Skip to content

Razeedeploy: pull feature flag values into kubernetes environment

License

Notifications You must be signed in to change notification settings

razee-io/FeatureFlagSetLD

Repository files navigation

FeatureFlagSetLD

Build Status Dependabot Status GitHub

FeatureFlagSetLD is a resource used to fetch feature flag values, evaluated based on cluster specific identity, and make the values available to resources on the cluster.

Install

kubectl apply -f "https://github.com/razee-io/FeatureFlagSetLD/releases/latest/download/resource.yaml"

Resource Definition

Sample

apiVersion: deploy.razee.io/v1alpha2
kind: FeatureFlagSetLD
metadata:
  name: <name>
  namespace: <namespace>
spec:
  sdkKey: sdk-key-from-LaunchDarky
  identityRef:
    envFrom:
      - optional: true
        configMapRef:
          name: <ConfigMap Name>
          namespace: <ConfigMap Namespace>
    env:
      - name: type
        value: dev
      - name: UUID
        optional: true
        default: dev1234
        valueFrom:
          configMapKeyRef:
             name: <ConfigMap Name>
             namespace: <ConfigMap Namespace>
             key: <key within that ConfigMap>
  identityKey: UUID

Spec

Path: .spec

Description: spec is required and must include oneOf sdkKey or sdkKeyRef.

Schema:

spec:
  type: object
  allOf:
    - # you must define oneOf:
      oneOf:
        - required: [sdkKey]
        - required: [sdkKeyRef]
    - # you must define oneOf:
      oneOf:
        - # neither 'identityRef' nor 'identityKey' is used
          not:
            anyOf:
              - required: [identityRef]
              - required: [identityKey]
        - # 'identityRef' is used by itself
          required: [identityRef]
          not:
            required: [identityKey]
        - # 'identityRef' and 'identityKey' are used together
          required: [identityRef, identityKey]
  properties:
    sdkKey:
      type: string
    sdkKeyRef:
      type: object
      ...
    identityKey:
      type: string
    identityRef:
      type: object
      ...

SdkKey

Path: .spec.sdkKey

Description: An SDK key is necessary in order to communicate with LaunchDarkly. Use sdkKey when you want to use a plain text LaunchDarkly SDK key in your FeatureFlagSetLD. For a more secure implementation, use sdkKeyRef.

Schema:

sdkKey:
  type: string

SdkKeyRef

Path: .spec.sdkKeyRef

Description: An SDK key is necessary in order to communicate with LaunchDarkly. Use sdkKeyRef when you want to use a secret reference to your LaunchDarkly SDK key for your FeatureFlagSetLD.

Schema:

sdkKeyRef:
  type: object
  required: [valueFrom]
  properties:
    valueFrom:
      type: object
      required: [secretKeyRef]
      properties:
        secretKeyRef:
          type: object
          required: [name, key]
          properties:
            name:
              type: string
            key:
              type: string
            namespace:
              type: string

IdentityRef

Path: .spec.identityRef

Description: Specifying the identityRef attribute will give the FeatureFlagSetLD cluster specific data to send to LaunchDarkly for rule evaluation. This allows you to have unique rules, based on cluster data, return different values. eg. cluster data type: dev could match rules such as IF 'type' IS ONE OF 'dev' SERVE 'some new feature'

Schema:

identityRef:
  type: object
  anyOf:
    - required: [envFrom]
    - required: [env]
  properties:
    envFrom:
      type: array
      ...
    env:
      type: array
      ...

EnvFrom

Path: .spec.identityRef.envFrom

Description: Use envFrom when you want to load a whole resource. The keys from the resource will become the keys used in the identity object. Note any CRD with a high level .data section (like ConfigMaps and Secrets have), can be loaded by using genericMapRef.

