kubes 0.4.1 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/docs/_docs/config/hooks/ruby.md +4 -2
  4. data/docs/_docs/helpers.md +3 -2
  5. data/docs/_docs/patterns.md +4 -1
  6. data/docs/_docs/patterns/clock-web-worker.md +2 -0
  7. data/docs/_docs/patterns/migrations.md +2 -0
  8. data/docs/_docs/patterns/secrets.md +82 -0
  9. data/docs/_includes/sidebar.html +4 -2
  10. data/lib/kubes/compiler/shared/helpers.rb +7 -2
  11. data/lib/kubes/version.rb +1 -1
  12. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb9cf7b5db064114c31e2af08890c009831a4b68baf556052e672a71cf08f562
4
- data.tar.gz: 70bdcad829b4cee02f69b4cf36fbac8e41023445c407f484bc171e2a67d9bd99
3
+ metadata.gz: 70ab0b9bdb58186064b2ba54324059ec1944811a021f158a30f219cbd4a19711
4
+ data.tar.gz: cdccd15d027f75f1c439d1facff1ed9d0b2ef58b4600b289d6f9d7e8e63917cb
5
5
  SHA512:
6
- metadata.gz: '08dfce3916b92c0498915d0e7bf5d75608f111013eca67f5d9802f30250e0412c76afcd08f7ad2dd7d72ca413d13390a6d07b9d2c56b182fd0c04247ae1f9708'
7
- data.tar.gz: dd255951bb8421f80d666492cd1e03ac363364abb441c4ded7db33562cd6450f6f2f397230c84c20a24f9b98d72e00cd3463cfde8c2ed1e93875dcd2aaa5ec58
6
+ metadata.gz: 23c2dddfd2608971f2d59a52f2df79cd23355e98ab1f3de1aa6611e94ea19c75d54dd744892148bbb27a0e6610fe1a952895fa0a9571cead2ef729c072f15821
7
+ data.tar.gz: b088738e2a3fa44157f2c340508ff1d87634550ebe63608c4b7a9c4241dd385019af03c132400381db4f4ea36057526afb832e1101860b745a8670b130b7ffa2
data/CHANGELOG.md CHANGED
@@ -3,6 +3,9 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.4.2]
7
+ - #28 base64 helper
8
+
6
9
  ## [0.4.1]
7
10
  - kubes init: default namespace now includes Kubes.env
8
11
  - fix kubes deploy: compile it gets called once and output folder kept
data/docs/_docs/config/hooks/ruby.md CHANGED
@@ -18,7 +18,7 @@ When the Ruby object is a class with an instance method `call`, Kubes creates a
18
18
  ```ruby
19
19
  class EnvExporter
20
20
  def call
21
- ENV['SECRET_FOO'] = Base64.encode64("hi").strip
21
+ ENV['SECRET_FOO'] = Base64.strict_encode64("hi").strip
22
22
  end
23
23
  end
24
24
 
@@ -49,6 +49,8 @@ data:
49
49
  foo: <%= ENV['SECRET_FOO'] %>
50
50
  ```
51
51
 
52
+ Note, the example above is used to explain how Ruby can be used as the execute option. For secrets, kubes supports secrets with some helpers. See: [Secrets Pattern Docs]({% link _docs/patterns/secrets.md %})
53
+
52
54
  ## Ruby Object
53
55
 
54
56
  When the Ruby object, Kubes expects it to have a `call` method and will run it. Example:
@@ -57,7 +59,7 @@ When the Ruby object, Kubes expects it to have a `call` method and will run it.
57
59
 
58
60
  ```ruby
59
61
  before("compile",
60
- execute: lambda { ENV['SECRET_FOO'] = Base64.encode64("hi2").strip }
62
+ execute: lambda { ENV['SECRET_FOO'] = Base64.strict_encode64("hi2").strip }
61
63
  )
62
64
  ```
63
65
 
data/docs/_docs/helpers.md CHANGED
@@ -7,12 +7,13 @@ Kubes provides some helper methods to help write Kubernetes YAML files. Here's
7
7
  Helper | Description
8
8
  --- | ---
9
9
  built_image | Method refers to the latest Docker image built by Kubes. This spares you from having to update the image manually in the deployment resource.
10
+ decode64 | Basey64d decode a string.
10
11
  dockerfile_port | Exposed port extracted from the Dockerfile of the project.
12
+ encode64 | Basey64 encode a string. Also available as `base64` method.
11
13
  extra | The `KUBES_EXTRA` value.
12
14
  with_extra | Appends the `KUBES_EXTRA` value to a string if it's set. It's covered in the [Extra Env Docs]({% link _docs/extra-env.md %}).
13
15
 
14
- Here's also the source code with the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb).
15
-
16
+ Here's also the source code with most of the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb).
16
17
 
17
18
  ## DSL Specific Methods
18
19
 
data/docs/_docs/patterns.md CHANGED
@@ -4,4 +4,7 @@ title: Patterns
4
4
 
5
5
  We'll cover some common deployment patterns here:
6
6
 
7
- * [Clock Web Worker]({% link _docs/patterns/clock-web-worker.md %})
7
+ {% assign docs = site.docs | where: "categories","patterns" %}
8
+ {% for doc in docs -%}
9
+ * [{{ doc.title }}]({{ doc.url }})
10
+ {% endfor %}
data/docs/_docs/patterns/clock-web-worker.md CHANGED
@@ -1,5 +1,7 @@
1
1
  ---
2
2
  title: Clock Web Worker Pattern
3
+ nav_text: Clock Web Worker
4
+ categories: patterns
3
5
  ---
4
6
 
