kubes 0.6.2 → 0.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gcloudignore +22 -0
- data/.gitignore +1 -1
- data/CHANGELOG.md +3 -0
- data/Dockerfile +6 -6
- data/Dockerfile.alpine +20 -0
- data/docker/install/docker.sh +8 -0
- data/docker/install/gcloud.sh +18 -0
- data/docker/install/kubectl.sh +4 -0
- data/docs/_docs/config/reference.md +1 -0
- data/docs/_docs/helpers/google/gke.md +57 -1
- data/kubes.gemspec +1 -1
- data/lib/kubes/auth.rb +9 -0
- data/lib/kubes/config.rb +1 -0
- data/lib/kubes/hooks/builder.rb +0 -1
- data/lib/kubes/version.rb +1 -1
- metadata +9 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb0b62ecd7b432896bd1fbafc3aeae759f858bcbfb0f2ca9a02ecb60d91fcff3
|
4
|
+
data.tar.gz: 7faf78784573d6d1058fb3641e47356bf725c683cdfc53b081d8926bf2799249
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b7d432057c49947c864594fb2049677b721ff084ccd60403a39e7e360aa2a05157fddef26593004a836eb130d39a2307c6443438861be119affe66a182a05380
|
7
|
+
data.tar.gz: 4a99ff9b1819db41ad13f1340707242a978c37cc83d7dbe8e10a6cf06cac9c3aa65335d9e6d8fc94a500cd267d3b197940d49ec71f76f4a4cb81c5ab71efff9f
|
data/.gcloudignore
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.bundle
|
4
|
+
/.config
|
5
|
+
/.yardoc
|
6
|
+
/_yardoc
|
7
|
+
/coverage
|
8
|
+
/doc/
|
9
|
+
/Gemfile.lock
|
10
|
+
/InstalledFiles
|
11
|
+
/lib/bundler/man
|
12
|
+
/pkg
|
13
|
+
/rdoc
|
14
|
+
/spec/reports
|
15
|
+
/test/tmp
|
16
|
+
/test/version_tmp
|
17
|
+
/tmp
|
18
|
+
|
19
|
+
.git
|
20
|
+
pkg
|
21
|
+
docs
|
22
|
+
spec
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,9 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.6.3] - 2020-11-11
|
7
|
+
- [#37](https://github.com/boltops-tools/kubes/pull/37) Dockerfile for ci and hook updates
|
8
|
+
|
6
9
|
## [0.6.2]
|
7
10
|
- [#36](https://github.com/boltops-tools/kubes/pull/36) add plugin hooks support
|
8
11
|
|
data/Dockerfile
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
FROM ruby:2.7
|
1
|
+
FROM ruby:2.7
|
2
2
|
|
3
|
-
|
4
|
-
RUN
|
5
|
-
|
6
|
-
|
7
|
-
RUN
|
3
|
+
COPY docker docker
|
4
|
+
RUN docker/install/docker.sh
|
5
|
+
RUN docker/install/gcloud.sh
|
6
|
+
ENV PATH=/opt/google/google-cloud-sdk/bin/:$PATH
|
7
|
+
RUN docker/install/kubectl.sh
|
8
8
|
|
9
9
|
WORKDIR /app
|
10
10
|
ADD . /app
|
data/Dockerfile.alpine
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
FROM ruby:2.7-alpine
|
2
|
+
|
3
|
+
# This Dockerfile is much lighter but won't work with gke whitelisting. Getting this error when the google gke sdk is called:
|
4
|
+
#
|
5
|
+
# Error loading shared library ld-linux-x86-64.so.2: No such file or directory #986
|
6
|
+
#
|
7
|
+
# If you don't need gke whitelisting, then this image should work and is lighter.
|
8
|
+
|
9
|
+
RUN apk add --no-cache docker
|
10
|
+
RUN apk add --no-cache build-base ruby ruby-dev
|
11
|
+
|
12
|
+
RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
|
13
|
+
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
|
14
|
+
|
15
|
+
WORKDIR /app
|
16
|
+
ADD . /app
|
17
|
+
RUN bundle install
|
18
|
+
RUN rake install
|
19
|
+
|
20
|
+
ENTRYPOINT ["/usr/local/bundle/bin/kubes"]
|
@@ -0,0 +1,8 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
apt-get update
|
4
|
+
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
|
5
|
+
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
|
6
|
+
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
|
7
|
+
apt-get update
|
8
|
+
apt-get install docker-ce docker-ce-cli containerd.io -y
|
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/bin/bash -eu
|
2
|
+
|
3
|
+
[ -e /opt/google ] && exit
|
4
|
+
|
5
|
+
mkdir -p /opt/google
|
6
|
+
|
7
|
+
cd /opt/google
|
8
|
+
wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-318.0.0-linux-x86_64.tar.gz
|
9
|
+
tar zxf google-cloud-sdk*.tar.gz
|
10
|
+
rm -f google-cloud-sdk*.tar.gz
|
11
|
+
|
12
|
+
/opt/google/google-cloud-sdk/install.sh -q
|
13
|
+
|
14
|
+
cat << FOE >> ~/.bash_profile
|
15
|
+
|
16
|
+
source /opt/google/google-cloud-sdk/completion.bash.inc
|
17
|
+
source /opt/google/google-cloud-sdk/path.bash.inc
|
18
|
+
FOE
|
@@ -16,6 +16,7 @@ kubectl.order.roles | Change ordering for Kubes Roles. | See [source code](https
|
|
16
16
|
logger | Logger object | Logger.new($stdout)
|
17
17
|
logger.level | Logger level. Can also be set with `KUBES_LOG_LEVEL` env var | info
|
18
18
|
repo | The Docker repo to use. Required to be set. | nil
|
19
|
+
repo_auto_auth | Whether or not to try to auth authorize docker repo registry if not yet logged in. Can also be set with env var `KUBES_REPO_AUTO_AUTO` | true
|
19
20
|
skip | List of resources to skip. Can also be set with the `KUBES_SKIP` env var. `KUBES_SKIP` should be a list of strings separated by spaces. It adds onto the `config.skip` option. | []
|
20
21
|
state.docker_image_path | Where to store the state file with the last build Docker image. | .kubes/state/docker_image.txt
|
21
22
|
suffix_hash | Whether or not to append suffix hash to ConfigMap and Secret | true
|
@@ -16,7 +16,10 @@ To enable the GKE IP whitelisting feature, it's a single line:
|
|
16
16
|
|
17
17
|
```ruby
|
18
18
|
KubesGoogle.configure do |config|
|
19
|
-
config.gke.cluster_name = "
|
19
|
+
config.gke.cluster_name = "dev-cluster"
|
20
|
+
config.gke.google_region = ENV['GOOGLE_REGION']
|
21
|
+
config.gke.google_project = ENV['GOOGLE_PROJECT']
|
22
|
+
config.gke.enable_get_credentials = true # enable hook to call: gcloud container clusters get-credentials
|
20
23
|
end
|
21
24
|
```
|
22
25
|
|
@@ -29,5 +32,58 @@ Here are the `config.gke` settings:
|
|
29
32
|
Name | Description | Default
|
30
33
|
---|---|---
|
31
34
|
cluster_name | GKE cluster name. This is required. | nil
|
35
|
+
enable_get_credentials | Whether or not to run the hook that calls `gcloud container clusters get-credentials`. This spares you from having to call it manually. | false
|
32
36
|
enable_hooks | This will be true when the cluster_name is set. So there's no need to set it. The option provides a quick way to override and disable running the hooks. | true
|
37
|
+
google_project | Google project. Can also be set with the env var `GOOGLE_PROJECT`. `GOOGLE_PROJECT` takes precedence. | nil
|
38
|
+
google_region | Google region cluster is in. Can also be set with the env var `GOOGLE_REGION`. `GOOGLE_REGION` takes precedence. | nil
|
33
39
|
whitelist_ip | Explicit IP to whitelist. By default the IP address of the current machine is automatically detected and used. | nil
|
40
|
+
|
41
|
+
## Build Docker Image
|
42
|
+
|
43
|
+
To build kubes as a Docker image entrypoint for [Google CloudBuild Custom Builder](https://cloud.google.com/cloud-build/docs/configuring-builds/use-community-and-custom-builders).
|
44
|
+
|
45
|
+
git clone http://github.com/boltops-tools/kubes
|
46
|
+
cd kubes
|
47
|
+
gcloud builds submit --tag gcr.io/$GOOGLE_PROJECT/kubes
|
48
|
+
|
49
|
+
Be sure to set GOOGLE_PROJECT to your own project id.
|
50
|
+
|
51
|
+
## Example Codebuild YAML
|
52
|
+
|
53
|
+
cloudbuild.yaml:
|
54
|
+
|
55
|
+
```yaml
|
56
|
+
steps:
|
57
|
+
- name: 'gcr.io/$PROJECT_ID/kubes'
|
58
|
+
args: ['deploy']
|
59
|
+
env:
|
60
|
+
- 'DOCKER_REPO=gcr.io/$PROJECT_ID/demo'
|
61
|
+
- 'GOOGLE_PROJECT=$PROJECT_ID' # .kubes/config.rb: config.repo
|
62
|
+
- 'KUBES_ENV=$_KUBES_ENV'
|
63
|
+
- 'KUBES_EXTRA=$_KUBES_EXTRA'
|
64
|
+
- 'KUBES_REPO_AUTH=0'
|
65
|
+
|
66
|
+
substitutions:
|
67
|
+
_KUBES_ENV: dev
|
68
|
+
_KUBES_EXTRA: ''
|
69
|
+
options:
|
70
|
+
substitution_option: 'ALLOW_LOOSE'
|
71
|
+
```
|
72
|
+
|
73
|
+
Make sure to replace the substitutions with your own values. IE: _GCP_REGION, _GKE_CLUSTER, _KUBES_ENV, etc.
