kubes 0.5.1 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +52 -0
- data/docs/_docs/dsl/resources/secret.md +19 -2
- data/docs/_docs/generators.md +4 -4
- data/docs/_docs/helpers/aws/advanced/secrets.md +131 -0
- data/docs/_docs/helpers/aws/advanced/ssm.md +78 -0
- data/docs/_docs/helpers/aws/advanced.md +10 -0
- data/docs/_docs/helpers/aws/secrets.md +18 -88
- data/docs/_docs/helpers/aws/ssm.md +20 -38
- data/docs/_docs/helpers/google/advanced/secrets.md +78 -0
- data/docs/_docs/helpers/google/advanced.md +10 -0
- data/docs/_docs/helpers/google/secrets.md +18 -27
- data/docs/_docs/helpers.md +16 -2
- data/docs/_docs/intro.md +2 -11
- data/docs/_docs/layering/mix.md +99 -0
- data/docs/_docs/layering.md +2 -0
- data/docs/_docs/patterns/multiple-envs.md +55 -0
- data/docs/_docs/variables/advanced.md +62 -0
- data/docs/_docs/variables/basic.md +137 -0
- data/docs/_docs/variables.md +23 -0
- data/docs/_docs/vs/custom.md +109 -0
- data/docs/_docs/vs/helm.md +243 -0
- data/docs/_docs/vs/kustomize.md +167 -0
- data/docs/_docs/vs.md +10 -0
- data/docs/_includes/intro/features.md +10 -0
- data/docs/_includes/layering/layers.md +2 -4
- data/docs/_includes/sidebar.html +39 -0
- data/docs/_includes/vs/article.md +1 -0
- data/docs/_includes/vs/kubes/layering.md +10 -0
- data/docs/_includes/vs/kubes/structure.md +24 -0
- data/docs/_reference/kubes-new-help.md +15 -0
- data/docs/_reference/kubes-new-helper.md +25 -0
- data/docs/_reference/kubes-new-resource.md +56 -0
- data/docs/_reference/kubes-new-variable.md +20 -0
- data/docs/_reference/kubes-new.md +6 -38
- data/kubes.gemspec +2 -2
- data/lib/kubes/auth/base.rb +21 -0
- data/lib/kubes/auth/ecr.rb +1 -15
- data/lib/kubes/auth/gcr.rb +24 -0
- data/lib/kubes/auth.rb +4 -1
- data/lib/kubes/cli/help/new/helper.md +4 -0
- data/lib/kubes/cli/help/{new.md → new/resource.md} +3 -3
- data/lib/kubes/cli/new/helper.rb +24 -0
- data/lib/kubes/cli/new/resource.rb +97 -0
- data/lib/kubes/cli/new/variable.rb +16 -0
- data/lib/kubes/cli/new.rb +12 -94
- data/lib/kubes/command.rb +1 -1
- data/lib/kubes/compiler/decorator/base.rb +1 -1
- data/lib/kubes/compiler/dsl/core/base.rb +6 -9
- data/lib/kubes/compiler/layering.rb +21 -7
- data/lib/kubes/compiler/shared/custom_variables.rb +38 -0
- data/lib/kubes/compiler/shared/plugin_helpers.rb +14 -0
- data/lib/kubes/compiler/strategy/base.rb +59 -2
- data/lib/kubes/compiler/strategy/dsl.rb +0 -29
- data/lib/kubes/compiler/strategy/erb.rb +10 -22
- data/lib/kubes/compiler/strategy.rb +7 -6
- data/lib/kubes/compiler/util/normalize.rb +6 -3
- data/lib/kubes/compiler/util/yaml_dump.rb +4 -4
- data/lib/kubes/plugin.rb +14 -0
- data/lib/kubes/util/sh.rb +1 -1
- data/lib/kubes/version.rb +1 -1
- data/lib/kubes.rb +4 -3
- data/lib/templates/new/helper/file.rb +2 -0
- data/lib/templates/new/{dsl → resource/dsl}/backend_config.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/config_map.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/daemon_set.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/deployment.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/ingress.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/job.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/managed_certificate.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/namespace.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/network_policy.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/pod.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/role.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/role_binding.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/secret.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/service.rb +0 -0
- data/lib/templates/new/{dsl → resource/dsl}/service_account.rb +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/backend_config.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/config_map.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/daemon_set.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/deployment.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/ingress.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/job.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/managed_certificate.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/namespace.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/network_policy.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/pod.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/role.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/role_binding.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/secret.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/service.yaml +0 -0
