This purpose of this organisation is to provide generally usable functions for operating on configuration-as-code using the Kubernetes Resource Model (KRM) as defined in KRM Functions Specification.
For a general introduction to using KRM functions see Replacing Helm and Kustomize with KRM Functions — a New Approach to Configuration Management.
For an broader description on how to use and develop new KRM functions see the kpt book.
Functions:
| Name | Description |
|---|---|
| apply-setters | Update resource field values through setters |
| digester | Lookup container image digests and write back into e.g. RenderHelmChart values |
| gatekeeper-set-enforcement-action | Set enforcement action on GateKeeper constraint resources |
| gatekeeper | Verify Gatekeeper policies against resources |
| helm-upgrader | Lookup Helm chart upgrades and upgrade according to upgrade constraints |
| kubeconform | Validate resource schemas |
| package-compositor | Compose packages from other packages |
| remove-local-config-resources | Remove resources marked as local-config-only |
| render-helm-chart | Render Helm chart |
| set-annotations | Set resource annotations |
| set-labels | Set resource labels |
| source-helm-chart | Source a Helm chart for use with render-helm-chart function in declarative pipelines |
| starlark | Resource modification defined by Starlark programs |
| apply-replacement | See apply-setters, which can use setters read from other resources |
Function images are signed using Cosign and provenance can be verified as e.g.:
export FUNCTION_IMAGE=ghcr.io/krm-functions/source-packages@sha256:5b63b6d52a9e72a59d6d6098d92975542daa9b79dbe11bc4fe36af7b8f2e4fdc
export BUILDER=https://github.com/krm-functions/catalog/.github/workflows/build.yaml
cosign verify --certificate-identity $BUILDER@refs/heads/main --certificate-oidc-issuer https://token.actions.githubusercontent.com $FUNCTION_IMAGESee catalog.json for the list of image digests and builders.
The following are references to other KRM functions. These functions
are not associated with this krm-functions organization.
Generally there is also several functions available as 'kustomize plugins'.