|
74
|
+
|
75
|
+
## Google CloudBuild IAM Permissions
|
76
|
+
|
77
|
+
In order to update the GKE cluster master authorized IP and whitelist the CloudBuild IP, you'll need to allow the CloudBuild IAM role permissions.
|
78
|
+
|
79
|
+
Important: The "Kubernetes Engine Developer" that is available in the Cloud Build Settings page as described in [Configuring access for Cloud Build Service Account](https://cloud.google.com/cloud-build/docs/securing-builds/configure-access-for-cloud-build-service-account) does not suffice. You'll need to add the "Kubernetes Engine Cluster Admin" role. Here are the steps:
|
80
|
+
|
81
|
+
1. Go to the Google IAM Console and search "cloudbuild"
|
82
|
+
2. Click "Edit Member"
|
83
|
+
3. Add the "Kubernetes Engine Cluster Admin" role
|
84
|
+
|
85
|
+
## Run CloudBuild
|
86
|
+
|
87
|
+
Run cloudbuild with:
|
88
|
+
|
89
|
+
gcloud builds submit --config cloudbuild.yaml
|
data/kubes.gemspec
CHANGED
@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
|
|
30
30
|
|
31
31
|
# core helper libs
|
32
32
|
spec.add_dependency "kubes_aws", "~> 0.2.0"
|
33
|
-
spec.add_dependency "kubes_google", "~> 0.3.
|
33
|
+
spec.add_dependency "kubes_google", "~> 0.3.1"
|
34
34
|
|
35
35
|
spec.add_development_dependency "bundler"
|
36
36
|
spec.add_development_dependency "byebug"
|
data/lib/kubes/auth.rb
CHANGED
@@ -13,6 +13,7 @@ module Kubes
|
|
13
13
|
# Currently only support ECR and GCR
|
14
14
|
# TODO: consider moving this to plugin gems
|
15
15
|
def strategy_class
|
16
|
+
return unless auth?
|
16
17
|
case @image
|
17
18
|
when /\.amazonaws\.com/ # IE: 112233445566.dkr.ecr.us-west-2.amazonaws.com/demo/sinatra
|
18
19
|
Ecr
|
@@ -20,5 +21,13 @@ module Kubes
|
|
20
21
|
Gcr
|
21
22
|
end
|
22
23
|
end
|
24
|
+
|
25
|
+
def auth?
|
26
|
+
if ENV['KUBES_REPO_AUTO_AUTH'].nil?
|
27
|
+
Kubes.config.repo_auth
|
28
|
+
else
|
29
|
+
%w[1 true].include?(ENV['KUBES_REPO_AUTO_AUTH'])
|
30
|
+
end
|
31
|
+
end
|
23
32
|
end
|
24
33
|
end
|
data/lib/kubes/config.rb
CHANGED
data/lib/kubes/hooks/builder.rb
CHANGED
data/lib/kubes/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kubes
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -156,14 +156,14 @@ dependencies:
|
|
156
156
|
requirements:
|
157
157
|
- - "~>"
|
158
158
|
- !ruby/object:Gem::Version
|
159
|
-
version: 0.3.
|
159
|
+
version: 0.3.1
|
160
160
|
type: :runtime
|
161
161
|
prerelease: false
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
163
163
|
requirements:
|
164
164
|
- - "~>"
|
165
165
|
- !ruby/object:Gem::Version
|
166
|
-
version: 0.3.
|
166
|
+
version: 0.3.1
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
168
|
name: bundler
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -243,15 +243,20 @@ extensions: []
|
|
243
243
|
extra_rdoc_files: []
|
244
244
|
files:
|
245
245
|
- ".dockerignore"
|
246
|
+
- ".gcloudignore"
|
246
247
|
- ".gitignore"
|
247
248
|
- ".rspec"
|
248
249
|
- CHANGELOG.md
|
249
250
|
- Dockerfile
|
251
|
+
- Dockerfile.alpine
|
250
252
|
- Gemfile
|
251
253
|
- Guardfile
|
252
254
|
- LICENSE.txt
|
253
255
|
- README.md
|
254
256
|
- Rakefile
|
257
|
+
- docker/install/docker.sh
|
258
|
+
- docker/install/gcloud.sh
|
259
|
+
- docker/install/kubectl.sh
|
255
260
|
- docs/.gitignore
|
256
261
|
- docs/CNAME
|
257
262
|
- docs/Gemfile
|