mina-kubernetes 1.0.1 → 2.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f1fd603c840045e6402d4eee5e82b997a3e31459b2e33f904bff8541cf4ce42
-  data.tar.gz: b31401cfce0e729fabbc51e0aa37841a7b6e907639fc5fa572046ac4e3916924
+  metadata.gz: 7930f648e0b70eeb94a1413fee561b8edcdac3c28918bf003bee6c77749f9537
+  data.tar.gz: 5df185bd2d8cf21dbe0d520b799e8654d793400822a9d2522a760614dabf4e97
 SHA512:
-  metadata.gz: 83b16882b97e8b5a1e2bfd13a2143955443c39d9fb3166c457457510cffd375e32b468a1d4fba608e0822425ebd61d9abd40a12a38fbcc037ea6d6707ad0abd4
-  data.tar.gz: 8cfc7cc45cb7dbf508a97ad3c3c6ecff2d094530672a3fb38676426d25448a2d676a0e362d45507cbf89066caa06db971864cfbf26878f360446f5c117f54ca3
+  metadata.gz: 47f3c48b9157ca35688e8b45cee5e20c8c844c05b128e899f5cee1c15b9db60773a16f6b636fcf15c84bcbf27b78b4c66e6c4f5758397c693d277615f7b23abf
+  data.tar.gz: ce3221d0774d3d386c95af184798c9a98d67559f43481ea84b75a13119a6bb57fc35b5eafa9ca60a9a5d4e879805328b0dc5b47f162ff20d885d5e4aea95228c

data/CHANGELOG.md

@@ -0,0 +1,45 @@
+## 2.4.0
+
+*Enhancements*
+
+- Use `secrets.ejson` if present
+
+## 2.3.0
+
+*Enhancements*
+
+- Allow using a proxy to connect to a Kubernetes cluster
+
+## 2.2.4
+
+*Fixes*
+
+- run custom command within given namespace instead of `default` 
+
+## 2.2.1 to 2.2.3
+
+*Fixes*
+
+- handle nil/undefined options passed to `krane`
+
+## 2.2.0
+
+*Enhancements*
+
+- Using `krane` 1.0.0 (previously `kubernetes-deploy`)
+- Allow passing of options to `krane`
+
+## 2.1.0
+
+Yanked release.
+
+## 2.0.0
+
+*Breaking*
+
+- Using `namespace` config variable instead of `app_name`
+- Using `kubernetes_context` config variable linking directly to a context set in $KUBE_CONFIG instead of creating a new context from separate `kubernetes_cluster` and `kubernetes_user` config variables
+
+*Fixes*
+
+- Not overriding $KUBE_CONFIG environment variable anymore

data/README.md

@@ -1,15 +1,19 @@
 # mina-kubernetes
-Plugin for the [mina](https://github.com/mina-deploy/mina) deployment tool to streamline deployment of resources to Kubernetes cluster, using the [kubernetes-deploy](https://github.com/Shopify/kubernetes-deploy) gem and [mina-multistage](https://github.com/endoze/mina-multistage) plugin.
+Plugin for the [mina](https://github.com/mina-deploy/mina) deployment tool to streamline deployment of resources to Kubernetes clusters, using the [krane](https://github.com/Shopify/krane) gem and [mina-multistage](https://github.com/endoze/mina-multistage) plugin.
 
-Requires local Docker and [kubectl](https://cloud.google.com/kubernetes-engine/docs/quickstart) with authentication set up to connect to the destination Kubernetes cluster.
+Requires local Docker and [kubectl](https://cloud.google.com/kubernetes-engine/docs/quickstart) with local authentication set up to connect to the destination Kubernetes cluster as context in your local KUBE_CONFIG. See https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#generate_kubeconfig_entry for example with Google Kubernetes Engine.
+
+NB: `docker manifest inspect` is used to check whether the Docker image with requested tag is available. This requires experimental features to be enabled in your local Docker config by adding `"experimental": "enabled"` to `~/.docker/config.json`.
+If the image repository is not public authentication will need to be set up for your local Docker, for instance see https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper for images hosted on the Google Cloud Registry
 
 ## Usage
 
-Add `mina-kubernetes` to your local Gemfile. 
+Add `mina-kubernetes` to your local Gemfile.
 