5
7
  A common pattern is to use the same code to run different types of processes like clock, web, worker. Kubes is flexible enough to support this pattern.
data/docs/_docs/patterns/migrations.md CHANGED
@@ -1,5 +1,7 @@
1
1
  ---
2
2
  title: Database Migrations
3
+ nav_text: Database Migrations
4
+ categories: patterns
3
5
  ---
4
6
 
5
7
  A common task is to run database migrations. You can use Kubes hooks to achieve this as part of the `kubes deploy` process.
data/docs/_docs/patterns/secrets.md ADDED
@@ -0,0 +1,82 @@
1
+ ---
2
+ title: Secrets
3
+ nav_text: Secrets
4
+ categories: patterns
5
+ ---
6
+
7
+ A Google Secrets helper is currently supported.
8
+
9
+ ## Set Up Kubes Hook
10
+
11
+ Set up a [Kubes hook]({% link _docs/config/hooks/kubes.md %}).
12
+
13
+ .kubes/config/hooks/kubes.rb
14
+
15
+ ```ruby
16
+ before("compile",
17
+ execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
18
+ )
19
+ ```
20
+
21
+ Then set the secrets in the YAML:
22
+
23
+ .kubes/resources/shared/secret.yaml
24
+
25
+ ```yaml
26
+ apiVersion: v1
27
+ kind: Secret
28
+ metadata:
29
+ name: demo
30
+ labels:
31
+ app: demo
32
+ data:
33
+ <% KubesGoogle::Secrets.data.each do |k,v| -%>
34
+ <%= k %>: <%= base64(v) %>
35
+ <% end -%>
36
+ ```
37
+
38
+ This results in Google secrets with the prefix the `demo-dev-` being added to the Kubernetes secret data. The values are base64 encoded.
39
+
40
+ For example if you have these secret values:
41
+
42
+ $ gcloud secrets versions access latest --secret demo-dev-db_user
43
+ test1
44
+ $ gcloud secrets versions access latest --secret demo-dev-db_pass
45
+ test2
46
+ $
47
+
48
+ The compiled secrets.yaml looks like this:
49
+
50
+ .kubes/output/shared/secret.yaml
51
+
52
+ ```yaml
53
+ metadata:
54
+ namespace: demo
55
+ name: demo-2a78a13682
56
+ labels:
57
+ app: demo
58
+ apiVersion: v1
59
+ kind: Secret
60
+ data:
61
+ db_pass: dGVzdDEK
62
+ db_user: dGVzdDIK
63
+ ```
64
+
65
+ These environment variables can be set:
66
+
67
+ Name | Description
68
+ ---|---
69
+ GCP_SECRET_PREFIX | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`.
70
+ GOOGLE_PROJECT | Google project id.
71
+
72
+ Secrets#initialize options:
73
+
74
+ Variable | Description | Default
75
+ ---|---|---
76
+ base64 | Automatically base64 encode the values. | false
77
+ upcase | Automatically upcase the Kubernetes secret data keys. | false
78
+ prefix | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`. Can also be set with the `GCP_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
79
+
80
+ Note, Kubernetes secrets are only base64 encoded. So users who have access to read Kubernetes secrets will be able to decode and get the value trivially. Depending on your security posture requirements, this may or may not suffice.
81
+
82
+ The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library. For more details, check out its README.
data/docs/_includes/sidebar.html CHANGED
@@ -100,8 +100,10 @@
100
100
  <li><a href="{% link _docs/helpers.md %}">Helpers</a></li>
101
101
  <li><a href="{% link _docs/patterns.md %}">Patterns</a>
102
102
  <ul>
103
- <li><a href="{% link _docs/patterns/migrations.md %}">Database Migrations</a></li>
104
- <li><a href="{% link _docs/patterns/clock-web-worker.md %}">Clock Web Worker</a></li>
103
+ {% assign docs = site.docs | where: "categories","patterns" %}
104
+ {% for doc in docs -%}
105
+ <li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
106
+ {% endfor %}
105
107
  </ul>
106
108
  </li>
107
109
  <li><a href="{% link _docs/extra-env.md %}">Extra Env</a>
data/lib/kubes/compiler/shared/helpers.rb CHANGED
@@ -24,8 +24,13 @@ module Kubes::Compiler::Shared
24
24
  extra&.strip&.empty? ? nil : extra # if blank string then also return nil
25
25
  end
26
26
 
27
- def base64(v)
28
- Base64.encode64(v).strip
27
+ def encode64(v)
28
+ Base64.strict_encode64(v).strip
29
+ end
30
+ alias_method :base64, :encode64
31
+
32
+ def decode64(v)
33
+ Base64.strict_decode64(v)
29
34
  end
30
35
  end
31
36
  end
data/lib/kubes/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Kubes
2
- VERSION = "0.4.1"
2
+ VERSION = "0.4.2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kubes
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-13 00:00:00.000000000 Z
11
+ date: 2020-10-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -323,6 +323,7 @@ files:
323
323
  - docs/_docs/patterns.md
324
324
  - docs/_docs/patterns/clock-web-worker.md
325
325
  - docs/_docs/patterns/migrations.md
326
+ - docs/_docs/patterns/secrets.md
326
327
  - docs/_docs/resources.md
327
328
  - docs/_docs/resources/base.md
328
329
  - docs/_docs/resources/role.md