• Stars
    star
    123
  • Rank 290,145 (Top 6 %)
  • Language
    TypeScript
  • License
    Apache License 2.0
  • Created over 1 year ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Type safe K8s middleware for humans

Pepr

Pepr Documentation Npm package license Known Vulnerabilities Npm package version Npm package total downloads

Type safe Kubernetes middleware for humans

Pepr is on a mission to save Kubernetes from the tyranny of YAML, intimidating glue code, bash scripts, and other makeshift solutions. As a Kubernetes controller, Pepr empowers you to define Kubernetes transformations using TypeScript, without software development expertise thanks to plain-english configurations. Pepr transforms a patchwork of forks, scripts, overlays, and other chaos into a cohesive, well-structured, and maintainable system. With Pepr, you can seamlessly transition IT ops tribal knowledge into code, simplifying documentation, testing, validation, and coordination of changes for a more predictable outcome.

Note: Pepr is still in active development so breaking changes may occur, but will be documented in release notes.

Features

  • Zero-config K8s webhook mutations and validations
  • Automatic leader-elected K8s resource watching
  • Lightweight async key-value store backed by K8s for stateful operations with the Pepr Store
  • Human-readable fluent API for generating Pepr Capabilities
  • A fluent API for creating/modifying/watching and server-side applying K8s resources via Kubernetes Fluent Client
  • Generate new K8s resources based off of cluster resource changes
  • Perform other exec/API calls based off of cluster resources changes or any other arbitrary schedule
  • Out of the box airgap support with Zarf
  • Entire NPM ecosystem available for advanced operations
  • Realtime K8s debugging system for testing/reacting to cluster changes
  • Controller network isolation and tamper-resistent module execution
  • Least-privilege RBAC generation
  • AMD64 and ARM64 support

Example Pepr Action

This quick sample shows how to react to a ConfigMap being created or updated in the cluster. It adds a label and annotation to the ConfigMap and adds some data to the ConfigMap. It also creates a Validating Webhook to make sure the "pepr" label still exists. Finally, after the ConfigMap is created, it logs a message to the Pepr controller and creates or updates a separate ConfigMap with the kubernetes-fluent-client using server-side apply. For more details see actions section.

When(a.ConfigMap)
  .IsCreatedOrUpdated()
  .InNamespace("pepr-demo")
  .WithLabel("unicorn", "rainbow")
  // Create a Mutate Action for the ConfigMap
  .Mutate(request => {
    // Add a label and annotation to the ConfigMap
    request.SetLabel("pepr", "was-here").SetAnnotation("pepr.dev", "annotations-work-too");

    // Add some data to the ConfigMap
    request.Raw.data["doug-says"] = "Pepr is awesome!";

    // Log a message to the Pepr controller logs
    Log.info("A 🦄 ConfigMap was created or updated:");
  })
  // Create a Validate Action for the ConfigMap
  .Validate(request => {
    // Validate the ConfigMap has a specific label
    if (request.HasLabel("pepr")) {
      return request.Approve();
    }

    // Reject the ConfigMap if it doesn't have the label
    return request.Deny("ConfigMap must have a unicorn label");
  })
  // Watch behaves like controller-runtime's Manager.Watch()
  .Watch(async (cm, phase) => {
    Log.info(cm, `ConfigMap was ${phase}.`);

    // Apply a ConfigMap using K8s server-side apply (will create or update)
    await K8s(kind.ConfigMap).Apply({
      metadata: {
        name: "pepr-ssa-demo",
        namespace: "pepr-demo-2",
      },
      data: {
        uid: cm.metadata.uid,
      },
    });
  });

Prerequisites

  • Node.js v18.0.0+ (even-numbered releases only)

    • To ensure compatability and optimal performance, it is recommended to use even-numbered releases of Node.js as they are stable releases and receive long-term support for three years. Odd-numbered releases are experimental and may not be supported by certain libraries utilized in Pepr.
  • npm v10.1.0+

  • Recommended (optional) tools:

Wow too many words! tl;dr;

# Create a new Pepr Module
npx pepr init

# If you already have a Kind or K3d cluster you want to use, skip this step
npm run k3d-setup

# Start playing with Pepr now
# If using another local K8s distro instead of k3d, run `npx pepr dev --host host.docker.internal`
npx pepr dev
kubectl apply -f capabilities/hello-pepr.samples.yaml

# Be amazed and ⭐️ this repo
pepr-early-demo.mp4

Concepts

Module

A module is the top-level collection of capabilities. It is a single, complete TypeScript project that includes an entry point to load all the configuration and capabilities, along with their actions. During the Pepr build process, each module produces a unique Kubernetes MutatingWebhookConfiguration and ValidatingWebhookConfiguration, along with a secret containing the transpiled and compressed TypeScript code. The webhooks and secret are deployed into the Kubernetes cluster with their own isolated controller.

