kubes 0.3.5 → 0.4.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -0
- data/README.md +6 -5
- data/docs/_docs/config/args.md +10 -0
- data/docs/_docs/config/args/docker.md +19 -0
- data/docs/_docs/config/{kubectl/args.md → args/kubectl.md} +2 -0
- data/docs/_docs/config/docker.md +4 -40
- data/docs/_docs/config/hooks.md +10 -0
- data/docs/_docs/config/hooks/docker.md +70 -0
- data/docs/_docs/config/hooks/kubectl.md +83 -0
- data/docs/_docs/config/hooks/kubes.md +67 -0
- data/docs/_docs/config/hooks/ruby.md +76 -0
- data/docs/_docs/config/kubectl.md +2 -2
- data/docs/_docs/config/reference.md +20 -0
- data/docs/_docs/config/skip.md +58 -0
- data/docs/_docs/dsl/resources.md +1 -1
- data/docs/_docs/helpers.md +3 -2
- data/docs/_docs/intro.md +3 -1
- data/docs/_docs/learn/dsl/review-project.md +4 -2
- data/docs/_docs/learn/yaml/review-project.md +4 -2
- data/docs/_docs/patterns.md +4 -1
- data/docs/_docs/patterns/clock-web-worker.md +2 -0
- data/docs/_docs/patterns/migrations.md +123 -0
- data/docs/_docs/patterns/secrets.md +82 -0
- data/docs/_includes/config/hooks/options.md +20 -0
- data/docs/_includes/layering/layers.md +1 -1
- data/docs/_includes/sidebar.html +28 -13
- data/docs/_sass/theme.scss +25 -1
- data/kubes.gemspec +3 -0
- data/lib/kubes.rb +4 -1
- data/lib/kubes/cli.rb +20 -5
- data/lib/kubes/cli/apply.rb +2 -1
- data/lib/kubes/cli/base.rb +11 -0
- data/lib/kubes/cli/compile.rb +8 -0
- data/lib/kubes/cli/delete.rb +1 -1
- data/lib/kubes/cli/exec.rb +37 -6
- data/lib/kubes/cli/get.rb +1 -1
- data/lib/kubes/cli/init.rb +7 -2
- data/lib/kubes/cli/logs.rb +27 -3
- data/lib/kubes/cli/prune.rb +95 -0
- data/lib/kubes/compiler.rb +11 -7
- data/lib/kubes/compiler/decorator/base.rb +7 -1
- data/lib/kubes/compiler/decorator/{resources/secret.rb → hashable.rb} +5 -4
- data/lib/kubes/compiler/decorator/hashable/field.rb +53 -0
- data/lib/kubes/compiler/decorator/hashable/storage.rb +19 -0
- data/lib/kubes/compiler/decorator/post.rb +77 -0
- data/lib/kubes/compiler/decorator/pre.rb +12 -0
- data/lib/kubes/compiler/shared/helpers.rb +7 -2
- data/lib/kubes/compiler/strategy.rb +2 -2
- data/lib/kubes/compiler/strategy/base.rb +2 -3
- data/lib/kubes/compiler/strategy/dsl.rb +2 -2
- data/lib/kubes/compiler/strategy/erb.rb +8 -1
- data/lib/kubes/compiler/strategy/erb/yaml_error.rb +60 -0
- data/lib/kubes/compiler/strategy/result.rb +4 -6
- data/lib/kubes/compiler/util/normalize.rb +1 -1
- data/lib/kubes/compiler/util/save_file.rb +8 -0
- data/lib/kubes/config.rb +16 -11
- data/lib/kubes/docker/strategy/build/docker.rb +1 -1
- data/lib/kubes/docker/strategy/build/gcloud.rb +1 -1
- data/lib/kubes/docker/strategy/image_name.rb +1 -1
- data/lib/kubes/docker/strategy/push/docker.rb +1 -1
- data/lib/kubes/docker/strategy/push/gcloud.rb +1 -1
- data/lib/kubes/docker/strategy/utils.rb +1 -1
- data/lib/kubes/hooks/builder.rb +29 -15
- data/lib/kubes/hooks/concern.rb +10 -0
- data/lib/kubes/hooks/dsl.rb +2 -1
- data/lib/kubes/hooks/runner.rb +22 -0
- data/lib/kubes/kubectl.rb +21 -18
- data/lib/kubes/kubectl/batch.rb +8 -5
- data/lib/kubes/kubectl/{decider.rb → dispatcher.rb} +1 -1
- data/lib/kubes/kubectl/fetch/base.rb +12 -9
- data/lib/kubes/kubectl/fetch/deployment.rb +12 -13
- data/lib/kubes/kubectl/fetch/pods.rb +4 -15
- data/lib/kubes/kubectl/kustomize.rb +1 -1
- data/lib/kubes/kubectl/ordering.rb +12 -0
- data/lib/kubes/util/consider.rb +2 -1
- data/lib/kubes/util/sh.rb +1 -1
- data/lib/kubes/version.rb +1 -1