 Create a configuration file for mina in `config/deploy.rb` like the one below:
 ```ruby
 require "mina/default"
+require "mina/multistage"
 require "mina/kubernetes"
 
 task :deploy do
@@ -19,22 +23,39 @@ end
 
 Add the following variables to your stage configuration i.e. `config/deploy/production.rb`:
 ```ruby
-set :app_name, "my_app"
-set :image_repository, "gcr.io/project-id/myapp"
-set :kubernetes_cluster, "kubernetes_cluster_name"
-set :kubernetes_user, "kubernetes_user_name"
+set :namespace, "my_app"
+set :image_repo, "gcr.io/project-id/myapp"
+set :kubernetes_context, "kubernetes_context_name"
 ```
 
 If `set :image_tag, "my_image_tag"` is also defined, it'll be used to deploy the image tagged with this tag on the repository. Otherwise you'll be prompted to pick a branch from current working Git repository and the image to deploy will be assumed to be tagged with the Git commit hash, i.e. `gcr.io/project-123456/my_app:abcd1234`.
 
-Optional configuration (showing default values):
-```ruby
-set :kube_config, "~/.kube/config"
+Then add `*.yml.erb` Kubernetes resource definition files in the stage folder, i.e. `config/deploy/production/app.yml.erb`. Occurences of `<%= image_repo %>` and `<%= current_sha %>` in these files will be dynamically replaced on deploy by the image repository URL and the latest commit hash of the selected branch on its git origin.
+
+You can also get the RAILS_MASTER_KEY for encrypted credentials deployed as a Kubernetes secrets by adding a secrets.yml.erb like below:
+```yml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secrets
+data:
+  RAILS_MASTER_KEY: <%= Base64.strict_encode64(File.read("#{Dir.pwd}/config/credentials/production.key").strip) %>
 ```
 
-Then create `*.yml.erb` Kubernetes resource definition files in the stage folder, i.e. `config/deploy/production/app.yml.erb`. Occurences of `<%= image_repo %>` and `<%= current_sha %>` in these files will be dynamically replaced on deploy by the image repository URL and the latest commit hash of the selected branch on its git origin.
+When running `mina production deploy`, it'll prompt for a branch and check the image tagged with current commit hash from selected branch is available on the repository. Then the `krane` executable is called to fill in the variables in the resource templates and apply them all to the cluster under the given namespace (see https://github.com/Shopify/krane#deploy-walkthrough for more details)\
+
+### EJSON Encrypted secrets
+
+Krane supports generating Kubernetes secrets from an encrypted EJSON file: https://github.com/Shopify/krane#deploying-kubernetes-secrets-from-ejson. As per current Krane documentation "The ejson file must be included in the resources passed to --filenames it can not be read through stdin.", so
+following convention-over-configuration principles `mina-kubernetes` checks for the presence of a file named `secrets.ejson` in the stage folder and uses it if available.
+
+### Passing options to krane
+
+```ruby
+  invoke :"kubernetes:deploy", "--no-prune"
+```
 
-When you run `mina production deploy`, a namespace labelled `my_app-production` will be created on the Kubernetes cluster and set as a local kubectl context. Then the resources are applied to the cluster after checking/waiting for the image to be available on the repository.
+Refer to https://github.com/Shopify/krane#usage for a complete set of options
 
 ### Tasks available
 
@@ -52,4 +73,4 @@ Prompts for branch unless image tag is set, then spins up a temporary pod with t
 
 #### `kubernetes:delete`
 
-Confirms and delete all resources on cluster under namespace `app_name-stage`.
+Confirms and delete all resources on cluster under namespace.