See Module for more details.

Capability

A capability is set of related actions that work together to achieve a specific transformation or operation on Kubernetes resources. Capabilities are user-defined and can include one or more actions. They are defined within a Pepr module and can be used in both MutatingWebhookConfigurations and ValidatingWebhookConfigurations. A Capability can have a specific scope, such as mutating or validating, and can be reused in multiple Pepr modules.

See Capabilities for more details.

Action

Action is a discrete set of behaviors defined in a single function that acts on a given Kubernetes GroupVersionKind (GVK) passed in from Kubernetes. Actions are the atomic operations that are performed on Kubernetes resources by Pepr.

For example, an action could be responsible for adding a specific label to a Kubernetes resource, or for modifying a specific field in a resource's metadata. Actions can be grouped together within a Capability to provide a more comprehensive set of operations that can be performed on Kubernetes resources.

There are both Mutate() and Validate() Actions that can be used to modify or validate Kubernetes resources within the admission controller lifecycle. There is also a Watch() Action that can be used to watch for changes to Kubernetes resources that already exist.

See actions for more details.

Logical Pepr Flow

Arch Diagram Source Diagram

TypeScript

TypeScript is a strongly typed, object-oriented programming language built on top of JavaScript. It provides optional static typing and a rich type system, allowing developers to write more robust code. TypeScript is transpiled to JavaScript, enabling it to run in any environment that supports JavaScript. Pepr allows you to use JavaScript or TypeScript to write capabilities, but TypeScript is recommended for its type safety and rich type system. You can learn more about TypeScript here.

More Repositories

1

zarf

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
Go
341
star
2

leapfrogai

Production-ready Generative AI for local, cloud native, airgap, and edge deployments.
Python
250
star
3

lula

The Compliance Validator
Go
138
star
4

zarf-package-software-factory

Pre-built Zarf Package of a Software Factory (a.k.a. "DI2-ME")
Go
33
star
5

uds-cli

Go
26
star
6

uds-package-dubbd

Defense Unicorns Big Bang Distro
Shell
25
star
7

uds-core

A secure runtime platform for mission-critical capabilities
TypeScript
21
star
8

tadpole

The fastest way to get started with LeapfrogAI
Makefile
20
star
9

go-oscal

Repository for the generation of OSCAL data types
Go
14
star
10

maru-runner

The Unicorn Task Runner
Go
10
star
11

leapfrogai-api

LeapfrogAI API
Python
8
star
12

uds-package-software-factory

Replaced by https://github.com/defenseunicorns/uds-software-factory
Go
8
star
13

component-generator

Generate and aggregate OSCAL component definition files
Go
7
star
14

uds-rke2-image-builder

Packer builds to produce STIG'd RKE2 images
HCL
7
star
15

bigbang-architecture-diagrams

Architecture diagrams for Platform One's Big Bang
7
star
16

zarf-package-bare-metal

[experimental] A package to deploy Zarf on bare metal machines
Shell
6
star
17

zarf-website

Public website for Zarf
TypeScript
5
star
18

bigbang-oscal-component-generator

(likely temporary) location for a CLI tool that generates an oscal-component.yaml file for Big Bang by collecting all subcomponents
Go
5
star
19

pepr-keycloak-authsvc

Pepr Keycloak AuthSvc Reusable Capability
TypeScript
5
star
20

zarf-package-k3d-airgap

Deploy k3d in an air-gapped environment
Shell
5
star
21

zarf-package-dev-dependencies

An example / experiment on how to include development dependencies inside of a Zarf package
Shell
5
star
22

