kubes 0.6.1 → 0.6.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68eb4fe2f49953dd133ed6d5baece88f47ff0078162576a0cc41238bf571b6fc
-  data.tar.gz: 29821780f33d80b168f20d2f42e38074776230ed7cde8fc474d947c70bc6f099
+  metadata.gz: bf9376a1ec924961f11b70829fc8562f362ba6b21a3c143de19fdc3e99d63772
+  data.tar.gz: 0ea939256551c293aeb290d868fbbf12d169496ff3ed4974a80ce8dcea2e08cd
 SHA512:
-  metadata.gz: 0c6de28da8411c1a62cc6fb310e0057aaae12d4e219c14399002b81731f5ecc3f20b596247a367068a5c83695f7d25ffdb0583004e8e7b3812eaf57646b86709
-  data.tar.gz: 828253eb8e9943dd39218de79a73cb6ae2c6652b4f6e88e4aebe1b1ab5b6be44ff9aee199cee9208a8abc5f038608c5ad1ead7836799c57813df37f49ed5e0db
+  metadata.gz: df78700750ea52afea9ced7e8467fe6a628f934819d84887ac8d409435755a63b1e68c62ad4cb197b24ba70b751313e926dd4f8058de5b20665e3c598e46b289
+  data.tar.gz: ff36556409060899721059e38d095bbaa60d4540e2cfc5e229e6fb177fc947e21bb6d5a40d5daf4909b9e58b396b9a7bda28124a190df691ae7e9d3e14e074d9

data/.gcloudignore

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+/.bundle
+/.config
+/.yardoc
+/_yardoc
+/coverage
+/doc/
+/Gemfile.lock
+/InstalledFiles
+/lib/bundler/man
+/pkg
+/rdoc
+/spec/reports
+/test/tmp
+/test/version_tmp
+/tmp
+
+.git
+pkg
+docs
+spec

data/.gitignore

@@ -14,4 +14,4 @@
 /spec/reports
 /test/tmp
 /test/version_tmp
-/tmp
+/tmp

data/CHANGELOG.md

@@ -3,6 +3,21 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.6.6] - 2020-11-12
+- dependencies version bump: kubes_aws and kubes_google
+
+## [0.6.5] - 2020-11-12
+- [#39](https://github.com/boltops-tools/kubes/pull/39) google secrets fetcher option
+
+## [0.6.4] - 2020-11-11
+- [#38](https://github.com/boltops-tools/kubes/pull/38) fix auto auth for docker login to registry, docs for secret base64, update dependencies
+
+## [0.6.3] - 2020-11-11
+- [#37](https://github.com/boltops-tools/kubes/pull/37) Dockerfile for ci and hook updates
+
+## [0.6.2]
+- [#36](https://github.com/boltops-tools/kubes/pull/36) add plugin hooks support
+
 ## [0.6.1]
 - update gemspec dependency to plugins that provide the secrets helpers
 

data/Dockerfile

@@ -1,10 +1,10 @@
-FROM ruby:2.7-alpine
+FROM ruby:2.7
 
-RUN apk add --no-cache docker
-RUN apk add --no-cache build-base ruby ruby-dev
-
-RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl
-RUN chmod u+x kubectl && mv kubectl /bin/kubectl
+COPY docker docker
+RUN docker/install/docker.sh
+RUN docker/install/gcloud.sh
+ENV PATH=/opt/google/google-cloud-sdk/bin/:$PATH
+RUN docker/install/kubectl.sh
 
 WORKDIR /app
 ADD . /app

data/Dockerfile.alpine

@@ -0,0 +1,20 @@
+FROM ruby:2.7-alpine
+
+# This Dockerfile is much lighter but won't work with gke whitelisting. Getting this error when the google gke sdk is called:
+#
+#    Error loading shared library ld-linux-x86-64.so.2: No such file or directory #986
+#
+# If you don't need gke whitelisting, then this image should work and is lighter.
+
+RUN apk add --no-cache docker
+RUN apk add --no-cache build-base ruby ruby-dev
+
+RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
+RUN chmod u+x kubectl && mv kubectl /bin/kubectl
+
+WORKDIR /app
+ADD . /app
+RUN bundle install
+RUN rake install
+
+ENTRYPOINT ["/usr/local/bundle/bin/kubes"]

data/README.md

@@ -18,13 +18,6 @@ Kubes will:
 2. Compile Kubernetes YAML files from YAML/ERB or a DSL and adjusts the Docker build image
 3. Deploy via kubectl apply on the compiled Kubernetes YAML files
 
