RubyGems - kubes - Versions diffs - 0.6.2 → 0.6.3 - Mend

kubes 0.6.2 → 0.6.3

Files changed (17) hide show

checksums.yaml +4 -4
data/.gcloudignore +22 -0
data/.gitignore +1 -1
data/CHANGELOG.md +3 -0
data/Dockerfile +6 -6
data/Dockerfile.alpine +20 -0
data/docker/install/docker.sh +8 -0
data/docker/install/gcloud.sh +18 -0
data/docker/install/kubectl.sh +4 -0
data/docs/_docs/config/reference.md +1 -0
data/docs/_docs/helpers/google/gke.md +57 -1
data/kubes.gemspec +1 -1
data/lib/kubes/auth.rb +9 -0
data/lib/kubes/config.rb +1 -0
data/lib/kubes/hooks/builder.rb +0 -1
data/lib/kubes/version.rb +1 -1
metadata +9 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4068263aefa8212b17485e3a257813b806e0efc0617c01e7210db576759c2f27
-  data.tar.gz: e649b39644516f59a09c08ec33d05c9ceb9adde006c6bda386f370bec8e205d8
+  metadata.gz: fb0b62ecd7b432896bd1fbafc3aeae759f858bcbfb0f2ca9a02ecb60d91fcff3
+  data.tar.gz: 7faf78784573d6d1058fb3641e47356bf725c683cdfc53b081d8926bf2799249
 SHA512:
-  metadata.gz: 0f65b2736c9967eee1a24b65513bed5bb79177c54f8870871e1428e4ba6ff4b2e2501e5d6a1a78ada9f2db971763a6b1f6d35b4818fcfaf76df95baa37aba049
-  data.tar.gz: cfb8c9a0371d7efd6e9a4d8deeb1c503a18c63fd291a0a89275b9bf84996fa7a6ce7f3dfc7c83e8ff98546fc94c80a65bf41f953121833b0f3614c5a635098de
+  metadata.gz: b7d432057c49947c864594fb2049677b721ff084ccd60403a39e7e360aa2a05157fddef26593004a836eb130d39a2307c6443438861be119affe66a182a05380
+  data.tar.gz: 4a99ff9b1819db41ad13f1340707242a978c37cc83d7dbe8e10a6cf06cac9c3aa65335d9e6d8fc94a500cd267d3b197940d49ec71f76f4a4cb81c5ab71efff9f

data/.gcloudignore ADDED

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+/.bundle
+/.config
+/.yardoc
+/_yardoc
+/coverage
+/doc/
+/Gemfile.lock
+/InstalledFiles
+/lib/bundler/man
+/pkg
+/rdoc
+/spec/reports
+/test/tmp
+/test/version_tmp
+/tmp
+.git
+pkg
+docs
+spec

data/.gitignore CHANGED

@@ -14,4 +14,4 @@
 /spec/reports
 /test/tmp
 /test/version_tmp
-/tmp
+/tmp

data/CHANGELOG.md CHANGED

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+## [0.6.3] - 2020-11-11
+- [#37](https://github.com/boltops-tools/kubes/pull/37) Dockerfile for ci and hook updates
 ## [0.6.2]
 - [#36](https://github.com/boltops-tools/kubes/pull/36) add plugin hooks support

data/Dockerfile CHANGED

@@ -1,10 +1,10 @@
-FROM ruby:2.7-alpine
+FROM ruby:2.7
-RUN apk add --no-cache docker
-RUN apk add --no-cache build-base ruby ruby-dev
-RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl
-RUN chmod u+x kubectl && mv kubectl /bin/kubectl
+COPY docker docker
+RUN docker/install/docker.sh
+RUN docker/install/gcloud.sh
+ENV PATH=/opt/google/google-cloud-sdk/bin/:$PATH
+RUN docker/install/kubectl.sh
 WORKDIR /app
 ADD . /app

