kubernetes-deploy 0.6.4 → 0.6.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +15 -0
- data/lib/kubernetes-deploy/ejson_secret_provisioner.rb +4 -1
- data/lib/kubernetes-deploy/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35d948d40aa56e5e5a6768970fd3337a23567aa5
|
|
4
|
+
data.tar.gz: 69e976d7ff55b67d735e35def340386abb007168
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 69ff1c41cc62e2489680586a97f6392678c1110ac0cd729d5d90fcb3e0d27012eae5db56dccb7edd88e24dda0d7604ba7bc83a96ecc0b3ffab935c6128da4012
|
|
7
|
+
data.tar.gz: 0fcf662530afff4ffff89a4f3eba3ef2b92dc61d3ca7f5c6bc4810987017405192350f9137d1a0da79b4bfeb75bf3fa3f4a9ac1462df2699bbd060535c39056c
|
data/README.md
CHANGED
|
@@ -76,6 +76,21 @@ Since their data is only base64 encoded, Kubernetes secrets should not be commit
|
|
|
76
76
|
6. Encrypt the file: `ejson encrypt /PATH/TO/secrets.ejson`
|
|
77
77
|
7. Commit the encrypted file and deploy as usual. The deploy will create secrets from the data in the `kubernetes_secrets` key.
|
|
78
78
|
|
|
79
|
+
**Note**: Since leading underscores in ejson keys are used to skip encryption of the associated value, `kubernetes-deploy` will strip these leading underscores when it creates the keys for the Kubernetes secret data. For example, given the ejson data below, the `monitoring-token` secret will have keys `api-token` and `property` (_not_ `_property`):
|
|
80
|
+
```json
|
|
81
|
+
{
|
|
82
|
+
"_public_key": "YOUR_PUBLIC_KEY",
|
|
83
|
+
"kubernetes_secrets": {
|
|
84
|
+
"monitoring-token": {
|
|
85
|
+
"_type": "kubernetes.io/tls",
|
|
86
|
+
"data": {
|
|
87
|
+
"api-token": "EJ[ENCRYPTED]",
|
|
88
|
+
"_property": "some unencrypted value"
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
```
|
|
93
|
+
|
|
79
94
|
### Running one off tasks
|
|
80
95
|
|
|
81
96
|
To trigger a one-off job such as a rake task _outside_ of a deploy, use the following command:
|
|
@@ -122,7 +122,10 @@ module KubernetesDeploy
|
|
|
122
122
|
raise EjsonSecretError, "Data for secret #{secret_name} was invalid. Only key-value pairs are permitted."
|
|
123
123
|
end
|
|
124
124
|
encoded_data = data.each_with_object({}) do |(key, value), encoded|
|
|
125
|
-
|
|
125
|
+
# Leading underscores in ejson keys are used to skip encryption of the associated value
|
|
126
|
+
# To support this ejson feature, we need to exclude these leading underscores from the secret's keys
|
|
127
|
+
secret_key = key.sub(/\A_/, '')
|
|
128
|
+
encoded[secret_key] = Base64.encode64(value)
|
|
126
129
|
end
|
|
127
130
|
|
|
128
131
|
secret = {
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kubernetes-deploy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kir Shatrov
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2017-05-
|
|
13
|
+
date: 2017-05-10 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|