我的书签
添加书签
移除书签Version: v1.8
Patch in the Definitions
When we are writing the definition, sometimes we need to patch to the corresponding component or traits. We can use the patch capability when you’re writing trait definitions or workflow step definitions.
By default, KubeVela will merge patched values with CUE’s merge. However, CUE cannot handle conflicting fields currently.
For example, if replicas=5 has been set in a component instance, once there is another trait, attempting to patch the value of the replicas field, it will fail. So we recommend that you need to plan ahead and don’t use duplicate fields between components and traits.
But in some cases, we do need to deal with overwriting fields that have already been assigned a value. For example, when set up resources in multi-environments, we hope that the envs in different environments are different: i.e., the default env is MODE=PROD, and in the test environment, it needs to be modified to MODE=DEV DEBUG=true .
In this case, we can apply the following application:
apiVersion: core.oam.dev/v1beta1kind: Applicationmetadata:name: deploy-with-overridespec:components:- name: nginx-with-overridetype: webserviceproperties:image: nginxenv:- name: MODEvalue: prodpolicies:- name: testtype: topologyproperties:clusters: ["local"]namespace: test- name: prodtype: topologyproperties:clusters: ["local"]namespace: prod- name: override-envtype: overrideproperties:components:- name: nginx-with-overridetraits:- type: envproperties:env:MODE: testDEBUG: "true"workflow:steps:- type: deployname: deploy-testproperties:policies: ["test", "override-env"]- type: deployname: deploy-prodproperties:policies: ["prod"]
After deploying the application, you can see that in the test namespace, the envs of the nginx application are as follows:
spec:containers:- env:- name: MODEvalue: test- name: DEBUGvalue: "true"
At the same time, in the prod namespace, the envs are as follows:
spec:containers:- env:- name: MODEvalue: prod
deploy-test will deploy nginx to the test namespace. At the same time, the env trait overwrite the same envs by using the patch strategy, thus adding MODE=test DEBUG=true in the test namespace, while the nginx in the prod namespace will retain the original MODE=prod env.
KubeVela provides a series of patching strategies to help resolve conflicting issues. When writing patch traits and workflow steps, you can use these patch strategies to solve conflicting values. Note that the patch strategy is not an official capability provided by CUE, but an extension developed by KubeVela.
For the usage of all patch strategies, please refer to Patch Strategy.
Patch is a very common pattern of trait definitions, i.e. the app operators can amend/patch attributes to the component instance or traits to enable certain operational features such as sidecar or node affinity rules (and this should be done before the resources applied to target cluster).
This pattern is extremely useful when the component definition is provided by third-party component provider (e.g. software distributor) so app operators do not have privilege to change its template.
Below is an example for node-affinity trait:
apiVersion: core.oam.dev/v1beta1kind: TraitDefinitionmetadata:annotations:definition.oam.dev/description: "affinity specify node affinity and toleration"name: node-affinityspec:appliesToWorkloads:- deployments.appspodDisruptive: trueschematic:cue:template: |patch: {spec: template: spec: {if parameter.affinity != _|_ {affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: [{// +patchStrategy=retainKeysmatchExpressions: [for k, v in parameter.affinity {key: koperator: "In"values: v},]}]}if parameter.tolerations != _|_ {// +patchStrategy=retainKeystolerations: [for k, v in parameter.tolerations {effect: "NoSchedule"key: koperator: "Equal"value: v}]}}}parameter: {affinity?: [string]: [...string]tolerations?: [string]: string}
In patch, we declare the component object fields that this trait will patch to.
The patch trait above assumes the target component instance have spec.template.spec.affinity field. Hence, we need to use appliesToWorkloads to enforce the trait only applies to those workload types have this field. Meanwhile, we use // +patchStrategy=retainKeys to override the conflict fields in the original component instance.
Another important field is podDisruptive, this patch trait will patch to the pod template field, so changes on any field of this trait will cause the pod to restart, We should add podDisruptive and make it to be true to tell users that applying this trait will cause the pod to restart.
Now the users could declare they want to add node affinity rules to the component instance as below:
apiVersion: core.oam.dev/v1beta1kind: Applicationmetadata:name: testappspec:components:- name: express-servertype: webserviceproperties:image: oamdev/testapp:v1traits:- type: "gateway"properties:domain: testsvc.example.comhttp:"/": 8000- type: "node-affinity"properties:affinity:server-owner: ["owner1","owner2"]resource-pool: ["pool1","pool2","pool3"]tolerations:resource-pool: "broken-pool1"server-owner: "old-owner"
Note: it’s available after KubeVela v1.4.