data/Dockerfile.alpine ADDED

@@ -0,0 +1,20 @@
+FROM ruby:2.7-alpine
+# This Dockerfile is much lighter but won't work with gke whitelisting. Getting this error when the google gke sdk is called:
+#
+#    Error loading shared library ld-linux-x86-64.so.2: No such file or directory #986
+#
+# If you don't need gke whitelisting, then this image should work and is lighter.
+RUN apk add --no-cache docker
+RUN apk add --no-cache build-base ruby ruby-dev
+RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
+RUN chmod u+x kubectl && mv kubectl /bin/kubectl
+WORKDIR /app
+ADD . /app
+RUN bundle install
+RUN rake install
+ENTRYPOINT ["/usr/local/bundle/bin/kubes"]

data/docker/install/docker.sh ADDED

@@ -0,0 +1,8 @@
+#!/bin/bash
+apt-get update
+apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
+curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
+apt-get update
+apt-get install docker-ce docker-ce-cli containerd.io -y

data/docker/install/gcloud.sh ADDED

@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+[ -e /opt/google ] && exit
+mkdir -p /opt/google
+cd /opt/google
+wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-318.0.0-linux-x86_64.tar.gz
+tar zxf google-cloud-sdk*.tar.gz
+rm -f google-cloud-sdk*.tar.gz
+/opt/google/google-cloud-sdk/install.sh -q
+cat << FOE >> ~/.bash_profile
+source /opt/google/google-cloud-sdk/completion.bash.inc
+source /opt/google/google-cloud-sdk/path.bash.inc
+FOE

data/docker/install/kubectl.sh ADDED

@@ -0,0 +1,4 @@
+#!/bin/bash
+wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
+chmod u+x kubectl && mv kubectl /bin/kubectl

data/docs/_docs/config/reference.md CHANGED

@@ -16,6 +16,7 @@ kubectl.order.roles | Change ordering for Kubes Roles. | See [source code](https
 logger | Logger object | Logger.new($stdout)
 logger.level | Logger level. Can also be set with `KUBES_LOG_LEVEL` env var | info
 repo | The Docker repo to use. Required to be set. | nil
+repo_auto_auth | Whether or not to try to auth authorize docker repo registry if not yet logged in. Can also be set with env var `KUBES_REPO_AUTO_AUTO` | true
 skip | List of resources to skip. Can also be set with the `KUBES_SKIP` env var. `KUBES_SKIP` should be a list of strings separated by spaces. It adds onto the `config.skip` option. | []
 state.docker_image_path | Where to store the state file with the last build Docker image. | .kubes/state/docker_image.txt
 suffix_hash | Whether or not to append suffix hash to ConfigMap and Secret | true

data/docs/_docs/helpers/google/gke.md CHANGED

@@ -16,7 +16,10 @@ To enable the GKE IP whitelisting feature, it's a single line:
 ```ruby
 KubesGoogle.configure do |config|
-  config.gke.cluster_name = "projects/#{ENV['GOOGLE_PROJECT']}/locations/us-central1/clusters/dev-cluster"
+  config.gke.cluster_name = "dev-cluster"
+  config.gke.google_region = ENV['GOOGLE_REGION']
+  config.gke.google_project = ENV['GOOGLE_PROJECT']
+  config.gke.enable_get_credentials = true # enable hook to call: gcloud container clusters get-credentials
 end
 ```
@@ -29,5 +32,58 @@ Here are the `config.gke` settings:
 Name | Description | Default
 ---|---|---
 cluster_name | GKE cluster name. This is required. | nil
+enable_get_credentials | Whether or not to run the hook that calls `gcloud container clusters get-credentials`. This spares you from having to call it manually. | false
 enable_hooks | This will be true when the cluster_name is set. So there's no need to set it. The option provides a quick way to override and disable running the hooks. | true
+google_project | Google project. Can also be set with the env var `GOOGLE_PROJECT`. `GOOGLE_PROJECT` takes precedence. | nil
+google_region | Google region cluster is in. Can also be set with the env var `GOOGLE_REGION`. `GOOGLE_REGION` takes precedence. | nil
 whitelist_ip | Explicit IP to whitelist. By default the IP address of the current machine is automatically detected and used. | nil
+## Build Docker Image
+To build kubes as a Docker image entrypoint for [Google CloudBuild Custom Builder](https://cloud.google.com/cloud-build/docs/configuring-builds/use-community-and-custom-builders).
+    git clone http://github.com/boltops-tools/kubes
+    cd kubes
+    gcloud builds submit --tag gcr.io/$GOOGLE_PROJECT/kubes
+Be sure to set GOOGLE_PROJECT to your own project id.
+## Example Codebuild YAML
+cloudbuild.yaml:
+```yaml
+steps:
+- name: 'gcr.io/$PROJECT_ID/kubes'
+  args: ['deploy']
+  env:
+  - 'DOCKER_REPO=gcr.io/$PROJECT_ID/demo'
+  - 'GOOGLE_PROJECT=$PROJECT_ID' # .kubes/config.rb: config.repo
+  - 'KUBES_ENV=$_KUBES_ENV'
+  - 'KUBES_EXTRA=$_KUBES_EXTRA'
+  - 'KUBES_REPO_AUTH=0'
+substitutions:
+  _KUBES_ENV: dev
+  _KUBES_EXTRA: ''
+options:
+    substitution_option: 'ALLOW_LOOSE'
+```
+Make sure to replace the substitutions with your own values. IE: _GCP_REGION, _GKE_CLUSTER, _KUBES_ENV, etc.
+## Google CloudBuild IAM Permissions
+In order to update the GKE cluster master authorized IP and whitelist the CloudBuild IP, you'll need to allow the CloudBuild IAM role permissions.
+Important: The "Kubernetes Engine Developer" that is available in the Cloud Build Settings page as described in [Configuring access for Cloud Build Service Account](https://cloud.google.com/cloud-build/docs/securing-builds/configure-access-for-cloud-build-service-account) does not suffice. You'll need to add the "Kubernetes Engine Cluster Admin" role. Here are the steps:
+1. Go to the Google IAM Console and search "cloudbuild"
+2. Click "Edit Member"
+3. Add the "Kubernetes Engine Cluster Admin" role
+## Run CloudBuild
+Run cloudbuild with:
+    gcloud builds submit --config cloudbuild.yaml

