kubes 0.4.1 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/docs/_docs/config/hooks/ruby.md +4 -2
- data/docs/_docs/helpers.md +3 -2
- data/docs/_docs/patterns.md +4 -1
- data/docs/_docs/patterns/clock-web-worker.md +2 -0
- data/docs/_docs/patterns/migrations.md +2 -0
- data/docs/_docs/patterns/secrets.md +82 -0
- data/docs/_includes/sidebar.html +4 -2
- data/lib/kubes/compiler/shared/helpers.rb +7 -2
- data/lib/kubes/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 70ab0b9bdb58186064b2ba54324059ec1944811a021f158a30f219cbd4a19711
|
4
|
+
data.tar.gz: cdccd15d027f75f1c439d1facff1ed9d0b2ef58b4600b289d6f9d7e8e63917cb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 23c2dddfd2608971f2d59a52f2df79cd23355e98ab1f3de1aa6611e94ea19c75d54dd744892148bbb27a0e6610fe1a952895fa0a9571cead2ef729c072f15821
|
7
|
+
data.tar.gz: b088738e2a3fa44157f2c340508ff1d87634550ebe63608c4b7a9c4241dd385019af03c132400381db4f4ea36057526afb832e1101860b745a8670b130b7ffa2
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,9 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.4.2]
|
7
|
+
- #28 base64 helper
|
8
|
+
|
6
9
|
## [0.4.1]
|
7
10
|
- kubes init: default namespace now includes Kubes.env
|
8
11
|
- fix kubes deploy: compile it gets called once and output folder kept
|
@@ -18,7 +18,7 @@ When the Ruby object is a class with an instance method `call`, Kubes creates a
|
|
18
18
|
```ruby
|
19
19
|
class EnvExporter
|
20
20
|
def call
|
21
|
-
ENV['SECRET_FOO'] = Base64.
|
21
|
+
ENV['SECRET_FOO'] = Base64.strict_encode64("hi").strip
|
22
22
|
end
|
23
23
|
end
|
24
24
|
|
@@ -49,6 +49,8 @@ data:
|
|
49
49
|
foo: <%= ENV['SECRET_FOO'] %>
|
50
50
|
```
|
51
51
|
|
52
|
+
Note, the example above is used to explain how Ruby can be used as the execute option. For secrets, kubes supports secrets with some helpers. See: [Secrets Pattern Docs]({% link _docs/patterns/secrets.md %})
|
53
|
+
|
52
54
|
## Ruby Object
|
53
55
|
|
54
56
|
When the Ruby object, Kubes expects it to have a `call` method and will run it. Example:
|
@@ -57,7 +59,7 @@ When the Ruby object, Kubes expects it to have a `call` method and will run it.
|
|
57
59
|
|
58
60
|
```ruby
|
59
61
|
before("compile",
|
60
|
-
execute: lambda { ENV['SECRET_FOO'] = Base64.
|
62
|
+
execute: lambda { ENV['SECRET_FOO'] = Base64.strict_encode64("hi2").strip }
|
61
63
|
)
|
62
64
|
```
|
63
65
|
|
data/docs/_docs/helpers.md
CHANGED
@@ -7,12 +7,13 @@ Kubes provides some helper methods to help write Kubernetes YAML files. Here's
|
|
7
7
|
Helper | Description
|
8
8
|
--- | ---
|
9
9
|
built_image | Method refers to the latest Docker image built by Kubes. This spares you from having to update the image manually in the deployment resource.
|
10
|
+
decode64 | Basey64d decode a string.
|
10
11
|
dockerfile_port | Exposed port extracted from the Dockerfile of the project.
|
12
|
+
encode64 | Basey64 encode a string. Also available as `base64` method.
|
11
13
|
extra | The `KUBES_EXTRA` value.
|
12
14
|
with_extra | Appends the `KUBES_EXTRA` value to a string if it's set. It's covered in the [Extra Env Docs]({% link _docs/extra-env.md %}).
|
13
15
|
|
14
|
-
Here's also the source code with the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb).
|
15
|
-
|
16
|
+
Here's also the source code with most of the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb).
|
16
17
|
|
17
18
|
## DSL Specific Methods
|
18
19
|
|
data/docs/_docs/patterns.md
CHANGED
@@ -4,4 +4,7 @@ title: Patterns
|
|
4
4
|
|
5
5
|
We'll cover some common deployment patterns here:
|
6
6
|
|
7
|
-
|
7
|
+
{% assign docs = site.docs | where: "categories","patterns" %}
|
8
|
+
{% for doc in docs -%}
|
9
|
+
* [{{ doc.title }}]({{ doc.url }})
|
10
|
+
{% endfor %}
|
@@ -0,0 +1,82 @@
|
|
1
|
+
---
|
2
|
+
title: Secrets
|
3
|
+
nav_text: Secrets
|
4
|
+
categories: patterns
|
5
|
+
---
|
6
|
+
|
7
|
+
A Google Secrets helper is currently supported.
|
8
|
+
|
9
|
+
## Set Up Kubes Hook
|
10
|
+
|
11
|
+
Set up a [Kubes hook]({% link _docs/config/hooks/kubes.md %}).
|
12
|
+
|
13
|
+
.kubes/config/hooks/kubes.rb
|
14
|
+
|
15
|
+
```ruby
|
16
|
+
before("compile",
|
17
|
+
execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
|
18
|
+
)
|
19
|
+
```
|
20
|
+
|
21
|
+
Then set the secrets in the YAML:
|
22
|
+
|
23
|
+
.kubes/resources/shared/secret.yaml
|
24
|
+
|
25
|
+
```yaml
|
26
|
+
apiVersion: v1
|
27
|
+
kind: Secret
|
28
|
+
metadata:
|
29
|
+
name: demo
|
30
|
+
labels:
|
31
|
+
app: demo
|
32
|
+
data:
|
33
|
+
<% KubesGoogle::Secrets.data.each do |k,v| -%>
|
34
|
+
<%= k %>: <%= base64(v) %>
|
35
|
+
<% end -%>
|
36
|
+
```
|
37
|
+
|
38
|
+
This results in Google secrets with the prefix the `demo-dev-` being added to the Kubernetes secret data. The values are base64 encoded.
|
39
|
+
|
40
|
+
For example if you have these secret values:
|
41
|
+
|
42
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_user
|
43
|
+
test1
|
44
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_pass
|
45
|
+
test2
|
46
|
+
$
|
47
|
+
|
48
|
+
The compiled secrets.yaml looks like this:
|
49
|
+
|
50
|
+
.kubes/output/shared/secret.yaml
|
51
|
+
|
52
|
+
```yaml
|
53
|
+
metadata:
|
54
|
+
namespace: demo
|
55
|
+
name: demo-2a78a13682
|
56
|
+
labels:
|
57
|
+
app: demo
|
58
|
+
apiVersion: v1
|
59
|
+
kind: Secret
|
60
|
+
data:
|
61
|
+
db_pass: dGVzdDEK
|
62
|
+
db_user: dGVzdDIK
|
63
|
+
```
|
64
|
+
|
65
|
+
These environment variables can be set:
|
66
|
+
|
67
|
+
Name | Description
|
68
|
+
---|---
|
69
|
+
GCP_SECRET_PREFIX | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`.
|
70
|
+
GOOGLE_PROJECT | Google project id.
|
71
|
+
|
72
|
+
Secrets#initialize options:
|
73
|
+
|
74
|
+
Variable | Description | Default
|
75
|
+
---|---|---
|
76
|
+
base64 | Automatically base64 encode the values. | false
|
77
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
78
|
+
prefix | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`. Can also be set with the `GCP_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
79
|
+
|
80
|
+
Note, Kubernetes secrets are only base64 encoded. So users who have access to read Kubernetes secrets will be able to decode and get the value trivially. Depending on your security posture requirements, this may or may not suffice.
|
81
|
+
|
82
|
+
The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library. For more details, check out its README.
|
data/docs/_includes/sidebar.html
CHANGED
@@ -100,8 +100,10 @@
|
|
100
100
|
<li><a href="{% link _docs/helpers.md %}">Helpers</a></li>
|
101
101
|
<li><a href="{% link _docs/patterns.md %}">Patterns</a>
|
102
102
|
<ul>
|
103
|
-
|
104
|
-
|
103
|
+
{% assign docs = site.docs | where: "categories","patterns" %}
|
104
|
+
{% for doc in docs -%}
|
105
|
+
<li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
|
106
|
+
{% endfor %}
|
105
107
|
</ul>
|
106
108
|
</li>
|
107
109
|
<li><a href="{% link _docs/extra-env.md %}">Extra Env</a>
|
@@ -24,8 +24,13 @@ module Kubes::Compiler::Shared
|
|
24
24
|
extra&.strip&.empty? ? nil : extra # if blank string then also return nil
|
25
25
|
end
|
26
26
|
|
27
|
-
def
|
28
|
-
Base64.
|
27
|
+
def encode64(v)
|
28
|
+
Base64.strict_encode64(v).strip
|
29
|
+
end
|
30
|
+
alias_method :base64, :encode64
|
31
|
+
|
32
|
+
def decode64(v)
|
33
|
+
Base64.strict_decode64(v)
|
29
34
|
end
|
30
35
|
end
|
31
36
|
end
|
data/lib/kubes/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kubes
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-10-
|
11
|
+
date: 2020-10-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -323,6 +323,7 @@ files:
|
|
323
323
|
- docs/_docs/patterns.md
|
324
324
|
- docs/_docs/patterns/clock-web-worker.md
|
325
325
|
- docs/_docs/patterns/migrations.md
|
326
|
+
- docs/_docs/patterns/secrets.md
|
326
327
|
- docs/_docs/resources.md
|
327
328
|
- docs/_docs/resources/base.md
|
328
329
|
- docs/_docs/resources/role.md
|