Skip to main content

· 4 min read

What is KCL

KCL is an open-source, constraint-based record and functional language that enhances the writing of complex configurations, including those for cloud-native scenarios. With its advanced programming language technology and practices, KCL is dedicated to promoting better modularity, scalability, and stability for configurations. It enables simpler logic writing and offers ease of automation APIs and integration with homegrown systems.

What is Helmfile

Helmfile is a declarative specification and tool for simplifying and managing Helm Charts. The Helmfile KCL Plugin provides additional functionality to the Helmfile tool, making it more convenient and efficient to use. With the Helmfile KCL Plugin, you can:

  • Edit or validate Helm Chart configurations directly on the client-side using non-intrusive hooks. This allows you to separate the data and logic parts of Kubernetes configuration management without needing to fork the upstream Chart to modify internal logic include modifying resource labels/annotations and injecting Sidecar container configurations.
  • Validate Kubernetes resources using KCL Schema, define your own abstract models, and share them for reusability.

In this blog, we will quickly guide you through getting started with the Helmfile KCL Plugin, enabling you to easily manage your Kubernetes Helm Charts.

We will explain in detail using a simple example. With the Helmfile KCL Plugin, you do not need to install any components related to KCL. You only need the latest version of the Helmfile tool (v0.156.0+) on your local machine.

Using the Helmfile KCL Plugin

1. Tool Installation

First, make sure you have installed the Helmfile client tool. You can follow the instructions in the documentation link below.

https://github.com/helmfile/helmfile

2. Create the Helmfile Configuration File

Create a file named helmfile.yaml in the root directory of your project and write the configuration using Helmfile syntax. In this file, you can specify the Helm Charts to use, configuration values, and any other functionality supported by Helmfile. Additionally, you can use the features of the KCL Plugin in helmfile.yaml to load configurations and make in-place modifications and validations to the Helm Chart.

repositories:
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
releases:
- name: prom-norbac-ubuntu
namespace: prometheus
chart: prometheus-community/prometheus
set:
- name: rbac.create
value: false
transformers:
# Use KCL Plugin to mutate or validate Kubernetes manifests.
- apiVersion: krm.kcl.dev/v1alpha1
kind: KCLRun
metadata:
name: "set-annotation"
annotations:
config.kubernetes.io/function: |
container:
image: docker.io/kcllang/kustomize-kcl:v0.2.0
spec:
source: |
# A single line of KCL code can be used to modify workload configurations in-place.
items = [resource | {if resource.kind == "Deployment": metadata.annotations: {"managed-by" = "helmfile-kcl"}} for resource in option("resource_list").items]

In the above configuration, we reference the Prometheus Helm Chart and use a single line of KCL code to inject the label managed-by="helmfile-kcl" to all the Deployment resources of Prometheus.

3. Run the Helmfile Tool

Once everything is set up, you can run the Helmfile command to deploy, manage, and maintain your Helm Charts. Use the following command to apply the configuration mentioned above to the cluster.

helmfile apply

You should see the following output if everything goes well:

Adding repo prometheus-community https://prometheus-community.github.io/helm-charts
"prometheus-community" has been added to your repositories...

...

Want More?

For the above helmfile configuration, you can encapsulate it as a reusable logic for configuration modification without constantly writing and copying/pasting KCL code. Additionally, many commonly used Kubernetes configuration editing and validation code snippets are already packaged in the KCL official Registry: https://github.com/orgs/kcl-lang/packages

registry

In addition to supporting writing KCL code in configuration files, we also support directly referencing code snippets in Registry, as shown below

apiVersion: krm.kcl.dev/v1alpha1
kind: KCLRun
metadata:
name: https-only
annotations:
krm.kcl.dev/version: 0.0.1
krm.kcl.dev/type: validation
documentation: >-
Requires Ingress resources to be HTTPS only. Ingress resources must
include the `kubernetes.io/ingress.allow-http` annotation, set to `false`.
By default a valid TLS {} configuration is required, this can be made
optional by setting the `tlsOptional` parameter to `true`.
More info: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
spec:
# Use the OCI source
source: oci://ghcr.io/kcl-lang/https-only

Specific example codes can be found here

If you want to contribute more KCL code repositories, feel free to contact us and refer to the documentation for contribution: https://kcl-lang.io/zh-CN/docs/user_docs/guides/package-management/share_your_pkg/

Conclusion

This blog provided a quick getting started guide to help you master the basics of the Helmfile KCL Plugin in just 5 minutes. Now, you can start using this powerful tool to simplify and optimize your Kubernetes application deployment process!

Resources

For more resources, please refer to

· 6 min read

KCL is an open-source, constraint-based record and functional language that enhances the writing of complex configurations, including those for cloud-native scenarios. With its advanced programming language technology and practices, KCL is dedicated to promoting better modularity, scalability, and stability for configurations. It enables simpler logic writing and offers ease of automation APIs and integration with homegrown systems.

This section will update the KCL language community's latest developments every two weeks, including features, website updates, and the latest community news, helping everyone better understand the KCL community!

