kubes 0.6.2 → 0.6.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gcloudignore +22 -0
- data/.gitignore +1 -1
- data/CHANGELOG.md +15 -0
- data/Dockerfile +6 -6
- data/Dockerfile.alpine +20 -0
- data/docker/install/docker.sh +8 -0
- data/docker/install/gcloud.sh +18 -0
- data/docker/install/kubectl.sh +4 -0
- data/docs/_docs/config/reference.md +1 -0
- data/docs/_docs/helpers.md +1 -13
- data/docs/_docs/helpers/aws/secrets.md +14 -2
- data/docs/_docs/helpers/aws/ssm.md +2 -2
- data/docs/_docs/helpers/custom.md +1 -0
- data/docs/_docs/helpers/google.md +19 -1
- data/docs/_docs/helpers/google/gke.md +64 -5
- data/docs/_docs/helpers/google/secrets.md +29 -1
- data/docs/_docs/plugins.md +12 -0
- data/docs/_docs/plugins/aws.md +21 -0
- data/docs/_docs/plugins/google.md +22 -0
- data/docs/_docs/variables.md +1 -12
- data/docs/_docs/variables/advanced.md +2 -0
- data/docs/_docs/variables/basic.md +2 -0
- data/docs/_docs/vs/custom.md +3 -3
- data/docs/_includes/helpers/generator.md +13 -0
- data/docs/_includes/layering/layers.md +9 -11
- data/docs/_includes/plugins/gke-config.md +6 -0
- data/docs/_includes/sidebar.html +6 -0
- data/docs/_includes/variables/generator.md +23 -0
- data/kubes.gemspec +2 -2
- data/lib/kubes/auth.rb +9 -0
- data/lib/kubes/config.rb +1 -0
- data/lib/kubes/hooks/builder.rb +0 -1
- data/lib/kubes/version.rb +1 -1
- metadata +17 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2a0f5afc7b3beafd9168f700e9607ada98c314a120cd5e73b4c208ef5df41d8e
|
4
|
+
data.tar.gz: c0e7ebb8ce109a5c289398c4d667d2d8514ce8808ebf8dcb73f07c7413cdcd3a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 24e451e47931af0e0c0ba51ec37d3da01030b88b48cc2054856a9b01a837c46428ebe9ea4eb55002bfa3584dcf6cecf9ee2bb67847831f39539598642b738892
|
7
|
+
data.tar.gz: aa1760c56955f2afb2f71c17fa26479a8f11ac6b021d4f2e269d21ea4e23c0d80a6a032b1e6d1e0d85dc271ec222e40e1ae8416c66f86d9c9cc41e4e31a351e8
|
data/.gcloudignore
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.bundle
|
4
|
+
/.config
|
5
|
+
/.yardoc
|
6
|
+
/_yardoc
|
7
|
+
/coverage
|
8
|
+
/doc/
|
9
|
+
/Gemfile.lock
|
10
|
+
/InstalledFiles
|
11
|
+
/lib/bundler/man
|
12
|
+
/pkg
|
13
|
+
/rdoc
|
14
|
+
/spec/reports
|
15
|
+
/test/tmp
|
16
|
+
/test/version_tmp
|
17
|
+
/tmp
|
18
|
+
|
19
|
+
.git
|
20
|
+
pkg
|
21
|
+
docs
|
22
|
+
spec
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,21 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.6.7] - 2020-11-12
|
7
|
+
- dependencies version bump: kubes_google
|
8
|
+
|
9
|
+
## [0.6.6] - 2020-11-12
|
10
|
+
- dependencies version bump: kubes_aws and kubes_google
|
11
|
+
|
12
|
+
## [0.6.5] - 2020-11-12
|
13
|
+
- [#39](https://github.com/boltops-tools/kubes/pull/39) google secrets fetcher option
|
14
|
+
|
15
|
+
## [0.6.4] - 2020-11-11
|
16
|
+
- [#38](https://github.com/boltops-tools/kubes/pull/38) fix auto auth for docker login to registry, docs for secret base64, update dependencies
|
17
|
+
|
18
|
+
## [0.6.3] - 2020-11-11
|
19
|
+
- [#37](https://github.com/boltops-tools/kubes/pull/37) Dockerfile for ci and hook updates
|
20
|
+
|
6
21
|
## [0.6.2]
|
7
22
|
- [#36](https://github.com/boltops-tools/kubes/pull/36) add plugin hooks support
|
8
23
|
|
data/Dockerfile
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
FROM ruby:2.7
|
1
|
+
FROM ruby:2.7
|
2
2
|
|
3
|
-
|
4
|
-
RUN
|
5
|
-
|
6
|
-
|
7
|
-
RUN
|
3
|
+
COPY docker docker
|
4
|
+
RUN docker/install/docker.sh
|
5
|
+
RUN docker/install/gcloud.sh
|
6
|
+
ENV PATH=/opt/google/google-cloud-sdk/bin/:$PATH
|
7
|
+
RUN docker/install/kubectl.sh
|
8
8
|
|
9
9
|
WORKDIR /app
|
10
10
|
ADD . /app
|
data/Dockerfile.alpine
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
FROM ruby:2.7-alpine
|
2
|
+
|
3
|
+
# This Dockerfile is much lighter but won't work with gke whitelisting. Getting this error when the google gke sdk is called:
|
4
|
+
#
|
5
|
+
# Error loading shared library ld-linux-x86-64.so.2: No such file or directory #986
|
6
|
+
#
|
7
|
+
# If you don't need gke whitelisting, then this image should work and is lighter.
|
8
|
+
|
9
|
+
RUN apk add --no-cache docker
|
10
|
+
RUN apk add --no-cache build-base ruby ruby-dev
|
11
|
+
|
12
|
+
RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
|
13
|
+
RUN chmod u+x kubectl && mv kubectl /bin/kubectl
|
14
|
+
|
15
|
+
WORKDIR /app
|
16
|
+
ADD . /app
|
17
|
+
RUN bundle install
|
18
|
+
RUN rake install
|
19
|
+
|
20
|
+
ENTRYPOINT ["/usr/local/bundle/bin/kubes"]
|
@@ -0,0 +1,8 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
apt-get update
|
4
|
+
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
|
5
|
+
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
|
6
|
+
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
|
7
|
+
apt-get update
|
8
|
+
apt-get install docker-ce docker-ce-cli containerd.io -y
|
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/bin/bash -eu
|
2
|
+
|
3
|
+
[ -e /opt/google ] && exit
|
4
|
+
|
5
|
+
mkdir -p /opt/google
|
6
|
+
|
7
|
+
cd /opt/google
|
8
|
+
wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-318.0.0-linux-x86_64.tar.gz
|
9
|
+
tar zxf google-cloud-sdk*.tar.gz
|
10
|
+
rm -f google-cloud-sdk*.tar.gz
|
11
|
+
|
12
|
+
/opt/google/google-cloud-sdk/install.sh -q
|
13
|
+
|
14
|
+
cat << FOE >> ~/.bash_profile
|
15
|
+
|
16
|
+
source /opt/google/google-cloud-sdk/completion.bash.inc
|
17
|
+
source /opt/google/google-cloud-sdk/path.bash.inc
|
18
|
+
FOE
|
@@ -16,6 +16,7 @@ kubectl.order.roles | Change ordering for Kubes Roles. | See [source code](https
|
|
16
16
|
logger | Logger object | Logger.new($stdout)
|
17
17
|
logger.level | Logger level. Can also be set with `KUBES_LOG_LEVEL` env var | info
|
18
18
|
repo | The Docker repo to use. Required to be set. | nil
|
19
|
+
repo_auto_auth | Whether or not to try to auth authorize docker repo registry if not yet logged in. Can also be set with env var `KUBES_REPO_AUTO_AUTO` | true
|
19
20
|
skip | List of resources to skip. Can also be set with the `KUBES_SKIP` env var. `KUBES_SKIP` should be a list of strings separated by spaces. It adds onto the `config.skip` option. | []
|
20
21
|
state.docker_image_path | Where to store the state file with the last build Docker image. | .kubes/state/docker_image.txt
|
21
22
|
suffix_hash | Whether or not to append suffix hash to ConfigMap and Secret | true
|
data/docs/_docs/helpers.md
CHANGED
@@ -26,16 +26,4 @@ There are also provider-specific helpers:
|
|
26
26
|
* [AWS Helpers]({% link _docs/helpers/aws.md %})
|
27
27
|
* [Google Helpers]({% link _docs/helpers/google.md %})
|
28
28
|
|
29
|
-
|
30
|
-
|
31
|
-
To help you get started quickly, you can generate starter helper code.