Schema:

envFrom:
  type: array
  items:
    type: object
    oneOf:
      - required: [configMapRef]
      - required: [secretMapRef]
      - required: [genericMapRef]
    properties:
      optional:
        type: boolean
      configMapRef:
        type: object
        required: [name]
        properties:
          name:
            type: string
          namespace:
            type: string
      secretMapRef:
        type: object
        required: [name]
        properties:
          name:
            type: string
          namespace:
            type: string
      genericMapRef:
        type: object
        required: [apiVersion, kind, name]
        properties:
          apiVersion:
            type: string
          kind:
            type: string
          name:
            type: string
          namespace:
            type: string

Env

Path: .spec.identityRef.env

Description: use env when you want to load specific values from a resource. Note any CRD with a high level .data section (like ConfigMaps and Secrets have), can be loaded by using genericKeyRef.

Schema:

env:
  type: array
  items:
    type: object
    allOf:
      - required: [name]
      - # all array items should be oneOf ['value', 'valueFrom']
        oneOf:
          - required: [value]
            # if 'value', neither 'optional' nor 'default' may be used
            not:
              anyOf:
                - required: [default]
                - required: [optional]
          - required: [valueFrom]
            # if 'valueFrom', you must define oneOf:
            oneOf:
              - # neither 'optional' nor 'default' is used
                not:
                  anyOf:
                    - required: [default]
                    - required: [optional]
              - # 'optional' is used by itself
                required: [optional]
                not:
                  required: [default]
              - # 'optional' and 'default' are used together IFF optional == true
                required: [optional, default]
                properties:
                  optional:
                    enum: [true]
    properties:
      optional:
        type: boolean
      default:
        x-kubernetes-int-or-string: true
      name:
        type: string
      value:
        x-kubernetes-int-or-string: true
      valueFrom:
        type: object
        oneOf:
          - required: [configMapKeyRef]
          - required: [secretKeyRef]
          - required: [genericKeyRef]
        properties:
          configMapKeyRef:
            type: object
            required: [name, key]
            properties:
              name:
                type: string
              key:
                type: string
              namespace:
                type: string
              type:
                type: string
                enum: [number, boolean, json]
          secretKeyRef:
            type: object
            required: [name, key]
            properties:
              name:
                type: string
              key:
                type: string
              namespace:
                type: string
              type:
                type: string
                enum: [number, boolean, json]
          genericKeyRef:
            type: object
            required: [apiVersion, kind, name, key]
            properties:
              apiVersion:
                type: string
              kind:
                type: string
              name:
                type: string
              key:
                type: string
              namespace:
                type: string
              type:
                type: string
                enum: [number, boolean, json]

IdentityKey

Path: .spec.identityKey

Description: If you need to specify a specific key to use as the user key in LaunchDarkly, this allows you to identify the key to use.

Schema:

identityKey:
  type: string

Default: The uid of the namespace the resource is deployed in.

Managed Resource Labels

Reconcile

.spec.resources.metadata.labels[deploy.razee.io/Reconcile]

  • DEFAULT: true
    • A Razeedeploy resource (parent) will clean up a resources it applies (child) when either the child is no longer in the parent resource definition or the parent is deleted.
  • false
    • This behavior can be overridden when a child's resource definition has the label deploy.razee.io/Reconcile=false.

Resource Update Mode

.spec.resources.metadata.labels[deploy.razee.io/mode]

Razeedeploy resources default to merge patching children. This behavior can be overridden when a child's resource definition has the label deploy.razee.io/mode=<mode>

Mode options:

  • DEFAULT: MergePatch
    • A simple merge, that will merge objects and replace arrays. Items previously defined, then removed from the definition, will be removed from the live resource.
    • "As defined in RFC7386, a Merge Patch is essentially a partial representation of the resource. The submitted JSON is "merged" with the current resource to create a new one, then the new one is saved. For more details on how to use Merge Patch, see the RFC." Reference
  • StrategicMergePatch
    • A more complicated merge, the kubernetes apiServer has defined keys to be able to intelligently merge arrays it knows about.
    • "Strategic Merge Patch is a custom implementation of Merge Patch. For a detailed explanation of how it works and why it needed to be introduced, see StrategicMergePatch." Reference
    • Kubectl Apply Semantics
  • EnsureExists
    • Will ensure the resource is created and is replaced if deleted. Will not enforce a definition.