CKE can automatically create or update user-defined resources on Kubernetes.
This can be considered as kubectl apply --server-side=true --field-manager=cke automatically executed by CKE.
All the standard Kubernetes resources, including CustomResourceDefinition, are supported.
Custom resources (not CustomResourceDefinitions) are not supported.
The resources are applied in the following order according to their kind.
- Namespace
- ServiceAccount
- CustomResourceDefinition
- ClusterRole
- ClusterRoleBinding
- (Other cluster-scope resources)
- Role
- RoleBinding
- NetworkPolicy
- Secret
- ConfigMap
- (Other namespace-scoped resources)
User-defined resources are automatically annotated as follows:
cke.cybozu.com/revision: The last applied revision of this resource.
By annotating ValidatingWebhookConfiguration or MutatingWebhookConfiguration
with cke.cybozu.com/inject-cacert=true, CKE automatically fill it with CA
certificates.
By annotating Secret with cke.cybozu.com/issue-cert=<service name>, CKE
automatically issues a new certificate for the named Service resource and
sets the certificate and private key in Secret data.
Read k8s.md for more details.
Use ckecli resource subcommand to set, list, or delete user-defined resources.