From c57c96e6e83554126f05a535031a1d2f9e8b92bf Mon Sep 17 00:00:00 2001
From: Tung Nguyen <tongueroo@gmail.com>
Date: Mon, 2 Nov 2020 18:55:59 +0000
Subject: [PATCH] mix layering support, variables, custom helpers, plugin
 helpers

- mix layering support: evaluate DSL so layering can be mixed between YAML and DSL
- custom variables support
- custom helpers support
- plugins helpers support
- generators: new resource, new helper, new variable
- setup autoloader earlier. removes need for shims
- auth login for gcr also
- fix cli -h when not within Kubes project
---
 CHANGELOG.md                                  |  10 ++
 README.md                                     |  52 +++++++
 docs/_docs/dsl/resources/secret.md            |  21 ++-
 docs/_docs/generators.md                      |   8 +-
 docs/_docs/helpers.md                         |  18 ++-
 docs/_docs/helpers/aws/advanced.md            |  10 ++
 docs/_docs/helpers/aws/advanced/secrets.md    | 131 +++++++++++++++++
 docs/_docs/helpers/aws/advanced/ssm.md        |  78 ++++++++++
 docs/_docs/helpers/aws/secrets.md             | 106 +++-----------
 docs/_docs/helpers/aws/ssm.md                 |  58 +++-----
 docs/_docs/helpers/google/advanced.md         |  10 ++
 docs/_docs/helpers/google/advanced/secrets.md |  78 ++++++++++
 docs/_docs/helpers/google/secrets.md          |  45 +++---
 docs/_docs/layering.md                        |   2 +
 docs/_docs/layering/mix.md                    |  99 +++++++++++++
 docs/_docs/patterns/multiple-envs.md          |  55 +++++++
 docs/_docs/variables.md                       |  23 +++
 docs/_docs/variables/advanced.md              |  62 ++++++++
 docs/_docs/variables/basic.md                 | 137 ++++++++++++++++++
 docs/_includes/layering/layers.md             |   6 +-
 docs/_includes/sidebar.html                   |  31 ++++
 docs/_reference/kubes-new-help.md             |  15 ++
 docs/_reference/kubes-new-helper.md           |  25 ++++
 docs/_reference/kubes-new-resource.md         |  56 +++++++
 docs/_reference/kubes-new-variable.md         |  20 +++
 docs/_reference/kubes-new.md                  |  44 +-----
 kubes.gemspec                                 |   4 +-
 lib/kubes.rb                                  |   7 +-
 lib/kubes/auth.rb                             |   5 +-
 lib/kubes/auth/base.rb                        |  21 +++
 lib/kubes/auth/ecr.rb                         |  16 +-
 lib/kubes/auth/gcr.rb                         |  24 +++
 lib/kubes/cli/help/new/helper.md              |   4 +
 .../cli/help/{new.md => new/resource.md}      |   6 +-
 lib/kubes/cli/new.rb                          | 106 ++------------
 lib/kubes/cli/new/helper.rb                   |  24 +++
 lib/kubes/cli/new/resource.rb                 |  97 +++++++++++++
 lib/kubes/cli/new/variable.rb                 |  16 ++
 lib/kubes/command.rb                          |   2 +-
 lib/kubes/compiler/decorator/base.rb          |   2 +-
 lib/kubes/compiler/dsl/core/base.rb           |  15 +-
 lib/kubes/compiler/layering.rb                |  28 +++-
 lib/kubes/compiler/shared/custom_variables.rb |  38 +++++
 lib/kubes/compiler/shared/plugin_helpers.rb   |  14 ++
 lib/kubes/compiler/strategy.rb                |  13 +-
 lib/kubes/compiler/strategy/base.rb           |  61 +++++++-
 lib/kubes/compiler/strategy/dsl.rb            |  29 ----
 lib/kubes/compiler/strategy/erb.rb            |  32 ++--
 lib/kubes/compiler/util/normalize.rb          |   9 +-
 lib/kubes/compiler/util/yaml_dump.rb          |   8 +-
 lib/kubes/plugin.rb                           |  14 ++
 lib/kubes/util/sh.rb                          |   2 +-
 lib/templates/new/helper/file.rb              |   2 +
 .../new/{ => resource}/dsl/backend_config.rb  |   0
 .../new/{ => resource}/dsl/config_map.rb      |   0
 .../new/{ => resource}/dsl/daemon_set.rb      |   0
 .../new/{ => resource}/dsl/deployment.rb      |   0
 .../new/{ => resource}/dsl/ingress.rb         |   0
 lib/templates/new/{ => resource}/dsl/job.rb   |   0
 .../{ => resource}/dsl/managed_certificate.rb |   0
 .../new/{ => resource}/dsl/namespace.rb       |   0
 .../new/{ => resource}/dsl/network_policy.rb  |   0
 lib/templates/new/{ => resource}/dsl/pod.rb   |   0
 lib/templates/new/{ => resource}/dsl/role.rb  |   0
 .../new/{ => resource}/dsl/role_binding.rb    |   0
 .../new/{ => resource}/dsl/secret.rb          |   0
 .../new/{ => resource}/dsl/service.rb         |   0
 .../new/{ => resource}/dsl/service_account.rb |   0
 .../{ => resource}/yaml/backend_config.yaml   |   0
 .../new/{ => resource}/yaml/config_map.yaml   |   0
 .../new/{ => resource}/yaml/daemon_set.yaml   |   0
 .../new/{ => resource}/yaml/deployment.yaml   |   0
 .../new/{ => resource}/yaml/ingress.yaml      |   0
 .../new/{ => resource}/yaml/job.yaml          |   0
 .../yaml/managed_certificate.yaml             |   0
 .../new/{ => resource}/yaml/namespace.yaml    |   0
 .../{ => resource}/yaml/network_policy.yaml   |   0
 .../new/{ => resource}/yaml/pod.yaml          |   0
 .../new/{ => resource}/yaml/role.yaml         |   0
 .../new/{ => resource}/yaml/role_binding.yaml |   0
 .../new/{ => resource}/yaml/secret.yaml       |   0
 .../new/{ => resource}/yaml/service.yaml      |   0