data/kubes.gemspec CHANGED

@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
   # core helper libs
   spec.add_dependency "kubes_aws", "~> 0.2.0"
-  spec.add_dependency "kubes_google", "~> 0.3.0"
+  spec.add_dependency "kubes_google", "~> 0.3.1"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "byebug"

data/lib/kubes/auth.rb CHANGED

@@ -13,6 +13,7 @@ module Kubes
     # Currently only support ECR and GCR
     # TODO: consider moving this to plugin gems
     def strategy_class
+      return unless auth?
       case @image
       when /\.amazonaws\.com/ # IE: 112233445566.dkr.ecr.us-west-2.amazonaws.com/demo/sinatra
         Ecr
@@ -20,5 +21,13 @@ module Kubes
         Gcr
       end
     end
+    def auth?
+      if ENV['KUBES_REPO_AUTO_AUTH'].nil?
+        Kubes.config.repo_auth
+      else
+        %w[1 true].include?(ENV['KUBES_REPO_AUTO_AUTH'])
+      end
+    end
   end
 end

data/lib/kubes/config.rb CHANGED

@@ -31,6 +31,7 @@ module Kubes
       config.kubectl.order.kinds = kind_order
       config.repo = nil # expected to be set by .kubes/config.rb
+      config.repo_auto_auth = true
       config.logger = Logger.new($stderr)
       config.logger.level = ENV['KUBES_LOG_LEVEL'] || :info

data/lib/kubes/hooks/builder.rb CHANGED

@@ -15,7 +15,6 @@ module Kubes::Hooks
     end
     def build
-      return @hooks unless File.exist?(@dsl_file)
       evaluate_file(@dsl_file)
       evaluate_plugin_hooks
       @hooks.deep_stringify_keys!

data/lib/kubes/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Kubes
-  VERSION = "0.6.2"
+  VERSION = "0.6.3"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubes
 version: !ruby/object:Gem::Version
-  version: 0.6.2
+  version: 0.6.3
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-11-10 00:00:00.000000000 Z
+date: 2020-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -156,14 +156,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.3.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -243,15 +243,20 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
+- ".gcloudignore"
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
 - Dockerfile
+- Dockerfile.alpine
 - Gemfile
 - Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- docker/install/docker.sh
+- docker/install/gcloud.sh
+- docker/install/kubectl.sh
 - docs/.gitignore
 - docs/CNAME
 - docs/Gemfile