-Features:
-
-* Automation: [Builds the Docker image](docs/docker.md) and updates the compiled YAML files
-* Syntactic Sugar: Use an optional [ERB/YAML](docs/yaml.md) or [DSL](docs/dsl.md) to write your Kubernetes YAML files. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
-* Layering: Use the same Kubernetes YAML to build multiple environments like dev and prod with [layering](docs/layering.md).
-* CLI Customizations: You can customize the [cli args](docs/kubectl.md). You can also run hooks before and after kubectl commands.
-
 ## Usage
 
     kubes init # creates .kubes structure

data/docker/install/docker.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+apt-get update
+apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
+curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
+apt-get update
+apt-get install docker-ce docker-ce-cli containerd.io -y

data/docker/install/gcloud.sh

@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+
+[ -e /opt/google ] && exit
+
+mkdir -p /opt/google
+
+cd /opt/google
+wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-318.0.0-linux-x86_64.tar.gz
+tar zxf google-cloud-sdk*.tar.gz
+rm -f google-cloud-sdk*.tar.gz
+
+/opt/google/google-cloud-sdk/install.sh -q
+
+cat << FOE >> ~/.bash_profile
+
+source /opt/google/google-cloud-sdk/completion.bash.inc
+source /opt/google/google-cloud-sdk/path.bash.inc
+FOE

data/docker/install/kubectl.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
+chmod u+x kubectl && mv kubectl /bin/kubectl

data/docs/_docs/config/hooks/kubes.md

@@ -13,6 +13,7 @@ Hook | Description
 compile | When kubes compiles the `.kubes/resources` to `.kubes/output`.
 apply | When kubes runs all the `kubectl apply` commands.
 delete | When kubes runs all the `kubectl delete` commands.
+prune | When kubes prunes. IE: To clean old secrets.
 
 ## Lifecycle At Kubes Level
 

data/docs/_docs/config/reference.md

@@ -16,6 +16,7 @@ kubectl.order.roles | Change ordering for Kubes Roles. | See [source code](https
 logger | Logger object | Logger.new($stdout)
 logger.level | Logger level. Can also be set with `KUBES_LOG_LEVEL` env var | info
 repo | The Docker repo to use. Required to be set. | nil
+repo_auto_auth | Whether or not to try to auth authorize docker repo registry if not yet logged in. Can also be set with env var `KUBES_REPO_AUTO_AUTO` | true
 skip | List of resources to skip. Can also be set with the `KUBES_SKIP` env var. `KUBES_SKIP` should be a list of strings separated by spaces. It adds onto the `config.skip` option. | []
 state.docker_image_path | Where to store the state file with the last build Docker image. | .kubes/state/docker_image.txt
 suffix_hash | Whether or not to append suffix hash to ConfigMap and Secret | true

data/docs/_docs/dsl/multiple-resources.md

@@ -39,7 +39,9 @@ Using multiple files is the general recommended approach.
 
 ## Multiple Resources: Block Form
 
-You can also use a block form to create multiple resources.  You name the resource files with plural names. An example helps explain:
+You can also use a block form to create multiple resources.  The multiple resources block form is an experimental feature.
+
+You name the resource files with plural names. An example helps explain:
 
     .kubes
     └── resources

data/docs/_docs/helpers.md

@@ -26,16 +26,4 @@ There are also provider-specific helpers:
 * [AWS Helpers]({% link _docs/helpers/aws.md %})
 * [Google Helpers]({% link _docs/helpers/google.md %})
 
-## Generator
-
-To help you get started quickly, you can generate starter helper code.
-
-    $ kubes new helper custom
-          create  .kubes/helpers/custom_helper.rb
-
-.kubes/helpers/custom_helper.rb
-
-```ruby
-module CustomHelper
-end
-```
+{% include helpers/generator.md %}

data/docs/_docs/helpers/aws/secrets.md

@@ -45,11 +45,23 @@ data:
   USER: dGVzdDIK
 ```
 
-The values are automatically base64 encoded.
+By default, the values are automatically base64 encoded.
 
 ## Base64 Option
 
-The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
+By default, the values are automatically base64 encoded. You can change the default behavior with a config option.
+
+.kubes/config.rb
+
+```ruby
+KubesAws.configure do |config|
+  config.secrets.base64 = false
+end
+```
+
+Note: The use of `KubesAws.configure` instead of `Kubes.configure` here.
+
+You can also set the `base64` option to turn on and off the automated base64 encoding on a per secret basis.
 
 ```ruby
 aws_secret("demo-#{Kubes.env}-USER", base64: true)  # default is base64=true

data/docs/_docs/helpers/aws/ssm.md

@@ -44,11 +44,11 @@ data:
   USER: dGVzdDIK
 ```
 
-The values are automatically base64 encoded.
+The values are base64 encoded based on the SSM parameter type. When the type is a `SecureString`, Kubes base64 encodes it. Other types are not base64 encoded.  You can override this behavior with the base64 option, described next.
 
 ## Base64 Option
 
-The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
+The value is automatically base64 encoded based on whether or not the SSM parameter type is a `SecureString`. You can explicitly the `base64` option if needed though. Example:
 
 ```ruby
 aws_ssm("/demo/#{Kubes.env}/USER", base64: true)  # default is base64=true

data/docs/_docs/helpers/custom.md

@@ -38,3 +38,4 @@ data:
   DATABASE_ENDPOINT: <%= database_endpoint %>
 ```
 
+{% include helpers/generator.md %}

data/docs/_docs/helpers/google.md

@@ -14,4 +14,22 @@ List of Google helpers:
 * By default, `KubeGoogle.logger = Kubes.logger`. This means, you can set `logger.level = "debug"` in `.kubes/config.rb` to see more details.
 * The `gcloud` cli is used to create IAM roles. So `gcloud` is required.
 * Note: Would like to use the google sdk, but it wasn't obvious how to do so. PRs are welcomed.
-* The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library.
+* The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library.
+
+## Authentication
+
+Most of the Google helpers use the SDK to call the Google Cloud API. As such, it needs to be authenticated.  You can do this by setting the `GOOGLE_APPLICATION_CREDENTIALS` environment variable point to the path with a service account credentials file. IE:
+
+.bash_profile
+
+    export GOOGLE_APPLICATION_CREDENTIALS=~/.gcp/service-account.json
+
+If you would like to use a user IAM credentials instead of a service account. You can also run use [application-default login](https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login). Example:
+
+    gcloud auth application-default login
+
+This generates an Application Default Credentials at `.config/gcloud/application_default_credentials.json`. Note, make sure that `GOOGLE_APPLICATION_CREDENTIALS` is not set or else the `application_default_credentials.json` will not be used.  Also, the google sdk prints a warning to use a service account instead. You can suppress that warning with this:
+
+.bash_profile
+
+    export GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS=1

data/docs/_docs/helpers/google/gke.md

@@ -0,0 +1,92 @@
+---
+title: GKE Whitelisting
+nav_text: GKE
+categories: helpers-google
+---
+
+This page covers how to enable GKE IP Whitelisting. This feature is useful for deploying from a CloudBuild with GKE Private Clusters.
+
+GKE Private Clusters whitelist and only allow authorized IPs to communicate with the Kubernetes control plane.  An issue with CloudBuild is that the IP address is not well-known.  Google creates a VM to run the CI scripts and throws it away when finished.  Kubes can detect the IP of the CloudBuild machine, add it to the cluster, deploy, and remove the IP afterward.
+
+## Setup
+
+To enable the GKE IP whitelisting feature, it's a few simple configurations:
+
+.kubes/config/env/dev.rb
+
+```ruby
+KubesGoogle.configure do |config|
+  config.gke.cluster_name = "dev-cluster"
+  config.gke.google_region = ENV['GOOGLE_REGION']
+  config.gke.google_project = ENV['GOOGLE_PROJECT']
+  config.gke.enable_get_credentials = true # enable hook to call: gcloud container clusters get-credentials
+end
+```
+
+Note: The use of `KubesGoogle.configure` instead of `Kubes.configure` here.
+
+This enables `kubes apply` before and after hooks to add and remove the current machine IP.
+
+## Options
+
+Here are the `config.gke` settings:
+
+Name | Description | Default
+---|---|---
+{% include plugins/gke-config.md %}
+
+## Build Docker Image
+
+To build kubes as a Docker image entrypoint for [Google CloudBuild Custom Builder](https://cloud.google.com/cloud-build/docs/configuring-builds/use-community-and-custom-builders).
+
+    git clone http://github.com/boltops-tools/kubes
+    cd kubes
+    gcloud builds submit --tag gcr.io/$GOOGLE_PROJECT/kubes
+
+Be sure to set GOOGLE_PROJECT to your own project id.
+
+## Example Codebuild YAML
+
+cloudbuild.yaml:
+
+```yaml
+steps:
+- name: 'gcr.io/$PROJECT_ID/kubes'
+  args: ['deploy']
+  env:
+  - 'DOCKER_REPO=gcr.io/$PROJECT_ID/demo'
+  - 'GOOGLE_PROJECT=$PROJECT_ID' # .kubes/config.rb: config.repo
+  - 'KUBES_ENV=$_KUBES_ENV'
+  - 'KUBES_EXTRA=$_KUBES_EXTRA'
+  - 'KUBES_REPO_AUTO_AUTH=0'
+
+substitutions:
+  _KUBES_ENV: dev
+  _KUBES_EXTRA: ''
+options:
+    substitution_option: 'ALLOW_LOOSE'
+```
+
+Make sure to replace the substitutions with your own values. IE: _KUBES_ENV, etc.
+
+## Google CloudBuild IAM Permissions
+
+In order to update the GKE cluster master authorized IP and whitelist the CloudBuild IP, you'll need to allow the CloudBuild IAM role permissions.
+
+Important: The "Kubernetes Engine Developer" that is available in the Cloud Build Settings page as described in [Configuring access for Cloud Build Service Account](https://cloud.google.com/cloud-build/docs/securing-builds/configure-access-for-cloud-build-service-account) does not suffice. You'll need to add the "Kubernetes Engine Cluster Admin" role. Here are the steps:
+
+1. Go to the Google IAM Console and search "cloudbuild"
+2. Click "Edit Member"
+3. Add the "Kubernetes Engine Cluster Admin" role
+
+## Run CloudBuild
+
+Run cloudbuild to deploy the dev env:
+
+    gcloud builds submit --config cloudbuild.yaml
+
+To deploy the prod env:
+
+    gcloud builds submit --config cloudbuild.yaml --substitutions _KUBES_ENV=prod
+
+See [gcloud builds submit](https://cloud.google.com/sdk/gcloud/reference/builds/submit) reference docs for more options.

data/docs/_docs/helpers/google/secrets.md

@@ -57,7 +57,19 @@ GOOGLE_PROJECT | Google project id. This is required.
 
 ## Base64 Option
 
-The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
+By default, the values are automatically base64 encoded. You can change the default behavior with a config option.
+
+.kubes/config.rb
+
+```ruby
+KubesGoogle.configure do |config|
+  config.secrets.base64 = true
+end
+```
+
+Note: The use of `KubesGoogle.configure` instead of `Kubes.configure` here.
+
+You can also set the `base64` option to turn on and off the automated base64 encoding on a per secret basis.
 