 .../{ => resource}/yaml/service_account.yaml  |   0
 lib/templates/new/variable/file.rb            |   1 +
 .../resources/web}/deployment-1.rb            |   0
 .../resources/web}/deployment-2.rb            |   0
 .../.kubes/resources/{ => web}/deployment.rb  |   0
 .../resources/{foobar.rb => web/empty.rb}     |   0
 .../.kubes/resources/{ => web}/service.rb     |   2 +-
 .../resources/web}/network_policy.rb          |   0
 .../syntax/{ => .kubes/resources/web}/pod.rb  |   0
 spec/kubes/compiler/strategy/dsl_spec.rb      |   4 +-
 spec/kubes/compiler_spec.rb                   |   2 +-
 spec/kubes/dsl/network_policy_spec.rb         |   2 +-
 spec/kubes/dsl/pod_spec.rb                    |   2 +-
 95 files changed, 1400 insertions(+), 412 deletions(-)
 create mode 100644 docs/_docs/helpers/aws/advanced.md
 create mode 100644 docs/_docs/helpers/aws/advanced/secrets.md
 create mode 100644 docs/_docs/helpers/aws/advanced/ssm.md
 create mode 100644 docs/_docs/helpers/google/advanced.md
 create mode 100644 docs/_docs/helpers/google/advanced/secrets.md
 create mode 100644 docs/_docs/layering/mix.md
 create mode 100644 docs/_docs/patterns/multiple-envs.md
 create mode 100644 docs/_docs/variables.md
 create mode 100644 docs/_docs/variables/advanced.md
 create mode 100644 docs/_docs/variables/basic.md
 create mode 100644 docs/_reference/kubes-new-help.md
 create mode 100644 docs/_reference/kubes-new-helper.md
 create mode 100644 docs/_reference/kubes-new-resource.md
 create mode 100644 docs/_reference/kubes-new-variable.md
 create mode 100644 lib/kubes/auth/base.rb
 create mode 100644 lib/kubes/auth/gcr.rb
 create mode 100644 lib/kubes/cli/help/new/helper.md
 rename lib/kubes/cli/help/{new.md => new/resource.md} (85%)
 create mode 100644 lib/kubes/cli/new/helper.rb
 create mode 100644 lib/kubes/cli/new/resource.rb
 create mode 100644 lib/kubes/cli/new/variable.rb
 create mode 100644 lib/kubes/compiler/shared/custom_variables.rb
 create mode 100644 lib/kubes/compiler/shared/plugin_helpers.rb
 create mode 100644 lib/kubes/plugin.rb
 create mode 100644 lib/templates/new/helper/file.rb
 rename lib/templates/new/{ => resource}/dsl/backend_config.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/config_map.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/daemon_set.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/deployment.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/ingress.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/job.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/managed_certificate.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/namespace.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/network_policy.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/pod.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/role.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/role_binding.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/secret.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/service.rb (100%)
 rename lib/templates/new/{ => resource}/dsl/service_account.rb (100%)
 rename lib/templates/new/{ => resource}/yaml/backend_config.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/config_map.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/daemon_set.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/deployment.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/ingress.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/job.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/managed_certificate.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/namespace.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/network_policy.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/pod.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/role.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/role_binding.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/secret.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/service.yaml (100%)
 rename lib/templates/new/{ => resource}/yaml/service_account.yaml (100%)
 create mode 100644 lib/templates/new/variable/file.rb
 rename spec/fixtures/multiple-files/{ => .kubes/resources/web}/deployment-1.rb (100%)
 rename spec/fixtures/multiple-files/{ => .kubes/resources/web}/deployment-2.rb (100%)
 rename spec/fixtures/project/.kubes/resources/{ => web}/deployment.rb (100%)
 rename spec/fixtures/project/.kubes/resources/{foobar.rb => web/empty.rb} (100%)
 rename spec/fixtures/project/.kubes/resources/{ => web}/service.rb (58%)
 rename spec/fixtures/syntax/{ => .kubes/resources/web}/network_policy.rb (100%)
 rename spec/fixtures/syntax/{ => .kubes/resources/web}/pod.rb (100%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3c48930e..dd050c7a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [UNRELEASED]
+- mix layering support: evaluate DSL so layering can be mixed between YAML and DSL
+- custom variables support
+- custom helpers support
+- plugins helpers support
+- generators: new resource, new helper, new variable
+- setup autoloader earlier. removes need for shims
+- auth login for gcr also
+- fix cli -h when not within Kubes project
+
 ## [0.5.1]
 - fix deployment generator
 
