kubes 0.6.4 → 0.6.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/docs/_docs/helpers/aws/secrets.md +1 -1
- data/docs/_docs/helpers/google.md +19 -1
- data/docs/_docs/helpers/google/gke.md +3 -3
- data/docs/_docs/helpers/google/secrets.md +17 -1
- data/docs/_docs/plugins/aws.md +6 -2
- data/docs/_docs/plugins/google.md +6 -2
- data/docs/_docs/vs/custom.md +3 -3
- data/docs/_includes/variables/generator.md +12 -1
- data/lib/kubes/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a5e335602466257bfe7751577e3544f5fcdf73e221e5791fd142275295eea548
|
|
4
|
+
data.tar.gz: 9172b806b49193341a4399adfd5c9372b1a02437f6bbd3395632a2c81ddebac0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83a7bc9cc35989a17b2960a7a931295d767f2454006eb696b476fed193a7973066a51a4f0e7309bea99b1fdebca71482ee646ab122820c6ae9e5570edb5cc367
|
|
7
|
+
data.tar.gz: d7baee331717cdab66b8dbf028c97fbc9c3e973a87a9497fdeccd5f1195a8af06193586b8075f4b29ea94910b7d55c12d35d07234391596c76be83da1081e294
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.6.5] - 2020-11-12
|
|
7
|
+
- [#39](https://github.com/boltops-tools/kubes/pull/39) google secrets fetcher option
|
|
8
|
+
|
|
6
9
|
## [0.6.4] - 2020-11-11
|
|
7
10
|
- [#38](https://github.com/boltops-tools/kubes/pull/38) fix auto auth for docker login to registry, docs for secret base64, update dependencies
|
|
8
11
|
|
|
@@ -14,4 +14,22 @@ List of Google helpers:
|
|
|
14
14
|
* By default, `KubeGoogle.logger = Kubes.logger`. This means, you can set `logger.level = "debug"` in `.kubes/config.rb` to see more details.
|
|
15
15
|
* The `gcloud` cli is used to create IAM roles. So `gcloud` is required.
|
|
16
16
|
* Note: Would like to use the google sdk, but it wasn't obvious how to do so. PRs are welcomed.
|
|
17
|
-
* The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library.
|
|
17
|
+
* The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library.
|
|
18
|
+
|
|
19
|
+
## Authentication
|
|
20
|
+
|
|
21
|
+
Most of the Google helpers use the SDK to call the Google Cloud API. As such, it needs to be authenticated. You can do this by setting the `GOOGLE_APPLICATION_CREDENTIALS` environment variable point to the path with a service account credentials file. IE:
|
|
22
|
+
|
|
23
|
+
.bash_profile
|
|
24
|
+
|
|
25
|
+
export GOOGLE_APPLICATION_CREDENTIALS=~/.gcp/service-account.json
|
|
26
|
+
|
|
27
|
+
If you would like to use a user IAM credentials instead of a service account. You can also run use [application-default login](https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login). Example:
|
|
28
|
+
|
|
29
|
+
gcloud auth application-default login
|
|
30
|
+
|
|
31
|
+
This generates an Application Default Credentials at `.config/gcloud/application_default_credentials.json`. Note, make sure that `GOOGLE_APPLICATION_CREDENTIALS` is not set or else the `application_default_credentials.json` will not be used. Also, the google sdk prints a warning to use a service account instead. You can suppress that warning with this:
|
|
32
|
+
|
|
33
|
+
.bash_profile
|
|
34
|
+
|
|
35
|
+
export GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS=1
|
|
@@ -10,7 +10,7 @@ GKE Private Clusters whitelist and only allow authorized IPs to communicate with
|
|
|
10
10
|
|
|
11
11
|
## Setup
|
|
12
12
|
|
|
13
|
-
To enable the GKE IP whitelisting feature, it's a
|
|
13
|
+
To enable the GKE IP whitelisting feature, it's a few simple configurations:
|
|
14
14
|
|
|
15
15
|
.kubes/config/env/dev.rb
|
|
16
16
|
|
|
@@ -58,7 +58,7 @@ steps:
|
|
|
58
58
|
- 'GOOGLE_PROJECT=$PROJECT_ID' # .kubes/config.rb: config.repo
|
|
59
59
|
- 'KUBES_ENV=$_KUBES_ENV'
|
|
60
60
|
- 'KUBES_EXTRA=$_KUBES_EXTRA'
|
|
61
|
-
- '
|
|
61
|
+
- 'KUBES_REPO_AUTO_AUTH=0'
|
|
62
62
|
|
|
63
63
|
substitutions:
|
|
64
64
|
_KUBES_ENV: dev
|
|
@@ -67,7 +67,7 @@ options:
|
|
|
67
67
|
substitution_option: 'ALLOW_LOOSE'
|
|
68
68
|
```
|
|
69
69
|
|
|
70
|
-
Make sure to replace the substitutions with your own values. IE:
|
|
70
|
+
Make sure to replace the substitutions with your own values. IE: _KUBES_ENV, etc.
|
|
71
71
|
|
|
72
72
|
## Google CloudBuild IAM Permissions
|
|
73
73
|
|
|
@@ -63,7 +63,7 @@ By default, the values are automatically base64 encoded. You can change the defa
|
|
|
63
63
|
|
|
64
64
|
```ruby
|
|
65
65
|
KubesGoogle.configure do |config|
|
|
66
|
-
config.
|
|
66
|
+
config.secrets.base64 = true
|
|
67
67
|
end
|
|
68
68
|
```
|
|
69
69
|
|
|
@@ -77,3 +77,19 @@ google_secret("demo-#{Kubes.env}-PASS", base64: false)
|
|
|
77
77
|
```
|
|
78
78
|
|
|
79
79
|
{% include helpers/base64.md %}
|
|
80
|
+
|
|
81
|
+
## Fetcher Strategy
|
|
82
|
+
|
|
83
|
+
Some systems configured with a VPN seem to have issues with the Google secrets SDK. You may see an error:
|
|
84
|
+
|
|
85
|
+
Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.
|
|
86
|
+
|
|
87
|
+
As a workaround to this error, you can use the `gcloud` instead of the default `sdk` fetcher strategy. To configure it:
|
|
88
|
+
|
|
89
|
+
.kubes/config.rb
|
|
90
|
+
|
|
91
|
+
```ruby
|
|
92
|
+
KubesGoogle.configure do |config|
|
|
93
|
+
config.secrets.fetcher = "gcloud"
|
|
94
|
+
end
|
|
95
|
+
```
|
data/docs/_docs/plugins/aws.md
CHANGED
|
@@ -8,10 +8,14 @@ The AWS Kubes Plugin adds support helpers like `aws_secret`. You can configure i
|
|
|
8
8
|
|
|
9
9
|
```ruby
|
|
10
10
|
KubesAws.configure do |config|
|
|
11
|
-
config.
|
|
11
|
+
config.secrets.base64 = false
|
|
12
12
|
end
|
|
13
13
|
```
|
|
14
14
|
|
|
15
|
+
## Options Reference Table
|
|
16
|
+
|
|
17
|
+
Here's a table with the options:
|
|
18
|
+
|
|
15
19
|
Name | Description | Default
|
|
16
20
|
---|---|---
|
|
17
|
-
|
|
21
|
+
secrets.base64 | Whether or not to automatically base64 encoded values returned by the `aws_secret` helper. | true
|
|
@@ -8,11 +8,15 @@ The Google Kubes Plugin adds support helpers like `google_secret`. You can confi
|
|
|
8
8
|
|
|
9
9
|
```ruby
|
|
10
10
|
KubesGoogle.configure do |config|
|
|
11
|
-
config.
|
|
11
|
+
config.secrets.base64 = true
|
|
12
12
|
end
|
|
13
13
|
```
|
|
14
14
|
|
|
15
|
+
## Options Reference Table
|
|
16
|
+
|
|
17
|
+
Here's a table with the options:
|
|
18
|
+
|
|
15
19
|
Name | Description | Default
|
|
16
20
|
---|---|---
|
|
17
|
-
|
|
21
|
+
secrets.base64 | Whether or not to automatically base64 encoded values returned by the `google_secret` helper. | true
|
|
18
22
|
{% include plugins/gke-config.md %}
|
data/docs/_docs/vs/custom.md
CHANGED
|
@@ -4,7 +4,7 @@ nav_text: Custom Solutions
|
|
|
4
4
|
categories: vs
|
|
5
5
|
---
|
|
6
6
|
|
|
7
|
-
Kubernetes
|
|
7
|
+
Kubernetes provides a great platform to run and manage Docker containers. The `kubectl` command is usually how you interact with a Kubernetes cluster. It does its job well and is quite a powerful tool.
|
|
8
8
|
|
|
9
9
|
{% include vs/article.md %}
|
|
10
10
|
|
|
@@ -51,7 +51,7 @@ We've duplicated `service.yaml` and `deployment.yaml`, though. Instead, it'll be
|
|
|
51
51
|
|
|
52
52
|
## PreBuilt Docker Image
|
|
53
53
|
|
|
54
|
-
Additionally, the Docker image is expected to be prebuilt. Because you must first build the Docker image, folks will usually write bash script that
|
|
54
|
+
Additionally, the Docker image is expected to be prebuilt. Because you must first build the Docker image, folks will usually write bash script that performs these additional steps and then glue things together.
|
|
55
55
|
|
|
56
56
|
## Kubernetes Resources Galore
|
|
57
57
|
|
|
@@ -82,7 +82,7 @@ The same code is used to create different environments. Kubes achieves this with
|
|
|
82
82
|
|
|
83
83
|
## Hooks
|
|
84
84
|
|
|
85
|
-
Kubes support a variety of hooks run scripts at any part of the `kubectl` commands. This allows you customize and add app-specific logic needed. Example:
|
|
85
|
+
Kubes support a variety of hooks run scripts at any part of the `kubectl` commands. This allows you to customize and add app-specific logic needed. Example:
|
|
86
86
|
|
|
87
87
|
.kubes/config/hooks/kubectl.rb
|
|
88
88
|
|
|
@@ -9,4 +9,15 @@ To help you get started quickly, you can generate starter variable code.
|
|
|
9
9
|
|
|
10
10
|
```ruby
|
|
11
11
|
@example = "dev-value"
|
|
12
|
-
```
|
|
12
|
+
```
|
|
13
|
+
|
|
14
|
+
To create the prod variables, set `KUBES_ENV=prod`.
|
|
15
|
+
|
|
16
|
+
$ KUBES_ENV=prod kubes new variable
|
|
17
|
+
create .kubes/variables/prod.rb
|
|
18
|
+
|
|
19
|
+
.kubes/variables/prod.rb
|
|
20
|
+
|
|
21
|
+
```ruby
|
|
22
|
+
@example = "prod-value"
|
|
23
|
+
```
|
data/lib/kubes/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kubes
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-11-
|
|
11
|
+
date: 2020-11-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|