- data/lib/templates/new/{yaml → resource/yaml}/service_account.yaml +0 -0
- data/lib/templates/new/variable/file.rb +1 -0
- data/spec/fixtures/multiple-files/{deployment-1.rb → .kubes/resources/web/deployment-1.rb} +0 -0
- data/spec/fixtures/multiple-files/{deployment-2.rb → .kubes/resources/web/deployment-2.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{deployment.rb → web/deployment.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{foobar.rb → web/empty.rb} +0 -0
- data/spec/fixtures/project/.kubes/resources/{service.rb → web/service.rb} +1 -1
- data/spec/fixtures/syntax/{network_policy.rb → .kubes/resources/web/network_policy.rb} +0 -0
- data/spec/fixtures/syntax/{pod.rb → .kubes/resources/web/pod.rb} +0 -0
- data/spec/kubes/compiler/strategy/dsl_spec.rb +2 -2
- data/spec/kubes/compiler_spec.rb +1 -1
- data/spec/kubes/dsl/network_policy_spec.rb +1 -1
- data/spec/kubes/dsl/pod_spec.rb +1 -1
- metadata +81 -48
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d2390d8076195f47ba56caa233149ab431fbae94f941be09442c8f8dee672c97
|
4
|
+
data.tar.gz: aaaee4c61ca2be7a88d53fbbb3bdaa39e7c0fdf398f26a55891433f1c93da0c5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7bd6263f72c46e3f5123436562096b6bde64c1cfcb9cd1a92f494eda992d6610ea173a58e48ba51e5f62b983e3fec87a948e7519df7af2b6371de47b2ac90782
|
7
|
+
data.tar.gz: 4f92ed3fa62f80498df8d72ad80481d62fc8e3537cd334344a2f4dee746ec3891c173d69c15c1a3f3845e1a0519811559d1cb30b63036861173bff51b7d0f524
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,16 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.6.0]
|
7
|
+
- mix layering support: evaluate DSL so layering can be mixed between YAML and DSL
|
8
|
+
- custom variables support
|
9
|
+
- custom helpers support
|
10
|
+
- plugins helpers support
|
11
|
+
- generators: new resource, new helper, new variable
|
12
|
+
- setup autoloader earlier. removes need for shims
|
13
|
+
- auth login for gcr also
|
14
|
+
- fix cli -h when not within Kubes project
|
15
|
+
|
6
16
|
## [0.5.1]
|
7
17
|
- fix deployment generator
|
8
18
|
|
data/README.md
CHANGED
@@ -55,10 +55,62 @@ The deploy command, does all 3 steps: builds the docker image, compiles the `.ku
|
|
55
55
|
|
56
56
|
kubes deploy
|
57
57
|
|
58
|
+
## Multiple Enviroments
|
59
|
+
|
60
|
+
You can easily create multiple environments with the same YAML configs. Example:
|
61
|
+
|
62
|
+
KUBES_ENV=dev kubes deploy
|
63
|
+
KUBES_ENV=prod kubes deploy
|
64
|
+
|
65
|
+
See: [Multiple Enviroments Pattern](https://kubes.guru/docs/patterns/multiple-envs/)
|
66
|
+
|
67
|
+
## Generators: Stop Writing Boilerplate
|
68
|
+
|
69
|
+
Your time is precious. Why are we copying and pasting boilerplate structure in this day and age?
|
70
|
+
|
71
|
+
Kubes provides generators to help you get going right away.
|
72
|
+
|
73
|
+
Resources examples:
|
74
|
+
|
75
|
+
$ kubes new resource secret
|
76
|
+
create .kubes/resources/shared/secret.yaml
|
77
|
+
$ kubes new resource service_account
|
78
|
+
create .kubes/resources/shared/service_account.yaml
|
79
|
+
|
80
|
+
Kubes components examples:
|
81
|
+
|
82
|
+
$ kubes new helper
|
83
|
+
create .kubes/helpers/custom_helper.rb
|
84
|
+
$ kubes new variable
|
85
|
+
create .kubes/variables/dev.rb
|
86
|
+
$
|
87
|
+
|
88
|
+
## Features
|
89
|
+
|
90
|
+
* Automation: [Builds the Docker image](https://kubes.guru/docs/config/docker/) and updates the compiled YAML files
|
91
|
+
* Syntactic Sugar: Use an [ERB/YAML](https://kubes.guru/docs/yaml/) or a [DSL](https://kubes.guru/docs/dsl/) to write your Kubernetes YAML files. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
|
92
|
+
* Layering: Use the same Kubernetes YAML to build multiple environments like dev and prod with [layering](https://kubes.guru/docs/layering/).