- data/spec/fixtures/decorators/deployment/both/envFrom.yaml +31 -0
- data/spec/fixtures/decorators/deployment/both/valueFrom.yaml +33 -0
- data/spec/fixtures/decorators/deployment/both/volumes.yaml +40 -0
- data/spec/fixtures/prune/capture.yaml +57 -0
- data/spec/fixtures/prune/fetch_items.yaml +268 -0
- data/spec/kubes/cli/prune_spec.rb +38 -0
- data/spec/kubes/compiler/decorator/{resources → post}/deployment_spec.rb +52 -6
- data/spec/kubes/compiler/decorator/{resources → post}/pod_spec.rb +2 -11
- metadata +56 -19
- data/docs/_docs/config/kubectl/hooks.md +0 -39
- data/lib/kubes/compiler/decorator.rb +0 -17
- data/lib/kubes/compiler/decorator/compile.rb +0 -12
- data/lib/kubes/compiler/decorator/resources/base.rb +0 -13
- data/lib/kubes/compiler/decorator/resources/container.rb +0 -76
- data/lib/kubes/compiler/decorator/resources/container/mapping.rb +0 -28
- data/lib/kubes/compiler/decorator/resources/deployment.rb +0 -10
- data/lib/kubes/compiler/decorator/resources/pod.rb +0 -10
- data/lib/kubes/compiler/decorator/write.rb +0 -14
- data/lib/kubes/docker/strategy/hooks.rb +0 -9
@@ -6,5 +6,5 @@ title: Kubectl Customizations
|
|
6
6
|
|
7
7
|
Kubes calls out the `kubectl` command. You can customize the command.
|
8
8
|
|
9
|
-
* [Args]({% link _docs/config/kubectl
|
10
|
-
* [Hooks]({% link _docs/config/kubectl
|
9
|
+
* [Args]({% link _docs/config/args/kubectl.md %}): Customize the CLI args.
|
10
|
+
* [Hooks]({% link _docs/config/hooks/kubectl.md %}): Run hooks before and after the kubectl commands.
|
@@ -0,0 +1,20 @@
|
|
1
|
+
---
|
2
|
+
title: Config Reference
|
3
|
+
---
|
4
|
+
|
5
|
+
Name | Description | Default
|
6
|
+
---|---|---
|
7
|
+
auto_prune | Prune and delete old hashed resources like Secret and ConfigMap. | true
|
8
|
+
builder | What docker build command to use. Can use `docker` or `gcloud` to build the Docker image. | docker
|
9
|
+
kubectl.context | What kubectl context to auto-switch to. | nil
|
10
|
+
kubectl.context_keep | Whether or not to keep the context switched | true
|
11
|
+
kubectl.exit_on_fail.apply | Whether or not continue if the `kubectl apply` fails. Note, can use `KUBES_EXIT_ON_FAIL=0` env var to set to false. | true
|
12
|
+
kubectl.exit_on_fail.delete | Whether or not continue if the `kubectl delete` fails. | false
|
13
|
+
kubectl.order.kinds | Change ordering for Kubernetes Kinds. | See [source code](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/config.rb#L52)
|
14
|
+
kubectl.order.roles | Change ordering for Kubes Roles. | See [source code](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/config.rb#L44)
|
15
|
+
logger | Logger object | Logger.new($stdout)
|
16
|
+
logger.level | Logger level. Can also be set with `KUBES_LOG_LEVEL` env var | info
|
17
|
+
repo | The Docker repo to use. Required to be set. | nil
|
18
|
+
skip | List of resources to skip. Can also be set with the `KUBES_SKIP` env var. `KUBES_SKIP` should be a list of strings separated by spaces. It adds onto the `config.skip` option. | []
|
19
|
+
state.docker_image_path | Where to store the state file with the last build Docker image. | .kubes/state/docker_image.txt
|
20
|
+
suffix_hash | Whether or not to append suffix hash to ConfigMap and Secret | true
|
@@ -0,0 +1,58 @@
|
|
1
|
+
---
|
2
|
+
title: Skip Option
|
3
|
+
---
|
4
|
+
|
5
|
+
You can tell Kubes to skip resources to deploy. This can useful if you want to still resources with Kubes and have it compile `.kubes/output` files, but wish to deploy them outside of Kubes manually.
