Space Template Tutorial
Introduction ¶
The current process for creating Spaces with Nauticus, while straightforward, often involves repetitive configuration of the same parameters. This redundancy can hinder efficiency and result in time-consuming manual work. To address these challenges, the Space Templates feature has been developed. It allows administrators to create predefined templates that encompass common configurations, making Space creation more efficient and standardized.
Space Templates ¶
Space Templates are pre-configured templates that administrators can create to define common settings and configurations. These templates can include resource quotas, network policies, role bindings, and more. By referencing a Space Template during Space creation, users can take advantage of these predefined settings.
Usage ¶
SpaceTemplate Reference example ¶
In this example, we will demonstrate how to create a SpaceTemplate in Nauticus that combines all the features so far: resource quota, network policy, Limit ranges and additional role bindings
apiVersion: nauticus.io/v1alpha1
kind: SpaceTemplate
metadata:
labels:
app.kubernetes.io/name: spacetemplate
app.kubernetes.io/instance: spacetemplate-sample
app.kubernetes.io/part-of: nauticus
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: nauticus
name: space-tpl-sample
spec:
resourceQuota:
hard:
requests.cpu: "1"
requests.memory: "1Gi"
limits.cpu: "2"
limits.memory: "2Gi"
additionalRoleBindings:
- roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: viewer
subjects:
- name: alice
kind: User
networkPolicies:
enableDefaultStrictMode: true # false
items:
- policyTypes:
- Ingress
- Egress
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 192.168.0.0/16
ingress:
- from:
- namespaceSelector:
matchLabels:
app.kubernetes.io/instance: space-all-in-one
- podSelector: { }
- ipBlock:
cidr: 192.168.0.0/16
podSelector: { }
limitRanges:
items:
- limits:
- max:
cpu: "1"
memory: 1Gi
min:
cpu: 50m
memory: 5Mi
type: Pod
- default:
cpu: 200m
memory: 100Mi
defaultRequest:
cpu: 100m
memory: 10Mi
max:
cpu: "1"
memory: 1Gi
min:
cpu: 50m
memory: 5Mi
type: Container
- max:
storage: 10Gi
min:
storage: 1Gi
type: PersistentVolumeClaim
To utilize Space Templates, users can reference a Space Template in their Space resource during creation. Any specifications provided in the Space resource will override the corresponding parameters in the Space Template. Here's an example of how this works:
apiVersion: nauticus.io/v1alpha1
kind: Space
metadata:
labels:
app.kubernetes.io/name: space
app.kubernetes.io/instance: space-sample
app.kubernetes.io/part-of: nauticus
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: nauticus
name: space-tpl-ref
spec:
templateRef:
group: nauticus.io/v1alpha1
kind: SpaceTemplate # Specify the Kind of the referenced resource
name: space-tpl-sample # Name of the SpaceTemplate
owners:
- name: smile
kind: User
- name: [email protected]
kind: Group
Overrides ¶
One of the key features of Space Templates is the ability to override specific configurations when referencing a template in a Space. Users can selectively modify parameters to match the requirements of their Space while still benefiting from the predefined template.
By understanding the concept of overrides, administrators can take full advantage of Space Templates and achieve a balance between standardization and flexibility when configuring Spaces.
Example: Overriding ResourceQuotas ¶
In this example, a Space named space-tpl-ref-override references a SpaceTemplate called space-tpl-sample. While leveraging predefined configurations from the template, it overrides the default resource quotas with custom values.
- The
templateRefreferences thespace-tpl-sampleSpaceTemplate. -
This demonstrates the flexibility of SpaceTemplates, allowing Spaces to maintain standard configurations while adjusting specific settings as needed.
config/samples/space_with_tpl_ref_overrides.yamlapiVersion: nauticus.io/v1alpha1 kind: Space metadata: labels: app.kubernetes.io/name: space app.kubernetes.io/instance: space-sample app.kubernetes.io/part-of: nauticus app.kubernetes.io/managed-by: kustomize app.kubernetes.io/created-by: nauticus name: space-tpl-ref-override spec: templateRef: group: nauticus.io/v1alpha1 kind: SpaceTemplate # Specify the Kind of the referenced resource name: space-tpl-sample # Name of the SpaceTemplate owners: - name: smile kind: User - name: [email protected] kind: Group resourceQuota: hard: limits.cpu: "20" limits.memory: 24Gi requests.cpu: "18" requests.memory: 20GiExample: Merging Additional Role Bindings ¶
In this example, a Space named space-tpl-ref-merge references a Space Template called space-tpl-sample. It merges additional role bindings with predefined configurations from the template. This demonstrates the capability to combine and customize various settings while maintaining consistency.
- The templateRef references the
space-tpl-sampleSpaceTemplate. - The Space includes additional role bindings for both
viewerandeditorroles, with specific subjects. - The merged role bindings enrich the Space's access control settings, ensuring flexibility and control.
config/samples/space_with_tpl_merge.yaml
apiVersion: nauticus.io/v1alpha1 kind: Space metadata: labels: app.kubernetes.io/name: space app.kubernetes.io/instance: space-sample app.kubernetes.io/part-of: nauticus app.kubernetes.io/managed-by: kustomize app.kubernetes.io/created-by: nauticus name: space-tpl-ref-merge spec: templateRef: group: nauticus.io/v1alpha1 kind: SpaceTemplate # Specify the Kind of the referenced resource name: space-tpl-sample # Name of the SpaceTemplate owners: - name: smile kind: User - name: [email protected] kind: Group additionalRoleBindings: - roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: viewer subjects: - name: dev kind: Group - roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: editor subjects: - name: ali kind: User