kubes 0.4.6 → 0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -0
- data/README.md +54 -1
- data/docs/_docs/config/reference.md +1 -0
- data/docs/_docs/config/skip.md +1 -1
- data/docs/_docs/dsl/multiple-resources.md +3 -3
- data/docs/_docs/dsl/resources/job.md +62 -0
- data/docs/_docs/dsl/resources/secret.md +19 -2
- data/docs/_docs/extra-env/dsl.md +2 -2
- data/docs/_docs/extra-env/yaml.md +1 -1
- data/docs/_docs/generators.md +41 -0
- data/docs/_docs/helpers.md +17 -3
- data/docs/_docs/helpers/aws.md +1 -0
- data/docs/_docs/helpers/aws/advanced.md +10 -0
- data/docs/_docs/helpers/aws/advanced/secrets.md +131 -0
- data/docs/_docs/helpers/aws/advanced/ssm.md +78 -0
- data/docs/_docs/helpers/aws/secrets.md +18 -88
- data/docs/_docs/helpers/aws/ssm.md +20 -38
- data/docs/_docs/helpers/google.md +1 -1
- data/docs/_docs/helpers/google/advanced.md +10 -0
- data/docs/_docs/helpers/google/advanced/secrets.md +78 -0
- data/docs/_docs/helpers/google/secrets.md +18 -27
- data/docs/_docs/helpers/google/service-account.md +8 -0
- data/docs/_docs/intro.md +2 -9
- data/docs/_docs/intro/docker-image.md +66 -0
- data/docs/_docs/intro/how-kubes-works.md +7 -11
- data/docs/_docs/layering.md +2 -0
- data/docs/_docs/layering/merge.md +1 -1
- data/docs/_docs/layering/mix.md +99 -0
- data/docs/_docs/learn/dsl/delete.md +10 -2
- data/docs/_docs/learn/dsl/review-project.md +2 -2
- data/docs/_docs/learn/yaml/delete.md +10 -2
- data/docs/_docs/learn/yaml/review-project.md +2 -2
- data/docs/_docs/patterns/clock-web-worker.md +3 -3
- data/docs/_docs/patterns/migrations.md +1 -1
- data/docs/_docs/patterns/multiple-envs.md +55 -0
- data/docs/_docs/patterns/secrets.md +0 -2
- data/docs/_docs/variables.md +23 -0
- data/docs/_docs/variables/advanced.md +62 -0
- data/docs/_docs/variables/basic.md +137 -0
- data/docs/_docs/vs.md +10 -0
- data/docs/_docs/vs/custom.md +109 -0
- data/docs/_docs/vs/helm.md +243 -0
- data/docs/_docs/vs/kustomize.md +167 -0
- data/docs/_docs/yaml.md +2 -2
- data/docs/_includes/commands.html +2 -2
- data/docs/_includes/intro/features.md +11 -0
- data/docs/_includes/layering/layers.md +2 -4
- data/docs/_includes/sidebar.html +41 -0
- data/docs/_includes/vs/article.md +1 -0
- data/docs/_includes/vs/kubes/layering.md +10 -0
- data/docs/_includes/vs/kubes/structure.md +24 -0
- data/docs/_reference/kubes-delete.md +1 -1
- data/docs/_reference/kubes-exec.md +17 -1
- data/docs/_reference/kubes-init.md +2 -2
- data/docs/_reference/kubes-logs.md +2 -1
- data/docs/_reference/kubes-new-help.md +15 -0
- data/docs/_reference/kubes-new-helper.md +25 -0
- data/docs/_reference/kubes-new-resource.md +56 -0
- data/docs/_reference/kubes-new-variable.md +20 -0
- data/docs/_reference/kubes-new.md +26 -0
- data/docs/_reference/kubes-prune.md +22 -0
- data/docs/reference.md +2 -0
- data/kubes.gemspec +2 -2
- data/lib/kubes.rb +5 -3
- data/lib/kubes/auth.rb +4 -1
- data/lib/kubes/auth/base.rb +21 -0
- data/lib/kubes/auth/ecr.rb +1 -15
- data/lib/kubes/auth/gcr.rb +24 -0
- data/lib/kubes/cli.rb +9 -1
- data/lib/kubes/cli/build.rb +6 -0
- data/lib/kubes/cli/compile.rb +7 -0
- data/lib/kubes/cli/deploy.rb +1 -6
- data/lib/kubes/cli/exec.rb +5 -1
- data/lib/kubes/cli/help/exec.md +15 -0
- data/lib/kubes/cli/help/new/helper.md +4 -0
- data/lib/kubes/cli/help/new/resource.md +30 -0
- data/lib/kubes/cli/init.rb +1 -1
- data/lib/kubes/cli/new.rb +15 -0
- data/lib/kubes/cli/new/helper.rb +24 -0
- data/lib/kubes/cli/new/resource.rb +97 -0
- data/lib/kubes/cli/new/variable.rb +16 -0
- data/lib/kubes/cli/sequence.rb +1 -0
- data/lib/kubes/command.rb +7 -0
- data/lib/kubes/compiler.rb +19 -21
- data/lib/kubes/compiler/decorator/base.rb +1 -1
- data/lib/kubes/compiler/dsl/core/base.rb +6 -9
- data/lib/kubes/compiler/dsl/syntax/job.rb +217 -0
- data/lib/kubes/compiler/layering.rb +21 -7
- data/lib/kubes/compiler/shared/custom_variables.rb +38 -0
- data/lib/kubes/compiler/shared/helpers.rb +11 -2
- data/lib/kubes/compiler/shared/helpers/deprecated.rb +37 -0
- data/lib/kubes/compiler/shared/plugin_helpers.rb +14 -0
- data/lib/kubes/compiler/strategy.rb +7 -6
- data/lib/kubes/compiler/strategy/base.rb +59 -2
- data/lib/kubes/compiler/strategy/dsl.rb +0 -29
- data/lib/kubes/compiler/strategy/erb.rb +10 -22
- data/lib/kubes/compiler/util/normalize.rb +6 -3
- data/lib/kubes/compiler/util/yaml_dump.rb +4 -4
- data/lib/kubes/config.rb +1 -1
- data/lib/kubes/core.rb +6 -0
- data/lib/kubes/docker/strategy/image_name.rb +1 -1
- data/lib/kubes/kubectl.rb +5 -23
- data/lib/kubes/kubectl/batch.rb +27 -33
- data/lib/kubes/kubectl/ordering.rb +42 -0
- data/lib/kubes/plugin.rb +14 -0
- data/lib/kubes/util/sh.rb +1 -1
- data/lib/kubes/version.rb +1 -1
- data/lib/templates/base/.kubes/config.rb.tt +1 -1
- data/lib/templates/base/.kubes/config/env/dev.rb +1 -1
- data/lib/templates/base/.kubes/config/env/prod.rb +1 -1
- data/lib/templates/dsl/.kubes/resources/web/deployment.rb +1 -1
- data/lib/templates/new/helper/file.rb +2 -0
- data/lib/templates/new/resource/dsl/backend_config.rb +10 -0
- data/lib/templates/new/resource/dsl/config_map.rb +5 -0
- data/lib/templates/new/resource/dsl/daemon_set.rb +11 -0
- data/lib/templates/new/resource/dsl/deployment.rb +4 -0
- data/lib/templates/new/resource/dsl/ingress.rb +3 -0
- data/lib/templates/new/resource/dsl/job.rb +2 -0
- data/lib/templates/new/resource/dsl/managed_certificate.rb +2 -0
- data/lib/templates/new/resource/dsl/namespace.rb +2 -0
- data/lib/templates/new/resource/dsl/network_policy.rb +7 -0
- data/lib/templates/new/resource/dsl/pod.rb +6 -0
- data/lib/templates/new/resource/dsl/role.rb +4 -0
- data/lib/templates/new/resource/dsl/role_binding.rb +7 -0
- data/lib/templates/new/resource/dsl/secret.rb +5 -0
- data/lib/templates/new/resource/dsl/service.rb +2 -0
- data/lib/templates/new/resource/dsl/service_account.rb +1 -0
- data/lib/templates/new/resource/yaml/backend_config.yaml +10 -0
- data/lib/templates/new/resource/yaml/config_map.yaml +9 -0
- data/lib/templates/new/resource/yaml/daemon_set.yaml +11 -0
- data/lib/templates/new/resource/yaml/deployment.yaml +19 -0
- data/lib/templates/new/resource/yaml/ingress.yaml +12 -0
- data/lib/templates/new/resource/yaml/job.yaml +19 -0
- data/lib/templates/new/resource/yaml/managed_certificate.yaml +7 -0
- data/lib/templates/new/resource/yaml/namespace.yaml +6 -0
- data/lib/templates/new/resource/yaml/network_policy.yaml +20 -0
- data/lib/templates/new/resource/yaml/pod.yaml +11 -0
- data/lib/templates/new/resource/yaml/role.yaml +13 -0
- data/lib/templates/new/resource/yaml/role_binding.yaml +11 -0
- data/lib/templates/new/resource/yaml/secret.yaml +9 -0
- data/lib/templates/new/resource/yaml/service.yaml +14 -0
- data/lib/templates/new/resource/yaml/service_account.yaml +4 -0
- data/lib/templates/new/variable/file.rb +1 -0
- data/lib/templates/yaml/.kubes/resources/base/all.yaml.tt +2 -0
- data/lib/templates/yaml/.kubes/resources/web/deployment.yaml.tt +1 -1
- data/spec/fixtures/multiple-files/{deployment-1.rb → .kubes/resources/web/deployment-1.rb} +0 -0
- data/spec/fixtures/multiple-files/{deployment-2.rb → .kubes/resources/web/deployment-2.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{deployment.rb → web/deployment.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{foobar.rb → web/empty.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{service.rb → web/service.rb} +1 -1
- data/spec/fixtures/syntax/{network_policy.rb → .kubes/resources/web/network_policy.rb} +0 -0
- data/spec/fixtures/syntax/{pod.rb → .kubes/resources/web/pod.rb} +0 -0
- data/spec/kubes/cli/prune_spec.rb +1 -0
- data/spec/kubes/compiler/strategy/dsl_spec.rb +2 -2
- data/spec/kubes/compiler_spec.rb +6 -2
- data/spec/kubes/dsl/network_policy_spec.rb +1 -1
- data/spec/kubes/dsl/pod_spec.rb +1 -1
- metadata +97 -25
@@ -0,0 +1,78 @@
|
|
1
|
+
---
|
2
|
+
title: AWS SSM Parameters Advanced
|
3
|
+
nav_text: SSM
|
4
|
+
categories: advanced-helpers-aws
|
5
|
+
---
|
6
|
+
|
7
|
+
This covers an advanced way so that Kubernetes Secrets are created from AWS SSM Parameter Store in a conventional way.
|
8
|
+
|
9
|
+
For example if you have these secret values:
|
10
|
+
|
11
|
+
$ aws ssm get-parameter --name /demo/development/db_user --with-decryption | jq '.Parameter.Value'
|
12
|
+
user
|
13
|
+
$ aws ssm get-parameter --name /demo/development/db_pass --with-decryption | jq '.Parameter.Value'
|
14
|
+
pass
|
15
|
+
|
16
|
+
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
17
|
+
|
18
|
+
.kubes/config/hooks/kubes.rb
|
19
|
+
|
20
|
+
```ruby
|
21
|
+
ssm = KubesAws::SSM.new(upcase: true, prefix: "/demo/development/")
|
22
|
+
before("compile",
|
23
|
+
label: "Get secrets from AWS SSM Manager",
|
24
|
+
execute: ssm,
|
25
|
+
)
|
26
|
+
```
|
27
|
+
|
28
|
+
Then set the secrets in the YAML:
|
29
|
+
|
30
|
+
.kubes/resources/shared/secret.yaml
|
31
|
+
|
32
|
+
```yaml
|
33
|
+
apiVersion: v1
|
34
|
+
kind: Secret
|
35
|
+
metadata:
|
36
|
+
name: demo
|
37
|
+
labels:
|
38
|
+
app: demo
|
39
|
+
data:
|
40
|
+
<% KubesAws::SSM.data.each do |k,v| -%>
|
41
|
+
<%= k %>: <%= base64(v) %>
|
42
|
+
<% end -%>
|
43
|
+
```
|
44
|
+
|
45
|
+
This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data. The values are automatically base64 encoded. Produces:
|
46
|
+
|
47
|
+
.kubes/output/shared/secret.yaml
|
48
|
+
|
49
|
+
```yaml
|
50
|
+
metadata:
|
51
|
+
namespace: demo
|
52
|
+
name: demo-2a78a13682
|
53
|
+
labels:
|
54
|
+
app: demo
|
55
|
+
apiVersion: v1
|
56
|
+
kind: Secret
|
57
|
+
data:
|
58
|
+
db_pass: dGVzdDEK
|
59
|
+
db_user: dGVzdDIK
|
60
|
+
```
|
61
|
+
|
62
|
+
## Variables
|
63
|
+
|
64
|
+
These environment variables can be set:
|
65
|
+
|
66
|
+
Name | Description
|
67
|
+
---|---
|
68
|
+
AWS_SSM_PREFIX | Prefixed used to list and filter AWS SSM Parameters. IE: `demo/dev/`.
|
69
|
+
|
70
|
+
Secrets#initialize options:
|
71
|
+
|
72
|
+
Variable | Description | Default
|
73
|
+
---|---|---
|
74
|
+
base64 | Automatically base64 encode the values. | false
|
75
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
76
|
+
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
77
|
+
|
78
|
+
{% include helpers/base64.md %}
|
@@ -4,28 +4,9 @@ nav_text: Secrets
|
|
4
4
|
categories: helpers-aws
|
5
5
|
---
|
6
6
|
|
7
|
-
|
7
|
+
The `aws_secret` helper fetches secret data from AWS Secrets Manager.
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_user | jq '.SecretString'
|
12
|
-
user
|
13
|
-
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_pass | jq '.SecretString'
|
14
|
-
pass
|
15
|
-
|
16
|
-
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
17
|
-
|
18
|
-
.kubes/config/hooks/kubes.rb
|
19
|
-
|
20
|
-
```ruby
|
21
|
-
secrets = KubesAws::Secrets.new(upcase: true, prefix: "demo/dev/")
|
22
|
-
before("compile",
|
23
|
-
label: "Get secrets from AWS Secrets Manager",
|
24
|
-
execute: secrets,
|
25
|
-
)
|
26
|
-
```
|
27
|
-
|
28
|
-
Then set the secrets in the YAML:
|
9
|
+
## Example
|
29
10
|
|
30
11
|
.kubes/resources/shared/secret.yaml
|
31
12
|
|
@@ -37,12 +18,17 @@ metadata:
|
|
37
18
|
labels:
|
38
19
|
app: demo
|
39
20
|
data:
|
40
|
-
|
41
|
-
|
42
|
-
<% end -%>
|
21
|
+
PASS: <%= aws_secret("demo-#{Kubes.env}-PASS") %>
|
22
|
+
USER: <%= aws_secret("demo-#{Kubes.env}-USER") %>
|
43
23
|
```
|
44
24
|
|
45
|
-
|
25
|
+
For example if you have these secret values:
|
26
|
+
|
27
|
+
$ aws secretsmanager get-secret-value --secret-id demo-dev-PASS | jq '.SecretString'
|
28
|
+
test1
|
29
|
+
$ aws secretsmanager get-secret-value --secret-id demo-dev-USER | jq '.SecretString'
|
30
|
+
test2
|
31
|
+
$
|
46
32
|
|
47
33
|
.kubes/output/shared/secret.yaml
|
48
34
|
|
@@ -55,75 +41,19 @@ metadata:
|
|
55
41
|
apiVersion: v1
|
56
42
|
kind: Secret
|
57
43
|
data:
|
58
|
-
|
59
|
-
|
44
|
+
PASS: dGVzdDEK
|
45
|
+
USER: dGVzdDIK
|
60
46
|
```
|
61
47
|
|
62
|
-
|
48
|
+
The values are automatically base64 encoded.
