Built-in Policy Type

This documentation will walk through all the built-in policy types sorted alphabetically.

It was generated automatically by scripts, please don’t update manually, last updated at 2023-07-28T09:33:26+08:00.

Allow configuration drift for applied resources, delivery the resource without continuously reconciliation.

It’s generally used in one time delivery only without continuous management scenario.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: apply-once-app
  5. spec:
  6.   components:
  7.     - name: hello-world
  8.       type: webservice
  9.       properties:
  10.         image: oamdev/hello-world
  11.       traits:
  12.         - type: scaler
  13.           properties:
  14.             replicas: 1
  15.   policies:
  16.     - name: apply-once
  17.       type: apply-once
  18.       properties:
  19.         enable: true
NameDescriptionTypeRequiredDefault
enableWhether to enable apply-once for the whole application.boolfalsefalse
rulesSpecify the rules for configuring apply-once policy in resource level.[]rulesfalse
NameDescriptionTypeRequiredDefault
selectorSpecify how to select the targets of the rule.selectorfalse
strategySpecify the strategy for configuring the resource level configuration drift behaviour.strategytrue
NameDescriptionTypeRequiredDefault
componentNamesSelect resources by component names.[]stringfalse
componentTypesSelect resources by component types.[]stringfalse
oamTypesSelect resources by oamTypes (COMPONENT or TRAIT).[]stringfalse
traitTypesSelect resources by trait types.[]stringfalse
resourceTypesSelect resources by resource types (like Deployment).[]stringfalse
resourceNamesSelect resources by their names.[]stringfalse
NameDescriptionTypeRequiredDefault
affectWhen the strategy takes effect,e.g. onUpdate、onStateKeep.stringfalse
pathSpecify the path of the resource that allow configuration drift.[]stringtrue

Configure the garbage collect behaviour for the application.

It’s used in garbage collection scenario. It can be used to configure the collection policy, e.g. don’t delete the legacy resources when updating.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: first-vela-app
  5. spec:
  6.   components:
  7.     - name: express-server
  8.       type: webservice
  9.       properties:
  10.         image: oamdev/hello-world
  11.         port: 8000
  12.       traits:
  13.         - type: ingress-1-20
  14.           properties:
  15.             domain: testsvc.example.com
  16.             http:
  17.               "/": 8000
  18.   policies:
  19.     - name: keep-legacy-resource
  20.       type: garbage-collect
  21.       properties:
  22.         keepLegacyResource: true
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: garbage-collect-app
  5. spec:
  6.   components:
  7.     - name: hello-world-new
  8.       type: webservice
  9.       properties:
  10.         image: oamdev/hello-world
  11.       traits:
  12.         - type: expose
  13.           properties:
  14.             port: [8000]
  15.   policies:
  16.     - name: garbage-collect
  17.       type: garbage-collect
  18.       properties:
  19.         rules:
  20.           - selector:
  21.               traitTypes:
  22.                 - expose
  23.             strategy: onAppDelete
NameDescriptionTypeRequiredDefault
applicationRevisionLimitIf set, it will override the default revision limit number and customize this number for the current application.intfalse
keepLegacyResourceIf is set, outdated versioned resourcetracker will not be recycled automatically, outdated resources will be kept until resourcetracker be deleted manually.boolfalsefalse
continueOnFailureIf is set, continue to execute gc when the workflow fails, by default gc will be executed only after the workflow succeeds.boolfalsefalse
rulesSpecify the list of rules to control gc strategy at resource level, if one resource is controlled by multiple rules, first rule will be used.[]rulesfalse
NameDescriptionTypeRequiredDefault
selectorSpecify how to select the targets of the rule.selectortrue
strategySpecify the strategy for target resource to recycle.“onAppUpdate” or “onAppDelete” or “never”falseonAppUpdate
propagationSpecify the deletion propagation strategy for target resource to delete.“orphan” or “cascading”false
NameDescriptionTypeRequiredDefault
componentNamesSelect resources by component names.[]stringfalse
componentTypesSelect resources by component types.[]stringfalse
oamTypesSelect resources by oamTypes (COMPONENT or TRAIT).[]stringfalse
traitTypesSelect resources by trait types.[]stringfalse
resourceTypesSelect resources by resource types (like Deployment).[]stringfalse
resourceNamesSelect resources by their names.[]stringfalse

