-
-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
config_map_files and generic_secret_data support
- Loading branch information
Showing
9 changed files
with
252 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
--- | ||
title: AWS Secrets | ||
nav_text: Secrets Data | ||
categories: helpers-aws | ||
--- | ||
|
||
The `aws_secret_data` helper fetches secret data that is one single file from AWS Secrets. | ||
|
||
## Example | ||
|
||
For example if you have these secret values stored as one file with multiple values separated by `=`. | ||
|
||
$ aws secretsmanager get-secret-value --secret-id demo-dev-secret-data | jq '.SecretString' | ||
KEY1=secretvalue1 | ||
KEY2=secretvalue2 | ||
|
||
Kubes can fetch the secret data and base64 encode the values properly. Example: | ||
|
||
.kubes/resources/shared/secret.yaml | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: demo | ||
labels: | ||
app: demo | ||
data: | ||
<%= aws_secret_data("demo-dev-secret-data") %> | ||
``` | ||
|
||
Notice how the text is idented properly by 2 spaces and the values are automatically base64 encoded. | ||
|
||
.kubes/output/shared/secret.yaml | ||
|
||
```yaml | ||
metadata: | ||
namespace: demo | ||
name: demo-2a78a13682 | ||
labels: | ||
app: demo | ||
apiVersion: v1 | ||
kind: Secret | ||
data: | ||
KEY1: c2VjcmV0dmFsdWUx | ||
KEY2: c2VjcmV0dmFsdWUy | ||
``` | ||
## Options | ||
Here's an example of the available options for `aws_secret_data`. | ||
|
||
```ruby | ||
aws_secret_data("demo-#{Kubes.env}-secret-data", base64: true, ident: 2) | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--- | ||
title: Core Built-In Helpers | ||
--- | ||
|
||
Kubes provides some helper methods to help write Kubernetes YAML files. Here's a list of the helper methods. These are available whether you write your resources in YAML or DSL. | ||
|
||
Helper | Description | ||
--- | --- | ||
decode64 | Base64 decode a string. | ||
docker_image | Method refers to the latest Docker image built by Kubes. This spares you from having to update the image manually in the deployment resource. Note, this can be overridden with the `--image` cli option or the `Kubes.config.image` setting. See: [Docker Image]({% link _docs/intro/docker-image.md %}) | ||
dockerfile_port | Exposed port extracted from the Dockerfile of the project. | ||
encode64 | Base64 encode a string. Also available as `base64` method. | ||
extra | The `KUBES_EXTRA` value. | ||
with_extra | Appends the `KUBES_EXTRA` value to a string if it's set. It's covered in the [Extra Env Docs]({% link _docs/extra-env.md %}). | ||
|
||
Here's also the source code with most of the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
--- | ||
title: Config Map Files | ||
nav_text: Config Map Files | ||
--- | ||
|
||
The `config_map_files` helper allows you to add config map data from a list of files. The files support layerying. | ||
|
||
## Example | ||
|
||
Here's how to use it. | ||
|
||
.kubes/resources/shared/config_map.yaml | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: demo | ||
labels: | ||
app: demo | ||
data: | ||
<%= config_map_files %> | ||
``` | ||
|
||
You can conveniently set multiple configmap values in files like so: | ||
|
||
.kubes/resources/shared/config_map/base.txt | ||
|
||
KEY1=cmvalue1 | ||
KEY2=cmvalue2 | ||
|
||
.kubes/resources/shared/config_map/dev.txt | ||
|
||
KEY2=cmvalue2-dev-override | ||
KEY3=cmvalue3 | ||
|
||
The resulting generated ConfigMap will be: | ||
|
||
```yaml | ||
--- | ||
metadata: | ||
namespace: demo-dev | ||
labels: | ||
app: demo | ||
name: demo-928146dd24 | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
data: | ||
KEY1: cmvalue1 | ||
KEY2: cmvalue2-dev-override | ||
KEY3: cmvalue3 | ||
``` | ||
## Layering Details | ||
Layering for Config Map Files and also supports app-scoped layers. | ||
Name | Example | ||
--- | --- | ||
configmap root | .kubes/resources/shared/config_map/{base,dev}.txt | ||
configmap app-scoped | .kubes/resources/shared/config_map/app1/{base,dev}.txt | ||
So if `KUBES_APP=app1`, then the app-scoped layer is also used. This handles the [Central Deployer Pattern]({% link _docs/patterns/central-deployer.md %}). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
--- | ||
title: Google Secrets | ||
nav_text: Secrets Data | ||
categories: helpers-google | ||
--- | ||
|
||
The `google_secret_data` helper fetches secret data that is one single file from Google Secrets. | ||
|
||
## Example | ||
|
||
For example if you have these secret values stored as one file with multiple values separated by `=`. | ||
|
||
$ gcloud secrets versions access latest --secret demo-dev-secret-data | ||
KEY1=secretvalue1 | ||
KEY2=secretvalue2 | ||
|
||
Kubes can fetch the secret data and base64 encode the values properly. Example: | ||
|
||
.kubes/resources/shared/secret.yaml | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: demo | ||
labels: | ||
app: demo | ||
data: | ||
<%= google_secret_data("demo-dev-secret-data") %> | ||
``` | ||
|
||
Notice how the text is idented properly by 2 spaces and the values are automatically base64 encoded. | ||
|
||
.kubes/output/shared/secret.yaml | ||
|
||
```yaml | ||
metadata: | ||
namespace: demo | ||
name: demo-2a78a13682 | ||
labels: | ||
app: demo | ||
apiVersion: v1 | ||
kind: Secret | ||
data: | ||
KEY1: c2VjcmV0dmFsdWUx | ||
KEY2: c2VjcmV0dmFsdWUy | ||
``` | ||
## Options | ||
Here's an example of the available options for `google_secret_data`. | ||
|
||
```ruby | ||
google_secret_data("demo-#{Kubes.env}-secret-data", base64: true, ident: 2) | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
module Kubes::Compiler::Shared::Helpers | ||
module ConfigMapHelper | ||
def config_map_files(options={}) | ||
indent = options[:indent] || 2 | ||
|
||
shared_config_map = "#{Kubes.root}/.kubes/resources/shared/config_map" | ||
layers = [ | ||
[shared_config_map, "base.txt"], | ||
[shared_config_map, "#{Kubes.env}.txt"], | ||
] | ||
if Kubes.app | ||
layers += [ | ||
[shared_config_map, Kubes.app, "base.txt"], | ||
[shared_config_map, Kubes.app, "#{Kubes.env}.txt"], | ||
] | ||
end | ||
layers.map! { |layer| layer.compact.join('/') } | ||
data = {} | ||
layers.each do |path| | ||
next unless File.exist?(path) | ||
lines = IO.readlines(path) | ||
lines.each do |line| | ||
key, value = line.split('=').map(&:strip) | ||
data[key] = value | ||
end | ||
end | ||
|
||
spacing = " " * indent | ||
lines = data.map do |key,value| | ||
"#{spacing}#{key}: #{value}" | ||
end | ||
lines.join("\n") | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters