Config Template

There are many scenarios to need users to provide structured data which is a config. Config Template could define the schema and the structure of the config data. KubeVela could base the Config Template help users to create a valid config.

The config data save as a Secret default, but you also could generate resources of any type by defining the template. Even, you can define the extend writer to write the config data to the Nacos server.

Config Template defined with the CUE file. The schema of the specification:

  2. metadata: {
  3.     name:         string
  4.     alias?:       string
  5.     description?: string
  6.     scope:        "project" | "system"
  7.     sensitive:    bool
  8. }
  10. template: {
  11.     parameter: {...}
  12.     output?: #Secret
  13.     outputs?: {#AnyResources}
  14.     nacos?: {
  15.         // The endpoint can not references the parameter.
  16.         endpoint: {
  17.             // Users must create a config base the nacos-server template firstly.
  18.             name: string
  19.         }
  20.         format: "json" | "yaml" | "properties" | "toml"
  21.         // could references the parameter
  22.         metadata: {
  23.             dataId:      string
  24.             group:       string
  25.             appName:     string
  26.             namespaceId: string
  27.             tenant:      string
  28.             tag:         string
  29.         }
  30.         content: {...}
  31.     }
  32. }
  • metadata.name This is required. Specify the name of the template.
  • metadata.alias Specify the alias of the template.
  • metadata.description Specify the description of the template.
  • metadata.scope Specify the scope of the config created by this template. In VelaUX, the template belonging to the project scope means this template could be used to create the config in the project. If created in the system, this config could be shared with all projects.

  • metadata.sensitive Is it sensitive the config created by this template? If the config is sensitive, it can not be read directly and could only mount the Secret.

  • template.parameter Specify the parameters of the config. KubeVela will generate the schema by this definition and validate the user’s input.

  • template.output This is not required. You could specify if you want to customize the data structure of the Secret.

  • template.outputs This is not required. You could specify any resources that you want to generate by this config.

  • template.nacos This is not required. You could specify the Nacos config metadata if you want to write the config data to the Nacos server. template.nacos.name This is the name of the config created by the built-in template nacos-server.

  • List the Config Templates

  1. vela config-template list
  • Create a Config Template
  1. vela config-template apply -f example.cue
  • Show the schema and document of the Config Template
  1. vela config-template show <Template Name>
  • Delete a Config Template
  1. vela config-template delete <Template Name>

More usages, refer to:

  1. vela config-template --help
  1. import (
  2.     "encoding/base64"
  3.     "encoding/json"
  4.     "strconv"
  5. )
  7. metadata: {
  8.     name:        "image-registry"
  9.     alias:       "Image Registry"
  10.     scope:       "project"
  11.     description: "Config information to authenticate image registry"
  12.     sensitive:   false
  13. }
  15. template: {
  16.     output: {
  17.         apiVersion: "v1"
  18.         kind:       "Secret"
  19.         metadata: {
  20.             name:      context.name
  21.             namespace: context.namespace
  22.             labels: {
  23.                 "config.oam.dev/catalog": "velacore-config"
  24.                 "config.oam.dev/type":    "image-registry"
  25.             }
  26.         }
  27.         if parameter.auth != _|_ {
  28.             type: "kubernetes.io/dockerconfigjson"
  29.         }
  30.         if parameter.auth == _|_ {
  31.             type: "Opaque"
  32.         }
  33.         stringData: {
  34.             if parameter.auth != _|_ && parameter.auth.username != _|_ {
  35.                 ".dockerconfigjson": json.Marshal({
  36.                     "auths": (parameter.registry): {
  37.                         "username": parameter.auth.username
  38.                         "password": parameter.auth.password
  39.                         if parameter.auth.email != _|_ {
  40.                             "email": parameter.auth.email
  41.                         }
  42.                         "auth": base64.Encode(null, (parameter.auth.username + ":" + parameter.auth.password))
  43.                     }
  44.                 })
  45.             }
  46.             if parameter.insecure != _|_ {
  47.                 "insecure-skip-verify": strconv.FormatBool(parameter.insecure)
  48.             }
  49.             if parameter.useHTTP != _|_ {
  50.                 "protocol-use-http": strconv.FormatBool(parameter.useHTTP)
  51.             }
  52.         }
  53.     }
  55.     parameter: {
  56.         // +usage=Image registry FQDN, such as: index.docker.io
  57.         registry: *"index.docker.io" | string
  58.         // +usage=Authenticate the image registry
  59.         auth?: {
  60.             // +usage=Private Image registry username
  61.             username: string
  62.             // +usage=Private Image registry password
  63.             password: string
  64.             // +usage=Private Image registry email
  65.             email?: string
  66.         }
  67.         // +usage=For the registry server that uses the self-signed certificate
  68.         insecure?: bool
  69.         // +usage=For the registry server that uses the HTTP protocol
  70.         useHTTP?: bool
  71.     }
  72. }
  1. metadata: {
  2.     name:        "nacos-server"
  3.     alias:       "Nacos Server"
  4.     description: "Config the Nacos server connectors"
  5.     sensitive:   false
  6.     scope:       "system"
  7. }
  9. template: {
  10.     parameter: {
  11.         // +usage=Directly configure the Nacos server address
  12.         servers?: [...{
  13.             // +usage=the nacos server address
  14.             ipAddr: string
  15.             // +usage=nacos server port
  16.             port: *8849 | int
  17.             // +usage=nacos server grpc port, default=server port + 1000, this is not required
  18.             grpcPort?: int
  19.         }]
  20.         // +usage=Discover the Nacos servers by the client.
  21.         client?: {
  22.             // +usage=the endpoint for get Nacos server addresses
  23.             endpoint: string
  24.             // +usage=the AccessKey for kms
  25.             accessKey?: string
  26.             // +usage=the SecretKey for kms
  27.             secretKey?: string
  28.             // +usage=the regionId for kms
  29.             regionId?: string
  30.             // +usage=the username for nacos auth
  31.             username?: string
  32.             // +usage=the password for nacos auth
  33.             password?: string
  34.             // +usage=it's to open kms,default is false. https://help.aliyun.com/product/28933.html
  35.             openKMS?: bool
  36.         }
  37.     }
  38. }
  1. metadata: {
  2.     name:        "nacos-config"
  3.     alias:       "Nacos Configuration"
  4.     description: "Write the configuration to the nacos"
  5.     sensitive:   false
  6.     scope:       "system"
  7. }
  9. template: {
  10.     nacos: {
  11.         // The endpoint can not references the parameter.
  12.         endpoint: {
  13.             // Users must create a config base the nacos-server template firstly.
  14.             name: "nacos"
  15.         }
  16.         format: parameter.contentType
  18.         // could references the parameter
  19.         metadata: {
  20.             dataId: parameter.dataId
  21.             group:  parameter.group
  22.             if parameter.appName != _|_ {
  23.                 appName: parameter.appName
  24.             }
  25.             if parameter.namespaceId != _|_ {
  26.                 namespaceId: parameter.namespaceId
  27.             }
  28.             if parameter.tenant != _|_ {
  29.                 tenant: parameter.tenant
  30.             }
  31.             if parameter.tag != _|_ {
  32.                 tag: parameter.tag
  33.             }
  34.         }
  35.         content: parameter.content
  36.     }
  37.     parameter: {
  38.         // +usage=Configuration ID
  39.         dataId: string
  40.         // +usage=Configuration group
  41.         group: *"DEFAULT_GROUP" | string
  42.         // +usage=The configuration content.
  43.         content: {
  44.             ...
  45.         }
  46.         contentType: *"json" | "yaml" | "properties" | "toml"
  47.         // +usage=The app name of the configuration
  48.         appName?: string
  49.         // +usage=The namespaceId of the configuration
  50.         namespaceId?: string
  51.         // +usage=The tenant, corresponding to the namespace ID field of Nacos
  52.         tenant?: string
  53.         // +usage=The tag of the configuration
  54.         tag?: string
  55.     }
  56. }
  1. import "strings"
  3. metadata: {
  4.     name:        "terraform-alibaba"
  5.     alias:       "Terraform Provider for Alibaba Cloud"
  6.     sensitive:   true
  7.     scope:       "system"
  8.     description: "Terraform Provider for Alibaba Cloud"
  9. }
  11. template: {
  12.     outputs: {
  13.         "provider": {
  14.             apiVersion: "terraform.core.oam.dev/v1beta1"
  15.             kind:       "Provider"
  16.             metadata: {
  17.                 name:      parameter.name
  18.                 namespace: "default"
  19.                 labels:    l
  20.             }
  21.             spec: {
  22.                 provider: "alibaba"
  23.                 region:   parameter.ALICLOUD_REGION
  24.                 credentials: {
  25.                     source: "Secret"
  26.                     secretRef: {
  27.                         namespace: "vela-system"
  28.                         name:      context.name
  29.                         key:       "credentials"
  30.                     }
  31.                 }
  32.             }
  33.         }
  34.     }
  36.     output: {
  37.         apiVersion: "v1"
  38.         kind:       "Secret"
  39.         metadata: {
  40.             name:      context.name
  41.             namespace: context.namespace
  42.         }
  43.         type: "Opaque"
  44.         stringData: credentials: strings.Join([creds1, creds2], "\n")
  45.     }
  47.     creds1: "accessKeyID: " + parameter.ALICLOUD_ACCESS_KEY
  48.     creds2: "accessKeySecret: " + parameter.ALICLOUD_SECRET_KEY
  50.     l: {
  51.         "config.oam.dev/catalog":  "velacore-config"
  52.         "config.oam.dev/type":     "terraform-provider"
  53.         "config.oam.dev/provider": "terraform-alibaba"
  54.     }
  56.     parameter: {
  57.         //+usage=The name of Terraform Provider for Alibaba Cloud, default is `default`
  58.         name: *"default" | string
  59.         //+usage=Get ALICLOUD_ACCESS_KEY per this guide https://help.aliyun.com/knowledge_detail/38738.html
  60.         ALICLOUD_ACCESS_KEY: string
  61.         //+usage=Get ALICLOUD_SECRET_KEY per this guide https://help.aliyun.com/knowledge_detail/38738.html
  62.         ALICLOUD_SECRET_KEY: string
  63.         //+usage=Get ALICLOUD_REGION by picking one RegionId from Alibaba Cloud region list https://www.alibabacloud.com/help/doc-detail/72379.htm
  64.         ALICLOUD_REGION: string
  65.     }
  66. }

The Config Template is part of the Addon. You could get or share the templates via addons.

Last updated on Aug 4, 2023 by Daniel Higuero