uds-marketplace

Svelte
5
star
23

uds-package-mattermost

🏭 UDS Mattermost Zarf Package
TypeScript
5
star
24

sparkle-academy

Repo for Sparkle Academy exercises
HCL
4
star
25

leapfrogai-backend-rag

Python
4
star
26

grimoire

A collection of scripts and utilities to help unicorns do their jobs efficiently and effectively!
Shell
4
star
27

leapfrogai-images

Chainguard-derived images for LeapfrogAI
Makefile
4
star
28

uds-capability-rook-ceph

Makefile
3
star
29

doug-translate

Svelte
3
star
30

zarf-docs

JavaScript
3
star
31

bigbang-bootstrap-template

Template repository for bigbang bootstraps and demos.
3
star
32

leapfrogai-backend-ctransformers

ctransformers wrapper for model inferencing
Python
3
star
33

packages

Zarf Packages
Svelte
3
star
34

terraform-aws-iam-ra-demo

A Terraform generation module to build IAM Roles Anywhere artifacts demo both NPE and CAC temporary role granting
HCL
3
star
35

leapfrogai-backend-llama-cpp-python

LeapfrogAI backend using llama-cpp-python
Python
3
star
36

zarf-init-aws

Zarf Init Package for AWS - DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
TypeScript
3
star
37

zarf-init-longhorn

Zarf Init Package for Longhorn - DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
Mustache
3
star
38

pepr-excellent-examples

Welcome to the Pepr Examples Repository!
TypeScript
3
star
39

narwhal-delivery-zarf-package-eks-addons

Handles zarf packaging of multiple add-ons for EKS
Makefile
3
star
40

uds-security-hub-v1-archive

All things about securing UDS
Go
2
star
41

common-go

Common libraries for 🦄 go things
2
star
42

asdf-zarf

asdf plugin for Zarf (Not officially adopted, use at your own risk)
Shell
2
star
43

zarf-package-rke2-init

An alternative zarf init package that deploys rke2
Shell
2
star
44

doc-site-template

Template repository for creating product documentation
SCSS
2
star
45

uds-package-arc

UDS Package for GitHub Actions Runner Controller
2
star
46

sbom-cli

Go
2
star
47

leapfrogai-docs

Merged into LeapfrogAI main repo
SCSS
2
star
48

leapfrog-model-skeleton

Smarty
2
star
49

uds-common

Common tasks for UDS Packages
2
star
50

leapfrogai-backend-vllm

Python
2
star
51

leapfrogai-backend-text-embeddings

LeapfrogAI backend for text embedding generation
Python
2
star
52

asdf-opentofu

ASDF plugin for OpenTofu
Shell
2
star
53

asdf-git-xargs

ASDF plugin for the git-xargs tool
Shell
2
star
54

uds-support-charts

A Zarf skeleton package for deploying applications using flux
2
star
55

delivery-zarf-init

2
star
56

big-bang-app

HCL
1
star
57

uds-capability-gitlab

Platform One Gitlab deployed via flux
Shell
1
star
58

uds-idam

TypeScript
1
star
59

kubeflow-pipelines

Smarty
1
star
60

leapfrogai-grpc

Shared Protobufs and gRPC Code for LeapfrogAI
1
star
61

uds-sso

TypeScript
1
star
62

svelte-pdf-viewer

Svelte
1
star
63

uds-common-workflows

Repository containers common github workflows and actions for UDS
1
star
64

delivery-nutanix-deployments

HCL
1
star
65

baffles-infra

A repository containing scripts to bootstrap Kubernetes with Baffles on various cloud and on-prem providers.
HCL
1
star
66

data-derby-weather-forecaster-serving

Python
1
star
67

unicorn-academy

Repository for all things Unicorn Academy.
Svelte
1
star
68

zarf-public-test

A test repository for Zarf `git` pushing / pulling
1
star
69

leapfrog-chat

An internal, RLHF-oriented example of a chat app using LeapfrogAI's tooling
JavaScript
1
star
70

medium-gists

Not large gists, or small ones for that matter. But Medium ones.
1
star
71

uds-leapfrogai

A UDS Capability for AI for National Security
1
star
72

zarf-ui

Web User Interface for Zarf - DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
TypeScript
1
star
73

uds-capability-redis

Bigbang Redis deployed via flux by zarf
Go
1
star
74

uds-package-sonarqube

🏭 UDS Sonarqube Zarf Package
TypeScript
1
star