|
63
49
|
|
64
|
-
|
50
|
+
## Base64 Option
|
65
51
|
|
66
|
-
|
67
|
-
{\"a\":1,\"b\":2}"
|
68
|
-
|
69
|
-
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
70
|
-
|
71
|
-
.kubes/config/hooks/kubes.rb
|
52
|
+
The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
|
72
53
|
|
73
54
|
```ruby
|
74
|
-
|
75
|
-
|
76
|
-
label: "Get secrets from AWS Secrets Manager",
|
77
|
-
execute: secrets,
|
78
|
-
)
|
55
|
+
aws_secret("demo-#{Kubes.env}-USER", base64: true) # default is base64=true
|
56
|
+
aws_secret("demo-#{Kubes.env}-PASS", base64: false)
|
79
57
|
```
|
80
58
|
|
81
|
-
Then set the secrets in the YAML:
|
82
|
-
|
83
|
-
.kubes/resources/shared/secret.yaml
|
84
|
-
|
85
|
-
```yaml
|
86
|
-
apiVersion: v1
|
87
|
-
kind: Secret
|
88
|
-
metadata:
|
89
|
-
name: demo
|
90
|
-
labels:
|
91
|
-
app: demo
|
92
|
-
data:
|
93
|
-
<% k2 = JSON.load(KubesAws::Secrets.data["k2"]) %>
|
94
|
-
a: <%= base64(k2["a"]) %>
|
95
|
-
b: <%= base64(k2["b"]) %>
|
96
|
-
```
|
97
|
-
|
98
|
-
Produces:
|
99
|
-
|
100
|
-
```yaml
|
101
|
-
metadata:
|
102
|
-
namespace: demo-dev
|
103
|
-
name: demo-a4cd604a95
|
104
|
-
labels:
|
105
|
-
app: demo
|
106
|
-
apiVersion: v1
|
107
|
-
kind: Secret
|
108
|
-
data:
|
109
|
-
a: MQ==
|
110
|
-
b: Mg==
|
111
|
-
```
|
112
|
-
|
113
|
-
## Variables
|
114
|
-
|
115
|
-
These environment variables can be set:
|
116
|
-
|
117
|
-
Name | Description
|
118
|
-
---|---
|
119
|
-
AWS_SECRET_PREFIX | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`.
|
120
|
-
|
121
|
-
Secrets#initialize options:
|
122
|
-
|
123
|
-
Variable | Description | Default
|
124
|
-
---|---|---
|
125
|
-
base64 | Automatically base64 encode the values. | false
|
126
|
-
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
127
|
-
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
128
|
-
|
129
59
|
{% include helpers/base64.md %}
|
@@ -4,26 +4,9 @@ nav_text: SSM
|
|
4
4
|
categories: helpers-aws
|
5
5
|
---
|
6
6
|
|
7
|
-
|
7
|
+
The `aws_ssm` helper fetches data from AWS SSM Parameter Store.
|
8
8
|
|
9
|
-
|
10
|
-
user
|
11
|
-
$ aws ssm get-parameter --name /demo/development/db_pass --with-decryption | jq '.Parameter.Value'
|
12
|
-
pass
|
13
|
-
|
14
|
-
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
15
|
-
|
16
|
-
.kubes/config/hooks/kubes.rb
|
17
|
-
|
18
|
-
```ruby
|
19
|
-
ssm = KubesAws::SSM.new(upcase: true, prefix: "/demo/development/")
|
20
|
-
before("compile",
|
21
|
-
label: "Get secrets from AWS SSM Manager",
|
22
|
-
execute: ssm,
|
23
|
-
)
|
24
|
-
```
|
25
|
-
|
26
|
-
Then set the secrets in the YAML:
|
9
|
+
## Example
|
27
10
|
|
28
11
|
.kubes/resources/shared/secret.yaml
|
29
12
|
|
@@ -35,12 +18,16 @@ metadata:
|
|
35
18
|
labels:
|
36
19
|
app: demo
|
37
20
|
data:
|
38
|
-
|
39
|
-
|
40
|
-
<% end -%>
|
21
|
+
PASS: <%= aws_ssm("/demo/#{Kubes.env}/PASS") %>
|
22
|
+
USER: <%= aws_ssm("/demo/#{Kubes.env}/USER") %>
|
41
23
|
```
|
42
24
|
|
43
|
-
|
25
|
+
For example if you have these ssm parameter values:
|
26
|
+
|
27
|
+
$ aws ssm get-parameter --name /demo/dev/PASS --with-decryption | jq '.Parameter.Value'
|
28
|
+
test1
|
29
|
+
$ aws ssm get-parameter --name /demo/dev/USER --with-decryption | jq '.Parameter.Value'
|
30
|
+
test2
|
44
31
|
|
45
32
|
.kubes/output/shared/secret.yaml
|
46
33
|
|
@@ -53,24 +40,19 @@ metadata:
|
|
53
40
|
apiVersion: v1
|
54
41
|
kind: Secret
|
55
42
|
data:
|
56
|
-
|
57
|
-
|
43
|
+
PASS: dGVzdDEK
|
44
|
+
USER: dGVzdDIK
|
58
45
|
```
|
59
46
|
|
60
|
-
|
61
|
-
|
62
|
-
These environment variables can be set:
|
47
|
+
The values are automatically base64 encoded.
|
63
48
|
|
64
|
-
|
65
|
-
---|---
|
66
|
-
AWS_SSM_PREFIX | Prefixed used to list and filter AWS SSM Parameters. IE: `demo/dev/`.
|
49
|
+
## Base64 Option
|
67
50
|
|
68
|
-
|
51
|
+
The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
|
69
52
|
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
53
|
+
```ruby
|
54
|
+
aws_ssm("/demo/#{Kubes.env}/USER", base64: true) # default is base64=true
|
55
|
+
aws_ssm("/demo/#{Kubes.env}/PASS", base64: false)
|
56
|
+
```
|
75
57
|
|
76
|
-
{% include helpers/base64.md %}
|
58
|
+
{% include helpers/base64.md %}
|
@@ -14,4 +14,4 @@ List of Google helpers:
|
|
14
14
|
* By default, `KubeGoogle.logger = Kubes.logger`. This means, you can set `logger.level = "debug"` in `.kubes/config.rb` to see more details.
|
15
15
|
* The `gcloud` cli is used to create IAM roles. So `gcloud` is required.
|
16
16
|
* Note: Would like to use the google sdk, but it wasn't obvious how to do so. PRs are welcomed.
|
17
|
-
|
17
|
+
* The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library.
|
@@ -0,0 +1,78 @@
|
|
1
|
+
---
|
2
|
+
title: Advanced Google Secrets
|
3
|
+
nav_text: Secrets
|
4
|
+
categories: advanced-helpers-google
|
5
|
+
---
|
6
|
+
|
7
|
+
This covers an advanced way so that Kubernetes Secrets are created from Google Secrets in a conventional way.
|
8
|
+
|
9
|
+
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
10
|
+
|
11
|
+
.kubes/config/hooks/kubes.rb
|
12
|
+
|
13
|
+
```ruby
|
14
|
+
before("compile",
|
15
|
+
execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
|
16
|
+
)
|
17
|
+
```
|
18
|
+
|
19
|
+
Then set the secrets in the YAML:
|
20
|
+
|
21
|
+
.kubes/resources/shared/secret.yaml
|
22
|
+
|
23
|
+
```yaml
|
24
|
+
apiVersion: v1
|
25
|
+
kind: Secret
|
26
|
+
metadata:
|
27
|
+
name: demo
|
28
|
+
labels:
|
29
|
+
app: demo
|
30
|
+
data:
|
31
|
+
<% KubesGoogle::Secrets.data.each do |k,v| -%>
|
32
|
+
<%= k %>: <%= base64(v) %>
|
33
|
+
<% end -%>
|
34
|
+
```
|
35
|
+
|
36
|
+
This results in Google secrets with the prefix the `demo-dev-` being added to the Kubernetes secret data. The values are automatically base64 encoded.