You can also patch to other traits by using patchOutputs in the Definition. Such as:
apiVersion: core.oam.dev/v1beta1kind: TraitDefinitionmetadata:name: patch-annotationspec:schematic:cue:template: |patchOutputs: {ingress: {metadata: annotations: {"kubernetes.io/ingress.class": "istio"}}}
The patch trait above assumes that the component it binds has other traits which have ingress resource. The patch trait will patch an istio annotation to the ingress resource.
We can deploy the following application:
apiVersion: core.oam.dev/v1beta1kind: Applicationmetadata:name: testappspec:components:- name: express-servertype: webserviceproperties:image: oamdev/testapp:v1traits:- type: "gateway"properties:domain: testsvc.example.comhttp:"/": 8000- type: "patch-annotation"properties:name: "patch-annotation-trait"
And the ingress resource is now like:
apiVersion: networking.k8s.io/v1beta1kind: Ingressmetadata:annotations:kubernetes.io/ingress.class: istioname: ingressspec:rules:spec:rules:- host: testsvc.example.comhttp:paths:- backend:service:name: express-serverport:number: 8000path: /pathType: ImplementationSpecific
Note: You need to put this kind of trait at the last place to patch for other traits.
You can even write a for-loop in patch trait, below is an example that can patch for all resources with specific annotation.
apiVersion: core.oam.dev/v1beta1kind: TraitDefinitionmetadata:name: patch-for-argospec:schematic:cue:template: |patch: {metadata: annotations: {"argocd.argoproj.io/compare-options": "IgnoreExtraneous""argocd.argoproj.io/sync-options": "Prune=false"}}patchOutputs: {for k, v in context.outputs {"\(k)": {metadata: annotations: {"argocd.argoproj.io/compare-options": "IgnoreExtraneous""argocd.argoproj.io/sync-options": "Prune=false"}}}}
This example solved a real case.
When you use op.#ApplyComponent in a custom workflow step definition, you can patch component or traits in the patch field.
For example, when using Istio for canary release, you can add annotations of the release name to the component in patch: workload of op.#ApplyComponent; meanwhile, you can change the traffic and destination rule in patch: traits: <trait-name>.
Following is a real example of canary rollout in a custom workflow step:
apiVersion: core.oam.dev/v1beta1kind: WorkflowStepDefinitionmetadata:name: canary-rolloutnamespace: vela-systemspec:schematic:cue:template: |-import ("vela/op")parameter: {batchPartition: inttraffic: weightedTargets: [...{revision: stringweight: int}]}comps__: op.#LoadcompNames__: [ for name, c in comps__.value {name}]comp__: compNames__[0]apply: op.#ApplyComponent & {value: comps__.value[comp__]patch: {workload: {// +patchStrategy=retainKeysmetadata: metadata: annotations: {"rollout": context.name}}traits: "rollout": {spec: rolloutPlan: batchPartition: parameter.batchPartition}traits: "virtualService": {spec:// +patchStrategy=retainKeyshttp: [{route: [for i, t in parameter.traffic.weightedTargets {destination: {host: comp__subset: t.revision}weight: t.weight}]},]}traits: "destinationRule": {// +patchStrategy=retainKeysspec: {host: comp__subsets: [for i, t in parameter.traffic.weightedTargets {name: t.revisionlabels: {"app.oam.dev/revision": t.revision}},]}}}}applyRemaining: op.#ApplyRemaining & {exceptions: [comp__]}
After deploying the above definition, you can apply the following workflow to control the canary rollout:
...workflow:steps:- name: rollout-1st-batchtype: canary-rolloutproperties:batchPartition: 0traffic:weightedTargets:- revision: reviews-v1weight: 90- revision: reviews-v2weight: 10- name: manual-approvaltype: suspend- name: rollout-resttype: canary-rolloutproperties:batchPartition: 1traffic:weightedTargets:- revision: reviews-v2weight: 100...
In the first and third steps, we declared different revisions and weight in traffic. In the step definition of canary-rollout, we will overwrite the revision and weight declared by the user through patch, so as to control the progressive rollout in the workflow.
For more details of using KubeVela with Istio progressive release, please refer to Progressive Rollout with Istio.
Last updated on May 6, 2023 by Tianxin Dong