 ```ruby
 google_secret("demo-#{Kubes.env}-USER", base64: true)  # default is base64=true
@@ -65,3 +77,19 @@ google_secret("demo-#{Kubes.env}-PASS", base64: false)
 ```
 
 {% include helpers/base64.md %}
+
+## Fetcher Strategy
+
+Some systems configured with a VPN seem to have issues with the Google secrets SDK. You may see an error:
+
+    Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.
+
+As a workaround to this error, you can use the `gcloud` instead of the default `sdk` fetcher strategy. To configure it:
+
+.kubes/config.rb
+
+```ruby
+KubesGoogle.configure do |config|
+  config.secrets.fetcher = "gcloud"
+end
+```

data/docs/_docs/layering/mix.md

@@ -70,7 +70,7 @@ spec:
 
 ## Output
 
-The result is the merge layered files.
+The result is the merged layered files.
 
 ```yaml
 metadata:

data/docs/_docs/plugins.md

@@ -0,0 +1,12 @@
+---
+title: Kubes Plugins
+---
+
+Kubes makes it easier to work with Kubernetes by automating the deployment workflow. Many of the conveniences it adds is done with plugins. For example, `aws_secret`, `aws_ssm`, `google_secret` are implemented with Cloud Provider specific Kubes plugins.
+
+## Baseline Plugins
+
+The baseline plugins that currently ship with Kubes are:
+
+* [kubes_aws]({% link _docs/plugins/aws.md %})
+* [kubes_google]({% link _docs/plugins/google.md %})

data/docs/_docs/plugins/aws.md

@@ -0,0 +1,21 @@
+---
+title: AWS Kubes Plugin
+---
+
+The AWS Kubes Plugin adds support helpers like `aws_secret`. You can configure it's behavior. Example:
+
+.kubes/config.rb
+
+```ruby
+KubesAws.configure do |config|
+  config.secrets.base64 = false
+end
+```
+
+## Options Reference Table
+
+Here's a table with the options:
+
+Name | Description | Default
+---|---|---
+secrets.base64 | Whether or not to automatically base64 encoded values returned by the `aws_secret` helper. | true

data/docs/_docs/plugins/google.md

@@ -0,0 +1,22 @@
+---
+title: Google Kubes Plugin
+---
+
+The Google Kubes Plugin adds support helpers like `google_secret`. You can configure it's behavior. Example:
+
+.kubes/config.rb
+
+```ruby
+KubesGoogle.configure do |config|
+  config.secrets.base64 = true
+end
+```
+
+## Options Reference Table
+
+Here's a table with the options:
+
+Name | Description | Default
+---|---|---
+secrets.base64 | Whether or not to automatically base64 encoded values returned by the `google_secret` helper. | true
+{% include plugins/gke-config.md %}

data/docs/_docs/variables.md

@@ -9,15 +9,4 @@ You can set variables to be made available to the templates. Generally, it is re
 * [{{ doc.title }}]({{ doc.url }})
 {% endfor %}
 
-## Generator
-
-To help you get started quickly, you can generate starter variable code.
-
-    $ kubes new variable
-          create  .kubes/variables/dev.rb
-
-.kubes/variables/dev.rb
-
-```ruby
-@example = "dev-value"
-```
+{% include variables/generator.md %}

data/docs/_docs/variables/advanced.md

@@ -60,3 +60,5 @@ base/KIND/ENV.rb  | base/deployment/dev.rb
 ROLE/KIND.rb      | web/deployment.rb
 ROLE/KIND/base.rb | web/deployment/base.rb
 ROLE/KIND/ENV.rb  | web/deployment/dev.rb
+
+{% include variables/generator.md %}

