RubyGems - kubes - Versions diffs - 0.6.2 → 0.6.3 - Mend

kubes 0.6.2 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/.gcloudignore +22 -0
data/.gitignore +1 -1
data/CHANGELOG.md +3 -0
data/Dockerfile +6 -6
data/Dockerfile.alpine +20 -0
data/docker/install/docker.sh +8 -0
data/docker/install/gcloud.sh +18 -0
data/docker/install/kubectl.sh +4 -0
data/docs/_docs/config/reference.md +1 -0
data/docs/_docs/helpers/google/gke.md +57 -1
data/kubes.gemspec +1 -1
data/lib/kubes/auth.rb +9 -0
data/lib/kubes/config.rb +1 -0
data/lib/kubes/hooks/builder.rb +0 -1
data/lib/kubes/version.rb +1 -1
metadata +9 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4068263aefa8212b17485e3a257813b806e0efc0617c01e7210db576759c2f27
-  data.tar.gz: e649b39644516f59a09c08ec33d05c9ceb9adde006c6bda386f370bec8e205d8
+  metadata.gz: fb0b62ecd7b432896bd1fbafc3aeae759f858bcbfb0f2ca9a02ecb60d91fcff3
+  data.tar.gz: 7faf78784573d6d1058fb3641e47356bf725c683cdfc53b081d8926bf2799249
 SHA512:
-  metadata.gz: 0f65b2736c9967eee1a24b65513bed5bb79177c54f8870871e1428e4ba6ff4b2e2501e5d6a1a78ada9f2db971763a6b1f6d35b4818fcfaf76df95baa37aba049
-  data.tar.gz: cfb8c9a0371d7efd6e9a4d8deeb1c503a18c63fd291a0a89275b9bf84996fa7a6ce7f3dfc7c83e8ff98546fc94c80a65bf41f953121833b0f3614c5a635098de
+  metadata.gz: b7d432057c49947c864594fb2049677b721ff084ccd60403a39e7e360aa2a05157fddef26593004a836eb130d39a2307c6443438861be119affe66a182a05380
+  data.tar.gz: 4a99ff9b1819db41ad13f1340707242a978c37cc83d7dbe8e10a6cf06cac9c3aa65335d9e6d8fc94a500cd267d3b197940d49ec71f76f4a4cb81c5ab71efff9f

data/.gcloudignore ADDED

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+/.bundle
+/.config
+/.yardoc
+/_yardoc
+/coverage
+/doc/
+/Gemfile.lock
+/InstalledFiles
+/lib/bundler/man
+/pkg
+/rdoc
+/spec/reports
+/test/tmp
+/test/version_tmp
+/tmp
+.git
+pkg
+docs
+spec

data/.gitignore CHANGED

@@ -14,4 +14,4 @@
 /spec/reports
 /test/tmp
 /test/version_tmp
-/tmp
+/tmp

data/CHANGELOG.md CHANGED

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+## [0.6.3] - 2020-11-11
+- [#37](https://github.com/boltops-tools/kubes/pull/37) Dockerfile for ci and hook updates
 ## [0.6.2]
 - [#36](https://github.com/boltops-tools/kubes/pull/36) add plugin hooks support

data/Dockerfile CHANGED

@@ -1,10 +1,10 @@
-FROM ruby:2.7-alpine
+FROM ruby:2.7
-RUN apk add --no-cache docker
-RUN apk add --no-cache build-base ruby ruby-dev
-RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl
-RUN chmod u+x kubectl && mv kubectl /bin/kubectl
+COPY docker docker
+RUN docker/install/docker.sh
+RUN docker/install/gcloud.sh
+ENV PATH=/opt/google/google-cloud-sdk/bin/:$PATH
+RUN docker/install/kubectl.sh
 WORKDIR /app
 ADD . /app

data/Dockerfile.alpine ADDED

@@ -0,0 +1,20 @@
+FROM ruby:2.7-alpine
+# This Dockerfile is much lighter but won't work with gke whitelisting. Getting this error when the google gke sdk is called:
+#
+#    Error loading shared library ld-linux-x86-64.so.2: No such file or directory #986
+#
+# If you don't need gke whitelisting, then this image should work and is lighter.
+RUN apk add --no-cache docker
+RUN apk add --no-cache build-base ruby ruby-dev
+RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
+RUN chmod u+x kubectl && mv kubectl /bin/kubectl
+WORKDIR /app
+ADD . /app
+RUN bundle install
+RUN rake install
+ENTRYPOINT ["/usr/local/bundle/bin/kubes"]