KCL Website: https://kcl-lang.io

Overview

Thank you to all contributors for their outstanding work over the past two weeks (08.10-08.23 2023). Here is an overview of the key content:

🔧 Language and Toolchain Updates

  • KCL Formatting Tool Updates - Support for formatting code snippets with syntax errors and partial code snippets and automatic correction of indentation errors in configuration blocks.
  • KCL Documentation Tool Updates - Support for exporting document index pages
  • KCL Import Tool Updates - Support for converting Terraform Provider Schema to KCL Schema
  • KCL Export Tool Updates - Support for exporting OpenAPI Spec from KCL Schema, integrating with OpenAPI ecosystem
  • KCL IDE Updates - Support for compilation cache feature to improve performance of some IDE features and providing rich error messages and import statement quick fix capabilities
  • KCL Package Management Tool Updates - Support for output information experience optimization for the kpm push command and adding duplicate tag check when pushing KCL package. Adding the --vendor parameter for the kpm push and kpm pkg commands to determine whether to package third-party libraries in KCL packages together
  • KCL Language Updates - Optimize Schema semantic check and union type check error messages and support for exporting type output of configuration blocks.

🏄 API Updates

  • KCL Schema model parsing GetSchemaType API newly added KCL package related information and schema attribute default values.

📰 Official Website and Use Case Updates

Special Thanks

The following are listed in no particular order:

KCL Import Tool Updates

The KCL Import Tool now adds support for converting Terraform Provider Schema to KCL Schema based on Protobuf, JsonSchema OpenAPI models, and Go Structures, such as the following Terraform Provider Json (obtained through the command terraform providers schema -json > provider.json , For more details, please refer to https://developer.hashicorp.com/terraform/cli/commands/providers/schema)

{
"format_version": "0.2",
"provider_schemas": {
"registry.terraform.io/aliyun/alicloud": {
"provider": {
"version": 0,
"block": {
"attributes": {},
"block_types": {},
"description_kind": "plain"
}
},
"resource_schemas": {
"alicloud_db_instance": {
"version": 0,
"block": {
"attributes": {
"db_instance_type": {
"type": "string",
"description_kind": "plain",
"computed": true
},
"engine": {
"type": "string",
"description_kind": "plain",
"required": true
},
"security_group_ids": {
"type": [
"set",
"string"
],
"description_kind": "plain",
"optional": true,
"computed": true
},
"security_ips": {
"type": [
"set",
"string"
],
"description_kind": "plain",
"optional": true,
"computed": true
},
"tags": {
"type": [
"map",
"string"
],
"description_kind": "plain",
"optional": true
}
},
"block_types": {},
"description_kind": "plain"
}
},
"alicloud_config_rule": {
"version": 0,
"block": {
"attributes": {
"compliance": {
"type": [
"list",
[
"object",
{
"compliance_type": "string",
"count": "number"
}
]
],
"description_kind": "plain",
"computed": true
},
"resource_types_scope": {
"type": [
"list",
"string"
],
"description_kind": "plain",
"optional": true,
"computed": true
}
}
}
}
},
"data_source_schemas": {}
}
}
}

Then the tool can output the following KCL code

"""
This file was generated by the KCL auto-gen tool. DO NOT EDIT.
Editing this file might prove futile when you re-run the KCL auto-gen generate command.
"""

schema AlicloudConfigRule:
"""
AlicloudConfigRule

Attributes
----------
compliance: [ComplianceObject], optional
resource_types_scope: [str], optional
"""

compliance?: [ComplianceObject]
resource_types_scope?: [str]

schema ComplianceObject:
"""
ComplianceObject

Attributes
----------
compliance_type: str, optional
count: int, optional
"""

compliance_type?: str
count?: int

schema AlicloudDbInstance:
"""
AlicloudDbInstance

Attributes
----------
db_instance_type: str, optional
engine: str, required
security_group_ids: [str], optional
security_ips: [str], optional
tags: {str:str}, optional
"""

db_instance_type?: str
engine: str
security_group_ids?: [str]
security_ips?: [str]
tags?: {str:str}

check:
isunique(security_group_ids)
isunique(security_ips)

KCL Vault Integration

In just three steps, we can use Vault to store and manage sensitive information and use it in KCL.

Firstly, we install and use Vault to store foo and bar information

vault kv put secret/foo foo=foo
vault kv put secret/bar bar=bar

Then write the following KCL code (main.k)

apiVersion = "apps/v1"
kind = "Deployment"
metadata = {
name = "nginx"
labels.app = "nginx"
annotations: {
"secret-store": "vault"
# Valid format:
# "ref+vault://PATH/TO/KV_BACKEND#/KEY"
"foo": "ref+vault://secret/foo#/foo"
"bar": "ref+vault://secret/bar#/bar"
}
}
spec = {
replicas = 3
selector.matchLabels = metadata.labels
template.metadata.labels = metadata.labels
template.spec.containers = [
{
name = metadata.name
image = "${metadata.name}:1.14.2"
ports = [{ containerPort = 80 }]
}
]
}

Finally, the decrypted configuration can be obtained through the Vals command-line tool

kcl main.k | vals eval -f -

For more details and use cases, please refer to https://kcl-lang.io/docs/user_docs/guides/secret-management/vault

Community

  • 🎉 Congratulations to Zhu Junxing from Huazhong University of Science and Technology for successfully passing the mid-term assessment of the Gitlink Coding Summer Camp (GLCC) and completing the conversion of KCL Import tool Jsonschema and Terraform Provider Schema to KCL Schema. The community will grant him the KCL Community Maintainer role in the future.
  • 💻 KCL participated in the CNCF TAG Application Delivery community meeting and reported on the project.

Resources

❤️ Thanks to all KCL users and community members for their valuable feedback and suggestions in the community. We will write more articles on the new features of KCL v0.5.x, so stay tuned!

For more resources, please refer to