This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Resources

Here, you will find the list of core resources supported for Jikkou.

Core Resources

More information:

1 - ConfigMap

Learn how to use ConfigMap objects.

You can use a ConfigMap to define reusable data in the form of key/value pairs that can then be referenced and used by other resources.

Specification

---
apiVersion: "core.jikkou.io/v1beta2"
kind: ConfigMap
metadata:
  name: '<CONFIG-MAP-NAME>'   # Name of the ConfigMap (required)
data:                         # Map of key-value pairs (required)
  <KEY_1>: "<VALUE_1>"

Example

For example, the below ConfigMap show how to define default config properties namedcKafkaTopicConfig that can then reference and used to define multiple KafkaTopic. resources.

---
apiVersion: "core.jikkou.io/v1beta2"
kind: ConfigMap
metadata:
name: 'KafkaTopicConfig'
data:
  cleanup.policy: 'delete'
  min.insync.replicas: 2
  retention.ms: 86400000 # (1 day)

2 - ValidatingResourcePolicy

The ValidatingResourcePolicy resource defines validation rules and selection strategies for applying policies to resources in Jikkou.

The ValidatingResourcePolicy resource is used to define validation rules applied to resources or resource changes before they are applied by Jikkou.
It allows enforcing organizational policies, validating constraints, or filtering out undesired operations.

Each policy can select one or more resource kinds and define rules expressed in Google CEL (Common Expression Language).
Rules can either fail the execution or filter the invalid resources, depending on the configured failurePolicy.

Specification

apiVersion: core.jikkou.io/v1
kind: ValidatingResourcePolicy
metadata:
  name: <string> # Required. Unique policy name.
spec:
  failurePolicy: <string> # Required. One of: FAIL | FILTER
  selector:
    matchingStrategy: <string> # Optional. One of: ALL | ANY (default: ALL)
    matchResources:
      - apiVersion: <string> # Optional. API version to match (e.g., core.jikkou.io/v1)
        kind: <string>       # Required. Resource kind (e.g., KafkaTopic)
    matchLabels:
      - key: <string>       # Label key to match
        operator: <string>  # One of: In | NotIn | Exists | DoesNotExist
        values: [<string>]  # Optional list of values
    matchExpressions:
      - <string> # CEL expression
  rules:
    - name: <string> # Required. Rule identifier.
      expression: <string> # Required. A CEL expression evaluated against the resource.
      message: <string> # Optional. Static message returned when the rule fails.
      messageExpression: <string> # Optional. CEL expression to generate a dynamic error message.

Fields

FieldTypeRequiredDescription
spec.failurePolicystringYesDefines the policy behavior when validation fails. Possible values:
FAIL → stop execution with an error.
FILTER → skip the invalid resource(s) but continue processing others.
spec.selector.matchingStrategystringNoStrategy for combining multiple selectors. Possible values:
ALL → resource must match all conditions.
ANY → resource must match at least one condition.
Default: ALL.
spec.selector.matchResourceslistNoSelects resources by API version and kind.
spec.selector.matchLabelslistNoSelects resources based on labels, using operators (In, NotIn, Exists, DoesNotExist).
spec.selector.matchExpressionslistNoSelects resources using CEL expressions for advanced filtering.
spec.ruleslistYesA list of validation rules.
spec.rules[].namestringYesA unique identifier for the rule.
spec.rules[].expressionstringYesA CEL expression evaluated against the resource. The rule fails when the expression evaluates to true.
spec.rules[].messagestringNoStatic error message returned when validation fails.
spec.rules[].messageExpressionstringNoCEL expression returning a dynamic error message string.

Resource Selection

Policies define which resources they apply to using a selector.
A selector can combine multiple strategies to target resources based on:

  • Resource metadata (kind, apiVersion).
  • Labels (with operators like In, NotIn, Exists, DoesNotExist).
  • CEL expressions (arbitrary conditions on resource content).

Matching Strategy

StrategyDescription
ALLThe resource must match all specified selectors (matchResources, matchLabels, and matchExpressions).
ANYThe resource is selected if it matches at least one of the specified selectors.

Default: ALL

matchResources

Selects resources by API version and/or kind.

matchResources:
  - apiVersion: core.jikkou.io/v1
    kind: KafkaTopic
  • apiVersion → Optional. Restricts matching to a specific API group/version.
  • kind → Required. Matches the resource kind (e.g. KafkaTopic, KafkaTopicChange).

matchLabels

Selects resources based on their metadata labels using operators.

matchLabels:
  - key: environment
    operator: In
    values: ["prod", "staging"]
  - key: team
    operator: NotIn
    values: ["test"]
  - key: critical
    operator: Exists

Supported operators:

OperatorDescription
InMatches if the label value is in the list of values.
NotInMatches if the label value is not in the list of values.
ExistsMatches if the label key is defined (value doesn’t matter).
DoesNotExistMatches if the label key is not defined.

matchExpressions

Selects resources using CEL expressions for maximum flexibility.

matchExpressions:
  - "resource.metadata.name.startsWith('topic-')"
  - "resource.spec.partitions > 10"

Examples:

  • Match resources with names starting with topic-.
  • Match topics with more than 10 partitions.

Examples

Example 1: Filtering DELETE operations on KafkaTopic resources

apiVersion: core.jikkou.io/v1
kind: ValidatingResourcePolicy
metadata:
  name: KafkaTopicPolicy
spec:
  failurePolicy: FILTER
  selector:
    matchResources:
      - kind: KafkaTopicChange
  rules:
    - name: FilterDeleteOperation
      expression: "size(resource.spec.changes) > 0 && resource.spec.op == 'DELETE'"
      messageExpression: "'Operation ' + resource.spec.op + ' on topics is not authorized'"

This policy prevents delete operations on Kafka topics from being executed by filtering them out.

Example 2: Validating partitions count for KafkaTopic

apiVersion: core.jikkou.io/v1
kind: ValidatingResourcePolicy
metadata:
  name: KafkaTopicPolicy
spec:
  failurePolicy: FAIL
  selector:
    matchResources:
      - kind: KafkaTopic
  rules:
    - name: MaxTopicPartitions
      expression: "resource.spec.partitions >= 50"
      messageExpression: "'Topic partition MUST be inferior to 50, but was: ' + string(resource.spec.partitions)"

    - name: MinTopicPartitions
      expression: "resource.spec.partitions < 3"
      message: "Topic must have at-least 3 partitions"

This policy enforces a minimum of 3 partitions and a maximum of 49 partitions for Kafka topics.

Example 3: Match only KafkaTopic in prod environment

selector:
  matchingStrategy: ALL
  matchResources:
    - kind: KafkaTopic
  matchLabels:
    - key: environment
      operator: In
      values: ["prod"]

Example 4: Match any KafkaTopic OR resources with label critical=true

selector:
  matchingStrategy: ANY
  matchResources:
    - kind: KafkaTopic
  matchLabels:
    - key: critical
      operator: In
      values: ["true"]

Example 5: Match using CEL expression

selector:
  matchExpressions:
    - "resource.spec.replicationFactor < 3"

Use cases

  • Preventing destructive operations (e.g., deleting topics, removing configs).
  • Enforcing resource limits (e.g., partition count, replication factor).
  • Ensuring naming conventions or metadata compliance.
  • Dynamically generating error messages with contextual information.