data/docker/install/docker.sh ADDED

@@ -0,0 +1,8 @@
+#!/bin/bash
+apt-get update
+apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
+curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
+apt-get update
+apt-get install docker-ce docker-ce-cli containerd.io -y

data/docker/install/gcloud.sh ADDED

@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+[ -e /opt/google ] && exit
+mkdir -p /opt/google
+cd /opt/google
+wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-318.0.0-linux-x86_64.tar.gz
+tar zxf google-cloud-sdk*.tar.gz
+rm -f google-cloud-sdk*.tar.gz
+/opt/google/google-cloud-sdk/install.sh -q
+cat << FOE >> ~/.bash_profile
+source /opt/google/google-cloud-sdk/completion.bash.inc
+source /opt/google/google-cloud-sdk/path.bash.inc
+FOE

data/docker/install/kubectl.sh ADDED

@@ -0,0 +1,4 @@
+#!/bin/bash
+wget https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
+chmod u+x kubectl && mv kubectl /bin/kubectl

data/docs/_docs/config/reference.md CHANGED

@@ -16,6 +16,7 @@ kubectl.order.roles | Change ordering for Kubes Roles. | See [source code](https
 logger | Logger object | Logger.new($stdout)
 logger.level | Logger level. Can also be set with `KUBES_LOG_LEVEL` env var | info
 repo | The Docker repo to use. Required to be set. | nil
+repo_auto_auth | Whether or not to try to auth authorize docker repo registry if not yet logged in. Can also be set with env var `KUBES_REPO_AUTO_AUTO` | true
 skip | List of resources to skip. Can also be set with the `KUBES_SKIP` env var. `KUBES_SKIP` should be a list of strings separated by spaces. It adds onto the `config.skip` option. | []
 state.docker_image_path | Where to store the state file with the last build Docker image. | .kubes/state/docker_image.txt
 suffix_hash | Whether or not to append suffix hash to ConfigMap and Secret | true

data/docs/_docs/helpers/google/gke.md CHANGED

@@ -16,7 +16,10 @@ To enable the GKE IP whitelisting feature, it's a single line:
 ```ruby
 KubesGoogle.configure do |config|
-  config.gke.cluster_name = "projects/#{ENV['GOOGLE_PROJECT']}/locations/us-central1/clusters/dev-cluster"
+  config.gke.cluster_name = "dev-cluster"
+  config.gke.google_region = ENV['GOOGLE_REGION']
+  config.gke.google_project = ENV['GOOGLE_PROJECT']
+  config.gke.enable_get_credentials = true # enable hook to call: gcloud container clusters get-credentials
 end
 ```
@@ -29,5 +32,58 @@ Here are the `config.gke` settings:
 Name | Description | Default
 ---|---|---
 cluster_name | GKE cluster name. This is required. | nil
+enable_get_credentials | Whether or not to run the hook that calls `gcloud container clusters get-credentials`. This spares you from having to call it manually. | false
 enable_hooks | This will be true when the cluster_name is set. So there's no need to set it. The option provides a quick way to override and disable running the hooks. | true
+google_project | Google project. Can also be set with the env var `GOOGLE_PROJECT`. `GOOGLE_PROJECT` takes precedence. | nil
+google_region | Google region cluster is in. Can also be set with the env var `GOOGLE_REGION`. `GOOGLE_REGION` takes precedence. | nil
 whitelist_ip | Explicit IP to whitelist. By default the IP address of the current machine is automatically detected and used. | nil
+## Build Docker Image
+To build kubes as a Docker image entrypoint for [Google CloudBuild Custom Builder](https://cloud.google.com/cloud-build/docs/configuring-builds/use-community-and-custom-builders).
+    git clone http://github.com/boltops-tools/kubes
+    cd kubes
+    gcloud builds submit --tag gcr.io/$GOOGLE_PROJECT/kubes
+Be sure to set GOOGLE_PROJECT to your own project id.
+## Example Codebuild YAML
+cloudbuild.yaml:
+```yaml
+steps:
+- name: 'gcr.io/$PROJECT_ID/kubes'
+  args: ['deploy']
+  env:
+  - 'DOCKER_REPO=gcr.io/$PROJECT_ID/demo'
+  - 'GOOGLE_PROJECT=$PROJECT_ID' # .kubes/config.rb: config.repo
+  - 'KUBES_ENV=$_KUBES_ENV'
+  - 'KUBES_EXTRA=$_KUBES_EXTRA'
+  - 'KUBES_REPO_AUTH=0'
+substitutions:
+  _KUBES_ENV: dev
+  _KUBES_EXTRA: ''
+options:
+    substitution_option: 'ALLOW_LOOSE'
+```
+Make sure to replace the substitutions with your own values. IE: _GCP_REGION, _GKE_CLUSTER, _KUBES_ENV, etc.
+## Google CloudBuild IAM Permissions
+In order to update the GKE cluster master authorized IP and whitelist the CloudBuild IP, you'll need to allow the CloudBuild IAM role permissions.
+Important: The "Kubernetes Engine Developer" that is available in the Cloud Build Settings page as described in [Configuring access for Cloud Build Service Account](https://cloud.google.com/cloud-build/docs/securing-builds/configure-access-for-cloud-build-service-account) does not suffice. You'll need to add the "Kubernetes Engine Cluster Admin" role. Here are the steps:
+1. Go to the Google IAM Console and search "cloudbuild"
+2. Click "Edit Member"
+3. Add the "Kubernetes Engine Cluster Admin" role
+## Run CloudBuild
+Run cloudbuild with:
+    gcloud builds submit --config cloudbuild.yaml