data/docs/_docs/variables/basic.md

@@ -135,3 +135,5 @@ spec:
 apiVersion: apps/v1
 kind: Deployment
 ```
+
+{% include variables/generator.md %}

data/docs/_docs/vs/custom.md

@@ -4,7 +4,7 @@ nav_text: Custom Solutions
 categories: vs
 ---
 
-Kubernetes provide a great platform to run and manage Docker containers. The `kubectl` command how you usually interact with a Kubernetes cluster.  It does its job well and is quite a powerful tool.
+Kubernetes provides a great platform to run and manage Docker containers. The `kubectl` command is usually how you interact with a Kubernetes cluster.  It does its job well and is quite a powerful tool.
 
 {% include vs/article.md %}
 
@@ -51,7 +51,7 @@ We've duplicated `service.yaml` and `deployment.yaml`, though. Instead, it'll be
 
 ## PreBuilt Docker Image
 
-Additionally, the Docker image is expected to be prebuilt. Because you must first build the Docker image, folks will usually write bash script that perform these additional steps and then glue things together.
+Additionally, the Docker image is expected to be prebuilt. Because you must first build the Docker image, folks will usually write bash script that performs these additional steps and then glue things together.
 
 ## Kubernetes Resources Galore
 
@@ -82,7 +82,7 @@ The same code is used to create different environments. Kubes achieves this with
 
 ## Hooks
 
-Kubes support a variety of hooks run scripts at any part of the `kubectl` commands. This allows you customize and add app-specific logic needed. Example:
+Kubes support a variety of hooks run scripts at any part of the `kubectl` commands. This allows you to customize and add app-specific logic needed. Example:
 
 .kubes/config/hooks/kubectl.rb
 

data/docs/_includes/helpers/generator.md

@@ -0,0 +1,13 @@
+## Generator
+
+To help you get started quickly, you can generate starter helper code.
+
+    $ kubes new helper custom
+          create  .kubes/helpers/custom_helper.rb
+
+.kubes/helpers/custom_helper.rb
+
+```ruby
+module CustomHelper
+end
+```

data/docs/_includes/layering/layers.md

@@ -48,15 +48,13 @@ ROLE/KIND/ENV.{{ include.ext }}  | web/deployment/dev.{{ include.ext }}
 2. Then you can define the core of your resource definition in the `ROLE/KIND.{{ include.ext }}`. Example: `web/deployment.{{ include.ext }}`
 3. Finally, you can provide environment-specific overrides in the `ROLE/KIND/ENV.{{ include.ext }}`. Example: `web/deployment/dev.{{ include.ext }}`.
 
-Here's an example of the structure:
+Here's a concrete example of layering with the deployment resource kind:
 
-    .kubes/resources/
-    ├── base
-    │   ├── all.{{ include.ext }}
-    │   └── deployment.{{ include.ext }}
-    └── web
-        ├── deployment
-        │   ├── dev.{{ include.ext }}
-        │   └── prod.{{ include.ext }}
-        ├── deployment.{{ include.ext }}
-        └── service.{{ include.ext }}
+    .kubes/resources/base/all.{{ include.ext }}
+    .kubes/resources/base/deployment.{{ include.ext }}
+    .kubes/resources/web/deployment.{{ include.ext }}
+    .kubes/resources/web/deployment/dev.{{ include.ext }}
+
+All of these files get layered and merged together to produce a resulting deployment.{{ include.ext }}
+
+    .kubes/output/web/deployment.{{ include.ext }}

data/docs/_includes/plugins/gke-config.md

@@ -0,0 +1,6 @@
+gke.cluster_name | GKE cluster name. This is required when using the [GKE whitelisting feature]({% link _docs/helpers/google/gke.md %}). | nil
+gke.enable_get_credentials | Whether or not to run the hook that calls `gcloud container clusters get-credentials`. This spares you from having to call it manually. | false
+gke.enable_hooks | This will be true when the cluster_name is set. So there's no need to set it. The option provides a quick way to override and disable running the hooks. | true
+gke.google_project | Google project. Can also be set with the env var `GOOGLE_PROJECT`. `GOOGLE_PROJECT` takes precedence. | nil
+gke.google_region | Google region cluster is in. Can also be set with the env var `GOOGLE_REGION`. `GOOGLE_REGION` takes precedence. | nil
+gke.whitelist_ip | Explicit IP to whitelist. By default the IP address of the current machine is automatically detected and used. | nil

data/docs/_includes/sidebar.html

@@ -173,6 +173,12 @@
           <li><a href="{% link _docs/extra-env/dsl.md %}">DSL</a></li>
         </ul>
       </li>
+      <li><a href="{% link _docs/plugins.md %}">Plugins</a>
+        <ul>
+          <li><a href="{% link _docs/plugins/aws.md %}">AWS</a></li>
+          <li><a href="{% link _docs/plugins/google.md %}">Google</a></li>
+        </ul>
+      </li>
       <li>Misc
         <ul>
           <li><a href="{% link _docs/misc/kustomize.md %}">Kustomize Support</a></li>

data/docs/_includes/variables/generator.md

@@ -0,0 +1,23 @@
+## Generator
+
+To help you get started quickly, you can generate starter variable code.
+
+    $ kubes new variable
+          create  .kubes/variables/dev.rb
+
+.kubes/variables/dev.rb
+
+```ruby
+@example = "dev-value"
+```
+
+To create the prod variables, set `KUBES_ENV=prod`.
+
+    $ KUBES_ENV=prod kubes new variable
+          create  .kubes/variables/prod.rb
+
+.kubes/variables/prod.rb
+
+```ruby
+@example = "prod-value"
+```

data/kubes.gemspec

@@ -29,8 +29,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency "zeitwerk"
 
   # core helper libs
-  spec.add_dependency "kubes_aws", "~> 0.2.0"
-  spec.add_dependency "kubes_google", "~> 0.2.0"
+  spec.add_dependency "kubes_aws", "~> 0.3.1"
+  spec.add_dependency "kubes_google", "~> 0.3.3"
 
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "byebug"

data/lib/kubes/auth.rb

@@ -13,6 +13,7 @@ module Kubes
     # Currently only support ECR and GCR
     # TODO: consider moving this to plugin gems
     def strategy_class
+      return unless auth?
       case @image
       when /\.amazonaws\.com/ # IE: 112233445566.dkr.ecr.us-west-2.amazonaws.com/demo/sinatra
         Ecr
@@ -20,5 +21,13 @@ module Kubes
         Gcr
       end
     end
+
+    def auth?
+      if ENV['KUBES_REPO_AUTO_AUTH'].nil?
+        Kubes.config.repo_auto_auth
+      else
+        %w[1 true].include?(ENV['KUBES_REPO_AUTO_AUTH'])
+      end
+    end
   end
 end

data/lib/kubes/cli/apply.rb

@@ -4,7 +4,6 @@ class Kubes::CLI
       compile
       logger.info "Deploying kubes resources"
       Kubes::Kubectl::Dispatcher.new(:apply, @options).run
-      Prune.new(@options.merge(yes: true, quiet: true)).run if Kubes.config.auto_prune # prune old secrets and config maps
     end
   end
 end

data/lib/kubes/cli/prune.rb

@@ -2,15 +2,17 @@ class Kubes::CLI
   class Prune < Base
     KINDS = %w[ConfigMap Secret]
     extend Memoist
+    include Kubes::Hooks::Concern
     include Kubes::Util::Sure
 
     def run
       return unless anything_to_prune?
       logger.info "Pruning old resources: #{KINDS.join(', ')}"
-
       perform(preview: true) unless @options[:yes]
       sure?("This will prune/delete resources. Are you sure?")
-      perform(preview: false)
+      run_hooks("kubes.rb", name: "prune") do
+        perform(preview: false)
+      end
     end
 
     def fetcher

data/lib/kubes/compiler/shared/plugin_helpers.rb

@@ -5,7 +5,7 @@ module Kubes::Compiler::Shared
     def load_plugin_helpers
       return if @@plugin_helpers_loaded
       Kubes::Plugin.plugins.each do |klass|
-        helpers_class = "#{klass}::Helpers".constantize
+        helpers_class = "#{klass}::Helpers".constantize # IE: KubesAws::Helpers
         self.class.send :include, helpers_class
       end
       @@plugin_helpers_loaded = true

data/lib/kubes/config.rb

@@ -31,6 +31,7 @@ module Kubes
       config.kubectl.order.kinds = kind_order
 
       config.repo = nil # expected to be set by .kubes/config.rb
+      config.repo_auto_auth = true
 
       config.logger = Logger.new($stderr)
       config.logger.level = ENV['KUBES_LOG_LEVEL'] || :info
@@ -81,9 +82,22 @@ module Kubes
       yield(@config)
     end
 
+    # Load configs example:
+    #
+    # .kubes/config.rb
+    # .kubes/config/env/dev.rb
+    # .kubes/config/plugins/google.rb
+    # .kubes/config/plugins/google/dev.rb
+    #
     def load_configs
       evaluate_file(".kubes/config.rb")
       evaluate_file(".kubes/config/env/#{Kubes.env}.rb")
+      Kubes::Plugin.plugins.each do |klass|
+        # klass: IE: KubesAws, KubesGoogle
+        name = klass.to_s.underscore.sub('kubes_','') # kubes_google => google
+        evaluate_file(".kubes/config/plugins/#{name}.rb")
+        evaluate_file(".kubes/config/plugins/#{name}/#{Kubes.env}.rb")
+      end
     end
   end
 end

data/lib/kubes/hooks/builder.rb

@@ -6,20 +6,36 @@ module Kubes::Hooks
     include Kubes::Logging
 
     attr_accessor :name
-    def initialize(dsl_file, options={})
-      @dsl_file, @options = dsl_file, options # IE: .kubes/config/hooks/kubectl.rb
+    def initialize(file, options={})
+      @file, @options = file, options # IE: .kubes/config/hooks/kubectl.rb
+      @dsl_file = "#{Kubes.root}/.kubes/config/hooks/#{@file}"