|
93
|
+
* Generators: Kubes ships with a few generators to help you get building with Kubernetes quickly. See: [Generator Docs](https://kubes.guru/docs/generators/).
|
94
|
+
* CLI Customizations: You can customize the [cli args](https://kubes.guru/docs/config/args/kubectl/).
|
95
|
+
* Hooks: You can also run [hooks](https://kubes.guru/docs/config/hooks/) before and after [kubes](https://kubes.guru/docs/config/hooks/kubes/) and [kubectl](https://kubes.guru/docs/config/hooks/kubectl/) commands.
|
96
|
+
* Automated Suffix Hashes: Automatically appends a suffix hash to ConfigMap and Secret resources. More details in [ConfigMap](https://kubes.guru/docs/dsl/resources/config_map/) and [Secret](https://kubes.guru/docs/dsl/resources/secret/) docs.
|
97
|
+
* Kustomize Support: If you're a kustomization user, you can use it with Kubes. More details in [Kustomize Support Docs](https://kubes.guru/docs/misc/kustomize/).
|
98
|
+
* Auto Context Switching: Map dev to a specific kubectl context and prod to another kubectl context and Kubes can switch them automatically so you won't have to remember. More details in [Auto Context Docs](https://kubes.guru/docs/misc/auto-context/).
|
99
|
+
* Ordering: Kubes run kubectl apply to create resources in the [correct order](https://kubes.guru/docs/intro/ordering/). For deleting, it kubes will run `kubectl delete` in the correct reverse order. The order is also [customizable](https://kubes.guru/docs/intro/ordering/custom/).
|
100
|
+
|
58
101
|
## Installation
|
59
102
|
|
60
103
|
Install with:
|
61
104
|
|
62
105
|
gem install kubes
|
63
106
|
|
107
|
+
## Comparison
|
108
|
+
|
109
|
+
Here are some useful comparisons to help you compare Kubes vs other tools in the ecosystem:
|
110
|
+
|
111
|
+
* Blog Post: [Kustomize vs Helm vs Kubes: Kubernetes Deploy Tools](https://blog.boltops.com/2020/11/05/kustomize-vs-helm-vs-kubes-kubernetes-deploy-tools)
|
112
|
+
* [Kubes vs Custom Solution](https://kubes.guru/docs/vs/custom/)
|
113
|
+
* [Kubes vs Helm](https://kubes.guru/docs/vs/helm/)
|
114
|
+
* [Kubes vs Kustomize](https://kubes.guru/docs/vs/kustomize/)
|
115
|
+
|
64
116
|
For more info: [kubes.guru](https://kubes.guru)
|
@@ -19,7 +19,7 @@ data(
|
|
19
19
|
|
20
20
|
Produces:
|
21
21
|
|
22
|
-
.kubes/output/shared/
|
22
|
+
.kubes/output/shared/secret.yaml
|
23
23
|
|
24
24
|
```yaml
|
25
25
|
apiVersion: v1
|
@@ -38,6 +38,23 @@ data:
|
|
38
38
|
|
39
39
|
{% include dsl/rolling_deployment.md kind="Secret" %}
|
40
40
|
|
41
|
+
.kubes/resources/web/deployment.yaml:
|
42
|
+
|
43
|
+
```yaml
|
44
|
+
# ..
|
45
|
+
spec:
|
46
|
+
template:
|
47
|
+
spec:
|
48
|
+
containers:
|
49
|
+
- name: demo
|
50
|
+
image: nginx
|
51
|
+
envFrom:
|
52
|
+
- secretRef:
|
53
|
+
name: demo-secret
|
54
|
+
```
|
55
|
+
|
56
|
+
Produces:
|
57
|
+
|
41
58
|
.kubes/output/web/deployment.yaml:
|
42
59
|
|
43
60
|
```yaml
|
@@ -46,7 +63,7 @@ spec:
|
|
46
63
|
template:
|
47
64
|
spec:
|
48
65
|
containers:
|
49
|
-
- name: demo
|
66
|
+
- name: demo
|
50
67
|
image: nginx
|
51
68
|
envFrom:
|
52
69
|
- secretRef:
|
data/docs/_docs/generators.md
CHANGED
@@ -8,15 +8,15 @@ Kubes ships with a few generators to help you get building with Kubernetes quick
|
|
8
8
|
|
9
9
|
Here are a few examples:
|
10
10
|
|
11
|
-
$ kubes new ingress
|
11
|
+
$ kubes new resource ingress
|
12
12
|
create .kubes/resources/web/ingress.yaml
|
13
|
-
$ kubes new service_account
|
13
|
+
$ kubes new resource service_account
|
14
14
|
create .kubes/resources/shared/service_account.yaml
|
15
15
|
$
|
16
16
|
|
17
17
|
Use `-h` to see the cli options:
|
18
18
|
|
19
|
-
kubes new -h
|
19
|
+
kubes new resource -h
|
20
20
|
|
21
21
|
## Supported Resources
|
22
22
|
|
@@ -38,4 +38,4 @@ Here's a list of some of the supported resources.
|
|
38
38
|
service_account
|
39
39
|
service
|
40
40
|
|
41
|
-
Refer to the [source code](https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/yaml) to all the resources that the generator supports.
|
41
|
+
Refer to the [source code](https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/resource/yaml) to all the resources that the generator supports.
|
@@ -0,0 +1,131 @@
|
|
1
|
+
---
|
2
|
+
title: AWS Secrets Advanced
|
3
|
+
nav_text: Secrets
|
4
|
+
categories: advanced-helpers-aws
|
5
|
+
---
|
6
|
+
|
7
|
+
This covers an advanced way so that Kubernetes Secrets are created from AWS Secrets Manager in a conventional way.
|
8
|
+
|
9
|
+
## Simple Values
|
10
|
+
|
11
|
+
For example if you have these secret values:
|
12
|
+
|
13
|
+
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_user | jq '.SecretString'
|
14
|
+
user
|
15
|
+
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_pass | jq '.SecretString'
|
16
|
+
pass
|
17
|
+
|
18
|
+
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
19
|
+
|
20
|
+
.kubes/config/hooks/kubes.rb
|
21
|
+
|
22
|
+
```ruby
|
23
|
+
secrets = KubesAws::Secrets.new(upcase: true, prefix: "demo/dev/")
|
24
|
+
before("compile",
|
25
|
+
label: "Get secrets from AWS Secrets Manager",
|
26
|
+
execute: secrets,
|
27
|
+
)
|
28
|
+
```
|
29
|
+
|
30
|
+
Then set the secrets in the YAML:
|
31
|
+
|
32
|
+
.kubes/resources/shared/secret.yaml
|
33
|
+
|
34
|
+
```yaml
|
35
|
+
apiVersion: v1
|
36
|
+
kind: Secret
|
37
|
+
metadata:
|
38
|
+
name: demo
|
39
|
+
labels:
|
40
|
+
app: demo
|
41
|
+
data:
|
42
|
+
<% KubesAws::Secrets.data.each do |k,v| -%>
|
43
|
+
<%= k %>: <%= base64(v) %>
|
44
|
+
<% end -%>
|
45
|
+
```
|
46
|
+
|
47
|
+
This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data. The values are automatically base64 encoded. Produces:
|
48
|
+
|
49
|
+
.kubes/output/shared/secret.yaml
|
50
|
+
|
51
|
+
```yaml
|
52
|
+
metadata:
|
53
|
+
namespace: demo
|
54
|
+
name: demo-2a78a13682
|
55
|
+
labels:
|
56
|
+
app: demo
|
57
|
+
apiVersion: v1
|
58
|
+
kind: Secret
|
59
|
+
data:
|
60
|
+
db_pass: dGVzdDEK
|
61
|
+
db_user: dGVzdDIK
|
62
|
+
```
|
63
|
+
|
64
|
+
## JSON Values
|
65
|
+
|
66
|
+
For example if you have these secret values:
|
67
|
+
|
68
|
+
$ aws secretsmanager get-secret-value --secret-id demo/dev/k2 | jq '.SecretString'
|
69
|
+
{\"a\":1,\"b\":2}"
|
70
|
+
|
71
|
+