|
37
|
+
|
38
|
+
For example if you have these secret values:
|
39
|
+
|
40
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_user
|
41
|
+
test1
|
42
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_pass
|
43
|
+
test2
|
44
|
+
$
|
45
|
+
|
46
|
+
.kubes/output/shared/secret.yaml
|
47
|
+
|
48
|
+
```yaml
|
49
|
+
metadata:
|
50
|
+
namespace: demo
|
51
|
+
name: demo-2a78a13682
|
52
|
+
labels:
|
53
|
+
app: demo
|
54
|
+
apiVersion: v1
|
55
|
+
kind: Secret
|
56
|
+
data:
|
57
|
+
db_pass: dGVzdDEK
|
58
|
+
db_user: dGVzdDIK
|
59
|
+
```
|
60
|
+
|
61
|
+
## Variables
|
62
|
+
|
63
|
+
These environment variables can be set:
|
64
|
+
|
65
|
+
Name | Description
|
66
|
+
---|---
|
67
|
+
GCP_SECRET_PREFIX | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`.
|
68
|
+
GOOGLE_PROJECT | Google project id.
|
69
|
+
|
70
|
+
Secrets#initialize options:
|
71
|
+
|
72
|
+
Variable | Description | Default
|
73
|
+
---|---|---
|
74
|
+
base64 | Automatically base64 encode the values. | false
|
75
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
76
|
+
prefix | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`. Can also be set with the `GCP_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
77
|
+
|
78
|
+
{% include helpers/base64.md %}
|
@@ -4,17 +4,9 @@ nav_text: Secrets
|
|
4
4
|
categories: helpers-google
|
5
5
|
---
|
6
6
|
|
7
|
-
|
7
|
+
The `google_secret` helper fetches secret data from Google Secrets.
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
```ruby
|
12
|
-
before("compile",
|
13
|
-
execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
|
14
|
-
)
|
15
|
-
```
|
16
|
-
|
17
|
-
Then set the secrets in the YAML:
|
9
|
+
## Example
|
18
10
|
|
19
11
|
.kubes/resources/shared/secret.yaml
|
20
12
|
|
@@ -26,18 +18,17 @@ metadata:
|
|
26
18
|
labels:
|
27
19
|
app: demo
|
28
20
|
data:
|
29
|
-
|
30
|
-
|
31
|
-
<% end -%>
|
21
|
+
PASS: <%= google_secret("demo-#{Kubes.env}-PASS") %>
|
22
|
+
USER: <%= google_secret("demo-#{Kubes.env}-USER") %>
|
32
23
|
```
|
33
24
|
|
34
|
-
|
25
|
+
The values are automatically base64 encoded.
|
35
26
|
|
36
27
|
For example if you have these secret values:
|
37
28
|
|
38
|
-
$ gcloud secrets versions access latest --secret demo-dev-
|
29
|
+
$ gcloud secrets versions access latest --secret demo-dev-USER
|
39
30
|
test1
|
40
|
-
$ gcloud secrets versions access latest --secret demo-dev-
|
31
|
+
$ gcloud secrets versions access latest --secret demo-dev-PASS
|
41
32
|
test2
|
42
33
|
$
|
43
34
|
|
@@ -52,8 +43,8 @@ metadata:
|
|
52
43
|
apiVersion: v1
|
53
44
|
kind: Secret
|
54
45
|
data:
|
55
|
-
|
56
|
-
|
46
|
+
PASS: dGVzdDEK
|
47
|
+
USER: dGVzdDIK
|
57
48
|
```
|
58
49
|
|
59
50
|
## Variables
|
@@ -62,15 +53,15 @@ These environment variables can be set:
|
|
62
53
|
|
63
54
|
Name | Description
|
64
55
|
---|---
|
65
|
-
|
66
|
-
GOOGLE_PROJECT | Google project id.
|
56
|
+
GOOGLE_PROJECT | Google project id. This is required.
|
67
57
|
|
68
|
-
|
58
|
+
## Base64 Option
|
69
59
|
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
60
|
+
The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
|
61
|
+
|
62
|
+
```ruby
|
63
|
+
google_secret("demo-#{Kubes.env}-USER", base64: true) # default is base64=true
|
64
|
+
google_secret("demo-#{Kubes.env}-PASS", base64: false)
|
65
|
+
```
|
75
66
|
|
76
|
-
{% include helpers/base64.md %}
|
67
|
+
{% include helpers/base64.md %}
|