kubes 0.5.0 → 0.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gcloudignore +22 -0
- data/.gitignore +1 -1
- data/CHANGELOG.md +22 -0
- data/Dockerfile +6 -6
- data/Dockerfile.alpine +20 -0
- data/README.md +54 -8
- data/docker/install/docker.sh +8 -0
- data/docker/install/gcloud.sh +18 -0
- data/docker/install/kubectl.sh +4 -0
- data/docs/_docs/config/hooks/kubes.md +1 -0
- data/docs/_docs/config/reference.md +1 -0
- data/docs/_docs/dsl/multiple-resources.md +3 -1
- data/docs/_docs/dsl/resources/secret.md +19 -2
- data/docs/_docs/generators.md +4 -4
- data/docs/_docs/helpers.md +16 -2
- data/docs/_docs/helpers/aws/advanced.md +10 -0
- data/docs/_docs/helpers/aws/advanced/secrets.md +131 -0
- data/docs/_docs/helpers/aws/advanced/ssm.md +78 -0
- data/docs/_docs/helpers/aws/secrets.md +18 -88
- data/docs/_docs/helpers/aws/ssm.md +20 -38
- data/docs/_docs/helpers/google/advanced.md +10 -0
- data/docs/_docs/helpers/google/advanced/secrets.md +78 -0
- data/docs/_docs/helpers/google/gke.md +89 -0
- data/docs/_docs/helpers/google/secrets.md +18 -27
- data/docs/_docs/intro.md +2 -11
- data/docs/_docs/intro/how-kubes-works.md +7 -11
- data/docs/_docs/layering.md +2 -0
- data/docs/_docs/layering/mix.md +99 -0
- data/docs/_docs/patterns/multiple-envs.md +55 -0
- data/docs/_docs/variables.md +23 -0
- data/docs/_docs/variables/advanced.md +62 -0
- data/docs/_docs/variables/basic.md +137 -0
- data/docs/_docs/vs.md +10 -0
- data/docs/_docs/vs/custom.md +109 -0
- data/docs/_docs/vs/helm.md +243 -0
- data/docs/_docs/vs/kustomize.md +167 -0
- data/docs/_includes/intro/features.md +11 -0
- data/docs/_includes/layering/layers.md +2 -4
- data/docs/_includes/sidebar.html +39 -0
- data/docs/_includes/vs/article.md +1 -0
- data/docs/_includes/vs/kubes/layering.md +10 -0
- data/docs/_includes/vs/kubes/structure.md +24 -0
- data/docs/_reference/kubes-new-help.md +15 -0
- data/docs/_reference/kubes-new-helper.md +25 -0
- data/docs/_reference/kubes-new-resource.md +56 -0
- data/docs/_reference/kubes-new-variable.md +20 -0
- data/docs/_reference/kubes-new.md +6 -38
- data/kubes.gemspec +2 -2
- data/lib/kubes.rb +4 -3
- data/lib/kubes/auth.rb +13 -1
- data/lib/kubes/auth/base.rb +21 -0
- data/lib/kubes/auth/ecr.rb +1 -15
- data/lib/kubes/auth/gcr.rb +24 -0
- data/lib/kubes/cli/apply.rb +0 -1
- data/lib/kubes/cli/help/new/helper.md +4 -0
- data/lib/kubes/cli/help/{new.md → new/resource.md} +3 -3
- data/lib/kubes/cli/new.rb +12 -94
- data/lib/kubes/cli/new/helper.rb +24 -0
- data/lib/kubes/cli/new/resource.rb +97 -0
- data/lib/kubes/cli/new/variable.rb +16 -0
- data/lib/kubes/cli/prune.rb +4 -2
- data/lib/kubes/command.rb +1 -1
- data/lib/kubes/compiler/decorator/base.rb +1 -1
- data/lib/kubes/compiler/dsl/core/base.rb +6 -9
- data/lib/kubes/compiler/layering.rb +21 -7
- data/lib/kubes/compiler/shared/custom_variables.rb +38 -0
- data/lib/kubes/compiler/shared/plugin_helpers.rb +14 -0
- data/lib/kubes/compiler/strategy.rb +7 -6
- data/lib/kubes/compiler/strategy/base.rb +59 -2
- data/lib/kubes/compiler/strategy/dsl.rb +0 -29
- data/lib/kubes/compiler/strategy/erb.rb +10 -22
- data/lib/kubes/compiler/util/normalize.rb +6 -3
- data/lib/kubes/compiler/util/yaml_dump.rb +4 -4
- data/lib/kubes/config.rb +14 -0
- data/lib/kubes/hooks/builder.rb +20 -5
- data/lib/kubes/hooks/concern.rb +1 -1
- data/lib/kubes/kubectl/batch.rb +7 -0
- data/lib/kubes/plugin.rb +14 -0
- data/lib/kubes/util/sh.rb +1 -1
- data/lib/kubes/version.rb +1 -1
- data/lib/templates/new/helper/file.rb +2 -0
- data/lib/templates/new/{dsl → resource/dsl}/backend_config.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/config_map.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/daemon_set.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/deployment.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/ingress.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/job.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/managed_certificate.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/namespace.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/network_policy.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/pod.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/role.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/role_binding.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/secret.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/service.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/service_account.rb +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/backend_config.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/config_map.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/daemon_set.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/deployment.yaml +0 -1
- data/lib/templates/new/{yaml → resource/yaml}/ingress.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/job.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/managed_certificate.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/namespace.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/network_policy.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/pod.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/role.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/role_binding.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/secret.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/service.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/service_account.yaml +0 -0
- data/lib/templates/new/variable/file.rb +1 -0
- data/spec/fixtures/multiple-files/{deployment-1.rb → .kubes/resources/web/deployment-1.rb} +0 -0
- data/spec/fixtures/multiple-files/{deployment-2.rb → .kubes/resources/web/deployment-2.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{deployment.rb → web/deployment.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{foobar.rb → web/empty.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{service.rb → web/service.rb} +1 -1
- data/spec/fixtures/syntax/{network_policy.rb → .kubes/resources/web/network_policy.rb} +0 -0
- data/spec/fixtures/syntax/{pod.rb → .kubes/resources/web/pod.rb} +0 -0
- data/spec/kubes/compiler/strategy/dsl_spec.rb +2 -2
- data/spec/kubes/compiler_spec.rb +1 -1
- data/spec/kubes/dsl/network_policy_spec.rb +1 -1
- data/spec/kubes/dsl/pod_spec.rb +1 -1
- metadata +95 -56
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb0b62ecd7b432896bd1fbafc3aeae759f858bcbfb0f2ca9a02ecb60d91fcff3
|
4
|
+
data.tar.gz: 7faf78784573d6d1058fb3641e47356bf725c683cdfc53b081d8926bf2799249
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b7d432057c49947c864594fb2049677b721ff084ccd60403a39e7e360aa2a05157fddef26593004a836eb130d39a2307c6443438861be119affe66a182a05380
|
7
|
+
data.tar.gz: 4a99ff9b1819db41ad13f1340707242a978c37cc83d7dbe8e10a6cf06cac9c3aa65335d9e6d8fc94a500cd267d3b197940d49ec71f76f4a4cb81c5ab71efff9f
|
data/.gcloudignore
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.bundle
|
4
|
+
/.config
|
5
|
+
/.yardoc
|
6
|
+
/_yardoc
|
7
|
+
/coverage
|
8
|
+
/doc/
|
9
|
+
/Gemfile.lock
|
10
|
+
/InstalledFiles
|
11
|
+
/lib/bundler/man
|
12
|
+
/pkg
|
13
|
+
/rdoc
|
14
|
+
/spec/reports
|
15
|
+
/test/tmp
|
16
|
+
/test/version_tmp
|
17
|
+
/tmp
|
18
|
+
|
19
|
+
.git
|
20
|
+
pkg
|
21
|
+
docs
|
22
|
+
spec
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,28 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.6.3] - 2020-11-11
|
7
|
+
- [#37](https://github.com/boltops-tools/kubes/pull/37) Dockerfile for ci and hook updates
|
8
|
+
|
9
|
+
## [0.6.2]
|
10
|
+
- [#36](https://github.com/boltops-tools/kubes/pull/36) add plugin hooks support
|
11
|
+
|
12
|
+
## [0.6.1]
|
13
|
+
- update gemspec dependency to plugins that provide the secrets helpers
|
14
|
+
|
15
|
+
## [0.6.0]
|
16
|
+
- [#35](https://github.com/boltops-tools/kubes/pull/35) mix layering support: evaluate DSL so layering can be mixed between YAML and DSL docs: https://kubes.guru/docs/layering/mix/
|
17
|
+
- custom variables support: docs https://kubes.guru/docs/variables/basic/
|
18
|
+
- custom helpers support: docs https://kubes.guru/docs/helpers/custom/
|
19
|
+
- plugins helpers support
|
20
|
+
- generators: new resource, new helper, new variable
|
21
|
+
- setup autoloader earlier. removes need for shims
|
22
|
+
- auth login for gcr also
|
23
|
+
- fix cli -h when not within Kubes project
|
24
|
+
|
25
|
+
## [0.5.1]
|
26
|
+
- fix deployment generator
|
27
|
+
|
6
28
|
## [0.5.0]
|
7
29
|
- #34 Generators, docker_image helper, check project, also write full.yaml #34
|
8
30
|
- new generators: docs: https://kubes.guru/docs/generators/
|
data/Dockerfile
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
FROM ruby:2.7
|
1
|
+
FROM ruby:2.7
|
2
2
|
|
3
|
-
|
4
|
-
RUN
|
5
|
-
|
6
|
-
|
7
|
-
RUN
|
3
|
+
COPY docker docker
|
4
|
+
RUN docker/install/docker.sh
|
5
|
+
RUN docker/install/gcloud.sh
|
6
|
+
ENV PATH=/opt/google/google-cloud-sdk/bin/:$PATH
|
7
|
+
RUN docker/install/kubectl.sh
|
8
8
|
|
9
9
|
WORKDIR /app
|
10
10
|
ADD . /app
|
data/Dockerfile.alpine
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
FROM ruby:2.7-alpine
|
2
|
+
|
3
|
+
# This Dockerfile is much lighter but won't work with gke whitelisting. Getting this error when the google gke sdk is called:
|
4
|
+
#
|
5
|
+
# Error loading shared library ld-linux-x86-64.so.2: No such file or directory #986
|
6
|
+
#
|
7
|
+
# If you don't need gke whitelisting, then this image should work and is lighter.
|
8
|
+
|
9
|
+
RUN apk add --no-cache docker
|
10
|
+
RUN apk add --no-cache build-base ruby ruby-dev
|
11
|
+
|
12
|
+
RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
|
13
|
+
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
|
14
|
+
|
15
|
+
WORKDIR /app
|
16
|
+
ADD . /app
|
17
|
+
RUN bundle install
|
18
|
+
RUN rake install
|
19
|
+
|
20
|
+
ENTRYPOINT ["/usr/local/bundle/bin/kubes"]
|
data/README.md
CHANGED
@@ -18,13 +18,6 @@ Kubes will:
|
|
18
18
|
2. Compile Kubernetes YAML files from YAML/ERB or a DSL and adjusts the Docker build image
|
19
19
|
3. Deploy via kubectl apply on the compiled Kubernetes YAML files
|
20
20
|
|
21
|
-
Features:
|
22
|
-
|
23
|
-
* Automation: [Builds the Docker image](docs/docker.md) and updates the compiled YAML files
|
24
|
-
* Syntactic Sugar: Use an optional [ERB/YAML](docs/yaml.md) or [DSL](docs/dsl.md) to write your Kubernetes YAML files. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
|
25
|
-
* Layering: Use the same Kubernetes YAML to build multiple environments like dev and prod with [layering](docs/layering.md).
|
26
|
-
* CLI Customizations: You can customize the [cli args](docs/kubectl.md). You can also run hooks before and after kubectl commands.
|
27
|
-
|
28
21
|
## Usage
|
29
22
|
|
30
23
|
kubes init # creates .kubes structure
|
@@ -44,8 +37,8 @@ In fact, you can use Kubes to build the files first, and then run `kubectl` dire
|
|
44
37
|
Now, use `kubectl` directly in the proper order:
|
45
38
|
|
46
39
|
kubectl apply -f .kubes/output/shared/namespace.yaml
|
47
|
-
kubectl apply -f .kubes/output/web/deployment.yaml
|
48
40
|
kubectl apply -f .kubes/output/web/service.yaml
|
41
|
+
kubectl apply -f .kubes/output/web/deployment.yaml
|
49
42
|
|
50
43
|
You can also apply with kubes. This will compile the automatically files also.
|
51
44
|
|
@@ -55,10 +48,63 @@ The deploy command, does all 3 steps: builds the docker image, compiles the `.ku
|
|
55
48
|
|
56
49
|
kubes deploy
|
57
50
|
|
51
|
+
## Multiple Enviroments
|
52
|
+
|
53
|
+
You can easily create multiple environments with the same YAML configs. Example:
|
54
|
+
|
55
|
+
KUBES_ENV=dev kubes deploy
|
56
|
+
KUBES_ENV=prod kubes deploy
|
57
|
+
|
58
|
+
See: [Multiple Enviroments Pattern](https://kubes.guru/docs/patterns/multiple-envs/)
|
59
|
+
|
60
|
+
## Generators: Stop Writing Boilerplate
|
61
|
+
|
62
|
+
Your time is precious. Why are we copying and pasting boilerplate structure in this day and age?
|
63
|
+
|
64
|
+
Kubes provides generators to help you get going right away.
|
65
|
+
|
66
|
+
Resources examples:
|
67
|
+
|
68
|
+
$ kubes new resource secret
|
69
|
+
create .kubes/resources/shared/secret.yaml
|
70
|
+
$ kubes new resource service_account
|
71
|
+
create .kubes/resources/shared/service_account.yaml
|
72
|
+
|
73
|
+
Kubes components examples:
|
74
|
+
|
75
|
+
$ kubes new helper
|
76
|
+
create .kubes/helpers/custom_helper.rb
|
77
|
+
$ kubes new variable
|
78
|
+
create .kubes/variables/dev.rb
|
79
|
+
$
|
80
|
+
|
81
|
+
## Features
|
82
|
+
|
83
|
+
* Automation: [Builds the Docker image](https://kubes.guru/docs/config/docker/) and updates the compiled YAML files
|
84
|
+
* Syntactic Sugar: Use an [ERB/YAML](https://kubes.guru/docs/yaml/) or a [DSL](https://kubes.guru/docs/dsl/) to write your Kubernetes YAML files. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
|
85
|
+
* Layering: Use the same Kubernetes YAML to build multiple environments like dev and prod with [layering](https://kubes.guru/docs/layering/).
|
86
|
+
* Secrets: Use helpers like [aws_secret](https://kubes.guru/docs/helpers/aws/secrets/), [aws_ssm](https://kubes.guru/docs/helpers/aws/ssm/), and [google_secret](https://kubes.guru/docs/helpers/google/secrets/) to build Kubernetes secrets.yaml from secret providers designed for it.
|
87
|
+
* Generators: Kubes ships with a few generators to help you get building with Kubernetes quickly. See: [Generator Docs](https://kubes.guru/docs/generators/).
|
88
|
+
* CLI Customizations: You can customize the [cli args](https://kubes.guru/docs/config/args/kubectl/).
|
89
|
+
* Hooks: You can also run [hooks](https://kubes.guru/docs/config/hooks/) before and after [kubes](https://kubes.guru/docs/config/hooks/kubes/) and [kubectl](https://kubes.guru/docs/config/hooks/kubectl/) commands.
|
90
|
+
* Automated Suffix Hashes: Automatically appends a suffix hash to ConfigMap and Secret resources. More details in [ConfigMap](https://kubes.guru/docs/dsl/resources/config_map/) and [Secret](https://kubes.guru/docs/dsl/resources/secret/) docs.
|
91
|
+
* Kustomize Support: If you're a kustomization user, you can use it with Kubes. More details in [Kustomize Support Docs](https://kubes.guru/docs/misc/kustomize/).
|
92
|
+
* Auto Context Switching: Map dev to a specific kubectl context and prod to another kubectl context and Kubes can switch them automatically so you won't have to remember. More details in [Auto Context Docs](https://kubes.guru/docs/misc/auto-context/).
|
93
|
+
* Ordering: Kubes run kubectl apply to create resources in the [correct order](https://kubes.guru/docs/intro/ordering/). For deleting, it kubes will run `kubectl delete` in the correct reverse order. The order is also [customizable](https://kubes.guru/docs/intro/ordering/custom/).
|
94
|
+
|
58
95
|
## Installation
|
59
96
|
|
60
97
|
Install with:
|
61
98
|
|
62
99
|
gem install kubes
|
63
100
|
|
101
|
+
## Comparison
|
102
|
+
|
103
|
+
Here are some useful comparisons to help you compare Kubes vs other tools in the ecosystem:
|
104
|
+
|
105
|
+
* Blog Post: [Kustomize vs Helm vs Kubes: Kubernetes Deploy Tools](https://blog.boltops.com/2020/11/05/kustomize-vs-helm-vs-kubes-kubernetes-deploy-tools)
|
106
|
+
* [Kubes vs Custom Solution](https://kubes.guru/docs/vs/custom/)
|
107
|
+
* [Kubes vs Helm](https://kubes.guru/docs/vs/helm/)
|
108
|
+
* [Kubes vs Kustomize](https://kubes.guru/docs/vs/kustomize/)
|
109
|
+
|
64
110
|
For more info: [kubes.guru](https://kubes.guru)
|
@@ -0,0 +1,8 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
apt-get update
|
4
|
+
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
|
5
|
+
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
|
6
|
+
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
|
7
|
+
apt-get update
|
8
|
+
apt-get install docker-ce docker-ce-cli containerd.io -y
|
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/bin/bash -eu
|
2
|
+
|
3
|
+
[ -e /opt/google ] && exit
|
4
|
+
|
5
|
+
mkdir -p /opt/google
|
6
|
+
|
7
|
+
cd /opt/google
|
8
|
+
wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-318.0.0-linux-x86_64.tar.gz
|
9
|
+
tar zxf google-cloud-sdk*.tar.gz
|
10
|
+
rm -f google-cloud-sdk*.tar.gz
|
11
|
+
|
12
|
+
/opt/google/google-cloud-sdk/install.sh -q
|
13
|
+
|
14
|
+
cat << FOE >> ~/.bash_profile
|
15
|
+
|
16
|
+
source /opt/google/google-cloud-sdk/completion.bash.inc
|
17
|
+
source /opt/google/google-cloud-sdk/path.bash.inc
|
18
|
+
FOE
|
@@ -13,6 +13,7 @@ Hook | Description
|
|
13
13
|
compile | When kubes compiles the `.kubes/resources` to `.kubes/output`.
|
14
14
|
apply | When kubes runs all the `kubectl apply` commands.
|
15
15
|
delete | When kubes runs all the `kubectl delete` commands.
|
16
|
+
prune | When kubes prunes. IE: To clean old secrets.
|
16
17
|
|
17
18
|
## Lifecycle At Kubes Level
|
18
19
|
|
@@ -16,6 +16,7 @@ kubectl.order.roles | Change ordering for Kubes Roles. | See [source code](https
|
|
16
16
|
logger | Logger object | Logger.new($stdout)
|
17
17
|
logger.level | Logger level. Can also be set with `KUBES_LOG_LEVEL` env var | info
|
18
18
|
repo | The Docker repo to use. Required to be set. | nil
|
19
|
+
repo_auto_auth | Whether or not to try to auth authorize docker repo registry if not yet logged in. Can also be set with env var `KUBES_REPO_AUTO_AUTO` | true
|
19
20
|
skip | List of resources to skip. Can also be set with the `KUBES_SKIP` env var. `KUBES_SKIP` should be a list of strings separated by spaces. It adds onto the `config.skip` option. | []
|
20
21
|
state.docker_image_path | Where to store the state file with the last build Docker image. | .kubes/state/docker_image.txt
|
21
22
|
suffix_hash | Whether or not to append suffix hash to ConfigMap and Secret | true
|
@@ -39,7 +39,9 @@ Using multiple files is the general recommended approach.
|
|
39
39
|
|
40
40
|
## Multiple Resources: Block Form
|
41
41
|
|
42
|
-
You can also use a block form to create multiple resources.
|
42
|
+
You can also use a block form to create multiple resources. The multiple resources block form is an experimental feature.
|
43
|
+
|
44
|
+
You name the resource files with plural names. An example helps explain:
|
43
45
|
|
44
46
|
.kubes
|
45
47
|
└── resources
|
@@ -19,7 +19,7 @@ data(
|
|
19
19
|
|
20
20
|
Produces:
|
21
21
|
|
22
|
-
.kubes/output/shared/
|
22
|
+
.kubes/output/shared/secret.yaml
|
23
23
|
|
24
24
|
```yaml
|
25
25
|
apiVersion: v1
|
@@ -38,6 +38,23 @@ data:
|
|
38
38
|
|
39
39
|
{% include dsl/rolling_deployment.md kind="Secret" %}
|
40
40
|
|
41
|
+
.kubes/resources/web/deployment.yaml:
|
42
|
+
|
43
|
+
```yaml
|
44
|
+
# ..
|
45
|
+
spec:
|
46
|
+
template:
|
47
|
+
spec:
|
48
|
+
containers:
|
49
|
+
- name: demo
|
50
|
+
image: nginx
|
51
|
+
envFrom:
|
52
|
+
- secretRef:
|
53
|
+
name: demo-secret
|
54
|
+
```
|
55
|
+
|
56
|
+
Produces:
|
57
|
+
|
41
58
|
.kubes/output/web/deployment.yaml:
|
42
59
|
|
43
60
|
```yaml
|
@@ -46,7 +63,7 @@ spec:
|
|
46
63
|
template:
|
47
64
|
spec:
|
48
65
|
containers:
|
49
|
-
- name: demo
|
66
|
+
- name: demo
|
50
67
|
image: nginx
|
51
68
|
envFrom:
|
52
69
|
- secretRef:
|
data/docs/_docs/generators.md
CHANGED
@@ -8,15 +8,15 @@ Kubes ships with a few generators to help you get building with Kubernetes quick
|
|
8
8
|
|
9
9
|
Here are a few examples:
|
10
10
|
|
11
|
-
$ kubes new ingress
|
11
|
+
$ kubes new resource ingress
|
12
12
|
create .kubes/resources/web/ingress.yaml
|
13
|
-
$ kubes new service_account
|
13
|
+
$ kubes new resource service_account
|
14
14
|
create .kubes/resources/shared/service_account.yaml
|
15
15
|
$
|
16
16
|
|
17
17
|
Use `-h` to see the cli options:
|
18
18
|
|
19
|
-
kubes new -h
|
19
|
+
kubes new resource -h
|
20
20
|
|
21
21
|
## Supported Resources
|
22
22
|
|
@@ -38,4 +38,4 @@ Here's a list of some of the supported resources.
|
|
38
38
|
service_account
|
39
39
|
service
|
40
40
|
|
41
|
-
Refer to the [source code](https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/yaml) to all the resources that the generator supports.
|
41
|
+
Refer to the [source code](https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/resource/yaml) to all the resources that the generator supports.
|
data/docs/_docs/helpers.md
CHANGED
@@ -6,10 +6,10 @@ Kubes provides some helper methods to help write Kubernetes YAML files. Here's
|
|
6
6
|
|
7
7
|
Helper | Description
|
8
8
|
--- | ---
|
9
|
-
decode64 |
|
9
|
+
decode64 | Base64 decode a string.
|
10
10
|
docker_image | Method refers to the latest Docker image built by Kubes. This spares you from having to update the image manually in the deployment resource. Note, this can be overridden with the `--image` cli option or the `Kubes.config.image` setting. See: [Docker Image]({% link _docs/intro/docker-image.md %})
|
11
11
|
dockerfile_port | Exposed port extracted from the Dockerfile of the project.
|
12
|
-
encode64 |
|
12
|
+
encode64 | Base64 encode a string. Also available as `base64` method.
|
13
13
|
extra | The `KUBES_EXTRA` value.
|
14
14
|
with_extra | Appends the `KUBES_EXTRA` value to a string if it's set. It's covered in the [Extra Env Docs]({% link _docs/extra-env.md %}).
|
15
15
|
|
@@ -25,3 +25,17 @@ There are also provider-specific helpers:
|
|
25
25
|
|
26
26
|
* [AWS Helpers]({% link _docs/helpers/aws.md %})
|
27
27
|
* [Google Helpers]({% link _docs/helpers/google.md %})
|
28
|
+
|
29
|
+
## Generator
|
30
|
+
|
31
|
+
To help you get started quickly, you can generate starter helper code.
|
32
|
+
|
33
|
+
$ kubes new helper custom
|
34
|
+
create .kubes/helpers/custom_helper.rb
|
35
|
+
|
36
|
+
.kubes/helpers/custom_helper.rb
|
37
|
+
|
38
|
+
```ruby
|
39
|
+
module CustomHelper
|
40
|
+
end
|
41
|
+
```
|
@@ -0,0 +1,131 @@
|
|
1
|
+
---
|
2
|
+
title: AWS Secrets Advanced
|
3
|
+
nav_text: Secrets
|
4
|
+
categories: advanced-helpers-aws
|
5
|
+
---
|
6
|
+
|
7
|
+
This covers an advanced way so that Kubernetes Secrets are created from AWS Secrets Manager in a conventional way.
|
8
|
+
|
9
|
+
## Simple Values
|
10
|
+
|
11
|
+
For example if you have these secret values:
|
12
|
+
|
13
|
+
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_user | jq '.SecretString'
|
14
|
+
user
|
15
|
+
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_pass | jq '.SecretString'
|
16
|
+
pass
|
17
|
+
|
18
|
+
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
19
|
+
|
20
|
+
.kubes/config/hooks/kubes.rb
|
21
|
+
|
22
|
+
```ruby
|
23
|
+
secrets = KubesAws::Secrets.new(upcase: true, prefix: "demo/dev/")
|
24
|
+
before("compile",
|
25
|
+
label: "Get secrets from AWS Secrets Manager",
|
26
|
+
execute: secrets,
|
27
|
+
)
|
28
|
+
```
|
29
|
+
|
30
|
+
Then set the secrets in the YAML:
|
31
|
+
|
32
|
+
.kubes/resources/shared/secret.yaml
|
33
|
+
|
34
|
+
```yaml
|
35
|
+
apiVersion: v1
|
36
|
+
kind: Secret
|
37
|
+
metadata:
|
38
|
+
name: demo
|
39
|
+
labels:
|
40
|
+
app: demo
|
41
|
+
data:
|
42
|
+
<% KubesAws::Secrets.data.each do |k,v| -%>
|
43
|
+
<%= k %>: <%= base64(v) %>
|
44
|
+
<% end -%>
|
45
|
+
```
|
46
|
+
|
47
|
+
This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data. The values are automatically base64 encoded. Produces:
|
48
|
+
|
49
|
+
.kubes/output/shared/secret.yaml
|
50
|
+
|
51
|
+
```yaml
|
52
|
+
metadata:
|
53
|
+
namespace: demo
|
54
|
+
name: demo-2a78a13682
|
55
|
+
labels:
|
56
|
+
app: demo
|
57
|
+
apiVersion: v1
|
58
|
+
kind: Secret
|
59
|
+
data:
|
60
|
+
db_pass: dGVzdDEK
|
61
|
+
db_user: dGVzdDIK
|
62
|
+
```
|
63
|
+
|
64
|
+
## JSON Values
|
65
|
+
|
66
|
+
For example if you have these secret values:
|
67
|
+
|
68
|
+
$ aws secretsmanager get-secret-value --secret-id demo/dev/k2 | jq '.SecretString'
|
69
|
+
{\"a\":1,\"b\":2}"
|
70
|
+
|
71
|
+
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
72
|
+
|
73
|
+
.kubes/config/hooks/kubes.rb
|
74
|
+
|
75
|
+
```ruby
|
76
|
+
secrets = KubesAws::Secrets.new(prefix: "rails/dev/")
|
77
|
+
before("compile",
|
78
|
+
label: "Get secrets from AWS Secrets Manager",
|
79
|
+
execute: secrets,
|
80
|
+
)
|
81
|
+
```
|
82
|
+
|
83
|
+
Then set the secrets in the YAML:
|
84
|
+
|
85
|
+
.kubes/resources/shared/secret.yaml
|
86
|
+
|
87
|
+
```yaml
|
88
|
+
apiVersion: v1
|
89
|
+
kind: Secret
|
90
|
+
metadata:
|
91
|
+
name: demo
|
92
|
+
labels:
|
93
|
+
app: demo
|
94
|
+
data:
|
95
|
+
<% k2 = JSON.load(KubesAws::Secrets.data["k2"]) %>
|
96
|
+
a: <%= base64(k2["a"]) %>
|
97
|
+
b: <%= base64(k2["b"]) %>
|
98
|
+
```
|
99
|
+
|
100
|
+
Produces:
|
101
|
+
|
102
|
+
```yaml
|
103
|
+
metadata:
|
104
|
+
namespace: demo-dev
|
105
|
+
name: demo-a4cd604a95
|
106
|
+
labels:
|
107
|
+
app: demo
|
108
|
+
apiVersion: v1
|
109
|
+
kind: Secret
|
110
|
+
data:
|
111
|
+
a: MQ==
|
112
|
+
b: Mg==
|
113
|
+
```
|
114
|
+
|
115
|
+
## Variables
|
116
|
+
|
117
|
+
These environment variables can be set:
|
118
|
+
|
119
|
+
Name | Description
|
120
|
+
---|---
|
121
|
+
AWS_SECRET_PREFIX | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`.
|
122
|
+
|
123
|
+
Secrets#initialize options:
|
124
|
+
|
125
|
+
Variable | Description | Default
|
126
|
+
---|---|---
|
127
|
+
base64 | Automatically base64 encode the values. | false
|
128
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
129
|
+
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
130
|
+
|
131
|
+
{% include helpers/base64.md %}
|