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
72
|
+
|
73
|
+
.kubes/config/hooks/kubes.rb
|
74
|
+
|
75
|
+
```ruby
|
76
|
+
secrets = KubesAws::Secrets.new(prefix: "rails/dev/")
|
77
|
+
before("compile",
|
78
|
+
label: "Get secrets from AWS Secrets Manager",
|
79
|
+
execute: secrets,
|
80
|
+
)
|
81
|
+
```
|
82
|
+
|
83
|
+
Then set the secrets in the YAML:
|
84
|
+
|
85
|
+
.kubes/resources/shared/secret.yaml
|
86
|
+
|
87
|
+
```yaml
|
88
|
+
apiVersion: v1
|
89
|
+
kind: Secret
|
90
|
+
metadata:
|
91
|
+
name: demo
|
92
|
+
labels:
|
93
|
+
app: demo
|
94
|
+
data:
|
95
|
+
<% k2 = JSON.load(KubesAws::Secrets.data["k2"]) %>
|
96
|
+
a: <%= base64(k2["a"]) %>
|
97
|
+
b: <%= base64(k2["b"]) %>
|
98
|
+
```
|
99
|
+
|
100
|
+
Produces:
|
101
|
+
|
102
|
+
```yaml
|
103
|
+
metadata:
|
104
|
+
namespace: demo-dev
|
105
|
+
name: demo-a4cd604a95
|
106
|
+
labels:
|
107
|
+
app: demo
|
108
|
+
apiVersion: v1
|
109
|
+
kind: Secret
|
110
|
+
data:
|
111
|
+
a: MQ==
|
112
|
+
b: Mg==
|
113
|
+
```
|
114
|
+
|
115
|
+
## Variables
|
116
|
+
|
117
|
+
These environment variables can be set:
|
118
|
+
|
119
|
+
Name | Description
|
120
|
+
---|---
|
121
|
+
AWS_SECRET_PREFIX | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`.
|
122
|
+
|
123
|
+
Secrets#initialize options:
|
124
|
+
|
125
|
+
Variable | Description | Default
|
126
|
+
---|---|---
|
127
|
+
base64 | Automatically base64 encode the values. | false
|
128
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
129
|
+
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
130
|
+
|
131
|
+
{% include helpers/base64.md %}
|
@@ -0,0 +1,78 @@
|
|
1
|
+
---
|
2
|
+
title: AWS SSM Parameters Advanced
|
3
|
+
nav_text: SSM
|
4
|
+
categories: advanced-helpers-aws
|
5
|
+
---
|
6
|
+
|
7
|
+
This covers an advanced way so that Kubernetes Secrets are created from AWS SSM Parameter Store in a conventional way.
|
8
|
+
|
9
|
+
For example if you have these secret values:
|
10
|
+
|
11
|
+
$ aws ssm get-parameter --name /demo/development/db_user --with-decryption | jq '.Parameter.Value'
|
12
|
+
user
|
13
|
+
$ aws ssm get-parameter --name /demo/development/db_pass --with-decryption | jq '.Parameter.Value'
|
14
|
+
pass
|
15
|
+
|
16
|
+
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
17
|
+
|
18
|
+
.kubes/config/hooks/kubes.rb
|
19
|
+
|
20
|
+
```ruby
|
21
|
+
ssm = KubesAws::SSM.new(upcase: true, prefix: "/demo/development/")
|
22
|
+
before("compile",
|
23
|
+
label: "Get secrets from AWS SSM Manager",
|
24
|
+
execute: ssm,
|
25
|
+
)
|
26
|
+
```
|
27
|
+
|
28
|
+
Then set the secrets in the YAML:
|
29
|
+
|
30
|
+
.kubes/resources/shared/secret.yaml
|
31
|
+
|
32
|
+
```yaml
|
33
|
+
apiVersion: v1
|
34
|
+
kind: Secret
|
35
|
+
metadata:
|
36
|
+
name: demo
|
37
|
+
labels:
|
38
|
+
app: demo
|
39
|
+
data:
|
40
|
+
<% KubesAws::SSM.data.each do |k,v| -%>
|
41
|
+
<%= k %>: <%= base64(v) %>
|
42
|
+
<% end -%>
|
43
|
+
```
|
44
|
+
|
45
|
+
This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data. The values are automatically base64 encoded. Produces:
|
46
|
+
|
47
|
+
.kubes/output/shared/secret.yaml
|
48
|
+
|
49
|
+
```yaml
|
50
|
+
metadata:
|
51
|
+
namespace: demo
|
52
|
+
name: demo-2a78a13682
|
53
|
+
labels:
|
54
|
+
app: demo
|
55
|
+
apiVersion: v1
|
56
|
+
kind: Secret
|
57
|
+
data:
|
58
|
+
db_pass: dGVzdDEK
|
59
|
+
db_user: dGVzdDIK
|
60
|
+
```
|
61
|
+
|
62
|
+
## Variables
|
63
|
+
|
64
|
+
These environment variables can be set:
|
65
|
+
|
66
|
+
Name | Description
|
67
|
+
---|---
|
68
|
+
AWS_SSM_PREFIX | Prefixed used to list and filter AWS SSM Parameters. IE: `demo/dev/`.