data/kubes.gemspec CHANGED

@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
   # core helper libs
   spec.add_dependency "kubes_aws", "~> 0.2.0"
-  spec.add_dependency "kubes_google", "~> 0.3.0"
+  spec.add_dependency "kubes_google", "~> 0.3.1"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "byebug"

data/lib/kubes/auth.rb CHANGED

@@ -13,6 +13,7 @@ module Kubes
     # Currently only support ECR and GCR
     # TODO: consider moving this to plugin gems
     def strategy_class
+      return unless auth?
       case @image
       when /\.amazonaws\.com/ # IE: 112233445566.dkr.ecr.us-west-2.amazonaws.com/demo/sinatra
         Ecr
@@ -20,5 +21,13 @@ module Kubes
         Gcr
       end
     end
+    def auth?
+      if ENV['KUBES_REPO_AUTO_AUTH'].nil?
+        Kubes.config.repo_auth
+      else
+        %w[1 true].include?(ENV['KUBES_REPO_AUTO_AUTH'])
+      end
+    end
   end
 end

data/lib/kubes/config.rb CHANGED

@@ -31,6 +31,7 @@ module Kubes
       config.kubectl.order.kinds = kind_order
       config.repo = nil # expected to be set by .kubes/config.rb
+      config.repo_auto_auth = true
       config.logger = Logger.new($stderr)
       config.logger.level = ENV['KUBES_LOG_LEVEL'] || :info

data/lib/kubes/hooks/builder.rb CHANGED

@@ -15,7 +15,6 @@ module Kubes::Hooks
     end
     def build
-      return @hooks unless File.exist?(@dsl_file)
       evaluate_file(@dsl_file)
       evaluate_plugin_hooks
       @hooks.deep_stringify_keys!

data/lib/kubes/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Kubes
-  VERSION = "0.6.2"
+  VERSION = "0.6.3"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubes
 version: !ruby/object:Gem::Version
-  version: 0.6.2
+  version: 0.6.3
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-11-10 00:00:00.000000000 Z
+date: 2020-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -156,14 +156,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.3.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -243,15 +243,20 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
+- ".gcloudignore"
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
 - Dockerfile
+- Dockerfile.alpine
 - Gemfile
 - Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- docker/install/docker.sh
+- docker/install/gcloud.sh
+- docker/install/kubectl.sh
 - docs/.gitignore
 - docs/CNAME
 - docs/Gemfile