|
6
|
+
|
7
|
+
## Example
|
8
|
+
|
9
|
+
Here's an example with a Job.
|
10
|
+
|
11
|
+
.kubes/resources/cleanup/job.yaml:
|
12
|
+
|
13
|
+
```yaml
|
14
|
+
apiVersion: batch/v1
|
15
|
+
kind: Job
|
16
|
+
metadata:
|
17
|
+
name: cleanup
|
18
|
+
spec:
|
19
|
+
template:
|
20
|
+
spec:
|
21
|
+
containers:
|
22
|
+
- name: cleanup
|
23
|
+
image: <%= built_image %>
|
24
|
+
command: ["bin/cleanup.sh"]
|
25
|
+
restartPolicy: Never
|
26
|
+
```
|
27
|
+
|
28
|
+
To skip the cleanup job, use the `config.skip` option:
|
29
|
+
|
30
|
+
```ruby
|
31
|
+
Kubes.configure do |config|
|
32
|
+
config.skip = ["cleanup/job"]
|
33
|
+
end
|
34
|
+
```
|
35
|
+
|
36
|
+
Now when you deploy, the `cleanup/job` resource will not be deployed:
|
37
|
+
|
38
|
+
kubes deploy # deploys everything except cleanup/job
|
39
|
+
|
40
|
+
## Deploy Outside of Kubes
|
41
|
+
|
42
|
+
Then to deploy outside of kubes.
|
43
|
+
|
44
|
+
$ kubes compile # not necessary if already ran: kubes deploy
|
45
|
+
Compiled .kubes/resources files to .kubes/output
|
46
|
+
$ kubectl apply -f .kubes/output/cleanup/job.yaml
|
47
|
+
job.batch/cleanup created
|
48
|
+
$ kubectl delete -f .kubes/output/cleanup/job.yaml
|
49
|
+
job.batch "cleanup" deleted
|
50
|
+
$
|
51
|
+
|
52
|
+
## Env Var KUBES_SKIP
|
53
|
+
|
54
|
+
You can also us ethe `KUBES_SKIP` env var. It takes list of strings separated by a space. It adds onto the `config.skip` option. Example:
|
55
|
+
|
56
|
+
KUBES_SKIP="cleanup/job" kubes delete
|
57
|
+
|
58
|
+
This can be useful for one-off use cases.
|
data/docs/_docs/dsl/resources.md
CHANGED
@@ -6,7 +6,7 @@ Here's a list of the resources supported by the Kubes DSL.
|
|
6
6
|
|
7
7
|
{% assign docs = site.docs | where: "categories","dsl" %}
|
8
8
|
{% for doc in docs -%}
|
9
|
-
* [{{ doc.
|
9
|
+
* [{{ doc.nav_text }}]({{ doc.url }})
|
10
10
|
{% endfor %}
|
11
11
|
|
12
12
|
For resources, that are not supported, you can use the [Generic resource]({% link _docs/dsl/resources/generic.md %}) or use [YAML]({% link _docs/yaml.md %}) instead. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
|
data/docs/_docs/helpers.md
CHANGED
@@ -7,12 +7,13 @@ Kubes provides some helper methods to help write Kubernetes YAML files. Here's
|
|
7
7
|
Helper | Description
|
8
8
|
--- | ---
|
9
9
|
built_image | Method refers to the latest Docker image built by Kubes. This spares you from having to update the image manually in the deployment resource.