|
69
|
+
|
70
|
+
Secrets#initialize options:
|
71
|
+
|
72
|
+
Variable | Description | Default
|
73
|
+
---|---|---
|
74
|
+
base64 | Automatically base64 encode the values. | false
|
75
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
76
|
+
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
77
|
+
|
78
|
+
{% include helpers/base64.md %}
|
@@ -4,28 +4,9 @@ nav_text: Secrets
|
|
4
4
|
categories: helpers-aws
|
5
5
|
---
|
6
6
|
|
7
|
-
|
7
|
+
The `aws_secret` helper fetches secret data from AWS Secrets Manager.
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_user | jq '.SecretString'
|
12
|
-
user
|
13
|
-
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_pass | jq '.SecretString'
|
14
|
-
pass
|
15
|
-
|
16
|
-
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
17
|
-
|
18
|
-
.kubes/config/hooks/kubes.rb
|
19
|
-
|
20
|
-
```ruby
|
21
|
-
secrets = KubesAws::Secrets.new(upcase: true, prefix: "demo/dev/")
|
22
|
-
before("compile",
|
23
|
-
label: "Get secrets from AWS Secrets Manager",
|
24
|
-
execute: secrets,
|
25
|
-
)
|
26
|
-
```
|
27
|
-
|
28
|
-
Then set the secrets in the YAML:
|
9
|
+
## Example
|
29
10
|
|
30
11
|
.kubes/resources/shared/secret.yaml
|
31
12
|
|
@@ -37,12 +18,17 @@ metadata:
|
|
37
18
|
labels:
|
38
19
|
app: demo
|
39
20
|
data:
|
40
|
-
|
41
|
-
|
42
|
-
<% end -%>
|
21
|
+
PASS: <%= aws_secret("demo-#{Kubes.env}-PASS") %>
|
22
|
+
USER: <%= aws_secret("demo-#{Kubes.env}-USER") %>
|
43
23
|
```
|
44
24
|
|
45
|
-
|
25
|
+
For example if you have these secret values:
|
26
|
+
|
27
|
+
$ aws secretsmanager get-secret-value --secret-id demo-dev-PASS | jq '.SecretString'
|
28
|
+
test1
|
29
|
+
$ aws secretsmanager get-secret-value --secret-id demo-dev-USER | jq '.SecretString'
|
30
|
+
test2
|
31
|
+
$
|
46
32
|
|
47
33
|
.kubes/output/shared/secret.yaml
|
48
34
|
|
@@ -55,75 +41,19 @@ metadata:
|
|
55
41
|
apiVersion: v1
|
56
42
|
kind: Secret
|
57
43
|
data:
|
58
|
-
|
59
|
-
|
44
|
+
PASS: dGVzdDEK
|
45
|
+
USER: dGVzdDIK
|
60
46
|
```
|
61
47
|
|
62
|
-
|
48
|
+
The values are automatically base64 encoded.
|
63
49
|
|
64
|
-
|
50
|
+
## Base64 Option
|
65
51
|
|
66
|
-
|
67
|
-
{\"a\":1,\"b\":2}"
|
68
|
-
|
69
|
-
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
70
|
-
|
71
|
-
.kubes/config/hooks/kubes.rb
|
52
|
+
The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
|
72
53
|
|
73
54
|
```ruby
|
74
|
-
|
75
|
-
|
76
|
-
label: "Get secrets from AWS Secrets Manager",
|
77
|
-
execute: secrets,
|
78
|
-
)
|
55
|
+
aws_secret("demo-#{Kubes.env}-USER", base64: true) # default is base64=true
|
56
|
+
aws_secret("demo-#{Kubes.env}-PASS", base64: false)
|
79
57
|
```
|
80
58
|
|
81
|
-
Then set the secrets in the YAML:
|
82
|
-
|
83
|
-
.kubes/resources/shared/secret.yaml
|
84
|
-
|
85
|
-
```yaml
|
86
|
-
apiVersion: v1
|
87
|
-
kind: Secret
|
88
|
-
metadata:
|
89
|
-
name: demo
|
90
|
-
labels:
|
91
|
-
app: demo
|
92
|
-
data:
|
93
|
-
<% k2 = JSON.load(KubesAws::Secrets.data["k2"]) %>
|
94
|
-
a: <%= base64(k2["a"]) %>
|
95
|
-
b: <%= base64(k2["b"]) %>
|
96
|
-
```
|
97
|
-
|
98
|
-
Produces:
|
99
|
-
|
100
|
-
```yaml
|
101
|
-
metadata:
|
102
|
-
namespace: demo-dev
|
103
|
-
name: demo-a4cd604a95
|
104
|
-
labels:
|
105
|
-
app: demo
|
106
|
-
apiVersion: v1
|
107
|
-
kind: Secret
|
108
|
-
data:
|
109
|
-
a: MQ==
|
110
|
-
b: Mg==
|
111
|
-
```
|
112
|
-
|
113
|
-
## Variables
|
114
|
-
|
115
|
-
These environment variables can be set:
|
116
|
-
|
117
|
-
Name | Description
|
118
|
-
---|---
|
119
|
-
AWS_SECRET_PREFIX | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`.
|
120
|
-
|
121
|
-
Secrets#initialize options:
|
122
|
-
|
123
|
-
Variable | Description | Default
|
124
|
-
---|---|---
|
125
|
-
base64 | Automatically base64 encode the values. | false
|
126
|
-
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
127
|
-
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
128
|
-
|
129
59
|
{% include helpers/base64.md %}
|
@@ -4,26 +4,9 @@ nav_text: SSM
|
|
4
4
|
categories: helpers-aws
|
5
5
|
---
|
6
6
|
|
7
|
-
|
7
|
+
The `aws_ssm` helper fetches data from AWS SSM Parameter Store.
|
8
8
|
|
9
|
-
|
10
|
-
user
|
11
|
-
$ aws ssm get-parameter --name /demo/development/db_pass --with-decryption | jq '.Parameter.Value'
|
12
|
-
pass
|
13
|
-
|
14
|
-
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
15
|
-
|
16
|
-
.kubes/config/hooks/kubes.rb
|
17
|
-
|
18
|
-
```ruby
|
19
|
-
ssm = KubesAws::SSM.new(upcase: true, prefix: "/demo/development/")
|
20
|
-
before("compile",
|
21
|
-
label: "Get secrets from AWS SSM Manager",
|
22
|
-
execute: ssm,
|
23
|
-
)
|
24
|
-
```
|
25
|
-
|
26
|
-
Then set the secrets in the YAML:
|
9
|
+
## Example
|
27
10
|
|
28
11
|
.kubes/resources/shared/secret.yaml
|
29
12
|
|
@@ -35,12 +18,16 @@ metadata:
|
|
35
18
|
labels:
|
36
19
|
app: demo
|
37
20
|
data:
|
38
|
-
|
39
|
-
|
40
|
-
<% end -%>
|
21
|
+
PASS: <%= aws_ssm("/demo/#{Kubes.env}/PASS") %>
|
22
|
+
USER: <%= aws_ssm("/demo/#{Kubes.env}/USER") %>
|
41
23
|
```
|
42
24
|
|
43
|
-
|
25
|
+
For example if you have these ssm parameter values:
|
26
|
+
|
27
|
+
$ aws ssm get-parameter --name /demo/dev/PASS --with-decryption | jq '.Parameter.Value'
|
28
|
+
test1
|
29
|
+
$ aws ssm get-parameter --name /demo/dev/USER --with-decryption | jq '.Parameter.Value'
|
30
|
+
test2
|
44
31
|
|
45
32
|
.kubes/output/shared/secret.yaml
|
46
33
|
|
@@ -53,24 +40,19 @@ metadata:
|
|
53
40
|
apiVersion: v1
|
54
41
|
kind: Secret
|
55
42
|
data:
|
56
|
-
|
57
|
-
|
43
|
+
PASS: dGVzdDEK
|
44
|
+
USER: dGVzdDIK
|
58
45
|
```
|
59
46
|
|
60
|
-
|
61
|
-
|
62
|
-
These environment variables can be set:
|
47
|
+
The values are automatically base64 encoded.
|
63
48
|
|
64
|
-
|
65
|
-
---|---
|
66
|
-
AWS_SSM_PREFIX | Prefixed used to list and filter AWS SSM Parameters. IE: `demo/dev/`.
|
49
|
+
## Base64 Option
|
67
50
|
|
68
|
-
|
51
|
+
The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
|
69
52
|
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
53
|
+
```ruby
|
54
|
+
aws_ssm("/demo/#{Kubes.env}/USER", base64: true) # default is base64=true
|
55
|
+
aws_ssm("/demo/#{Kubes.env}/PASS", base64: false)
|
56
|
+
```
|
75
57
|
|
76
|
-
{% include helpers/base64.md %}
|
58
|
+
{% include helpers/base64.md %}
|
@@ -0,0 +1,78 @@
|
|
1
|
+
---
|
2
|
+
title: Advanced Google Secrets
|
3
|
+
nav_text: Secrets
|
4
|
+
categories: advanced-helpers-google
|
5
|
+
---
|
6
|
+
|
7
|
+
This covers an advanced way so that Kubernetes Secrets are created from Google Secrets in a conventional way.
|
8
|
+
|
9
|
+
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
|
10
|
+
|
11
|
+
.kubes/config/hooks/kubes.rb
|
12
|
+
|
13
|
+
```ruby
|
14
|
+
before("compile",
|
15
|
+
execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
|
16
|
+
)
|
17
|
+
```
|
18
|
+
|
19
|
+
Then set the secrets in the YAML:
|
20
|
+
|
21
|
+
.kubes/resources/shared/secret.yaml
|
22
|
+
|
23
|
+
```yaml
|
24
|
+
apiVersion: v1
|
25
|
+
kind: Secret
|
26
|
+
metadata:
|
27
|
+
name: demo
|
28
|
+
labels:
|
29
|
+
app: demo
|
30
|
+
data:
|
31
|
+
<% KubesGoogle::Secrets.data.each do |k,v| -%>
|
32
|
+
<%= k %>: <%= base64(v) %>
|
33
|
+
<% end -%>
|
34
|
+
```
|
35
|
+
|
36
|
+
This results in Google secrets with the prefix the `demo-dev-` being added to the Kubernetes secret data. The values are automatically base64 encoded.
|
37
|
+
|
38
|
+
For example if you have these secret values:
|
39
|
+
|
40
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_user
|
41
|
+
test1
|
42
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_pass
|
43
|
+
test2
|
44
|
+
$
|
45
|
+
|
46
|
+
.kubes/output/shared/secret.yaml
|
47
|
+
|
48
|
+
```yaml
|
49
|
+
metadata:
|
50
|
+
namespace: demo
|
51
|
+
name: demo-2a78a13682
|
52
|
+
labels:
|
53
|
+
app: demo
|
54
|
+
apiVersion: v1
|
55
|
+
kind: Secret
|
56
|
+
data:
|
57
|
+
db_pass: dGVzdDEK
|
58
|
+
db_user: dGVzdDIK
|
59
|
+
```
|
60
|
+
|
61
|
+
## Variables
|
62
|
+
|
63
|
+
These environment variables can be set:
|
64
|
+
|
65
|
+
Name | Description
|
66
|
+
---|---
|
67
|
+
GCP_SECRET_PREFIX | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`.
|
68
|
+
GOOGLE_PROJECT | Google project id.
|
69
|
+
|
70
|
+
Secrets#initialize options:
|
71
|
+
|
72
|
+
Variable | Description | Default
|
73
|
+
---|---|---
|
74
|
+
base64 | Automatically base64 encode the values. | false
|
75
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
76
|
+
prefix | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`. Can also be set with the `GCP_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
77
|
+
|
78
|
+
{% include helpers/base64.md %}
|