|
32
|
-
|
33
|
-
$ kubes new helper custom
|
34
|
-
create .kubes/helpers/custom_helper.rb
|
35
|
-
|
36
|
-
.kubes/helpers/custom_helper.rb
|
37
|
-
|
38
|
-
```ruby
|
39
|
-
module CustomHelper
|
40
|
-
end
|
41
|
-
```
|
29
|
+
{% include helpers/generator.md %}
|
@@ -45,11 +45,23 @@ data:
|
|
45
45
|
USER: dGVzdDIK
|
46
46
|
```
|
47
47
|
|
48
|
-
|
48
|
+
By default, the values are automatically base64 encoded.
|
49
49
|
|
50
50
|
## Base64 Option
|
51
51
|
|
52
|
-
|
52
|
+
By default, the values are automatically base64 encoded. You can change the default behavior with a config option.
|
53
|
+
|
54
|
+
.kubes/config.rb
|
55
|
+
|
56
|
+
```ruby
|
57
|
+
KubesAws.configure do |config|
|
58
|
+
config.secrets.base64 = false
|
59
|
+
end
|
60
|
+
```
|
61
|
+
|
62
|
+
Note: The use of `KubesAws.configure` instead of `Kubes.configure` here.
|
63
|
+
|
64
|
+
You can also set the `base64` option to turn on and off the automated base64 encoding on a per secret basis.
|
53
65
|
|
54
66
|
```ruby
|
55
67
|
aws_secret("demo-#{Kubes.env}-USER", base64: true) # default is base64=true
|
@@ -44,11 +44,11 @@ data:
|
|
44
44
|
USER: dGVzdDIK
|
45
45
|
```
|
46
46
|
|
47
|
-
The values are
|
47
|
+
The values are base64 encoded based on the SSM parameter type. When the type is a `SecureString`, Kubes base64 encodes it. Other types are not base64 encoded. You can override this behavior with the base64 option, described next.
|
48
48
|
|
49
49
|
## Base64 Option
|
50
50
|
|
51
|
-
The value is automatically base64 encoded
|
51
|
+
The value is automatically base64 encoded based on whether or not the SSM parameter type is a `SecureString`. You can explicitly the `base64` option if needed though. Example:
|
52
52
|
|
53
53
|
```ruby
|
54
54
|
aws_ssm("/demo/#{Kubes.env}/USER", base64: true) # default is base64=true
|
@@ -14,4 +14,22 @@ List of Google helpers:
|
|
14
14
|
* By default, `KubeGoogle.logger = Kubes.logger`. This means, you can set `logger.level = "debug"` in `.kubes/config.rb` to see more details.
|
15
15
|
* The `gcloud` cli is used to create IAM roles. So `gcloud` is required.
|
16
16
|
* Note: Would like to use the google sdk, but it wasn't obvious how to do so. PRs are welcomed.
|
17
|
-
* The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library.
|
17
|
+
* The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library.
|
18
|
+
|
19
|
+
## Authentication
|
20
|
+
|
21
|
+
Most of the Google helpers use the SDK to call the Google Cloud API. As such, it needs to be authenticated. You can do this by setting the `GOOGLE_APPLICATION_CREDENTIALS` environment variable point to the path with a service account credentials file. IE:
|
22
|
+
|
23
|
+
.bash_profile
|
24
|
+
|
25
|
+
export GOOGLE_APPLICATION_CREDENTIALS=~/.gcp/service-account.json
|
26
|
+
|
27
|
+
If you would like to use a user IAM credentials instead of a service account. You can also run use [application-default login](https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login). Example:
|
28
|
+
|
29
|
+
gcloud auth application-default login
|
30
|
+
|
31
|
+
This generates an Application Default Credentials at `.config/gcloud/application_default_credentials.json`. Note, make sure that `GOOGLE_APPLICATION_CREDENTIALS` is not set or else the `application_default_credentials.json` will not be used. Also, the google sdk prints a warning to use a service account instead. You can suppress that warning with this:
|
32
|
+
|
33
|
+
.bash_profile
|
34
|
+
|
35
|
+
export GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS=1
|
@@ -10,16 +10,21 @@ GKE Private Clusters whitelist and only allow authorized IPs to communicate with
|
|
10
10
|
|
11
11
|
## Setup
|
12
12
|
|
13
|
-
To enable the GKE IP whitelisting feature, it's a
|
13
|
+
To enable the GKE IP whitelisting feature, it's a few simple configurations:
|
14
14
|
|
15
15
|
.kubes/config/env/dev.rb
|
16
16
|
|
17
17
|
```ruby
|
18
18
|
KubesGoogle.configure do |config|
|
19
|
-
config.gke.cluster_name = "
|
19
|
+
config.gke.cluster_name = "dev-cluster"
|
20
|
+
config.gke.google_region = ENV['GOOGLE_REGION']
|
21
|
+
config.gke.google_project = ENV['GOOGLE_PROJECT']
|
22
|
+
config.gke.enable_get_credentials = true # enable hook to call: gcloud container clusters get-credentials
|
20
23
|
end
|
21
24
|
```
|
22
25
|
|
26
|
+
Note: The use of `KubesGoogle.configure` instead of `Kubes.configure` here.
