Built-in Policy Type

Allow configuration drift for applied resources, delivery the resource without continuously reconciliation.

It’s generally used in one time delivery only without continuous management scenario.

Name	Description	Type	Required	Default
selector	Specify how to select the targets of the rule.		false
strategy	Specify the strategy for configuring the resource level configuration drift behaviour.	strategy	true

Name	Description	Type	Required
componentNames	Select resources by component names.	[]string	false
componentTypes	Select resources by component types.	[]string	false
oamTypes	Select resources by oamTypes (COMPONENT or TRAIT).	[]string	false
traitTypes	Select resources by trait types.	[]string	false
resourceTypes	Select resources by resource types (like Deployment).	[]string	false
resourceNames	Select resources by their names.	[]string	false

Name	Description	Type	Required	Default
affect	When the strategy takes effect,e.g. onUpdate、onStateKeep.	string	false
path	Specify the path of the resource that allow configuration drift.	[]string	true

Configure the garbage collect behaviour for the application.

It’s used in scenario. It can be used to configure the collection policy, e.g. don’t delete the legacy resources when updating.


kind: Application
metadata:
  name: first-vela-app
spec:
  components:
    - name: express-server
      type: webservice
      properties:
        image: oamdev/hello-world
        port: 8000
      traits:
        - type: ingress-1-20
          properties:
            domain: testsvc.example.com
            http:
              "/": 8000
  policies:
    - name: keep-legacy-resource
      type: garbage-collect
      properties:
        keepLegacyResource: true

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: garbage-collect-app
spec:
  components:
    - name: hello-world-new
      type: webservice
      properties:
        image: oamdev/hello-world
      traits:
        - type: expose
          properties:
            port: [8000]
  policies:
    - name: garbage-collect
      type: garbage-collect
      properties:
        rules:
          - selector:
              traitTypes:
                - expose
            strategy: onAppDelete

Name	Description	Type	Required	Default
keepLegacyResource	If is set, outdated versioned resourcetracker will not be recycled automatically, outdated resources will be kept until resourcetracker be deleted manually.	bool	false	false
rules	Specify the list of rules to control gc strategy at resource level, if one resource is controlled by multiple rules, first rule will be used.	[]rules	false

Name	Description	Type	Required	Default
selector	Specify how to select the targets of the rule.		true
strategy	Specify the strategy for target resource to recycle.	“onAppUpdate” or “onAppDelete” or “never”	false	onAppUpdate

Name	Description	Type	Required
componentNames	Select resources by component names.	[]string	false
componentTypes	Select resources by component types.	[]string	false
oamTypes	Select resources by oamTypes (COMPONENT or TRAIT).	[]string	false
traitTypes	Select resources by trait types.	[]string	false
resourceTypes	Select resources by resource types (like Deployment).	[]string	false
resourceNames	Select resources by their names.	[]string	false

Apply periodical health checking to the application.

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: example-app-rollout
  namespace: default
spec:
  components:
    - name: hello-world-server
      type: webservice
      properties:
        image: crccheck/hello-world
        ports: 
        - port: 8000
          expose: true
        type: webservice
  policies:
    - name: health-policy-demo
      type: health
      properties:
        probeInterval: 5
        probeTimeout: 10

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: deploy-with-override
  namespace: examples
spec:
  components:
    - name: nginx-with-override
      type: webservice
      properties:
        image: nginx
  policies:
    - name: topology-hangzhou-clusters
      type: topology
      properties:
        clusterLabelSelector:
          region: hangzhou
    - name: topology-local
      type: topology
      properties:
        clusters: ["local"]
        namespace: examples-alternative
    - name: override-nginx-legacy-image
      type: override
      properties:
        components:
          - name: nginx-with-override
            properties:
              image: nginx:1.20
    - name: override-high-availability
      type: override
      properties:
        components:
          - type: webservice
            traits:
              - type: scaler
                properties:
                  replicas: 3
  workflow:
    steps:
      - type: deploy
        name: deploy-local
        properties:
          policies: ["topology-local"]
      - type: deploy
        name: deploy-hangzhou
        properties:
          policies: ["topology-hangzhou-clusters", "override-nginx-legacy-image", "override-high-availability"]

Name	Description	Type	Required	Default
components	Specify the overridden component configuration.	[]components	true
selector	Specify a list of component names to use, if empty, all components will be selected.	[]string	false

Name	Description	Type	Required
name	Specify the name of the patch component, if empty, all components will be merged.	string	false
type	Specify the type of the patch component.	string	false
properties	Specify the properties to override.	map[string]_	false
traits	Specify the traits to override.		false

Name	Description	Type	Required	Default
type	Specify the type of the trait to be patched.	string	true
properties	Specify the properties to override.	map[string]_	false
disable	Specify if the trait should be remove, default false.	bool	false	false

Configure the resources to be read-only in the application (no update / state-keep).

kind: Application
metadata:
spec:
  components:
    - name: busybox
      type: worker
      properties:
        image: busybox
        cmd:
          - sleep
          - '1000000'
  policies:
    - type: read-only
      name: read-only
      properties:
        rules:
          - selector:
              resourceTypes: ["Deployment"]

Name	Description	Type	Required	Default
rules	Specify the list of rules to control read only strategy at resource level.	[]rules	false

Name	Description	Type	Required	Default
selector	Specify how to select the targets of the rule.		true

Name	Description	Type	Required
componentNames	Select resources by component names.	[]string	false
componentTypes	Select resources by component types.	[]string	false
oamTypes	Select resources by oamTypes (COMPONENT or TRAIT).	[]string	false
traitTypes	Select resources by trait types.	[]string	false
resourceTypes	Select resources by resource types (like Deployment).	[]string	false
resourceNames	Select resources by their names.	[]string	false

Describe the configuration to replicate components when deploying resources, it only works with specified deploy step in workflow.

In KubeVela, we can dispatch resources across the clusters. But projects like OpenYurt have finer-grained division like node pool. This requires to dispatch some similar resources to the same cluster. These resources are called replication. Back to the example of OpenYurt, it can integrate KubeVela and replicate the resources then dispatch them to the different node pool.

Replication is an internal policy. It can be only used with deploy workflow step. When using replication policy. A new field replicaKey will be added to context. User can use definitions that make use of context.replicaKey. For example, apply a replica-webservice ComponentDefinition.

In this ComponentDefinition, we can use context.replicaKey to distinguish the name of Deployment and Service.

apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
  annotations:
    definition.oam.dev/description: Webservice, but can be replicated
  name: replica-webservice
  namespace: vela-system
spec:
  schematic:
    cue:
      template: |
        output: {
            apiVersion: "apps/v1"
            kind:       "Deployment"
            metadata: {
                if context.replicaKey != _|_ {
                    name: context.name + "-" + context.replicaKey
                }
                if context.replicaKey == _|_ {
                    name: context.name
                }
            }
            spec: {
                selector: matchLabels: {
                    "app.oam.dev/component": context.name
                    if context.replicaKey != _|_ {
                        "app.oam.dev/replicaKey": context.replicaKey
                    }
                }
                template: {
                    metadata: {
                        labels: {
                            if parameter.labels != _|_ {
                                parameter.labels
                            }
                            if parameter.addRevisionLabel {
                                "app.oam.dev/revision": context.revision
                            }
                            "app.oam.dev/name":      context.appName
                            "app.oam.dev/component": context.name
                            if context.replicaKey != _|_ {
                                "app.oam.dev/replicaKey": context.replicaKey
                            }
                        }
                        if parameter.annotations != _|_ {
                            annotations: parameter.annotations
                        }
                    }
                }
            }
        }
        outputs: {
            if len(exposePorts) != 0 {
                webserviceExpose: {
                    apiVersion: "v1"
                    kind:       "Service"
                    metadata: {
                        if context.replicaKey != _|_ {
                            name: context.name + "-" + context.replicaKey
                        }
                        if context.replicaKey == _|_ {
                            name: context.name
                        }
                    }
                    spec: {
                        selector: {
                            "app.oam.dev/component": context.name
                            if context.replicaKey != _|_ {
                                "app.oam.dev/replicaKey": context.replicaKey
                            }
                        }
                        ports: exposePorts
                        type:  parameter.exposeType
                    }
                }
            }
        }

override: select hello-rep component to deploy.
topology: select cluster local to deploy.
replication: select hello-rep component to replicate.

As a result, there will be two Deployments and two Services:

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: app-replication-policy
spec:
  components:
    - name: hello-rep
      type: replica-webservice
      properties:
        image: crccheck/hello-world
        ports:
            expose: true
    - name: comp-to-replicate
      type: override
      properties:
        selector: [ "hello-rep" ]
    - name: target-default
      type: topology
      properties:
        clusters: [ "local" ]
    - name: replication-default
      type: replication
      properties:
        keys: ["beijing","hangzhou"]
        selector: ["hello-rep"]
  workflow:
    steps:
      - name: deploy-with-rep
        type: deploy
        properties:
          policies: ["comp-to-replicate","target-default","replication-default"]

kubectl get deploy -n default
NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
hello-rep-beijing    1/1     1            1           5s
hello-rep-hangzhou   1/1     1            1           5s
kubectl get service -n default
NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
hello-rep-hangzhou   ClusterIP   10.43.23.200   <none>        80/TCP    41s
hello-rep-beijing    ClusterIP   10.43.24.116   <none>        80/TCP    12s

Configure the resources to be sharable across applications.

It’s used in scenario. It can be used to configure which resources can be shared between applications. The target resource will allow multiple application to read it but only the first one to be able to write it.

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: app2
spec:
  components:
    - name: ns2
      type: k8s-objects
      properties:
        objects:
          - apiVersion: v1
            kind: Namespace
            metadata:
              name: example
    - name: cm2
      type: k8s-objects
      properties:
        objects:
          - apiVersion: v1
            kind: ConfigMap
            metadata:
              name: cm2
              namespace: example
            data:
              key: value2
  policies:
    - name: shared-resource
      type: shared-resource
      properties:
        rules:
          - selector:
              resourceTypes: ["Namespace"]

Name	Description	Type	Required	Default
rules	Specify the list of rules to control shared-resource strategy at resource level.	[]rules	false

Name	Description	Type	Required	Default
selector	Specify how to select the targets of the rule.		true

Name	Description	Type	Required
componentNames	Select resources by component names.	[]string	false
componentTypes	Select resources by component types.	[]string	false
oamTypes	Select resources by oamTypes (COMPONENT or TRAIT).	[]string	false
traitTypes	Select resources by trait types.	[]string	false
resourceTypes	Select resources by resource types (like Deployment).	[]string	false
resourceNames	Select resources by their names.	[]string	false

Configure the resources to be able to take over when it belongs to no application.

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: take-over
spec:
  components:
    - name: busybox
      type: k8s-objects
      properties:
        objects:
          - apiVersion: apps/v1
            kind: Deployment
            metadata:
              name: busybox-ref
  policies:
    - type: take-over
      name: take-over
      properties:
        rules:
          - selector:
              resourceTypes: ["Deployment"]

Name	Description	Type	Required	Default
rules	Specify the list of rules to control take over strategy at resource level.	[]rules	false

Name	Description	Type	Required	Default
selector	Specify how to select the targets of the rule.		true

Name	Description	Type	Required
componentNames	Select resources by component names.	[]string	false
componentTypes	Select resources by component types.	[]string	false
oamTypes	Select resources by oamTypes (COMPONENT or TRAIT).	[]string	false
traitTypes	Select resources by trait types.	[]string	false
resourceTypes	Select resources by resource types (like Deployment).	[]string	false
resourceNames	Select resources by their names.	[]string	false

Describe the destination where components should be deployed to.

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: basic-topology
  namespace: examples
spec:
  components:
    - name: nginx-basic
      type: webservice
      properties:
        image: nginx
  policies:
    - name: topology-hangzhou-clusters
      type: topology
      properties:
        clusters: ["hangzhou-1", "hangzhou-2"]

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: label-selector-topology
  namespace: examples
spec:
  components:
    - name: nginx-label-selector
      type: webservice
      properties:
        image: nginx
  policies:
    - name: topology-hangzhou-clusters
      type: topology
      properties:
        clusterLabelSelector: