ky 0.1.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 80b326de6d0dd57558007807fe7441ea72f75c2e
+  data.tar.gz: 7788d551ece1c5bdafd05c99ea05a4a16a5d4b88
+SHA512:
+  metadata.gz: 3ff01e43e12fa0db1a2649c5f9b410572012f512c59a41445cb106be7b0902c406a3e3a26146fdc2b539ff465f6e2104576ab96ccf27a04d73a1efb2c4ed4384
+  data.tar.gz: 8614bfdae5d0aab41b98c4eedfb3668f54106dde827429f0397fc894042616e3ea3bb81305d317612aa8a09464b911b55aa34b551c6403ea97c95b4f1ab71ef5

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 bglusman
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,186 @@
+# KY - Kubernetes Yaml Workflow Lubricant
+
+## This gem contains helper methods and workflows for working with kubernetes yml files
+
+The primary purpose is to automate/DRY up duplication and agreement between multiple deployment YAML files and config/secret yaml files that we saw emerging as we built our kubernetes configuration.
+
+
+The typical workflow for the tool might start with generating a yaml file of env mappings from a secrets.yml file and a config.yml file, like so:
+###Example usage
+Assuming config.yml such as:
+```
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test
+data:
+  tz: EST
+  rest-api-id: 1234abcd
+  use-ssl: true
+```
+
+and secrets.yml such as:
+```
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test
+type: Opaque
+data:
+  database-url: cG9zdGdyZXM6Ly91c2VyOnBhc3NAZGIuZXhhbXBsZS5jb20vZGI=
+  pii-encryption-key: ZmFrZWtleQ==
+```
+Then the command
+
+```
+$ ky env config.yml secrets.yml
+```
+
+Would yield
+```
+---
+spec:
+  template:
+    spec:
+      containers:
+      - env:
+        - name: TZ
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: tz
+        - name: REST_API_ID
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: rest-api-id
+        - name: USE_SSL
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: use-ssl
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: test
+              key: database-url
+        - name: PII_ENCRYPTION_KEY
+          valueFrom:
+            secretKeyRef:
+              name: test
+              key: pii-encryption-key
+```
+
+You can also pass in a non-base64 encoded secrets.yml above, and use KY as documented below to generate the encoded version you use on demand as needed (just don't check in either one to your repo!)
+
+Then you can merge the generated file, we'll call `env.yml` below, with one or more base deployment YAML files, to help prevent duplication, and regenerating and applying to kubernetes hosts via kubectl as needed when env variable values or keys change.  So with the `env.yml` above and a `base.yml` like so:
+```
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: test
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: web
+    spec:
+      containers:
+        - name: web
+          image: docker/image
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 3000
+          command: [ "/bin/bash","-c","bundle exec rake assets:precompile && bundle exec puma -C ./config/puma.rb" ]
+```
+then running this command:
+
+```
+$ ky merge base.yml env.yml # outputs combined yaml to stdout
+```
+
+Would yield:
+```
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: test
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: web
+    spec:
+      containers:
+      - name: web
+        image: docker/image
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 3000
+        command:
+        - "/bin/bash"
+        - "-c"
+        - bundle exec rake assets:precompile && bundle exec puma -C ./config/puma.rb
+        env:
+        - name: TZ
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: tz
+        - name: REST_API_ID
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: rest-api-id
+        - name: USE_SSL
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: use-ssl
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: test
+              key: database-url
+        - name: PII_ENCRYPTION_KEY
+          valueFrom:
+            secretKeyRef:
+              name: test
+              key: pii-encryption-key
+
+```
+(Note the formatting of some yaml syntax may be affected, such as command array using multiline list form instead of single line square bracket notation)
+
+Kubernetes requires its secrets.yml files to have their data values base64 encoded.  KY will either read the value from a specified fle or use yaml value directly, and write the resulting data all to a single yaml file with base64 encoded values under a specfied key ('data' by default) for consistency.  Decoding always results in a single file, with escaped values as necessary, but encoding can come from multiple files which all must be accessible to the process, either as local file references or as URL's it can read the file from at the moment it is run (S3 buckets can generate short lived unguessable URLs to help to this securely).
+
+Those long/unescaped values can be loaded from files referenced in the source yaml by wrapping in "magic" file/url delimiters, ('@' by default), e.g:
+```yaml
+apiVersion: v1
+kind: Secret
+type: Opaque
+data:
+  long_crazy_indirect_value: '@local_unescaped_file.txt@'
+  binary_indirect_url_value: '@https://example.com/secret_image.png@'
+  regular_direct_value_domain: example.com
+```
+
+The delimiter can be changed with the env var `MAGIC_FILE` from default value of '@', and the data key can be changed from it's default value of 'data' with env var `DATA_KEY`.
+
+Gem install as usual in bundler or directly as `ky`, though only CLI usage is intended at present.
+
+###Example usage
+```
+$ ky encode connect.configmap.yml # outputs encoded yaml to stdout
+$ ky decode connect.secrets.yml # outputs decode yaml to stdout
+$ ky encode connect.configmap.yml tmp.out # writes encoded yaml to tmp.out file
+$ ky encode https://example.com/secret.unencoded.yaml secret.yml # downloads yml file from URL and encodes, writes to local yaml file
+$ ky decode connect.secrets.yml tmp2.out # writes encoded yaml to tmp2.out file
+$ ky decode https://example.com/secret.yaml # downloads yml file from URL and decodes, prints to standard out
+$ cat file.yml | obscure decode # reads non-base64 input yaml from stdin, writes decoded yamlto stdout
+$ cat file.yml | obscure encode # reads base64 encoded input yaml from stdin, write encoded to stdout
+```
+
+A valid url may also be used in place of a file path for input.

data/bin/ky

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+require_relative '../lib/ky/cli'
+
+KY::Cli.start(ARGV)
+

data/ky.gemspec

@@ -0,0 +1,31 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib/', __FILE__)
+$LOAD_PATH.unshift lib unless $LOAD_PATH.include?(lib)
+require 'ky/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'ky'
+  s.version     = KY::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ['Brian Glusman']
+  s.email       = ['brian@stellaservice.com']
+  s.homepage    = 'https://github.com/stellaservice/ky'
+  s.license     = 'MIT'
+  s.summary     = 'Kubernetes Yaml utilities and lubricant'
+  s.rubyforge_project = 'ky'
+  s.require_paths = ['lib']
+  s.add_development_dependency 'rspec', '~> 3.5'
+  s.add_development_dependency 'pry', '~> 0.10'
+  s.add_runtime_dependency 'deep_merge', '~> 1.1'
+  s.add_runtime_dependency 'thor', '~> 0.19'
+  s.add_runtime_dependency 'activesupport', ">= 3.0", "< 6"
+
+  s.description = <<-DESC
+    Utility belt for managing, manipulating and lubricating kubernetes deployment, config and secrets yml files
+  DESC
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.require_paths = ['lib']
+end

data/lib/ky.rb

@@ -0,0 +1,36 @@
+require 'yaml'
+require 'base64'
+require 'open-uri'
+require_relative 'ky/manipulation'
+require_relative 'ky/env_generation'
+require_relative 'ky/deploy_generation'
+
+
+module KY
+  module_function
+
+  def decode(output, input)
+    output << Manipulation.code_yaml(input, :decode)
+  end
+
+  def encode(output, input)
+    output << Manipulation.code_yaml(input, :encode)
+  end
+
+  def merge(output, input1, input2)
+    output << Manipulation.merge_yaml(input1, input2)
+  end
+
+  def env(output, input1, input2)
+    output << EnvGeneration.generate_env(input1, input2)
+  rescue KY::EnvGeneration::ConflictingProjectError => e
+    $stderr << "Error processing yml files, please provide a config and a secrets file from the same kubernetes project/name"
+    exit(1)
+  end
+
+  def from_proc(proc_path, output_dir)
+    DeployGeneration.new(proc_path, output_dir).call
+  end
+
+
+end

data/lib/ky/cli.rb

@@ -0,0 +1,55 @@
+require_relative '../ky'
+require 'thor'
+module KY
+  class Cli < Thor
+    desc "encode secrets.yml", "base64 encoded yaml version of data attributes in secrets.yml"
+    def encode(input_source=$stdin, output_source=$stdout)
+      input_output(input_source, output_source) do |input_object, output_object|
+        KY.encode(output_object, input_object)
+      end
+    end
+
+    desc "decode secrets.yml", "decoded yaml version of secrets.yml with base64 encoded data attributes"
+    def decode(input_source=$stdin, output_source=$stdout)
+      input_output(input_source, output_source) do |input_object, output_object|
+        KY.decode(output_object, input_object)
+      end
+    end
+
+    desc "merge base.yml env.yml", "deep merged/combined yaml of two seperate files"
+    def merge(input_source1, input_source2=$stdin, output_source=$stdout)
+      input_output(input_source1, output_source) do |input_object1, output_object|
+        with(input_source2, 'r') {|input_object2| KY.merge(output_object, input_object1, input_object2) }
+      end
+    end
+
+    desc "env config.yml secrets.yml", "generate env variables section of a deployment from a config and a secrets file"
+    def env(input_source1, input_source2=$stdin, output_source=$stdout)
+      input_output(input_source1, output_source) do |input_object1, output_object|
+        with(input_source2, 'r') {|input_object2| KY.env(output_object, input_object1, input_object2) }
+      end
+    end
+
+    desc "from_proc path/to/Procfile output_dir", "generate kubernetes deployment base configs from Procfile"
+    def from_proc(procfile_path, output_dir)
+      KY.from_proc(procfile_path, output_dir)
+    end
+
+    private
+
+    def input_output(input1, output1)
+      with(input1, 'r') {|input_object| with(output1, 'w+') { |output_object| yield(input_object, output_object)  } }
+    end
+
+    def with(output, mode)
+      if output.kind_of?(IO)
+        yield output
+      else
+        open(output, mode) do |f|
+          yield f
+        end
+      end
+    end
+
+  end
+end

data/lib/ky/env_generation.rb

@@ -0,0 +1,52 @@
+require 'active_support'
+require 'active_support/core_ext'
+module KY
+  class EnvGeneration
+    ConflictingProjectError = Class.new(StandardError)
+
+    #string array meta-trick to avoid naked strings everywhere below, yaml doesn't to_s symbols as desired
+    %w(ConfigMap configMapKeyRef Secret secretKeyRef kind data metadata name key valueFrom spec template containers env).each do |raw_string|
+      define_method(raw_string.underscore) { raw_string }
+    end
+
+    def self.generate_env(input1, input2)
+      new(input1, input2).to_yaml
+    end
+
+    attr_reader :config_hsh, :secret_hsh
+    def initialize(input1, input2)
+      input_hashes = YAML.load(input1.read), YAML.load(input2.read)
+      @config_hsh = input_hashes.find {|h| h[kind] == config_map }
+      @secret_hsh = input_hashes.find {|h| h[kind] == secret }
+      raise ConflictingProjectError.new("Config and Secret metadata names do not agree") unless secret_hsh[metadata][name] == project
+    end
+
+    def to_yaml
+      output_hash(config_hsh[data].map {|key, _| config_env(project, key) } + secret_hsh[data].map {|key, _| secret_env(project, key) }).to_yaml
+    end
+
+    private
+
+    def project
+       config_hsh[metadata][name]
+    end
+
+    def config_env(project, kebab_version)
+      env_map(config_map_key_ref, project, kebab_version)
+    end
+
+    def secret_env(project, kebab_version)
+      env_map(secret_key_ref, project, kebab_version)
+    end
+
+    def env_map(type, project, kebab_version)
+      puts "WARNING: #{kebab_version} format appears incorrect, format as #{kebab_version.dasherize.downcase}" unless kebab_version == kebab_version.dasherize.downcase
+      {name => kebab_version.underscore.upcase, value_from => { type => {name => project, key => kebab_version }}}
+    end
+
+    def output_hash(env_array)
+      {spec => {template => {spec => { containers => [{env => env_array }]}}}}
+    end
+
+  end
+end

data/lib/ky/manipulation.rb

@@ -0,0 +1,46 @@
+require 'deep_merge/rails_compat'
+module KY
+  module Manipulation
+    DEFAULT_DATA_KEY = 'data'
+    MAGIC_DELIMITER = '@'
+
+    class << self
+      def merge_yaml(input1, input2)
+        combined = {}
+        YAML.load(input1.read).tap { |hsh|
+          hsh.deeper_merge!(YAML.load(input2.read), merge_hash_arrays: true, extend_existing_arrays: true)
+        }.to_yaml
+      end
+
+      def code_yaml(yaml_source, direction)
+        YAML.load(yaml_source.read).tap { |hsh|
+          data = hsh[obscured_data_key]
+          hsh[obscured_data_key] = data.map { |key, value|
+              [key, handle_coding(direction, value)]
+            }.to_h
+        }.to_yaml
+      end
+
+      def handle_coding(direction, value)
+        direction == :decode ? Base64.decode64(value) : Base64.strict_encode64(value_or_file_contents(value))
+      end
+
+      def value_or_file_contents(value)
+        return value unless detect_file(value)
+        value_contents = open(value.gsub(magic_delimiter, '')) { |f| f.read }
+      end
+
+      def detect_file(value)
+        value.match /\A#{magic_delimiter}(.+)#{magic_delimiter}\z/
+      end
+
+      def magic_delimiter
+        ENV['MAGIC_FILE'] || MAGIC_DELIMITER
+      end
+
+      def obscured_data_key
+        ENV['DATA_KEY'] || DEFAULT_DATA_KEY
+      end
+    end
+  end
+end