|
27
|
+
|
23
28
|
This enables `kubes apply` before and after hooks to add and remove the current machine IP.
|
24
29
|
|
25
30
|
## Options
|
@@ -28,6 +33,60 @@ Here are the `config.gke` settings:
|
|
28
33
|
|
29
34
|
Name | Description | Default
|
30
35
|
---|---|---
|
31
|
-
|
32
|
-
|
33
|
-
|
36
|
+
{% include plugins/gke-config.md %}
|
37
|
+
|
38
|
+
## Build Docker Image
|
39
|
+
|
40
|
+
To build kubes as a Docker image entrypoint for [Google CloudBuild Custom Builder](https://cloud.google.com/cloud-build/docs/configuring-builds/use-community-and-custom-builders).
|
41
|
+
|
42
|
+
git clone http://github.com/boltops-tools/kubes
|
43
|
+
cd kubes
|
44
|
+
gcloud builds submit --tag gcr.io/$GOOGLE_PROJECT/kubes
|
45
|
+
|
46
|
+
Be sure to set GOOGLE_PROJECT to your own project id.
|
47
|
+
|
48
|
+
## Example Codebuild YAML
|
49
|
+
|
50
|
+
cloudbuild.yaml:
|
51
|
+
|
52
|
+
```yaml
|
53
|
+
steps:
|
54
|
+
- name: 'gcr.io/$PROJECT_ID/kubes'
|
55
|
+
args: ['deploy']
|
56
|
+
env:
|
57
|
+
- 'DOCKER_REPO=gcr.io/$PROJECT_ID/demo'
|
58
|
+
- 'GOOGLE_PROJECT=$PROJECT_ID' # .kubes/config.rb: config.repo
|
59
|
+
- 'KUBES_ENV=$_KUBES_ENV'
|
60
|
+
- 'KUBES_EXTRA=$_KUBES_EXTRA'
|
61
|
+
- 'KUBES_REPO_AUTO_AUTH=0'
|
62
|
+
|
63
|
+
substitutions:
|
64
|
+
_KUBES_ENV: dev
|
65
|
+
_KUBES_EXTRA: ''
|
66
|
+
options:
|
67
|
+
substitution_option: 'ALLOW_LOOSE'
|
68
|
+
```
|
69
|
+
|
70
|
+
Make sure to replace the substitutions with your own values. IE: _KUBES_ENV, etc.
|
71
|
+
|
72
|
+
## Google CloudBuild IAM Permissions
|
73
|
+
|
74
|
+
In order to update the GKE cluster master authorized IP and whitelist the CloudBuild IP, you'll need to allow the CloudBuild IAM role permissions.
|
75
|
+
|
76
|
+
Important: The "Kubernetes Engine Developer" that is available in the Cloud Build Settings page as described in [Configuring access for Cloud Build Service Account](https://cloud.google.com/cloud-build/docs/securing-builds/configure-access-for-cloud-build-service-account) does not suffice. You'll need to add the "Kubernetes Engine Cluster Admin" role. Here are the steps:
|
77
|
+
|
78
|
+
1. Go to the Google IAM Console and search "cloudbuild"
|
79
|
+
2. Click "Edit Member"
|
80
|
+
3. Add the "Kubernetes Engine Cluster Admin" role
|
81
|
+
|
82
|
+
## Run CloudBuild
|
83
|
+
|
84
|
+
Run cloudbuild to deploy the dev env:
|
85
|
+
|
86
|
+
gcloud builds submit --config cloudbuild.yaml
|
87
|
+
|
88
|
+
To deploy the prod env:
|
89
|
+
|
90
|
+
gcloud builds submit --config cloudbuild.yaml --substitutions _KUBES_ENV=prod
|
91
|
+
|
92
|
+
See [gcloud builds submit](https://cloud.google.com/sdk/gcloud/reference/builds/submit) reference docs for more options.