       @output_file = options[:file] # IE: .kubes/output/web/service.yaml
       @name = options[:name].to_s
       @hooks = {before: {}, after: {}}
     end
 
     def build
-      return @hooks unless File.exist?(@dsl_file)
       evaluate_file(@dsl_file)
+      evaluate_plugin_hooks
       @hooks.deep_stringify_keys!
     end
     memoize :build
 
+    def evaluate_plugin_hooks
+      Kubes::Plugin.plugins.each do |klass|
+        hooks_class = hooks_class(klass)
+        next unless hooks_class
+        plugin_hooks = hooks_class.new
+        path = "#{plugin_hooks.path}/#{@file}"
+        evaluate_file(path)
+      end
+    end
+
+    def hooks_class(klass)
+      "#{klass}::Hooks".constantize # IE: KubesGoogle::Hooks
+    rescue NameError
+    end
+
     def run_hooks
       build
       run_each_hook("before")
@@ -42,8 +58,7 @@ module Kubes::Hooks
       id = "#{command} #{type} #{@name}"
       on = " on: #{hook["on"]}" if hook["on"]
       label = " label: #{hook["label"]}" if hook["label"]
-      logger.info  "Running #{id} hook.#{on}#{label}"
-      logger.debug "Hook options: #{hook}"
+      logger.info  "Hook: Running #{id} hook.#{on}#{label}"
       Runner.new(hook).run
     end
 

data/lib/kubes/hooks/concern.rb

@@ -2,7 +2,7 @@ module Kubes::Hooks
   module Concern
     # options example: {:name=>"apply", :file=>".kubes/output/web/service.yaml"}
     def run_hooks(file, options={}, &block)
-      hooks = Kubes::Hooks::Builder.new("#{Kubes.root}/.kubes/config/hooks/#{file}", options)
+      hooks = Kubes::Hooks::Builder.new(file, options)
       hooks.build # build hooks
       hooks.run_hooks(&block)
     end

data/lib/kubes/kubectl/batch.rb

@@ -22,10 +22,17 @@ class Kubes::Kubectl
               Kubes::Kubectl.run(@name, @options.merge(file: file))
             end
           end
+          prune # important to call within run_hooks for case of GKE IP whitelisting
         end
       end
     end
 
+    def prune
+      return unless @name == "apply" # only run for apply
+      return unless Kubes.config.auto_prune # prune old secrets and config maps
+      Kubes::CLI::Prune.new(@options.merge(yes: true, quiet: true)).run
+    end
+
     def switch_context(&block)
       kubectl = Kubes.config.kubectl
       context = kubectl.context

data/lib/kubes/version.rb

@@ -1,3 +1,3 @@
 module Kubes
-  VERSION = "0.6.1"
+  VERSION = "0.6.6"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubes
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.6
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-09 00:00:00.000000000 Z
+date: 2020-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -142,28 +142,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.1
 - !ruby/object:Gem::Dependency
   name: kubes_google
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.3
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -243,15 +243,20 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
+- ".gcloudignore"
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
 - Dockerfile
+- Dockerfile.alpine
 - Gemfile
 - Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- docker/install/docker.sh
+- docker/install/gcloud.sh
+- docker/install/kubectl.sh
 - docs/.gitignore
 - docs/CNAME
 - docs/Gemfile
@@ -312,6 +317,7 @@ files:
 - docs/_docs/helpers/google.md
 - docs/_docs/helpers/google/advanced.md
 - docs/_docs/helpers/google/advanced/secrets.md
+- docs/_docs/helpers/google/gke.md
 - docs/_docs/helpers/google/secrets.md
 - docs/_docs/helpers/google/service-account.md
 - docs/_docs/intro.md
@@ -356,6 +362,9 @@ files:
 - docs/_docs/patterns/migrations.md
 - docs/_docs/patterns/multiple-envs.md
 - docs/_docs/patterns/secrets.md
+- docs/_docs/plugins.md
+- docs/_docs/plugins/aws.md
+- docs/_docs/plugins/google.md
 - docs/_docs/resources.md
 - docs/_docs/resources/base.md
 - docs/_docs/resources/role.md
@@ -379,6 +388,7 @@ files:
 - docs/_includes/google_analytics.html
 - docs/_includes/header.html
 - docs/_includes/helpers/base64.md
+- docs/_includes/helpers/generator.md
 - docs/_includes/intro/features.md
 - docs/_includes/intro/install.md
 - docs/_includes/js.html
@@ -390,8 +400,10 @@ files:
 - docs/_includes/learn/repos.md
 - docs/_includes/learn/review.md
 - docs/_includes/learn/start.md
+- docs/_includes/plugins/gke-config.md
 - docs/_includes/reference.md
 - docs/_includes/sidebar.html
+- docs/_includes/variables/generator.md
 - docs/_includes/vs/article.md
 - docs/_includes/vs/kubes/layering.md
 - docs/_includes/vs/kubes/structure.md