Describe the configuration to override when deploying resources, it only works with specified deploy step in workflow.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: deploy-with-override
  5.   namespace: examples
  6. spec:
  7.   components:
  8.     - name: nginx-with-override
  9.       type: webservice
  10.       properties:
  11.         image: nginx
  12.   policies:
  13.     - name: topology-hangzhou-clusters
  14.       type: topology
  15.       properties:
  16.         clusterLabelSelector:
  17.           region: hangzhou
  18.     - name: topology-local
  19.       type: topology
  20.       properties:
  21.         clusters: ["local"]
  22.         namespace: examples-alternative
  23.     - name: override-nginx-legacy-image
  24.       type: override
  25.       properties:
  26.         components:
  27.           - name: nginx-with-override
  28.             properties:
  29.               image: nginx:1.20
  30.     - name: override-high-availability
  31.       type: override
  32.       properties:
  33.         components:
  34.           - type: webservice
  35.             traits:
  36.               - type: scaler
  37.                 properties:
  38.                   replicas: 3
  39.   workflow:
  40.     steps:
  41.       - type: deploy
  42.         name: deploy-local
  43.         properties:
  44.           policies: ["topology-local"]
  45.       - type: deploy
  46.         name: deploy-hangzhou
  47.         properties:
  48.           policies: ["topology-hangzhou-clusters", "override-nginx-legacy-image", "override-high-availability"]
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: advance-override
  5.   namespace: examples
  6. spec:
  7.   components:
  8.     - name: nginx-advance-override-legacy
  9.       type: webservice
  10.       properties:
  11.         image: nginx:1.20
  12.     - name: nginx-advance-override-latest
  13.       type: webservice
  14.       properties:
  15.         image: nginx
  16.   policies:
  17.     - name: topology-hangzhou-clusters
  18.       type: topology
  19.       properties:
  20.         clusterLabelSelector:
  21.           region: hangzhou
  22.     - name: topology-local
  23.       type: topology
  24.       properties:
  25.         clusters: ["local"]
  26.         namespace: examples-alternative
  27.     - name: override-nginx-legacy
  28.       type: override
  29.       properties:
  30.         selector: ["nginx-advance-override-legacy"]
  31.     - name: override-nginx-latest
  32.       type: override
  33.       properties:
  34.         selector: ["nginx-advance-override-latest", "nginx-advance-override-stable"]
  35.         components:
  36.           - name: nginx-advance-override-stable
  37.             type: webservice
  38.             properties:
  39.               image: nginx:stable
  40.   workflow:
  41.     steps:
  42.       - type: deploy
  43.         name: deploy-local
  44.         properties:
  45.           policies: ["topology-local", "override-nginx-legacy"]
  46.       - type: deploy
  47.         name: deploy-hangzhou
  48.         properties:
  49.           policies: ["topology-hangzhou-clusters", "override-nginx-latest"]
NameDescriptionTypeRequiredDefault
componentsSpecify the overridden component configuration.[]componentstrue
selectorSpecify a list of component names to use, if empty, all components will be selected.[]stringfalse
NameDescriptionTypeRequiredDefault
nameSpecify the name of the patch component, if empty, all components will be merged.stringfalse
typeSpecify the type of the patch component.stringfalse
propertiesSpecify the properties to override.map[string]_false
traitsSpecify the traits to override.[]traitsfalse
NameDescriptionTypeRequiredDefault
typeSpecify the type of the trait to be patched.stringtrue
propertiesSpecify the properties to override.map[string]_false
disableSpecify if the trait should be remove, default false.boolfalsefalse

Configure the resources to be read-only in the application (no update / state-keep).

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: read-only
  5. spec:
  6.   components:
  7.     - name: busybox
  8.       type: worker
  9.       properties:
  10.         image: busybox
  11.         cmd:
  12.           - sleep
  13.           - '1000000'
  14.   policies:
  15.     - type: read-only
  16.       name: read-only
  17.       properties:
  18.         rules:
  19.           - selector:
  20.               resourceTypes: ["Deployment"]
NameDescriptionTypeRequiredDefault
rulesSpecify the list of rules to control read only strategy at resource level.[]rulesfalse
NameDescriptionTypeRequiredDefault
selectorSpecify how to select the targets of the rule.selectortrue
NameDescriptionTypeRequiredDefault
componentNamesSelect resources by component names.[]stringfalse
componentTypesSelect resources by component types.[]stringfalse
oamTypesSelect resources by oamTypes (COMPONENT or TRAIT).[]stringfalse
traitTypesSelect resources by trait types.[]stringfalse
resourceTypesSelect resources by resource types (like Deployment).[]stringfalse
resourceNamesSelect resources by their names.[]stringfalse

Describe the configuration to replicate components when deploying resources, it only works with specified deploy step in workflow.

