kubernetes-deploy 0.6.4 → 0.6.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +15 -0
- data/lib/kubernetes-deploy/ejson_secret_provisioner.rb +4 -1
- data/lib/kubernetes-deploy/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35d948d40aa56e5e5a6768970fd3337a23567aa5
|
|
4
|
+
data.tar.gz: 69e976d7ff55b67d735e35def340386abb007168
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 69ff1c41cc62e2489680586a97f6392678c1110ac0cd729d5d90fcb3e0d27012eae5db56dccb7edd88e24dda0d7604ba7bc83a96ecc0b3ffab935c6128da4012
|
|
7
|
+
data.tar.gz: 0fcf662530afff4ffff89a4f3eba3ef2b92dc61d3ca7f5c6bc4810987017405192350f9137d1a0da79b4bfeb75bf3fa3f4a9ac1462df2699bbd060535c39056c
|
data/README.md
CHANGED
|
@@ -76,6 +76,21 @@ Since their data is only base64 encoded, Kubernetes secrets should not be commit
|
|
|
76
76
|
6. Encrypt the file: `ejson encrypt /PATH/TO/secrets.ejson`
|
|
77
77
|
7. Commit the encrypted file and deploy as usual. The deploy will create secrets from the data in the `kubernetes_secrets` key.
|
|
78
78
|
|
|
79
|
+
**Note**: Since leading underscores in ejson keys are used to skip encryption of the associated value, `kubernetes-deploy` will strip these leading underscores when it creates the keys for the Kubernetes secret data. For example, given the ejson data below, the `monitoring-token` secret will have keys `api-token` and `property` (_not_ `_property`):
|
|
80
|
+
```json
|
|
81
|
+
{
|
|
82
|
+
"_public_key": "YOUR_PUBLIC_KEY",
|
|
83
|
+
"kubernetes_secrets": {
|
|
84
|
+
"monitoring-token": {
|
|
85
|
+
"_type": "kubernetes.io/tls",
|
|
86
|
+
"data": {
|
|
87
|
+
"api-token": "EJ[ENCRYPTED]",
|
|
88
|
+
"_property": "some unencrypted value"
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
```
|
|
93
|
+
|
|
79
94
|
### Running one off tasks
|
|
80
95
|
|
|
81
96
|
To trigger a one-off job such as a rake task _outside_ of a deploy, use the following command:
|
|
@@ -122,7 +122,10 @@ module KubernetesDeploy
|
|
|
122
122
|
raise EjsonSecretError, "Data for secret #{secret_name} was invalid. Only key-value pairs are permitted."
|
|
123
123
|
end
|
|
124
124
|
encoded_data = data.each_with_object({}) do |(key, value), encoded|
|
|
125
|
-
|
|
125
|
+
# Leading underscores in ejson keys are used to skip encryption of the associated value
|
|
126
|
+
# To support this ejson feature, we need to exclude these leading underscores from the secret's keys
|
|
127
|
+
secret_key = key.sub(/\A_/, '')
|
|
128
|
+
encoded[secret_key] = Base64.encode64(value)
|
|
126
129
|
end
|
|
127
130
|
|
|
128
131
|
secret = {
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kubernetes-deploy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kir Shatrov
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2017-05-
|
|
13
|
+
date: 2017-05-10 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|