Skip to content

CLI Reference | kapitan compile

kapitan compile

Merges inventory and inputs and produces generated files in the output folder (/compiled by default)

Compile all targets

kapitan compile
click to expand output 
Compiled mysql-generator-fetch (0.18s)
Compiled vault (0.25s)
Compiled pritunl (0.22s)
Compiled gke-pvm-killer (0.05s)
Compiled examples (0.30s)
Compiled mysql (0.08s)
Compiled postgres-proxy (0.06s)
Compiled echo-server (0.06s)
Compiled global (0.03s)
Compiled guestbook-argocd (0.08s)
Compiled tutorial (0.13s)
Compiled kapicorp-project-123 (0.03s)
Compiled kapicorp-demo-march (0.03s)
Compiled kapicorp-terraform-admin (0.03s)
Compiled sock-shop (0.32s)
Compiled tesoro (0.09s)
Compiled dev-sockshop (0.32s)
Compiled prod-sockshop (0.38s)
Compiled argocd (2.29s)

Selective compilation

Using target names

Compiles one or more targets selected by name using --targets or -t

kapitan compile -t mysql tesoro
click to expand output 
Compiled mysql (0.06s)
Compiled tesoro (0.09s)

Using labels

Compiles one or more targets selected matching labels with --labels or -l

Info

This works if you have labelled your targets using the following syntax:

parameters:
  ...
  kapitan:
    ...
    labels:
      customer: acme

see Labels for more details

$ kapitan compile -l customer=acme
Compiled acme-project (0.14s)
Compiled acme-pipelines (0.10s)

Fetch on compile

Use the --fetch flag to fetch Remote Inventories and the External Dependencies.

kapitan compile --fetch

This will download the dependencies according to their configurations By default, kapitan does not overwrite an existing item with the same name as that of the fetched inventory items.

Use the --force-fetch flag to force fetch (update cache with freshly fetched items) and overwrite inventory items of the same name in the output_path.

kapitan compile --force-fetch

Use the --cache flag to cache the fetched items in the .dependency_cache directory in the root project directory.

kapitan compile --cache --fetch

Embed references

By default, Kapitan references are stored encrypted (for backends that support encription) in the configuration repository under the /refs directory.

For instance, a reference tag ?{gpg:targets/minikube-mysql/mysql/password:ec3d54de} would point to a phisical file on disk under /refs like:

refs/targets/minikube-mysql/mysql/password

data: hQEMA8uOJKdm07XTAQgAp5i [[ CUT ]] BwqYc3g7PI09HCJZdU=
encoding: base64
recipients:
- fingerprint: D9234C61F58BEB3ED8552A57E28DC07A3CBFAE7C
type: gpg

The --embed-refs flags tells Kapitan to embed these references on compile, alongside the generated output. By doing so, compiled output is self-contained and can be revealed by Tesoro or other tools.

kapitan compile --embed-refs

See how the compiled output for this specific target changes to embed the actul encrypted content, (marked by ?{gpg: :embedded} to indicate it is a gpg reference) rather than just holding a reference to it (like in this case ?{gpg:targets/minikube-mysql/mysql/password:ec3d54de} which points to ).

click to expand output 
diff --git a/examples/kubernetes/compiled/minikube-mysql/manifests/mysql_app.yml b/examples/kubernetes/compiled/minikube-mysql/manifests/mysql_app.yml
[[ CUT ]]
apiVersion: v1
data:
-  MYSQL_ROOT_PASSWORD: ?{gpg:targets/minikube-mysql/mysql/password:ec3d54de}
-  MYSQL_ROOT_PASSWORD_SHA256: ?{gpg:targets/minikube-mysql/mysql/password_sha256:122d2732}
+  MYSQL_ROOT_PASSWORD: ?{gpg:eyJkYXRhIjogImhR [[ CUT ]] gInR5cGUiOiAiZ3BnIn0=:embedded}
+  MYSQL_ROOT_PASSWORD_SHA256: ?{gpg:eyJkYXRhI [[ CUT ]] eXBlIjogImdwZyJ9:embedded}

help

kapitan compile --help
click to expand output 
usage: kapitan compile [-h] [--inventory-backend {reclass}]
               [--search-paths JPATH [JPATH ...]]
               [--jinja2-filters FPATH] [--verbose] [--prune]
               [--quiet] [--output-path PATH] [--fetch]
               [--force-fetch] [--force] [--validate]
               [--parallelism INT] [--indent INT]
               [--refs-path REFS_PATH] [--reveal] [--embed-refs]
               [--inventory-path INVENTORY_PATH] [--cache]
               [--cache-paths PATH [PATH ...]]
               [--ignore-version-check] [--use-go-jsonnet]
               [--compose-target-name] [--schemas-path SCHEMAS_PATH]
               [--yaml-multiline-string-style STYLE]
               [--yaml-dump-null-as-empty]
               [--targets TARGET [TARGET ...] | --labels
               [key=value ...]]

options:
  -h, --help            show this help message and exit
  --inventory-backend {reclass,reclass-rs}
                        Select the inventory backend to use (default=reclass)
  --search-paths JPATH [JPATH ...], -J JPATH [JPATH ...]
                        set search paths, default is ["."]
  --jinja2-filters FPATH, -J2F FPATH
                        load custom jinja2 filters from any file, default is
                        to put them inside lib/jinja2_filters.py
  --verbose, -v         set verbose mode
  --prune               prune jsonnet output
  --quiet               set quiet mode, only critical output
  --output-path PATH    set output path, default is "."
  --fetch               fetch remote inventories and/or external dependencies
  --force-fetch         overwrite existing inventory and/or dependency item
  --force               overwrite existing inventory and/or dependency item
  --validate            validate compile output against schemas as specified
                        in inventory
  --parallelism INT, -p INT
                        Number of concurrent compile processes, default is 4
  --indent INT, -i INT  Indentation spaces for YAML/JSON, default is 2
  --refs-path REFS_PATH
                        set refs path, default is "./refs"
  --reveal              reveal refs (warning: this will potentially write
                        sensitive data)
  --embed-refs          embed ref contents
  --inventory-path INVENTORY_PATH
                        set inventory path, default is "./inventory"
  --cache, -c           enable compilation caching to .kapitan_cache and
                        dependency caching to .dependency_cache, default is
                        False
  --cache-paths PATH [PATH ...]
                        cache additional paths to .kapitan_cache, default is
                        []
  --ignore-version-check
                        ignore the version from .kapitan
  --use-go-jsonnet      use go-jsonnet
  --compose-target-name   Create same subfolder structure from inventory/targets
                        inside compiled folder
  --schemas-path SCHEMAS_PATH
                        set schema cache path, default is "./schemas"
  --yaml-multiline-string-style STYLE, -L STYLE
                        set multiline string style to STYLE, default is
                        'double-quotes'
  --yaml-dump-null-as-empty
                        dumps all none-type entries as empty, default is
                        dumping as 'null'
  --targets TARGET [TARGET ...], -t TARGET [TARGET ...]
                        targets to compile, default is all
  --labels [key=value ...], -l [key=value ...]
                        compile targets matching the labels, default is all