In KubeVela, we can dispatch resources across the clusters. But projects like OpenYurt have finer-grained division like node pool. This requires to dispatch some similar resources to the same cluster. These resources are called replication. Back to the example of OpenYurt, it can integrate KubeVela and replicate the resources then dispatch them to the different node pool.

Replication is an internal policy. It can be only used with deploy workflow step. When using replication policy. A new field replicaKey will be added to context. User can use definitions that make use of context.replicaKey. For example, apply a replica-webservice ComponentDefinition.

In this ComponentDefinition, we can use context.replicaKey to distinguish the name of Deployment and Service.

NOTE: ComponentDefinition below is trimmed for brevity. See complete YAML in replication.yaml

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: ComponentDefinition
  3. metadata:
  4.   annotations:
  5.     definition.oam.dev/description: Webservice, but can be replicated
  6.   name: replica-webservice
  7.   namespace: vela-system
  8. spec:
  9.   workload:
  10.     type: autodetects.core.oam.dev
  11.   schematic:
  12.     cue:
  13.       template: |
  14.         output: {
  15.             apiVersion: "apps/v1"
  16.             kind:       "Deployment"
  17.             metadata: {
  18.                 if context.replicaKey != _|_ {
  19.                     name: context.name + "-" + context.replicaKey
  20.                 }
  21.                 if context.replicaKey == _|_ {
  22.                     name: context.name
  23.                 }
  24.             }
  25.             spec: {
  26.                 selector: matchLabels: {
  27.                     "app.oam.dev/component": context.name
  28.                     if context.replicaKey != _|_ {
  29.                         "app.oam.dev/replicaKey": context.replicaKey
  30.                     }
  31.                 }
  33.                 template: {
  34.                     metadata: {
  35.                         labels: {
  36.                             if parameter.labels != _|_ {
  37.                                 parameter.labels
  38.                             }
  39.                             if parameter.addRevisionLabel {
  40.                                 "app.oam.dev/revision": context.revision
  41.                             }
  42.                             "app.oam.dev/name":      context.appName
  43.                             "app.oam.dev/component": context.name
  44.                             if context.replicaKey != _|_ {
  45.                                 "app.oam.dev/replicaKey": context.replicaKey
  46.                             }
  48.                         }
  49.                         if parameter.annotations != _|_ {
  50.                             annotations: parameter.annotations
  51.                         }
  52.                     }
  53.                 }
  54.             }
  55.         }
  56.         outputs: {
  57.             if len(exposePorts) != 0 {
  58.                 webserviceExpose: {
  59.                     apiVersion: "v1"
  60.                     kind:       "Service"
  61.                     metadata: {
  62.                         if context.replicaKey != _|_ {
  63.                             name: context.name + "-" + context.replicaKey
  64.                         }
  65.                         if context.replicaKey == _|_ {
  66.                             name: context.name
  67.                         }
  68.                     }
  69.                     spec: {
  70.                         selector: {
  71.                             "app.oam.dev/component": context.name
  72.                             if context.replicaKey != _|_ {
  73.                                 "app.oam.dev/replicaKey": context.replicaKey
  74.                             }
  75.                         }
  76.                         ports: exposePorts
  77.                         type:  parameter.exposeType
  78.                     }
  79.                 }
  80.             }
  81.         }

Then user can apply application below. Replication policy is declared in application.spec.policies. These policies are used in deploy-with-rep workflow step. They work together to influence the deploy step.

  • override: select hello-rep component to deploy.
  • topology: select cluster local to deploy.
  • replication: select hello-rep component to replicate.

As a result, there will be two Deployments and two Services:

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: app-replication-policy
  5. spec:
  6.   components:
  7.     - name: hello-rep
  8.       type: replica-webservice
  9.       properties:
  10.         image: crccheck/hello-world
  11.         ports:
  12.           - port: 80
  13.             expose: true
  14.   policies:
  15.     - name: comp-to-replicate
  16.       type: override
  17.       properties:
  18.         selector: [ "hello-rep" ]
  19.     - name: target-default
  20.       type: topology
  21.       properties:
  22.         clusters: [ "local" ]
  23.     - name: replication-default
  24.       type: replication
  25.       properties:
  26.         keys: ["beijing","hangzhou"]
  27.         selector: ["hello-rep"]
  29.   workflow:
  30.     steps:
  31.       - name: deploy-with-rep
  32.         type: deploy
  33.         properties:
  34.           policies: ["comp-to-replicate","target-default","replication-default"]
  1. kubectl get deploy -n default
  2. NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
  3. hello-rep-beijing    1/1     1            1           5s
  4. hello-rep-hangzhou   1/1     1            1           5s
  6. kubectl get service -n default
  7. NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
  8. hello-rep-hangzhou   ClusterIP   10.43.23.200   <none>        80/TCP    41s
  9. hello-rep-beijing    ClusterIP   10.43.24.116   <none>        80/TCP    12s
NameDescriptionTypeRequiredDefault
keysSpicify the keys of replication. Every key coresponds to a replication components.[]stringtrue
selectorSpecify the components which will be replicated.[]stringfalse

Configure the update strategy for selected resources.

resource-update policy can allow users to customize the update behavior for selected resources.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: recreate
  5. spec:
  6.   components:
  7.     - type: k8s-objects
  8.       name: recreate
  9.       properties:
  10.         objects:
  11.           - apiVersion: v1
  12.             kind: Secret
  13.             metadata:
  14.               name: recreate
  15.             data:
  16.               key: dgo=
  17.             immutable: true
  18.   policies:
  19.     - type: resource-update
  20.       name: resource-update
  21.       properties:
  22.         rules:
  23.           - selector:
  24.               resourceTypes: ["Secret"]
  25.             strategy:
  26.               recreateFields: ["data.key"]

By specifying recreateFields, the application will recreate the target resource (Secret here) when the field changes (data.key here). If the field is not changed, the application will use the normal update (patch here).

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: recreate
  5. spec:
  6.   components:
  7.     - type: k8s-objects
  8.       name: recreate
  9.       properties:
  10.         objects:
  11.           - apiVersion: v1
  12.             kind: ConfigMap
  13.             metadata:
  14.               name: recreate
  15.             data:
  16.               key: val
  17.   policies:
  18.     - type: resource-update
  19.       name: resource-update
  20.       properties:
  21.         rules:
  22.           - selector:
  23.               resourceTypes: ["ConfigMap"]
  24.             strategy:
  25.               op: replace

By specifying op to replace, the application will update the given resource (ConfigMap here) by replace. Compared to patch, which leverages three-way merge patch to only modify the fields managed by KubeVela application, “replace” will update the object as a whole and wipe out other fields even if it is not managed by the KubeVela application. It can be seen as an “application-level” ApplyResourceByReplace.

NameDescriptionTypeRequiredDefault
rulesSpecify the list of rules to control resource update strategy at resource level.[]rulesfalse
NameDescriptionTypeRequiredDefault
selectorSpecify how to select the targets of the rule.selectortrue
strategyThe update strategy for the target resources.strategytrue
NameDescriptionTypeRequiredDefault
componentNamesSelect resources by component names.[]stringfalse
componentTypesSelect resources by component types.[]stringfalse
oamTypesSelect resources by oamTypes (COMPONENT or TRAIT).[]stringfalse
traitTypesSelect resources by trait types.[]stringfalse
resourceTypesSelect resources by resource types (like Deployment).[]stringfalse
resourceNamesSelect resources by their names.[]stringfalse
NameDescriptionTypeRequiredDefault
opSpecify the op for updating target resources.“patch” or “replace”falsepatch
recreateFieldsSpecify which fields would trigger recreation when updated.[]stringfalse

Configure the resources to be sharable across applications.

It’s used in shared-resource scenario. It can be used to configure which resources can be shared between applications. The target resource will allow multiple application to read it but only the first one to be able to write it.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: app1
  5. spec:
  6.   components:
  7.     - name: ns1
  8.       type: k8s-objects
  9.       properties:
  10.         objects:
  11.           - apiVersion: v1
  12.             kind: Namespace
  13.             metadata:
  14.               name: example
  15.     - name: cm1
  16.       type: k8s-objects
  17.       properties:
  18.         objects:
  19.           - apiVersion: v1
  20.             kind: ConfigMap
  21.             metadata:
  22.               name: cm1
  23.               namespace: example
  24.             data:
  25.               key: value1
  26.   policies:
  27.     - name: shared-resource
  28.       type: shared-resource
  29.       properties:
  30.         rules:
  31.           - selector:
  32.               resourceTypes: ["Namespace"]
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: app2
  5. spec:
  6.   components:
  7.     - name: ns2
  8.       type: k8s-objects
  9.       properties:
  10.         objects:
  11.           - apiVersion: v1
  12.             kind: Namespace
  13.             metadata:
  14.               name: example
  15.     - name: cm2
  16.       type: k8s-objects
  17.       properties:
  18.         objects:
  19.           - apiVersion: v1
  20.             kind: ConfigMap
  21.             metadata:
  22.               name: cm2
  23.               namespace: example
  24.             data:
  25.               key: value2
  26.   policies:
  27.     - name: shared-resource
  28.       type: shared-resource
  29.       properties:
  30.         rules:
  31.           - selector:
  32.               resourceTypes: ["Namespace"]
NameDescriptionTypeRequiredDefault
rulesSpecify the list of rules to control shared-resource strategy at resource level.[]rulesfalse
NameDescriptionTypeRequiredDefault
selectorSpecify how to select the targets of the rule.selectortrue
NameDescriptionTypeRequiredDefault
componentNamesSelect resources by component names.[]stringfalse
componentTypesSelect resources by component types.[]stringfalse
oamTypesSelect resources by oamTypes (COMPONENT or TRAIT).[]stringfalse
traitTypesSelect resources by trait types.[]stringfalse
resourceTypesSelect resources by resource types (like Deployment).[]stringfalse
resourceNamesSelect resources by their names.[]stringfalse

Configure the resources to be able to take over when it belongs to no application.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: take-over
  5. spec:
  6.   components:
  7.     - name: busybox
  8.       type: k8s-objects
  9.       properties:
  10.         objects:
  11.           - apiVersion: apps/v1
  12.             kind: Deployment
  13.             metadata:
  14.               name: busybox-ref
  15.   policies:
  16.     - type: take-over
  17.       name: take-over
  18.       properties:
  19.         rules:
  20.           - selector:
  21.               resourceTypes: ["Deployment"]
NameDescriptionTypeRequiredDefault
rulesSpecify the list of rules to control take over strategy at resource level.[]rulesfalse
NameDescriptionTypeRequiredDefault
selectorSpecify how to select the targets of the rule.selectortrue
NameDescriptionTypeRequiredDefault
componentNamesSelect resources by component names.[]stringfalse
componentTypesSelect resources by component types.[]stringfalse
oamTypesSelect resources by oamTypes (COMPONENT or TRAIT).[]stringfalse
traitTypesSelect resources by trait types.[]stringfalse
resourceTypesSelect resources by resource types (like Deployment).[]stringfalse
resourceNamesSelect resources by their names.[]stringfalse

Describe the destination where components should be deployed to.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: basic-topology
  5.   namespace: examples
  6. spec:
  7.   components:
  8.     - name: nginx-basic
  9.       type: webservice
  10.       properties:
  11.         image: nginx
  12.   policies:
  13.     - name: topology-hangzhou-clusters
  14.       type: topology
  15.       properties:
  16.         clusters: ["hangzhou-1", "hangzhou-2"]
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: label-selector-topology
  5.   namespace: examples
  6. spec:
  7.   components:
  8.     - name: nginx-label-selector
  9.       type: webservice
  10.       properties:
  11.         image: nginx
  12.   policies:
  13.     - name: topology-hangzhou-clusters
  14.       type: topology
  15.       properties:
  16.         clusterLabelSelector:
  17.           region: hangzhou
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: local-ns-topology
  5.   namespace: examples
  6. spec:
  7.   components:
  8.     - name: nginx-local-ns
  9.       type: webservice
  10.       properties:
  11.         image: nginx
  12.   policies:
  13.     - name: topology-local
  14.       type: topology
  15.       properties:
  16.         clusters: ["local"]
  17.         namespace: examples-alternative
NameDescriptionTypeRequiredDefault
clustersSpecify the names of the clusters to select.[]stringfalse
clusterLabelSelectorSpecify the label selector for clusters.map[string]stringfalse
allowEmptyIgnore empty cluster error.boolfalse
clusterSelectorDeprecated: Use clusterLabelSelector instead.map[string]stringfalse
namespaceSpecify the target namespace to deploy in the selected clusters, default inherit the original namespace.stringfalse

Last updated on Aug 4, 2023 by Daniel Higuero