
- Running KPT Functions
- Configuration as data: Many configuration tools conflate data with the operations on that data (e.g. YAML files embedding a templating language). As configuration becomes complex, it becomes hard to read and understand. Our design philosophy is to keep configuration as data, which enables us to programmatically manipulate it using stateless programs called functions.
- Unix philosophy: Functions should be small, reusable, and composable. By implementing the Configuration Functions Specification, we can develop a catalog of useful, interoperable functions.
We provide an opinionated Typescript SDK for implementing KPT Functions. This provides various advantages:
- General-purpose language: Domain-Specific Languages begin their life with a reasonable
feature set, but often grow over time. They bloat in order to accommodate the tremendous variety
of customer use cases. Rather than follow this same course, KPT functions employ a true,
general-purpose programming language that provides:
- Proper abstractions and language features
- A extensive ecosystem of tooling (e.g. IDE support)
- A comprehensive catalog of well-supported libraries
- Robust community support and detailed documentation
- Type-safety: Kubernetes configuration is typed, and its schema is defined using the OpenAPI spec. Typescript has a sophisticated type system that accommodates the complexity of Kubernetes resources. The SDK enables generating Typescript classes for core and CRD types, providing safe and easy interaction with Kubernetes objects.
- Batteries-included: The SDK provides a simple, powerful API for querying and manipulating configuration files. It provides the scaffolding required to develop, build, test, and publish functions, allowing you to focus on implementing your business-logic.
We'd love to hear from you!