Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

RemoteManifest

RemoteManifest fetches YAML/JSON documents from a remote HTTPS URL and feeds them into Nyl’s normal render pipeline.

API Version

  • nyl.niklasrosenstein.github.com/v1

Schema

apiVersion: nyl.niklasrosenstein.github.com/v1
kind: RemoteManifest
metadata:
  name: <name>
spec:
  url: https://example.com/path/manifests.yaml
  overrideNamespace: false

Fields

  • spec.url (required): HTTPS URL containing one or more YAML/JSON documents.
  • spec.overrideNamespace (optional, default false): when true, fetched resources that already have metadata.namespace will have that value replaced with RemoteManifest.metadata.namespace.

Behavior

  • URL must use https://.
  • Fetching uses Nyl’s native HTTPS client (no shell-out), with HTTPS-only redirect policy.
  • Request timeouts are enforced (connect: 5s, total: 30s).
  • Response size is limited to 30 MiB; larger payloads fail fast.
  • Content is parsed as YAML multi-document stream.
  • Parsed resources are processed recursively like local resources.
  • Remote content is not rendered as a Jinja template.
  • When spec.overrideNamespace: true, remote manifests with metadata.namespace are rewritten to RemoteManifest.metadata.namespace.
  • Special case: for RoleBinding and ClusterRoleBinding (rbac.authorization.k8s.io/*), subjects[*].namespace is also rewritten (ServiceAccount subjects are forced to the override namespace).
  • Potential future rewrite targets (currently not handled): webhook service namespaces (MutatingWebhookConfiguration, ValidatingWebhookConfiguration, CRD conversion webhook), and APIService.spec.service.namespace.
  • Fetch or parse failures stop the command (render, diff, apply).

Example

apiVersion: nyl.niklasrosenstein.github.com/v1
kind: RemoteManifest
metadata:
  name: shared-crds
spec:
  url: https://example.com/platform/crds.yaml