data/lib/mina/kubernetes.rb

@@ -7,45 +7,37 @@ require "base64"
 # required by mina
 set :execution_mode, :pretty
 
-# default for kubernetes-deploy
-set :kube_config, "~/.kube/config"
-
 namespace :kubernetes do
+  set :proxy, nil
 
-  set :namespace, fetch(:app_name)
-  set :context, "#{fetch(:namespace)}-#{fetch(:stage)}"
-
-  task :deploy do
+  task :deploy, [:options] do |task, args|
     desc "Set image tag to be latest commit of prompted branch (unless provided) then applies resources to cluster"
     set_tag_from_branch_commit unless fetch(:image_tag)
     wait_until_image_ready(fetch(:image_tag))
     create_namespace_on_cluster
-    set_local_config_context
-    apply_kubernetes_resources
+    apply_kubernetes_resources(args[:options])
   end
 
   task :bash do
     desc "Spins up temporary pod with image and opens remote interactive bash"
     set_tag_from_branch_commit unless fetch(:image_tag)
     wait_until_image_ready(fetch(:image_tag))
-    run_terminal_command("bash")
+    run_command("bash")
   end
 
   task :command do
     desc "Spins up temporary pod with image and runs given command in interactive shell, passing given environment variable"
     set_tag_from_branch_commit unless fetch(:image_tag)
     wait_until_image_ready(fetch(:image_tag))
-    run_terminal_command(fetch(:command), fetch(:env_hash))
+    run_command(fetch(:command), env_hash_arg)
   end
 
   task :delete do
     desc "Delete all resources in namespace on cluster"
-    if TTY::Prompt.new.yes?("This will delete all resources in namespace #{fetch(:namespace)} on cluster #{fetch(:kubernetes_cluster)}, are you sure?")
+    if TTY::Prompt.new.yes?("This will delete all resources in namespace #{fetch(:namespace)} on context #{fetch(:kubernetes_context)}, are you sure?")
       run :local do
         comment "Deleting all resources in #{fetch(:namespace)}..."
-        command "kubectl delete namespace #{fetch(:namespace)} --cluster=#{fetch(:kubernetes_cluster)}"
-        comment "Removing local config context..."
-        command "kubectl config unset contexts.#{fetch(:context)}"
+        command "kubectl delete namespace #{fetch(:namespace)} --context=#{fetch(:kubernetes_context)}"
       end
     end
   end
@@ -54,6 +46,10 @@ end
 
 private
 
+def env_hash_arg
+  @env_hash_arg ||= (fetch(:env_hash).is_a?(String) ? JSON.parse(fetch(:env_hash)) : fetch(:env_hash)) || {}
+end
+
 def set_tag_from_branch_commit
   run :local do
     comment "Updating Git branches..."
@@ -66,14 +62,8 @@ end
 def create_namespace_on_cluster
   run :local do
     comment "Create/update namespace on Kubernetes cluster..."
-    command "kubectl create namespace #{fetch(:namespace)} --dry-run -o yaml | kubectl apply -f - --cluster=#{fetch(:kubernetes_cluster)}"
-  end
-end
-
-def set_local_config_context
-  run :local do
-    comment "Set up local Kubernetes config context..."
-    command "kubectl config set-context #{fetch(:context)} --namespace=#{fetch(:namespace)} --cluster=#{fetch(:kubernetes_cluster)} --user=#{fetch(:kubernetes_user)}"
+    proxy_env = "HTTPS_PROXY=#{fetch(:proxy)}" if fetch(:proxy)
+    command "kubectl create namespace #{fetch(:namespace)} --dry-run -o yaml | #{proxy_env} kubectl apply -f - --context=#{fetch(:kubernetes_context)}"
   end
 end
 
@@ -93,16 +83,29 @@ def image_available?(commit)
   system("docker manifest inspect #{fetch(:image_repo)}:#{commit} > /dev/null") == true
 end
 
