RubyGems - kubes - Versions diffs - 0.4.7 → 0.6.2 - Mend

kubes 0.4.7 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +28 -0
data/README.md +54 -8
data/docs/_docs/config/hooks/kubes.md +1 -0
data/docs/_docs/config/reference.md +1 -0
data/docs/_docs/config/skip.md +1 -1
data/docs/_docs/dsl/multiple-resources.md +6 -4
data/docs/_docs/dsl/resources/job.md +62 -0
data/docs/_docs/dsl/resources/secret.md +19 -2
data/docs/_docs/extra-env/dsl.md +2 -2
data/docs/_docs/extra-env/yaml.md +1 -1
data/docs/_docs/generators.md +41 -0
data/docs/_docs/helpers.md +17 -3
data/docs/_docs/helpers/aws/advanced.md +10 -0
data/docs/_docs/helpers/aws/advanced/secrets.md +131 -0
data/docs/_docs/helpers/aws/advanced/ssm.md +78 -0
data/docs/_docs/helpers/aws/secrets.md +18 -88
data/docs/_docs/helpers/aws/ssm.md +20 -38
data/docs/_docs/helpers/google/advanced.md +10 -0
data/docs/_docs/helpers/google/advanced/secrets.md +78 -0
data/docs/_docs/helpers/google/gke.md +33 -0
data/docs/_docs/helpers/google/secrets.md +18 -27
data/docs/_docs/helpers/google/service-account.md +8 -0
data/docs/_docs/intro.md +2 -9
data/docs/_docs/intro/docker-image.md +66 -0
data/docs/_docs/intro/how-kubes-works.md +7 -11
data/docs/_docs/layering.md +2 -0
data/docs/_docs/layering/merge.md +1 -1
data/docs/_docs/layering/mix.md +99 -0
data/docs/_docs/learn/dsl/delete.md +10 -2
data/docs/_docs/learn/dsl/review-project.md +2 -2
data/docs/_docs/learn/yaml/delete.md +10 -2
data/docs/_docs/learn/yaml/review-project.md +2 -2
data/docs/_docs/patterns/clock-web-worker.md +3 -3
data/docs/_docs/patterns/migrations.md +1 -1
data/docs/_docs/patterns/multiple-envs.md +55 -0
data/docs/_docs/variables.md +23 -0
data/docs/_docs/variables/advanced.md +62 -0
data/docs/_docs/variables/basic.md +137 -0
data/docs/_docs/vs.md +10 -0
data/docs/_docs/vs/custom.md +109 -0
data/docs/_docs/vs/helm.md +243 -0
data/docs/_docs/vs/kustomize.md +167 -0
data/docs/_docs/yaml.md +2 -2
data/docs/_includes/commands.html +2 -2
data/docs/_includes/intro/features.md +11 -0
data/docs/_includes/layering/layers.md +2 -4
data/docs/_includes/sidebar.html +41 -0
data/docs/_includes/vs/article.md +1 -0
data/docs/_includes/vs/kubes/layering.md +10 -0
data/docs/_includes/vs/kubes/structure.md +24 -0
data/docs/_reference/kubes-delete.md +1 -1
data/docs/_reference/kubes-exec.md +17 -1
data/docs/_reference/kubes-init.md +2 -2
data/docs/_reference/kubes-logs.md +2 -1
data/docs/_reference/kubes-new-help.md +15 -0
data/docs/_reference/kubes-new-helper.md +25 -0
data/docs/_reference/kubes-new-resource.md +56 -0
data/docs/_reference/kubes-new-variable.md +20 -0
data/docs/_reference/kubes-new.md +26 -0
data/docs/_reference/kubes-prune.md +22 -0
data/docs/reference.md +2 -0
data/kubes.gemspec +2 -2
data/lib/kubes.rb +5 -3
data/lib/kubes/auth.rb +4 -1
data/lib/kubes/auth/base.rb +21 -0
data/lib/kubes/auth/ecr.rb +1 -15
data/lib/kubes/auth/gcr.rb +24 -0
data/lib/kubes/cli.rb +9 -1
data/lib/kubes/cli/apply.rb +0 -1
data/lib/kubes/cli/build.rb +6 -0
data/lib/kubes/cli/compile.rb +7 -0
data/lib/kubes/cli/deploy.rb +1 -6
data/lib/kubes/cli/exec.rb +5 -1
data/lib/kubes/cli/help/exec.md +15 -0
data/lib/kubes/cli/help/new/helper.md +4 -0
data/lib/kubes/cli/help/new/resource.md +30 -0
data/lib/kubes/cli/init.rb +1 -1
data/lib/kubes/cli/new.rb +15 -0
data/lib/kubes/cli/new/helper.rb +24 -0
data/lib/kubes/cli/new/resource.rb +97 -0
data/lib/kubes/cli/new/variable.rb +16 -0
data/lib/kubes/cli/prune.rb +4 -2
data/lib/kubes/cli/sequence.rb +1 -0
data/lib/kubes/command.rb +7 -0
data/lib/kubes/compiler.rb +19 -21
data/lib/kubes/compiler/decorator/base.rb +1 -1
data/lib/kubes/compiler/dsl/core/base.rb +6 -9
data/lib/kubes/compiler/dsl/syntax/job.rb +217 -0
data/lib/kubes/compiler/layering.rb +21 -7
data/lib/kubes/compiler/shared/custom_variables.rb +38 -0
data/lib/kubes/compiler/shared/helpers.rb +11 -2
data/lib/kubes/compiler/shared/helpers/deprecated.rb +37 -0
data/lib/kubes/compiler/shared/plugin_helpers.rb +14 -0
data/lib/kubes/compiler/strategy.rb +7 -6
data/lib/kubes/compiler/strategy/base.rb +59 -2
data/lib/kubes/compiler/strategy/dsl.rb +0 -29
data/lib/kubes/compiler/strategy/erb.rb +10 -22
data/lib/kubes/compiler/util/normalize.rb +6 -3
data/lib/kubes/compiler/util/yaml_dump.rb +4 -4
data/lib/kubes/config.rb +14 -1
data/lib/kubes/core.rb +6 -0
data/lib/kubes/docker/strategy/image_name.rb +1 -1
data/lib/kubes/hooks/builder.rb +20 -4
data/lib/kubes/hooks/concern.rb +1 -1
data/lib/kubes/kubectl/batch.rb +7 -33
data/lib/kubes/kubectl/ordering.rb +42 -0
data/lib/kubes/plugin.rb +14 -0
data/lib/kubes/util/sh.rb +1 -1
data/lib/kubes/version.rb +1 -1
data/lib/templates/base/.kubes/config.rb.tt +1 -1
data/lib/templates/base/.kubes/config/env/dev.rb +1 -1
data/lib/templates/base/.kubes/config/env/prod.rb +1 -1
data/lib/templates/dsl/.kubes/resources/web/deployment.rb +1 -1
data/lib/templates/new/helper/file.rb +2 -0
data/lib/templates/new/resource/dsl/backend_config.rb +10 -0
data/lib/templates/new/resource/dsl/config_map.rb +5 -0
data/lib/templates/new/resource/dsl/daemon_set.rb +11 -0
data/lib/templates/new/resource/dsl/deployment.rb +4 -0
data/lib/templates/new/resource/dsl/ingress.rb +3 -0
data/lib/templates/new/resource/dsl/job.rb +2 -0
data/lib/templates/new/resource/dsl/managed_certificate.rb +2 -0
data/lib/templates/new/resource/dsl/namespace.rb +2 -0
data/lib/templates/new/resource/dsl/network_policy.rb +7 -0
data/lib/templates/new/resource/dsl/pod.rb +6 -0
data/lib/templates/new/resource/dsl/role.rb +4 -0
data/lib/templates/new/resource/dsl/role_binding.rb +7 -0
data/lib/templates/new/resource/dsl/secret.rb +5 -0
data/lib/templates/new/resource/dsl/service.rb +2 -0
data/lib/templates/new/resource/dsl/service_account.rb +1 -0
data/lib/templates/new/resource/yaml/backend_config.yaml +10 -0
data/lib/templates/new/resource/yaml/config_map.yaml +9 -0
data/lib/templates/new/resource/yaml/daemon_set.yaml +11 -0
data/lib/templates/new/resource/yaml/deployment.yaml +19 -0
data/lib/templates/new/resource/yaml/ingress.yaml +12 -0
data/lib/templates/new/resource/yaml/job.yaml +19 -0
data/lib/templates/new/resource/yaml/managed_certificate.yaml +7 -0
data/lib/templates/new/resource/yaml/namespace.yaml +6 -0
data/lib/templates/new/resource/yaml/network_policy.yaml +20 -0
data/lib/templates/new/resource/yaml/pod.yaml +11 -0
data/lib/templates/new/resource/yaml/role.yaml +13 -0
data/lib/templates/new/resource/yaml/role_binding.yaml +11 -0
data/lib/templates/new/resource/yaml/secret.yaml +9 -0
data/lib/templates/new/resource/yaml/service.yaml +14 -0
data/lib/templates/new/resource/yaml/service_account.yaml +4 -0
data/lib/templates/new/variable/file.rb +1 -0
data/lib/templates/yaml/.kubes/resources/base/all.yaml.tt +2 -0
data/lib/templates/yaml/.kubes/resources/web/deployment.yaml.tt +1 -1
data/spec/fixtures/multiple-files/{deployment-1.rb → .kubes/resources/web/deployment-1.rb} +0 -0
data/spec/fixtures/multiple-files/{deployment-2.rb → .kubes/resources/web/deployment-2.rb} +0 -0
data/spec/fixtures/project/.kubes/resources/{deployment.rb → web/deployment.rb} +0 -0
data/spec/fixtures/project/.kubes/resources/{foobar.rb → web/empty.rb} +0 -0
data/spec/fixtures/project/.kubes/resources/{service.rb → web/service.rb} +1 -1
data/spec/fixtures/syntax/{network_policy.rb → .kubes/resources/web/network_policy.rb} +0 -0
data/spec/fixtures/syntax/{pod.rb → .kubes/resources/web/pod.rb} +0 -0
data/spec/kubes/cli/prune_spec.rb +1 -0
data/spec/kubes/compiler/strategy/dsl_spec.rb +2 -2
data/spec/kubes/compiler_spec.rb +6 -2
data/spec/kubes/dsl/network_policy_spec.rb +1 -1
data/spec/kubes/dsl/pod_spec.rb +1 -1
metadata +98 -25

data/lib/kubes/hooks/concern.rb CHANGED

@@ -2,7 +2,7 @@ module Kubes::Hooks
   module Concern
     # options example: {:name=>"apply", :file=>".kubes/output/web/service.yaml"}
     def run_hooks(file, options={}, &block)
-      hooks = Kubes::Hooks::Builder.new("#{Kubes.root}/.kubes/config/hooks/#{file}", options)
+      hooks = Kubes::Hooks::Builder.new(file, options)
       hooks.build # build hooks
       hooks.run_hooks(&block)
     end

data/lib/kubes/kubectl/batch.rb CHANGED

@@ -22,10 +22,17 @@ class Kubes::Kubectl
               Kubes::Kubectl.run(@name, @options.merge(file: file))
             end
           end
+          prune # important to call within run_hooks for case of GKE IP whitelisting
         end
       end
     end
+    def prune
+      return unless @name == "apply" # only run for apply
+      return unless Kubes.config.auto_prune # prune old secrets and config maps
+      Kubes::CLI::Prune.new(@options.merge(yes: true, quiet: true)).run
+    end
     def switch_context(&block)
       kubectl = Kubes.config.kubectl
       context = kubectl.context
@@ -49,38 +56,5 @@ class Kubes::Kubectl
       end
       result
     end
-    # kubes apply                   # {role: nil, resource: nil}
-    # kubes apply clock             # {role: "clock", resource: nil}
-    # kubes apply clock deployment  # {role: "clock", resource: "deployment"}
-    def search_expr
-      role, resource = @options[:role], @options[:resource]
-      if role && resource
-        "#{Kubes.root}/.kubes/output/#{role}/#{resource}.yaml"
-      elsif role
-        "#{Kubes.root}/.kubes/output/#{role}/*.yaml"
-      else
-        "#{Kubes.root}/.kubes/output/**/*.yaml"
-      end
-    end
-    def files
-      files = []
-      Dir.glob(search_expr).each do |path|
-        next unless process?(path)
-        file = path.sub("#{Kubes.root}/", '')
-        files << file
-      end
-      files
-    end
-    def process?(path)
-      consider?(path) && two_levels_deep?(path)
-    end
-    def two_levels_deep?(path)
-      rel_path = path.sub(%r{.*\.kubes/output/},'')
-      rel_path.split('/').size == 2
-    end
   end
 end

data/lib/kubes/kubectl/ordering.rb CHANGED

@@ -35,5 +35,47 @@ class Kubes::Kubectl
       i = index.to_s.rjust(3, "0") # pad with 0
       "#{i}-#{value}" # append name so that terms with same index get order alphabetically
     end
+    # kubes apply                   # {role: nil, resource: nil}
+    # kubes apply clock             # {role: "clock", resource: nil}
+    # kubes apply clock deployment  # {role: "clock", resource: "deployment"}
+    def search_expr
+      role, resource = @options[:role], @options[:resource]
+      if role && resource
+        "#{Kubes.root}/.kubes/output/#{role}/#{resource}.yaml"
+      elsif role
+        "#{Kubes.root}/.kubes/output/#{role}/*.yaml"
+      else
+        "#{Kubes.root}/.kubes/output/**/*.yaml"
+      end
+    end
+    def files
+      files = []
+      Dir.glob(search_expr).each do |path|
+        next unless process?(path)
+        file = path.sub("#{Kubes.root}/", '')
+        files << file
+      end
+      files
+    end
+    # Only considering files 2 layers deep. So:
+    #
+    #    Yes = web/deployment.yaml
+    #    No = web/deployment/dev.yaml
+    #
+    def process?(path)
+      if Kubes.kustomize?
+        File.file?(path)
+      else
+        consider?(path) && two_levels_deep?(path)
+      end
+    end
+    def two_levels_deep?(path)
+      rel_path = path.sub(%r{.*\.kubes/(resources|output)/},'')
+      rel_path.split('/').size == 2
+    end
   end
 end

data/lib/kubes/plugin.rb ADDED

@@ -0,0 +1,14 @@
+module Kubes
+  module Plugin
+    @@plugins = []
+    def plugins
+      @@plugins
+    end
+    def register(klass)
+      @@plugins << klass
+    end
+    extend self
+  end
+end

data/lib/kubes/util/sh.rb CHANGED

@@ -32,7 +32,7 @@ module Kubes::Util
     def sh_capture(command, options={})
       exit_on_fail = options[:exit_on_fail].nil? ? true : options[:exit_on_fail]
-      logger.info "=> #{command}" if options[:show_command]
+      logger.debug "=> #{command}"
       out = `#{command}`.strip
       unless $?.success?
         logger.error "ERROR: running #{command}".color(:red)

data/lib/kubes/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Kubes
-  VERSION = "0.4.7"
+  VERSION = "0.6.2"
 end

data/lib/templates/base/.kubes/config.rb.tt CHANGED

@@ -2,7 +2,7 @@ Kubes.configure do |config|
   config.repo = "<%= @options[:repo] %>"
   config.logger.level = "info"
   # auto-switching
-  # config.kubectl.context = "dev-services"
+  # config.kubectl.context = "dev-cluster"
   # config.kubectl.context_keep = true # keep context after switching
   # config.kubectl.exit_on_fail_for_apply  = true # whether or not continue if the kubectl command fails
   # config.kubectl.exit_on_fail_for_delete = false # whether or not continue if the kubectl command fails

data/lib/templates/base/.kubes/config/env/dev.rb CHANGED

@@ -2,5 +2,5 @@
 #
 # Example:
 # Kubes.configure do |config|
-#   config.kubectl.context = "dev-services"
+#   config.kubectl.context = "dev-cluster"
 # end

data/lib/templates/base/.kubes/config/env/prod.rb CHANGED

@@ -2,5 +2,5 @@
 #
 # Example:
 # Kubes.configure do |config|
-#   config.kubectl.context = "prod-services"
+#   config.kubectl.context = "prod-cluster"
 # end

data/lib/templates/dsl/.kubes/resources/web/deployment.rb CHANGED

@@ -2,7 +2,7 @@ name "web"
 labels(role: "web")
 replicas 1 # overridden on a env basis
-image built_image # IE: user/<%= app %>:kubes-2020-06-13T19-55-16-43afc6e
+image docker_image # IE: user/<%= app %>:kubes-2020-06-13T19-55-16-43afc6e
 # revisionHistoryLimit 1 # uncomment to reduce old ReplicaSets, default is 10 https://bit.ly/3hqrzyP
 # maxUnavailable 25

data/lib/templates/new/helper/file.rb ADDED

	@@ -0,0 +1,2 @@
1	+ module <%= underscored_name.camelize %>
2	+ end

data/lib/templates/new/resource/dsl/backend_config.rb ADDED

@@ -0,0 +1,10 @@
+name "<%= app %>"
+spec(
+  timeoutSec: 40,
+  connectionDraining: {
+    drainingTimeoutSec: 60,
+  },
+  sessionAffinity: {
+    affinityType: "CLIENT_IP",
+  }
+)

data/lib/templates/new/resource/dsl/config_map.rb ADDED

@@ -0,0 +1,5 @@
+name "<%= app %>"
+data(
+  KEY1: "value1",
+  KEY2: "value2",
+)

data/lib/templates/new/resource/dsl/daemon_set.rb ADDED

@@ -0,0 +1,11 @@
+name "<%= app %>"
+labels("app": "<%= app %>")
+updateStrategy(
+  type: "RollingUpdate",
+  rollingUpdate: {
+    maxUnavailable: 1
+  }
+)
+# annotations(
+#   "*scheduler**.alpha.kubernetes.io/critical-pod": '*'
+# )

data/lib/templates/new/resource/dsl/deployment.rb ADDED

@@ -0,0 +1,4 @@
+name "<%= role %>"
+labels(role: "<%= role %>")
+replicas 2
+image "<%%= docker_image %>"

data/lib/templates/new/resource/dsl/ingress.rb ADDED

@@ -0,0 +1,3 @@
+name "<%= app %>"
+serviceName "<%= app %>"
+servicePort 80

data/lib/templates/new/resource/dsl/job.rb ADDED

	@@ -0,0 +1,2 @@
1	+ name "<%= app %>"
2	+ image(docker_image)

data/lib/templates/new/resource/dsl/managed_certificate.rb ADDED

	@@ -0,0 +1,2 @@
1	+ name "cert1"
2	+ domains(["cert1.example.com"])

data/lib/templates/new/resource/dsl/namespace.rb ADDED

	@@ -0,0 +1,2 @@
1	+ name "<%= app %>"
2	+ labels(app: "<%= app %>") # useful with NetworkPolicy

data/lib/templates/new/resource/dsl/network_policy.rb ADDED

@@ -0,0 +1,7 @@
+name "web"
+labels(app: "<%= app %>") # IE: backend
+namespace "<%= app %>"    # IE: backend
+matchLabels(app: "<%= app %>", role: "<%= role %>") # IE: app: backend
+fromNamespace(app: "<%= app %>") # IE: app: frontend
+fromPod(app: "<%= app %>")       # IE: backend

data/lib/templates/new/resource/dsl/pod.rb ADDED

@@ -0,0 +1,6 @@
+name "<%= app %>"
+containers([
+  image: docker_image,
+  command: ["sleep", "3600"],
+  name: "<%= app %>",
+])

data/lib/templates/new/resource/dsl/role.rb ADDED

@@ -0,0 +1,4 @@
+name "<%= app %>"
+apiGroups([""])
+resources(["pods"])
+verbs(["get", "watch", "list"])

