Resource Definitions

Driver

Capability

Resource Type

Namespaced Resources

This example shows a sample usage of the base-env Resource Type. It is one of the implicit Resource Types that always gets provisioned for a Deployment.

In this example, it will be used to provision multiple Kubernetes resources scoped to the Namespace: ResourceQuota and NetworkPolicies:

  • The Resource Definition base-env-resource-quota.yaml uses the template driver to provision a Kubernetes manifest describing a ResourceQuota in the target namespace.
  • The Resource Definition base-env-network-policies.yaml uses the template driver to provision a Kubernetes manifest describing a NetworkPolicies in the target namespace.

Splitting provisioning of the two Kubernetes Resources in two different Resource Definitions allows to:

  • Keep modularity: the same base-env-resource-quota (or base-env-network-policies) Resource Definition can be used by different base-env-default.
  • Allow flexibility: every base-env can use a different Resource Driver (e.g. template, terraform).

The base-env-default.yaml Resource Definition creates a dependency on the other two base-env Resource Definitions using a Resource Reference. The reference specifies different Resource IDs (resource-quota and network-policies) so that the proper base-env Resource Definitions will be matched based on their matching criteria.

Three base-env Resource Definitions are provided:

  • base-env-default.yaml to add the base-env Resources that provision the Kubernetes manifests to the Resource Graph
  • base-env-resource-quota.yaml will be matched for all references of res_id: resource-quota
  • base-env-network-policies.yaml will be matched for all references of res_id: network-policies

Resource Definitions

base-env-default.yaml (view on GitHub) :

apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
  id: base-env-default
entity:
  name: base-env-default
  type: base-env
  driver_type: humanitec/echo
  driver_inputs:
    values:
      namespaced-resources:
        resource-quota: ${resources["base-env.default#resource-quota"].guresid}
        network-policies: ${resources["base-env.default#network-policies"].guresid}

base-env-network-policies.yaml (view on GitHub) :

apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
  id: base-env-network-policies
entity:
  name: base-env-network-policies
  type: base-env
  driver_type: humanitec/template
  driver_inputs:
    values:
      templates:
        manifests: |-
          network-policies.yaml:
            location: namespace
            data:
              apiVersion: networking.k8s.io/v1
              kind: NetworkPolicy
              metadata:
                name: default-deny-egress
              spec:
                podSelector: {}
                policyTypes:
                - Egress
  criteria:
  - res_id: network-policies

base-env-resource-quota.yaml (view on GitHub) :

apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
  id: base-env-resource-quota
entity:
  name: base-env-resource-quota
  type: base-env
  driver_type: humanitec/template
  driver_inputs:
    values:
      templates:
        manifests: |-
          quota.yaml:
            location: namespace
            data:
              apiVersion: v1
              kind: ResourceQuota
              metadata:
                name: compute-resources
              spec:
                hard:
                  limits.cpu: 1
                  limits.memory: 256Mi
  criteria:
  - res_id: resource-quota

base-env-default.tf (view on GitHub) :

resource "humanitec_resource_definition" "base-env-default" {
  driver_type = "humanitec/echo"
  id          = "base-env-default"
  name        = "base-env-default"
  type        = "base-env"
  driver_inputs = {
    values_string = jsonencode({
      "namespaced-resources" = {
        "resource-quota"   = "$${resources[\"base-env.default#resource-quota\"].guresid}"
        "network-policies" = "$${resources[\"base-env.default#network-policies\"].guresid}"
      }
    })
  }
}

base-env-network-policies.tf (view on GitHub) :

resource "humanitec_resource_definition" "base-env-network-policies" {
  driver_type = "humanitec/template"
  id          = "base-env-network-policies"
  name        = "base-env-network-policies"
  type        = "base-env"
  driver_inputs = {
    values_string = jsonencode({
      "templates" = {
        "manifests" = "network-policies.yaml:\n  location: namespace\n  data:\n    apiVersion: networking.k8s.io/v1\n    kind: NetworkPolicy\n    metadata:\n      name: default-deny-egress\n    spec:\n      podSelector: {}\n      policyTypes:\n      - Egress"
      }
    })
  }
}

resource "humanitec_resource_definition_criteria" "base-env-network-policies_criteria_0" {
  resource_definition_id = resource.humanitec_resource_definition.base-env-network-policies.id
  res_id                 = "network-policies"
}

base-env-resource-quota.tf (view on GitHub) :

resource "humanitec_resource_definition" "base-env-resource-quota" {
  driver_type = "humanitec/template"
  id          = "base-env-resource-quota"
  name        = "base-env-resource-quota"
  type        = "base-env"
  driver_inputs = {
    values_string = jsonencode({
      "templates" = {
        "manifests" = "quota.yaml:\n  location: namespace\n  data:\n    apiVersion: v1\n    kind: ResourceQuota\n    metadata:\n      name: compute-resources\n    spec:\n      hard:\n        limits.cpu: 1\n        limits.memory: 256Mi"
      }
    })
  }
}

resource "humanitec_resource_definition_criteria" "base-env-resource-quota_criteria_0" {
  resource_definition_id = resource.humanitec_resource_definition.base-env-resource-quota.id
  res_id                 = "resource-quota"
}