-
-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #35 from boltops-tools/mix
mix layering support, variables, custom helpers, plugin helpers
- Loading branch information
Showing
95 changed files
with
1,400 additions
and
412 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
title: Advanced AWS Helpers | ||
nav_text: Advanced | ||
categories: helpers-aws | ||
--- | ||
|
||
{% assign docs = site.docs | where: "categories","advanced-helpers-aws" %} | ||
{% for doc in docs -%} | ||
* [{{ doc.nav_text }}]({{ doc.url }}) | ||
{% endfor %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
--- | ||
title: AWS Secrets Advanced | ||
nav_text: Secrets | ||
categories: advanced-helpers-aws | ||
--- | ||
|
||
This covers an advanced way so that Kubernetes Secrets are created from AWS Secrets Manager in a conventional way. | ||
|
||
## Simple Values | ||
|
||
For example if you have these secret values: | ||
|
||
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_user | jq '.SecretString' | ||
user | ||
$ aws secretsmanager get-secret-value --secret-id demo/dev/db_pass | jq '.SecretString' | ||
pass | ||
|
||
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/). | ||
|
||
.kubes/config/hooks/kubes.rb | ||
|
||
```ruby | ||
secrets = KubesAws::Secrets.new(upcase: true, prefix: "demo/dev/") | ||
before("compile", | ||
label: "Get secrets from AWS Secrets Manager", | ||
execute: secrets, | ||
) | ||
``` | ||
|
||
Then set the secrets in the YAML: | ||
|
||
.kubes/resources/shared/secret.yaml | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: demo | ||
labels: | ||
app: demo | ||
data: | ||
<% KubesAws::Secrets.data.each do |k,v| -%> | ||
<%= k %>: <%= base64(v) %> | ||
<% end -%> | ||
``` | ||
|
||
This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data. The values are automatically base64 encoded. Produces: | ||
|
||
.kubes/output/shared/secret.yaml | ||
|
||
```yaml | ||
metadata: | ||
namespace: demo | ||
name: demo-2a78a13682 | ||
labels: | ||
app: demo | ||
apiVersion: v1 | ||
kind: Secret | ||
data: | ||
db_pass: dGVzdDEK | ||
db_user: dGVzdDIK | ||
``` | ||
## JSON Values | ||
For example if you have these secret values: | ||
$ aws secretsmanager get-secret-value --secret-id demo/dev/k2 | jq '.SecretString' | ||
{\"a\":1,\"b\":2}" | ||
Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/). | ||
.kubes/config/hooks/kubes.rb | ||
```ruby | ||
secrets = KubesAws::Secrets.new(prefix: "rails/dev/") | ||
before("compile", | ||
label: "Get secrets from AWS Secrets Manager", | ||
execute: secrets, | ||
) | ||
``` | ||
|
||
Then set the secrets in the YAML: | ||
|
||
.kubes/resources/shared/secret.yaml | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: demo | ||
labels: | ||
app: demo | ||
data: | ||
<% k2 = JSON.load(KubesAws::Secrets.data["k2"]) %> | ||
a: <%= base64(k2["a"]) %> | ||
b: <%= base64(k2["b"]) %> | ||
``` | ||
Produces: | ||
```yaml | ||
metadata: | ||
namespace: demo-dev | ||
name: demo-a4cd604a95 | ||
labels: | ||
app: demo | ||
apiVersion: v1 | ||
kind: Secret | ||
data: | ||
a: MQ== | ||
b: Mg== | ||
``` | ||
## Variables | ||
These environment variables can be set: | ||
Name | Description | ||
---|--- | ||
AWS_SECRET_PREFIX | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. | ||
|
||
Secrets#initialize options: | ||
|
||
Variable | Description | Default | ||
---|---|--- | ||
base64 | Automatically base64 encode the values. | false | ||
upcase | Automatically upcase the Kubernetes secret data keys. | false | ||
prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil | ||
|
||
{% include helpers/base64.md %} |
Oops, something went wrong.