data/lib/ky/version.rb

@@ -0,0 +1,3 @@
+module KY
+  VERSION = "0.1.3"
+end

data/spec/ky_bin_spec.rb

@@ -0,0 +1,72 @@
+require 'ky/cli'
+describe "cli commands" do
+  let(:tmpfile_path) { "spec/support/tmpfile.yml" }
+  after { `rm #{tmpfile_path}` if File.exists?(tmpfile_path) }
+  describe "works with stdout" do
+    it "decodes" do
+      output = File.read('spec/support/decoded.yml')
+      expect($stdout).to receive(:<<).with(output)
+      KY::Cli.new.decode("spec/support/encoded.yml")
+    end
+
+    it "encodes" do
+      output = File.read('spec/support/encoded.yml')
+      expect($stdout).to receive(:<<).with(output)
+      KY::Cli.new.encode("spec/support/decoded.yml")
+    end
+  end
+
+  describe "works with files" do
+    it "decodes" do
+      output = File.read('spec/support/decoded.yml')
+      KY::Cli.new.decode("spec/support/encoded.yml", tmpfile_path)
+      expect(File.read(tmpfile_path)).to eq(output)
+    end
+
+    it "encodes" do
+      output = File.read('spec/support/encoded.yml')
+      KY::Cli.new.encode("spec/support/decoded.yml", tmpfile_path)
+      expect(File.read(tmpfile_path)).to eq(output)
+    end
+  end
+
+  describe "merges yml files" do
+    it "to stdout" do
+      output = File.read('spec/support/web-merged.yml')
+      expect($stdout).to receive(:<<).with(output)
+      KY::Cli.new.merge('spec/support/web-base.yml', 'spec/support/web-env.yml')
+    end
+  end
+
+  describe "generates env section" do
+    it "to stdout" do
+      output = File.read('spec/support/web-env.yml')
+      expect($stdout).to receive(:<<).with(output)
+      KY::Cli.new.env('spec/support/decoded.yml', 'spec/support/config.yml')
+    end
+
+    it "config and secret are order independent" do
+      output = File.read('spec/support/web-env.yml')
+      expect($stdout).to receive(:<<).with(output)
+      KY::Cli.new.env('spec/support/config.yml', 'spec/support/decoded.yml')
+    end
+
+    it "to file" do
+      output = File.read('spec/support/web-env.yml')
+      KY::Cli.new.env('spec/support/config.yml', 'spec/support/decoded.yml', tmpfile_path)
+      expect(File.read(tmpfile_path)).to eq(output)
+    end
+  end
+
+  describe "parses Procfile into multiple deployment files" do
+    let(:tmpdir) { 'spec/support/tmpdir' }
+    it "to directory" do
+      KY::Cli.new.from_proc('spec/support/Procfile', tmpdir)
+      expect(File.exists?("#{tmpdir}/web.yml")).to be true
+      expect(File.exists?("#{tmpdir}/worker.yml")).to be true
+      expect(File.exists?("#{tmpdir}/jobs.yml")).to be true
+    end
+  end
+
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,104 @@
+require 'pry'
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
+  # have no way to turn it off -- the option exists only for backwards
+  # compatibility in RSpec 3). It causes shared context metadata to be
+  # inherited by the metadata hash of host groups and examples, rather than
+  # triggering implicit auto-inclusion in groups with matching metadata.
+  config.shared_context_metadata_behavior = :apply_to_host_groups
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # This allows you to limit a spec run to individual examples or groups
+  # you care about by tagging them with `:focus` metadata. When nothing
+  # is tagged with `:focus`, all examples get run. RSpec also provides
+  # aliases for `it`, `describe`, and `context` that include `:focus`
+  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
+  config.filter_run_when_matching :focus
+
+  # Allows RSpec to persist some state between runs in order to support
+  # the `--only-failures` and `--next-failure` CLI options. We recommend
+  # you configure your source control system to ignore this file.
+  config.example_status_persistence_file_path = "spec/examples.txt"
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
+  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end

