Skip to main content
Version: 0.8

KCL Operator


KCL Operator provides cluster integration, allowing you to use Access Webhook to generate, mutate, or validate resources based on KCL configuration when apply resources to the cluster. Webhook will capture creation, application, and editing operations, and execute KCLRun resource on the configuration associated with each operation, and the KCL programming language can be used to

  • Add labels or annotations based on a condition.
  • Inject a sidecar container in all KRM resources that contain a PodTemplate.
  • Validate all KRM resources using KCL schema.
  • Use an abstract model to generate KRM resources.


  • Install Kubectl
  • Prepare a Kubernetes cluster

Quick Start

Let’s write a KCL function which add annotation managed-by=kcl-operator only to Pod resources at runtime.

1. Install KCL Operator

kubectl apply -f

Use the following command to watch and wait the pod status is Running.

kubectl get po

2. Deploy the KCL source

kubectl apply -f- << EOF
kind: KCLRun
name: set-annotation
source: |
items = [item | {
metadata.annotations: {
"managed-by" = "kcl-operator"
} for item in option("items")]

3. Validate the result

Validate the mutation result by creating a nginx Pod YAML.

kubectl apply -f- << EOF
apiVersion: v1
kind: Pod
name: nginx
app: nginx
- name: nginx
image: nginx:1.14.2
- containerPort: 80
kubectl get po nginx -o yaml | grep kcl-operator

The output is

    managed-by: kcl-operator

Guides for Developing KCL

Here's what you can do in the KCL code:

  • Read resources from option("resource_list"). The option("resource_list") complies with the KRM Functions Specification. You can read the input resources from option("items") and the params from option("params").
  • Return a KRM list for output resources.
  • Return an error using assert {condition}, {error_message}.

More Documents and Examples