|
@@ -57,7 +57,19 @@ GOOGLE_PROJECT | Google project id. This is required.
|
|
57
57
|
|
58
58
|
## Base64 Option
|
59
59
|
|
60
|
-
|
60
|
+
By default, the values are automatically base64 encoded. You can change the default behavior with a config option.
|
61
|
+
|
62
|
+
.kubes/config.rb
|
63
|
+
|
64
|
+
```ruby
|
65
|
+
KubesGoogle.configure do |config|
|
66
|
+
config.secrets.base64 = true
|
67
|
+
end
|
68
|
+
```
|
69
|
+
|
70
|
+
Note: The use of `KubesGoogle.configure` instead of `Kubes.configure` here.
|
71
|
+
|
72
|
+
You can also set the `base64` option to turn on and off the automated base64 encoding on a per secret basis.
|
61
73
|
|
62
74
|
```ruby
|
63
75
|
google_secret("demo-#{Kubes.env}-USER", base64: true) # default is base64=true
|
@@ -65,3 +77,19 @@ google_secret("demo-#{Kubes.env}-PASS", base64: false)
|
|
65
77
|
```
|
66
78
|
|
67
79
|
{% include helpers/base64.md %}
|
80
|
+
|
81
|
+
## Fetcher Strategy
|
82
|
+
|
83
|
+
Some systems configured with a VPN seem to have issues with the Google secrets SDK. You may see an error:
|
84
|
+
|
85
|
+
Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.
|
86
|
+
|
87
|
+
As a workaround to this error, you can use the `gcloud` instead of the default `sdk` fetcher strategy. To configure it:
|
88
|
+
|
89
|
+
.kubes/config.rb
|
90
|
+
|
91
|
+
```ruby
|
92
|
+
KubesGoogle.configure do |config|
|
93
|
+
config.secrets.fetcher = "gcloud"
|
94
|
+
end
|
95
|
+
```
|
@@ -0,0 +1,12 @@
|
|
1
|
+
---
|
2
|
+
title: Kubes Plugins
|
3
|
+
---
|
4
|
+
|
5
|
+
Kubes makes it easier to work with Kubernetes by automating the deployment workflow. Many of the conveniences it adds is done with plugins. For example, `aws_secret`, `aws_ssm`, `google_secret` are implemented with Cloud Provider specific Kubes plugins.
|
6
|
+
|
7
|
+
## Baseline Plugins
|
8
|
+
|
9
|
+
The baseline plugins that currently ship with Kubes are:
|
10
|
+
|
11
|
+
* [kubes_aws]({% link _docs/plugins/aws.md %})
|
12
|
+
* [kubes_google]({% link _docs/plugins/google.md %})
|
@@ -0,0 +1,21 @@
|
|
1
|
+
---
|
2
|
+
title: AWS Kubes Plugin
|
3
|
+
---
|
4
|
+
|
5
|
+
The AWS Kubes Plugin adds support helpers like `aws_secret`. You can configure it's behavior. Example:
|
6
|
+
|
7
|
+
.kubes/config.rb
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
KubesAws.configure do |config|
|
11
|
+
config.secrets.base64 = false
|
12
|
+
end
|
13
|
+
```
|
14
|
+
|
15
|
+
## Options Reference Table
|
16
|
+
|
17
|
+
Here's a table with the options:
|
18
|
+
|
19
|
+
Name | Description | Default
|
20
|
+
---|---|---
|
21
|
+
secrets.base64 | Whether or not to automatically base64 encoded values returned by the `aws_secret` helper. | true
|
@@ -0,0 +1,22 @@
|
|
1
|
+
---
|
2
|
+
title: Google Kubes Plugin
|
3
|
+
---
|
4
|
+
|
5
|
+
The Google Kubes Plugin adds support helpers like `google_secret`. You can configure it's behavior. Example:
|
6
|
+
|
7
|
+
.kubes/config.rb
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
KubesGoogle.configure do |config|
|
11
|
+
config.secrets.base64 = true
|
12
|
+
end
|
13
|
+
```
|
14
|
+
|
15
|
+
## Options Reference Table
|
16
|
+
|
17
|
+
Here's a table with the options:
|
18
|
+
|
19
|
+
Name | Description | Default
|
20
|
+
---|---|---
|
21
|
+
secrets.base64 | Whether or not to automatically base64 encoded values returned by the `google_secret` helper. | true
|
22
|
+
{% include plugins/gke-config.md %}
|
data/docs/_docs/variables.md
CHANGED
@@ -9,15 +9,4 @@ You can set variables to be made available to the templates. Generally, it is re
|
|
9
9
|
* [{{ doc.title }}]({{ doc.url }})
|
10
10
|
{% endfor %}
|
11
11
|
|
12
|
-
|
13
|
-
|
14
|
-
To help you get started quickly, you can generate starter variable code.
|
15
|
-
|
16
|
-
$ kubes new variable
|
17
|
-
create .kubes/variables/dev.rb
|
18
|
-
|
19
|
-
.kubes/variables/dev.rb
|
20
|
-
|
21
|
-
```ruby
|
22
|
-
@example = "dev-value"
|
23
|
-
```
|
12
|
+
{% include variables/generator.md %}
|
data/docs/_docs/vs/custom.md
CHANGED
@@ -4,7 +4,7 @@ nav_text: Custom Solutions
|
|
4
4
|
categories: vs
|
5
5
|
---
|
6
6
|
|
7
|
-
Kubernetes
|
7
|
+
Kubernetes provides a great platform to run and manage Docker containers. The `kubectl` command is usually how you interact with a Kubernetes cluster. It does its job well and is quite a powerful tool.
|
8
8
|
|
9
9
|
{% include vs/article.md %}
|
10
10
|
|
@@ -51,7 +51,7 @@ We've duplicated `service.yaml` and `deployment.yaml`, though. Instead, it'll be
|
|
51
51
|
|
52
52
|
## PreBuilt Docker Image
|
53
53
|
|
54
|
-
Additionally, the Docker image is expected to be prebuilt. Because you must first build the Docker image, folks will usually write bash script that
|
54
|
+
Additionally, the Docker image is expected to be prebuilt. Because you must first build the Docker image, folks will usually write bash script that performs these additional steps and then glue things together.
|
55
55
|
|
56
56
|
## Kubernetes Resources Galore
|
57
57
|
|
@@ -82,7 +82,7 @@ The same code is used to create different environments. Kubes achieves this with
|
|
82
82
|
|
83
83
|
## Hooks
|
84
84
|
|
85
|
-
Kubes support a variety of hooks run scripts at any part of the `kubectl` commands. This allows you customize and add app-specific logic needed. Example:
|
85
|
+
Kubes support a variety of hooks run scripts at any part of the `kubectl` commands. This allows you to customize and add app-specific logic needed. Example:
|
86
86
|
|
87
87
|
.kubes/config/hooks/kubectl.rb
|
88
88
|
|
@@ -48,15 +48,13 @@ ROLE/KIND/ENV.{{ include.ext }} | web/deployment/dev.{{ include.ext }}
|
|
48
48
|
2. Then you can define the core of your resource definition in the `ROLE/KIND.{{ include.ext }}`. Example: `web/deployment.{{ include.ext }}`
|
49
49
|
3. Finally, you can provide environment-specific overrides in the `ROLE/KIND/ENV.{{ include.ext }}`. Example: `web/deployment/dev.{{ include.ext }}`.
|
50
50
|
|
51
|
-
Here's
|
51
|
+
Here's a concrete example of layering with the deployment resource kind:
|
52
52
|
|
53
|
-
.kubes/resources/
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
├── deployment.{{ include.ext }}
|
62
|
-
└── service.{{ include.ext }}
|
53
|
+
.kubes/resources/base/all.{{ include.ext }}
|
54
|
+
.kubes/resources/base/deployment.{{ include.ext }}
|
55
|
+
.kubes/resources/web/deployment.{{ include.ext }}
|
56
|
+
.kubes/resources/web/deployment/dev.{{ include.ext }}
|
57
|
+
|
58
|
+
All of these files get layered and merged together to produce a resulting deployment.{{ include.ext }}
|
59
|
+
|
60
|
+
.kubes/output/web/deployment.{{ include.ext }}
|
@@ -0,0 +1,6 @@
|
|
1
|
+
gke.cluster_name | GKE cluster name. This is required when using the [GKE whitelisting feature]({% link _docs/helpers/google/gke.md %}). | nil
|
2
|
+
gke.enable_get_credentials | Whether or not to run the hook that calls `gcloud container clusters get-credentials`. This spares you from having to call it manually. | false
|
3
|
+
gke.enable_hooks | This will be true when the cluster_name is set. So there's no need to set it. The option provides a quick way to override and disable running the hooks. | true
|
4
|
+
gke.google_project | Google project. Can also be set with the env var `GOOGLE_PROJECT`. `GOOGLE_PROJECT` takes precedence. | nil
|
5
|
+
gke.google_region | Google region cluster is in. Can also be set with the env var `GOOGLE_REGION`. `GOOGLE_REGION` takes precedence. | nil
|
6
|
+
gke.whitelist_ip | Explicit IP to whitelist. By default the IP address of the current machine is automatically detected and used. | nil
|
data/docs/_includes/sidebar.html
CHANGED
@@ -173,6 +173,12 @@
|
|
173
173
|
<li><a href="{% link _docs/extra-env/dsl.md %}">DSL</a></li>
|
174
174
|
</ul>
|
175
175
|
</li>
|
176
|
+
<li><a href="{% link _docs/plugins.md %}">Plugins</a>
|
177
|
+
<ul>
|
178
|
+
<li><a href="{% link _docs/plugins/aws.md %}">AWS</a></li>
|
179
|
+
<li><a href="{% link _docs/plugins/google.md %}">Google</a></li>
|
180
|
+
</ul>
|
181
|
+
</li>
|
176
182
|
<li>Misc
|
177
183
|
<ul>
|
178
184
|
<li><a href="{% link _docs/misc/kustomize.md %}">Kustomize Support</a></li>
|
@@ -0,0 +1,23 @@
|
|
1
|
+
## Generator
|
2
|
+
|
3
|
+
To help you get started quickly, you can generate starter variable code.
|
4
|
+
|
5
|
+
$ kubes new variable
|
6
|
+
create .kubes/variables/dev.rb
|
7
|
+
|
8
|
+
.kubes/variables/dev.rb
|
9
|
+
|
10
|
+
```ruby
|
11
|
+
@example = "dev-value"
|
12
|
+
```
|
13
|
+
|
14
|
+
To create the prod variables, set `KUBES_ENV=prod`.
|
15
|
+
|
16
|
+
$ KUBES_ENV=prod kubes new variable
|
17
|
+
create .kubes/variables/prod.rb
|
18
|
+
|
19
|
+
.kubes/variables/prod.rb
|
20
|
+
|
21
|
+
```ruby
|
22
|
+
@example = "prod-value"
|
23
|
+
```
|
data/kubes.gemspec
CHANGED
@@ -29,8 +29,8 @@ Gem::Specification.new do |spec|
|
|
29
29
|
spec.add_dependency "zeitwerk"
|
30
30
|
|
31
31
|
# core helper libs
|
32
|
-
spec.add_dependency "kubes_aws", "~> 0.
|
33
|
-
spec.add_dependency "kubes_google", "~> 0.3.
|
32
|
+
spec.add_dependency "kubes_aws", "~> 0.3.1"
|
33
|
+
spec.add_dependency "kubes_google", "~> 0.3.5"
|
34
34
|
|
35
35
|
spec.add_development_dependency "bundler"
|
36
36
|
spec.add_development_dependency "byebug"
|
data/lib/kubes/auth.rb
CHANGED
@@ -13,6 +13,7 @@ module Kubes
|
|
13
13
|
# Currently only support ECR and GCR
|
14
14
|
# TODO: consider moving this to plugin gems
|
15
15
|
def strategy_class
|
16
|
+
return unless auth?
|
16
17
|
case @image
|
17
18
|
when /\.amazonaws\.com/ # IE: 112233445566.dkr.ecr.us-west-2.amazonaws.com/demo/sinatra
|
18
19
|
Ecr
|
@@ -20,5 +21,13 @@ module Kubes
|
|
20
21
|
Gcr
|
21
22
|
end
|
22
23
|
end
|
24
|
+
|
25
|
+
def auth?
|
26
|
+
if ENV['KUBES_REPO_AUTO_AUTH'].nil?
|
27
|
+
Kubes.config.repo_auto_auth
|
28
|
+
else
|
29
|
+
%w[1 true].include?(ENV['KUBES_REPO_AUTO_AUTH'])
|
30
|
+
end
|
31
|
+
end
|
23
32
|
end
|
24
33
|
end
|
data/lib/kubes/config.rb
CHANGED
data/lib/kubes/hooks/builder.rb
CHANGED
data/lib/kubes/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kubes
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -142,28 +142,28 @@ dependencies:
|
|
142
142
|
requirements:
|
143
143
|
- - "~>"
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 0.
|
145
|
+
version: 0.3.1
|
146
146
|
type: :runtime
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - "~>"
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 0.
|
152
|
+
version: 0.3.1
|
153
153
|
- !ruby/object:Gem::Dependency
|
154
154
|
name: kubes_google
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
156
156
|
requirements:
|
157
157
|
- - "~>"
|
158
158
|
- !ruby/object:Gem::Version
|
159
|
-
version: 0.3.
|
159
|
+
version: 0.3.5
|
160
160
|
type: :runtime
|
161
161
|
prerelease: false
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
163
163
|
requirements:
|
164
164
|
- - "~>"
|
165
165
|
- !ruby/object:Gem::Version
|
166
|
-
version: 0.3.
|
166
|
+
version: 0.3.5
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
168
|
name: bundler
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -243,15 +243,20 @@ extensions: []
|
|
243
243
|
extra_rdoc_files: []
|
244
244
|
files:
|
245
245
|
- ".dockerignore"
|
246
|
+
- ".gcloudignore"
|
246
247
|
- ".gitignore"
|
247
248
|
- ".rspec"
|
248
249
|
- CHANGELOG.md
|
249
250
|
- Dockerfile
|
251
|
+
- Dockerfile.alpine
|
250
252
|
- Gemfile
|
251
253
|
- Guardfile
|
252
254
|
- LICENSE.txt
|
253
255
|
- README.md
|
254
256
|
- Rakefile
|
257
|
+
- docker/install/docker.sh
|
258
|
+
- docker/install/gcloud.sh
|
259
|
+
- docker/install/kubectl.sh
|
255
260
|
- docs/.gitignore
|
256
261
|
- docs/CNAME
|
257
262
|
- docs/Gemfile
|
@@ -357,6 +362,9 @@ files:
|
|
357
362
|
- docs/_docs/patterns/migrations.md
|
358
363
|
- docs/_docs/patterns/multiple-envs.md
|
359
364
|
- docs/_docs/patterns/secrets.md
|
365
|
+
- docs/_docs/plugins.md
|
366
|
+
- docs/_docs/plugins/aws.md
|
367
|
+
- docs/_docs/plugins/google.md
|
360
368
|
- docs/_docs/resources.md
|
361
369
|
- docs/_docs/resources/base.md
|
362
370
|
- docs/_docs/resources/role.md
|
@@ -380,6 +388,7 @@ files:
|
|
380
388
|
- docs/_includes/google_analytics.html
|
381
389
|
- docs/_includes/header.html
|
382
390
|
- docs/_includes/helpers/base64.md
|
391
|
+
- docs/_includes/helpers/generator.md
|
383
392
|
- docs/_includes/intro/features.md
|
384
393
|
- docs/_includes/intro/install.md
|
385
394
|
- docs/_includes/js.html
|
@@ -391,8 +400,10 @@ files:
|
|
391
400
|
- docs/_includes/learn/repos.md
|
392
401
|
- docs/_includes/learn/review.md
|
393
402
|
- docs/_includes/learn/start.md
|
403
|
+
- docs/_includes/plugins/gke-config.md
|
394
404
|
- docs/_includes/reference.md
|
395
405
|
- docs/_includes/sidebar.html
|
406
|
+
- docs/_includes/variables/generator.md
|
396
407
|
- docs/_includes/vs/article.md
|
397
408
|
- docs/_includes/vs/kubes/layering.md
|
398
409
|
- docs/_includes/vs/kubes/structure.md
|