-def run_terminal_command(command, env_hash = {})
+def run_command(command, env_hash = {})
   env = env_hash.collect{|k,v| "--env #{k}=#{v}" }.join(" ")
   label = command.downcase.gsub(" ", "-").gsub(":", "-")
+  proxy_env = "HTTPS_PROXY=#{fetch(:proxy)}" if fetch(:proxy)
+
   # using system instead of mina's command so tty opens successfully
-  system "kubectl run #{label}-#{SecureRandom.hex(4)} --rm -i --tty --restart=Never --context=#{fetch(:context)} --image #{fetch(:image_repo)}:#{fetch(:image_tag)} #{env} -- #{command}"
+  system "#{proxy_env} kubectl run #{label}-#{SecureRandom.hex(4)} --rm -i --tty --restart=Never --context=#{fetch(:kubernetes_context)} --namespace=#{fetch(:namespace)} --image #{fetch(:image_repo)}:#{fetch(:image_tag)} #{env} -- #{command}"
 end
 
-def apply_kubernetes_resources
+def apply_kubernetes_resources(options)
   run :local do
     comment "Apply all Kubernetes resources..."
-    command "REVISION=#{fetch(:image_tag)} KUBECONFIG=#{fetch(:kube_config)} ENVIRONMENT=#{fetch(:stage)} kubernetes-deploy --bindings=image_repo=#{fetch(:image_repo)},image_tag=#{fetch(:image_tag)},namespace=#{fetch(:namespace)} #{fetch(:namespace)} #{fetch(:context)}"
+
+    proxy_env = "HTTPS_PROXY=#{fetch(:proxy)}" if fetch(:proxy)
+    filepaths = options&.[](:filepaths) || "config/deploy/#{fetch(:stage)}"
+
+    render_cmd = "#{proxy_env} krane render --bindings=image_repo=#{fetch(:image_repo)},image_tag=#{fetch(:image_tag)},namespace=#{fetch(:namespace)} --current_sha #{fetch(:image_tag)} -f #{filepaths}"
+    deploy_cmd = "#{proxy_env} krane deploy #{fetch(:namespace)} #{fetch(:kubernetes_context)} --stdin "
+    deploy_cmd += options[:deployment_options] if options&.[](:deployment_options)
+
+    ejson_secrets_path = "#{filepaths}/secrets.ejson"
+    deploy_cmd += " --filenames #{ejson_secrets_path}" if File.exists?(ejson_secrets_path)
+
+    command "#{render_cmd} | #{deploy_cmd}"
   end
 end

data/lib/mina/kubernetes/version.rb

@@ -1,5 +1,5 @@
 module Mina
   module Kubernetes
-    VERSION = "1.0.1"
+    VERSION = "2.4.1"
   end
-end
+end

data/mina-kubernetes.gemspec

@@ -20,11 +20,11 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency 'bundler', '~> 1.11'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  
+  spec.add_development_dependency 'rake', '>= 12.3.3'
+
   spec.add_runtime_dependency 'mina', '~> 1.0'
   spec.add_runtime_dependency 'mina-multistage', '~> 1.0'
-  spec.add_runtime_dependency 'kubernetes-deploy'
+  spec.add_runtime_dependency 'krane', '~> 1.0'
   spec.add_runtime_dependency 'tty-prompt'
   spec.add_runtime_dependency 'tty-spinner'
-end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mina-kubernetes
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.4.1
 platform: ruby
 authors:
 - Antoine Sabourin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-20 00:00:00.000000000 Z
+date: 2020-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -28,16 +28,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: mina
   requirement: !ruby/object:Gem::Requirement
@@ -67,19 +67,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: kubernetes-deploy
+  name: krane
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: tty-prompt
   requirement: !ruby/object:Gem::Requirement
@@ -116,6 +116,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- CHANGELOG.md
 - README.md
 - Rakefile
 - lib/mina/kubernetes.rb