kube-rs
A Rust client for Kubernetes in the style of a more generic client-go, a runtime abstraction inspired by controller-runtime, and a derive macro for CRDs inspired by kubebuilder. Hosted by CNCF as a Sandbox Project.
These crates build upon Kubernetes apimachinery + api concepts to enable generic abstractions. These abstractions allow Rust reinterpretations of reflectors, controllers, and custom resource interfaces, so that you can write applications easily.
Installation
Select a version of kube
along with the generated k8s-openapi structs at your chosen Kubernetes version:
[]
= { = "0.97.0", = ["runtime", "derive"] }
= { = "0.23.0", = ["latest"] }
See features for a quick overview of default-enabled / opt-in functionality.
Upgrading
See kube.rs/upgrading. Noteworthy changes are highlighted in releases, and archived in the changelog.
Usage
See the examples directory for how to use any of these crates.
Official examples:
- version-rs: lightweight deployment
reflector
using axum - controller-rs:
Controller
of a crd inside actix
For real world projects see ADOPTERS.
Api
The Api
is what interacts with Kubernetes resources, and is generic over Resource
:
use Pod;
let pods: = default_namespaced;
let pod = pods.get.await?;
println!;
let patch = json!;
let pp = apply;
let patched = pods.patch.await?;
assert_eq!;
pods.delete.await?;
See the examples ending in _api
examples for more detail.
Custom Resource Definitions
Working with custom resources uses automatic code-generation via proc_macros in kube-derive.
You need to add #[derive(CustomResource, JsonSchema)]
and some #[kube(attrs..)]
on a spec struct:
Then you can use the generated wrapper struct Document
as a kube::Resource
:
let docs: = default_namespaced;
let d = new;
println!;
println!;
There are a ton of kubebuilder-like instructions that you can annotate with here. See the documentation or the crd_
prefixed examples for more.
NB: #[derive(CustomResource)]
requires the derive
feature enabled on kube
.
Runtime
The runtime
module exports the kube_runtime
crate and contains higher level abstractions on top of the Api
and Resource
types so that you don't have to do all the watch
/resourceVersion
/storage book-keeping yourself.
Watchers
A streaming interface (similar to informers) that presents watcher::Event
s and does automatic relists under the hood.
let api = default_namespaced;
let stream = watcher.default_backoff.applied_objects;
This now gives a continual stream of events and you do not need to care about the watch having to restart, or connections dropping.
while let Some = stream.try_next.await?
Note the base items from a watcher
stream are an abstraction above the native WatchEvent
to allow for store buffering. If you are following along to "see what changed", you can use utilities from WatchStreamExt
, such as applied_objects
to get a more conventional stream.
Reflectors
A reflector
is a watcher
with Store
on K
. It acts on all the Event<K>
exposed by watcher
to ensure that the state in the Store
is as accurate as possible.
let nodes: = all;
let lp = default.labels;
let = store;
let rf = reflector;
At this point you can listen to the reflector
as if it was a watcher
, but you can also query the reader
at any point.
Controllers
A Controller
is a reflector
along with an arbitrary number of watchers that schedule events internally to send events through a reconciler:
.owns
.run
.for_each
.await;
new
Here reconcile
and error_policy
refer to functions you define. The first will be called when the root or child elements change, and the second when the reconciler
returns an Err
.
See the controller guide for how to write these.
TLS
By default rustls is used for TLS, but openssl
is supported. To switch, turn off default-features
, and enable the openssl-tls
feature:
[]
= { = "0.97.0", = false, = ["client", "openssl-tls"] }
= { = "0.23.0", = ["latest"] }
This will pull in openssl
and hyper-openssl
. If default-features
is left enabled, you will pull in two TLS stacks, and the default will remain as rustls
.
musl-libc
Kube will work with distroless, scratch, and alpine
(it's also possible to use alpine as a builder with some caveats).
License
Apache 2.0 licensed. See LICENSE for details.