data/lib/templates/new/resource/dsl/role_binding.rb ADDED

@@ -0,0 +1,7 @@
+name "<%= app %>"
+subjects([
+  {kind: "User", name: "me@email.com"},
+])
+roleName "<%= app %>"

data/lib/templates/new/resource/dsl/secret.rb ADDED

@@ -0,0 +1,5 @@
+name "<%= app %>"
+data(
+  username: base64("user"),
+  password: base64("pass"),
+)

data/lib/templates/new/resource/dsl/service.rb ADDED

	@@ -0,0 +1,2 @@
1	+ name "<%= app %>"
2	+ labels(role: "<%= role %>")

data/lib/templates/new/resource/dsl/service_account.rb ADDED

	@@ -0,0 +1 @@
1	+ name "<%= app %>"

data/lib/templates/new/resource/yaml/backend_config.yaml ADDED

@@ -0,0 +1,10 @@
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+  name: <%= app %>
+spec:
+  timeoutSec: 40
+  connectionDraining:
+    drainingTimeoutSec: 60
+  sessionAffinity:
+    affinityType: CLIENT_IP

data/lib/templates/new/resource/yaml/config_map.yaml ADDED

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: <%= app %>
+  labels:
+    app: <%= app %>
+data:
+  KEY1: value1
+  KEY2: value2

data/lib/templates/new/resource/yaml/daemon_set.yaml ADDED

@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: <%= app %>
+  labels:
+    app: <%= app %>
+spec:
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1

data/lib/templates/new/resource/yaml/deployment.yaml ADDED

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <%= role %>
+  labels:
+    role: <%= role %>
+spec:
+  replicas: 1  # overridden on a env basis
+  selector:
+    matchLabels:
+      role: <%= role %>
+  template:
+    metadata:
+      labels:
+        role: <%= role %>
+    spec:
+      containers:
+      - name: <%= role %>
+        image: <%%= docker_image %>

data/lib/templates/new/resource/yaml/ingress.yaml ADDED

@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: <%= role %>
+spec:
+  rules:
+  - http:
+      paths:
+      - path: "/*"
+        backend:
+          serviceName: <%= role %>
+          servicePort: 80

data/lib/templates/new/resource/yaml/job.yaml ADDED

@@ -0,0 +1,19 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: <%= app %>
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      serviceAccountName: <%= app %>
+      containers:
+      - name: <%= app %>
+        image: <%%= docker_image %>
+        command: ["uptime"] # IE: ["bin/job/migrate.sh"]
+        # envFrom:
+        # - secretRef:
+        #     name: <%= app %>
+        # - configMapRef:
+        #     name: <%= app %>
+  backoffLimit: 1

data/lib/templates/new/resource/yaml/managed_certificate.yaml ADDED

@@ -0,0 +1,7 @@
+apiVersion: networking.gke.io/v1beta2
+kind: ManagedCertificate
+metadata:
+  name: cert1
+spec:
+  domains:
+  - cert1.example.com

data/lib/templates/new/resource/yaml/namespace.yaml ADDED

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: <%= app %>-<%%= Kubes.env %>
+  labels:
+    app: <%= app %>

data/lib/templates/new/resource/yaml/network_policy.yaml ADDED

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: <%= role %>
+  labels:
+    app: <%= app %> # IE: backend
+  namespace: <%= app %> # IE: backend
+spec:
+  podSelector:
+    matchLabels:
+      app: <%= app %> # IE: backend
+      role: <%= role %>
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          app: <%= app %> # IE: frontend
+    - podSelector:
+        matchLabels:
+          app: <%= app %> # IE: backend

data/lib/templates/new/resource/yaml/pod.yaml ADDED

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: <%= app %>
+spec:
+  containers:
+  - image: <%%= docker_image %>
+    command:
+    - sleep
+    - '3600'
+    name: <%= app %>

data/lib/templates/new/resource/yaml/role.yaml ADDED

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: <%= app %>
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+  - watch
+  - list

data/lib/templates/new/resource/yaml/role_binding.yaml ADDED

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: <%= app %>
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: <%= app %>
+subjects:
+- kind: User
+  name: me@email.com