data/spec/support/config.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test
+data:
+  tz: EST
+  rest-api-id: 1234abcd
+  use-ssl: true

data/spec/support/decoded.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test
+type: Opaque
+data:
+  database-url: postgres://user:pass@db.example.com/db
+  pii-encryption-key: fakekey

data/spec/support/encoded.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test
+type: Opaque
+data:
+  database-url: cG9zdGdyZXM6Ly91c2VyOnBhc3NAZGIuZXhhbXBsZS5jb20vZGI=
+  pii-encryption-key: ZmFrZWtleQ==

data/spec/support/web-base.yml

@@ -0,0 +1,19 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: web
+  namespace: stg
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: connect-web
+    spec:
+      containers:
+        - name: web
+          image: docker/image
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 3000
+          command: [ "/bin/bash","-c","bundle exec rake assets:precompile && bundle exec puma -C ./config/puma.rb" ]

data/spec/support/web-env.yml

@@ -0,0 +1,31 @@
+---
+spec:
+  template:
+    spec:
+      containers:
+      - env:
+        - name: TZ
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: tz
+        - name: REST_API_ID
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: rest-api-id
+        - name: USE_SSL
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: use-ssl
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: test
+              key: database-url
+        - name: PII_ENCRYPTION_KEY
+          valueFrom:
+            secretKeyRef:
+              name: test
+              key: pii-encryption-key

data/spec/support/web-merged-original.yml

@@ -0,0 +1,37 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: web
+  namespace: stg
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: connect-web
+    spec:
+      imagePullSecrets:
+        - name: stellaservice-dockerhub-key
+      containers:
+        - name: web
+          image: stellanetops/connect:staging
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 3000
+          command: [ "/bin/bash","-c","bundle exec rake assets:precompile && bundle exec puma -C ./config/puma.rb" ]
+          env:
+            - name: TZ
+              valueFrom:
+                configMapKeyRef:
+                  name: connect
+                  key: tz
+            - name: USE_SSL
+              valueFrom:
+                configMapKeyRef:
+                  name: connect
+                  key: use-ssl
+            - name: REST_API_ID
+              valueFrom:
+                secretKeyRef:
+                  name: connect
+                  key: rest-api-id

data/spec/support/web-merged.yml

@@ -0,0 +1,49 @@
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: web
+  namespace: stg
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: connect-web
+    spec:
+      containers:
+      - name: web
+        image: docker/image
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 3000
+        command:
+        - "/bin/bash"
+        - "-c"
+        - bundle exec rake assets:precompile && bundle exec puma -C ./config/puma.rb
+        env:
+        - name: TZ
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: tz
+        - name: REST_API_ID
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: rest-api-id
+        - name: USE_SSL
+          valueFrom:
+            configMapKeyRef:
+              name: test
+              key: use-ssl
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: test
+              key: database-url
+        - name: PII_ENCRYPTION_KEY
+          valueFrom:
+            secretKeyRef:
+              name: test
+              key: pii-encryption-key

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: ky
+version: !ruby/object:Gem::Version
+  version: 0.1.3
+platform: ruby
+authors:
+- Brian Glusman
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-10-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: deep_merge
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
+description: "    Utility belt for managing, manipulating and lubricating kubernetes
+  deployment, config and secrets yml files\n"
+email:
+- brian@stellaservice.com
+executables:
+- ky
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- LICENSE.txt
+- README.md
+- bin/ky
+- ky.gemspec
+- lib/ky.rb
+- lib/ky/cli.rb
+- lib/ky/env_generation.rb
+- lib/ky/manipulation.rb
+- lib/ky/version.rb
+- spec/ky_bin_spec.rb
+- spec/spec_helper.rb
+- spec/support/config.yml
+- spec/support/decoded.yml
+- spec/support/encoded.yml
+- spec/support/web-base.yml
+- spec/support/web-env.yml
+- spec/support/web-merged-original.yml
+- spec/support/web-merged.yml
+homepage: https://github.com/stellaservice/ky
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: ky
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Kubernetes Yaml utilities and lubricant
+test_files: []