|
10
|
+
decode64 | Basey64d decode a string.
|
10
11
|
dockerfile_port | Exposed port extracted from the Dockerfile of the project.
|
12
|
+
encode64 | Basey64 encode a string. Also available as `base64` method.
|
11
13
|
extra | The `KUBES_EXTRA` value.
|
12
14
|
with_extra | Appends the `KUBES_EXTRA` value to a string if it's set. It's covered in the [Extra Env Docs]({% link _docs/extra-env.md %}).
|
13
15
|
|
14
|
-
Here's also the source code with the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb).
|
15
|
-
|
16
|
+
Here's also the source code with most of the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb).
|
16
17
|
|
17
18
|
## DSL Specific Methods
|
18
19
|
|
data/docs/_docs/intro.md
CHANGED
@@ -4,12 +4,14 @@ title: What is Kubes?
|
|
4
4
|
|
5
5
|
{% include reference.md %}
|
6
6
|
|
7
|
+
<div class="video-box"><div class="video-container"><iframe src="https://www.youtube.com/embed/M4zHL0mfKNU" frameborder="0" allowfullscreen=""></iframe></div></div>
|
8
|
+
|
7
9
|
## Features:
|
8
10
|
|
9
11
|
* Automation: [Builds the Docker image]({% link _docs/config/docker.md %}) and updates the compiled YAML files
|
10
12
|
* Syntactic Sugar: Use an [ERB/YAML]({% link _docs/yaml.md %}) or a [DSL]({% link _docs/dsl.md %}) to write your Kubernetes YAML files. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
|
11
13
|
* Layering: Use the same Kubernetes YAML to build multiple environments like dev and prod with [layering]({% link _docs/layering.md %}).
|
12
|
-
* CLI Customizations: You can customize the [cli args]({% link _docs/config/kubectl
|
14
|
+
* CLI Customizations: You can customize the [cli args]({% link _docs/config/args/kubectl.md %}). You can also run [hooks]({% link _docs/config/hooks/kubectl.md %}) before and after kubectl commands.
|
13
15
|
* Automated Suffix Hashes: Automatically appends a suffix hash to ConfigMap and Secret resources. More details in [ConfigMap]({% link _docs/dsl/resources/config_map.md %}) and [Secret]({% link _docs/dsl/resources/secret.md %}) docs.
|
14
16
|
* Kustomize Support: If you’re a kustomization user, you can use it with Kubes. More details in [Kustomize Support Docs]({% link _docs/misc/kustomize.md %}).
|
15
17
|
* Auto Context Switching: Map dev to a specific kubectl context and prod to another kubectl context and Kubes can switch them automatically so you won't have to remember. More details in [Auto Context Docs]({% link _docs/misc/auto-context.md %}).
|
@@ -11,10 +11,12 @@ We'll create a namespace for the app resources:
|
|
11
11
|
.kubes/resources/shared/namespace.rb
|
12
12
|
|
13
13
|
```ruby
|
14
|
-
name "demo"
|
14
|
+
name "demo-#{Kubes.env}"
|
15
15
|
labels(app: "demo")
|
16
16
|
```
|
17
17
|
|
18
|
+
Notice, the `#{Kubes.env}`. Kubes adds the env to the namespace by default. You can change this with the `init --namespace` option.
|
19
|
+
|
18
20
|
## Deployment
|
19
21
|
|
20
22
|
The `web/deployment.rb` file is a little more interesting:
|
@@ -39,7 +41,7 @@ Also let's check the files in the base folder.
|
|
39
41
|
.kubes/resources/base/all.rb
|
40
42
|
|
41
43
|
```ruby
|
42
|
-
namespace "
|
44
|
+
namespace "demo-#{Kubes.env}"
|
43
45
|
labels(app: "demo")
|
44
46
|
```
|
45
47
|
|
@@ -14,11 +14,13 @@ We'll create a namespace for the app resources:
|
|
14
14
|
apiVersion: v1
|
15
15
|
kind: Namespace
|
16
16
|
metadata:
|
17
|
-
name: demo
|
17
|
+
name: demo-<%= Kubes.env %>
|
18
18
|
labels:
|
19
19
|
app: demo
|
20
20
|
```
|
21
21
|
|
22
|
+
Notice, the `<%= Kubes.env %>`. Kubes adds the env to the namespace by default. You can change this with the `init --namespace` option.
|
23
|
+
|
22
24
|
## Deployment
|
23
25
|
|
24
26
|
The `web/deployment.yaml` file is a little more interesting:
|
@@ -57,7 +59,7 @@ Also let's check the files in the base folder.
|
|
57
59
|
|
58
60
|
```yaml
|
59
61
|
metadata:
|
60
|
-
namespace: demo
|
62
|
+
namespace: demo-<%= Kubes.env %>
|
61
63
|
```
|
62
64
|
|
63
65
|
.kubes/resources/base/deployment.yaml
|
data/docs/_docs/patterns.md
CHANGED
@@ -4,4 +4,7 @@ title: Patterns
|
|
4
4
|
|
5
5
|
We'll cover some common deployment patterns here:
|
6
6
|
|
7
|
-
|
7
|
+
{% assign docs = site.docs | where: "categories","patterns" %}
|
8
|
+
{% for doc in docs -%}
|
9
|
+
* [{{ doc.title }}]({{ doc.url }})
|
10
|
+
{% endfor %}
|
@@ -0,0 +1,123 @@
|
|
1
|
+
---
|
2
|
+
title: Database Migrations
|
3
|
+
nav_text: Database Migrations
|
4
|
+
categories: patterns
|
5
|
+
---
|
6
|
+
|
7
|
+
A common task is to run database migrations. You can use Kubes hooks to achieve this as part of the `kubes deploy` process.
|
8
|
+
|
9
|
+
1. Create Migrate Job YAML
|
10
|
+
2. Set up Kubes Hooks
|
11
|
+
|
12
|
+
## 1. Create Migrate Job YAML
|
13
|
+
|
14
|
+
First, let's create the migrate job YAML. Here's a starter example:
|
15
|
+
|
16
|
+
.kubes/resources/migrate/job.yaml
|
17
|
+
|
18
|
+
```yaml
|
19
|
+
apiVersion: batch/v1
|
20
|
+
kind: Job
|
21
|
+
metadata:
|
22
|
+
name: migrate
|
23
|
+
spec:
|
24
|
+
template:
|
25
|
+
spec:
|
26
|
+
containers:
|
27
|
+
- name: migrate
|
28
|
+
image: <%= built_image %>
|
29
|
+
command: ["bin/job/migrate.sh"]
|
30
|
+
restartPolicy: Never
|
31
|
+
backoffLimit: 4
|
32
|
+
```
|
33
|
+
|
34
|
+
The Kubernetes job calls a `job/migrate.sh` script. Something like this:
|
35
|
+
|
36
|
+
bin/job/migrate.sh
|
37
|
+
|
38
|
+
#!/bin/bash
|
39
|
+
rails db:migrate
|
40
|
+
|
41
|
+
## 2. Set up Kubes Hooks
|
42
|
+
|
43
|
+
Set up the [kubes hooks]({% link _docs/config/hooks/kubectl.md %}) to help the migrate job run properly.
|
44
|
+
|
45
|
+
.kubes/config/hooks/kubectl.rb
|
46
|
+
|
47
|
+
```ruby
|
48
|
+
before("apply",
|
49
|
+
on: "migrate/job",
|
50
|
+
execute: "bin/hooks/migrate/delete.sh",
|
51
|
+
exit_on_fail: false,
|
52
|
+
)
|
53
|
+
|
54
|
+
after("apply",
|
55
|
+
on: "migrate/job",
|
56
|
+
execute: "bin/hooks/migrate/wait.sh",
|
57
|
+
)
|
58
|
+
```
|
59
|
+
|
60
|
+
Here's what the `bin/hook/migrate` scripts could look like:
|
61
|
+
|
62
|
+
bin/hooks/migrate/delete.sh
|
63
|
+
|
64
|
+
#!/bin/bash
|
65
|
+
kubectl delete job/migrate
|
66
|
+
|
67
|
+
bin/hooks/migrate/wait.sh
|
68
|
+
|
69
|
+
#!/bin/bash
|
70
|
+
kubectl wait --for=condition=Complete job/migrate --timeout=300s
|
71
|
+
|
72
|
+
The `migrate/delete.sh` script first cleans up old migrate jobs that may have been previously created.
|
73
|
+
|
74
|
+
The `migrate/wait.sh` script waits until the migration job finishes before continuing. Note, the default timeout is 30s, which may not be long enough for your migrations to finish, so we set it to 300s. The `kubectl wait` only returns if the migrate job finishes successfully. If the job fails after it exhausts all its retries, default 6, then you'll see an error like this:
|
75
|
+
|
76
|
+
+ kubectl wait --for=condition=Complete job/migrate --timeout=30s
|
77
|
+
error: timed out waiting for the condition on jobs/migrate
|
78
|
+
ERROR: running bin/hooks/migrate.sh
|
79
|
+
|
80
|
+
There is also an [migration-example](https://github.com/boltops-tools/kubes-examples/tree/master/yaml/migration-example) repo with a smarter version of the wait script.
|
81
|
+
|
82
|
+
## Example Deploy
|
83
|
+
|
84
|
+
Once that is set up, a `kubes deploy` will automatically run migrations. Here's an example deploy:
|
85
|
+
|
86
|
+
$ kubes deploy
|
87
|
+
=> kubectl apply -f .kubes/output/shared/namespace.yaml
|
88
|
+
=> bin/hooks/migrate/delete.sh
|
89
|
+
job.batch "migrate" deleted
|
90
|
+
=> kubectl apply -f .kubes/output/migrate/job.yaml
|
91
|
+
job.batch/migrate created
|
92
|
+
Running hook: after apply on: migrate/job
|
93
|
+
=> bin/hooks/migrate/wait.sh
|
94
|
+
Sun Oct 11 03:22:35 UTC 2020
|
95
|
+
Migration complete
|
96
|
+
=> kubectl apply -f .kubes/output/web/service.yaml
|
97
|
+
service/web unchanged
|
98
|
+
=> kubectl apply -f .kubes/output/web/deployment.yaml
|
99
|
+
deployment.apps/web configured
|
100
|
+
$
|
101
|
+
|
102
|
+
## To Couple or Not to Couple?
|
103
|
+
|
104
|
+
While some companies prefer running the migration step as a part of the app deploy, some prefer to separate it out as a discrete step. Usually, the separate step is still called as part of a pipeline.
|
105
|
+
|
106
|
+
In practice, the decision usually comes down to:
|
107
|
+
|
108
|
+
* The size of your database. If your database is large and the migrations take a long time to run. It makes sense to separate it out.
|
109
|
+
* The risk tolerance of database migration operations. If it's quite risky to run DB migrations, you may want to separate it as discrete step so a human can review it.
|
110
|
+
|
111
|
+
For small apps and databases, it's often pragmatic to just run everything in a single step for simplicity.
|
112
|
+
|
113
|
+
## Migration as Separate Step
|
114
|
+
|
115
|
+
If you would like it to run it as a discrete step, remove the hook in `.kubes/config/hooks/kubectl.rb`, and run it as a separate script like so:
|
116
|
+
|
117
|
+
bin/run/migrate.sh
|
118
|
+
|
119
|
+
#!/bin/bash
|
120
|
+
kubes compile
|
121
|
+
bin/hooks/migrate/delete.sh
|
122
|
+
bin/job/migrate.sh
|
123
|
+
bin/hooks/migrate/wait.sh
|
@@ -0,0 +1,82 @@
|
|
1
|
+
---
|
2
|
+
title: Secrets
|
3
|
+
nav_text: Secrets
|
4
|
+
categories: patterns
|
5
|
+
---
|
6
|
+
|
7
|
+
A Google Secrets helper is currently supported.
|
8
|
+
|
9
|
+
## Set Up Kubes Hook
|
10
|
+
|
11
|
+
Set up a [Kubes hook]({% link _docs/config/hooks/kubes.md %}).
|
12
|
+
|
13
|
+
.kubes/config/hooks/kubes.rb
|
14
|
+
|
15
|
+
```ruby
|
16
|
+
before("compile",
|
17
|
+
execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
|
18
|
+
)
|
19
|
+
```
|
20
|
+
|
21
|
+
Then set the secrets in the YAML:
|
22
|
+
|
23
|
+
.kubes/resources/shared/secret.yaml
|
24
|
+
|
25
|
+
```yaml
|
26
|
+
apiVersion: v1
|
27
|
+
kind: Secret
|
28
|
+
metadata:
|
29
|
+
name: demo
|
30
|
+
labels:
|
31
|
+
app: demo
|
32
|
+
data:
|
33
|
+
<% KubesGoogle::Secrets.data.each do |k,v| -%>
|
34
|
+
<%= k %>: <%= base64(v) %>
|
35
|
+
<% end -%>
|
36
|
+
```
|
37
|
+
|
38
|
+
This results in Google secrets with the prefix the `demo-dev-` being added to the Kubernetes secret data. The values are base64 encoded.
|
39
|
+
|
40
|
+
For example if you have these secret values:
|
41
|
+
|
42
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_user
|
43
|
+
test1
|
44
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_pass
|
45
|
+
test2
|
46
|
+
$
|
47
|
+
|
48
|
+
The compiled secrets.yaml looks like this:
|
49
|
+
|
50
|
+
.kubes/output/shared/secret.yaml
|
51
|
+
|
52
|
+
```yaml
|
53
|
+
metadata:
|
54
|
+
namespace: demo
|
55
|
+
name: demo-2a78a13682
|
56
|
+
labels:
|
57
|
+
app: demo
|
58
|
+
apiVersion: v1
|
59
|
+
kind: Secret
|
60
|
+
data:
|
61
|
+
db_pass: dGVzdDEK
|
62
|
+
db_user: dGVzdDIK
|
63
|
+
```
|
64
|
+
|
65
|
+
These environment variables can be set:
|
66
|
+
|
67
|
+
Name | Description
|
68
|
+
---|---
|
69
|
+
GCP_SECRET_PREFIX | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`.
|
70
|
+
GOOGLE_PROJECT | Google project id.
|
71
|
+
|
72
|
+
Secrets#initialize options:
|
73
|
+
|
74
|
+
Variable | Description | Default
|
75
|
+
---|---|---
|
76
|
+
base64 | Automatically base64 encode the values. | false
|
77
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
78
|
+
prefix | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`. Can also be set with the `GCP_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
79
|
+
|
80
|
+
Note, Kubernetes secrets are only base64 encoded. So users who have access to read Kubernetes secrets will be able to decode and get the value trivially. Depending on your security posture requirements, this may or may not suffice.
|
81
|
+
|
82
|
+
The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library. For more details, check out its README.
|
@@ -0,0 +1,20 @@
|
|
1
|
+
## General Form
|
2
|
+
|
3
|
+
```ruby
|
4
|
+
before(COMMAND_NAME, OPTIONS)
|
5
|
+
````
|
6
|
+
|
7
|
+
The command name corresponds to the `{{ include.command }}` commands: apply, delete, etc.
|
8
|
+
|
9
|
+
## Hook Options
|
10
|
+
|
11
|
+
Name | Description
|
12
|
+
---|---
|
13
|
+
label | A human-friendly label so you can see what hooks is being run.
|
14
|
+
execute | The script or command to run. IE: path/to/some/script.sh
|
15
|
+
exit_on_fail | Whether or not to continue process if the script returns an failed exit code.
|
16
|
+
{% if include.command == "kubectl" %}on | What resource to run the hook on. IE: shared/namespace, web/deployment, web/service. Note: This option is only used by kubectl hooks.{% endif %}
|
17
|
+
|
18
|
+
## Ruby Hooks
|
19
|
+
|
20
|
+
Instead of using a script for the hook `execute` option, you can also use a Ruby object. This provides some more control over the current process. See: [Ruby Hooks]({% link _docs/config/hooks/ruby.md %})
|
@@ -27,7 +27,7 @@ To explain the layering, here's the general processing order that Kubes takes.
|
|
27
27
|
|
28
28
|
Note, both YAML and DSL forms support layering.
|
29
29
|
|
30
|
-
Layering only combines resources definitions with the same form. For example, `base/all.rb` will not be combined with `web/deployment.yaml`.
|
30
|
+
Layering only combines resources definitions with the same form. For example, the DSL form `base/all.rb` will not be combined with YAML form `web/deployment.yaml`.
|
31
31
|
|
32
32
|
## Full Layering
|
33
33
|
|
data/docs/_includes/sidebar.html
CHANGED
@@ -53,18 +53,37 @@
|
|
53
53
|
</li>
|
54
54
|
<li><a href="{% link _docs/config.md %}">Config</a>
|
55
55
|
<ul>
|
56
|
-
<li><a href="{% link _docs/config/
|
57
|
-
<li><a href="{% link _docs/config/env.md %}">Env</a></li>
|
58
|
-
<li><a href="{% link _docs/config/kubectl.md %}">Kubectl</a>
|
56
|
+
<li><a href="{% link _docs/config/args.md %}">Args</a>
|
59
57
|
<ul>
|
60
|
-
|
61
|
-
|
58
|
+
{% assign docs = site.docs | where: "categories","args" %}
|
59
|
+
{% for doc in docs -%}
|
60
|
+
<li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
|
61
|
+
{% endfor %}
|
62
62
|
</ul>
|
63
63
|
</li>
|
64
|
+
<li><a href="{% link _docs/config/hooks.md %}">Hooks</a>
|
65
|
+
<ul>
|
66
|
+
{% assign docs = site.docs | where: "categories","hooks" %}
|
67
|
+
{% for doc in docs -%}
|
68
|
+
<li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
|
69
|
+
{% endfor %}
|
70
|
+
</ul>
|
71
|
+
</li>
|
72
|
+
<li><a href="{% link _docs/config/docker.md %}">Docker</a></li>
|
73
|
+
<li><a href="{% link _docs/config/env.md %}">Env</a></li>
|
64
74
|
<li><a href="{% link _docs/config/builder.md %}">Builder</a></li>
|
75
|
+
<li><a href="{% link _docs/config/skip.md %}">Skip Option</a></li>
|
76
|
+
<li><a href="{% link _docs/config/reference.md %}">Reference</a></li>
|
65
77
|
</ul>
|
66
78
|
</li>
|
67
79
|
<li><a href="{% link _docs/yaml.md %}">YAML</a></li>
|
80
|
+
<li><a href="{% link _docs/layering.md %}">Layering</a>
|
81
|
+
<ul>
|
82
|
+
<li><a href="{% link _docs/layering/yaml.md %}">YAML</a></li>
|
83
|
+
<li><a href="{% link _docs/layering/dsl.md %}">DSL</a></li>
|
84
|
+
<li><a href="{% link _docs/layering/merge.md %}">Merge Behavior</a></li>
|
85
|
+
</ul>
|
86
|
+
</li>
|
68
87
|
<li><a href="{% link _docs/dsl.md %}">DSL</a>
|
69
88
|
<ul>
|
70
89
|
<li><a href="{% link _docs/dsl/resources.md %}">Resources</a>
|
@@ -78,17 +97,13 @@
|
|
78
97
|
<li><a href="{% link _docs/dsl/multiple-resources.md %}">Multiple Resources</a>
|
79
98
|
</ul>
|
80
99
|
</li>
|
81
|
-
<li><a href="{% link _docs/layering.md %}">Layering</a>
|
82
|
-
<ul>
|
83
|
-
<li><a href="{% link _docs/layering/yaml.md %}">YAML</a></li>
|
84
|
-
<li><a href="{% link _docs/layering/dsl.md %}">DSL</a></li>
|
85
|
-
<li><a href="{% link _docs/layering/merge.md %}">Merge Behavior</a></li>
|
86
|
-
</ul>
|
87
|
-
</li>
|
88
100
|
<li><a href="{% link _docs/helpers.md %}">Helpers</a></li>
|
89
101
|
<li><a href="{% link _docs/patterns.md %}">Patterns</a>
|
90
102
|
<ul>
|
91
|
-
|
103
|
+
{% assign docs = site.docs | where: "categories","patterns" %}
|
104
|
+
{% for doc in docs -%}
|
105
|
+
<li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
|
106
|
+
{% endfor %}
|
92
107
|
</ul>
|
93
108
|
</li>
|
94
109
|
<li><a href="{% link _docs/extra-env.md %}">Extra Env</a>
|