diff --git a/README.md b/README.md
index af695ed8..c3e38442 100644
--- a/README.md
+++ b/README.md
@@ -55,10 +55,62 @@ The deploy command, does all 3 steps: builds the docker image, compiles the `.ku
 
     kubes deploy
 
+## Multiple Enviroments
+
+You can easily create multiple environments with the same YAML configs. Example:
+
+    KUBES_ENV=dev  kubes deploy
+    KUBES_ENV=prod kubes deploy
+
+See: [Multiple Enviroments Pattern](https://kubes.guru/docs/patterns/multiple-envs/)
+
+## Generators: Stop Writing Boilerplate
+
+Your time is precious. Why are we copying and pasting boilerplate structure in this day and age?
+
+Kubes provides generators to help you get going right away.
+
+Resources examples:
+
+    $ kubes new resource secret
+          create  .kubes/resources/shared/secret.yaml
+    $ kubes new resource service_account
+          create  .kubes/resources/shared/service_account.yaml
+
+Kubes components examples:
+
+    $ kubes new helper
+          create  .kubes/helpers/custom_helper.rb
+    $ kubes new variable
+          create  .kubes/variables/dev.rb
+    $
+
+## Features
+
+* Automation: [Builds the Docker image](https://kubes.guru/docs/config/docker/) and updates the compiled YAML files
+* Syntactic Sugar: Use an [ERB/YAML](https://kubes.guru/docs/yaml/) or a [DSL](https://kubes.guru/docs/dsl/) to write your Kubernetes YAML files. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
+* Layering: Use the same Kubernetes YAML to build multiple environments like dev and prod with [layering](https://kubes.guru/docs/layering/).
+* Generators: Kubes ships with a few generators to help you get building with Kubernetes quickly. See: [Generator Docs](https://kubes.guru/docs/generators/).
+* CLI Customizations: You can customize the [cli args](https://kubes.guru/docs/config/args/kubectl/).
+* Hooks: You can also run [hooks](https://kubes.guru/docs/config/hooks/) before and after [kubes](https://kubes.guru/docs/config/hooks/kubes/) and [kubectl](https://kubes.guru/docs/config/hooks/kubectl/) commands.
+* Automated Suffix Hashes: Automatically appends a suffix hash to ConfigMap and Secret resources. More details in [ConfigMap](https://kubes.guru/docs/dsl/resources/config_map/) and [Secret](https://kubes.guru/docs/dsl/resources/secret/) docs.
+* Kustomize Support: If you're a kustomization user, you can use it with Kubes. More details in [Kustomize Support Docs](https://kubes.guru/docs/misc/kustomize/).
+* Auto Context Switching: Map dev to a specific kubectl context and prod to another kubectl context and Kubes can switch them automatically so you won't have to remember. More details in [Auto Context Docs](https://kubes.guru/docs/misc/auto-context/).
+* Ordering: Kubes run kubectl apply to create resources in the [correct order](https://kubes.guru/docs/intro/ordering/). For deleting, it kubes will run `kubectl delete` in the correct reverse order. The order is also [customizable](https://kubes.guru/docs/intro/ordering/custom/).
+
 ## Installation
 
 Install with:
 
     gem install kubes
 
+## Comparison
+
+Here are some useful comparisons to help you compare Kubes vs other tools in the ecosystem:
+
+* Blog Post: [Kustomize vs Helm vs Kubes: Kubernetes Deploy Tools](https://blog.boltops.com/2020/11/05/kustomize-vs-helm-vs-kubes-kubernetes-deploy-tools)
+* [Kubes vs Custom Solution](https://kubes.guru/docs/vs/custom/)
+* [Kubes vs Helm](https://kubes.guru/docs/vs/helm/)
+* [Kubes vs Kustomize](https://kubes.guru/docs/vs/kustomize/)
+
 For more info: [kubes.guru](https://kubes.guru)
diff --git a/docs/_docs/dsl/resources/secret.md b/docs/_docs/dsl/resources/secret.md
index de01b404..9a8a4995 100644
--- a/docs/_docs/dsl/resources/secret.md
+++ b/docs/_docs/dsl/resources/secret.md
@@ -19,7 +19,7 @@ data(
 
 Produces:
 
-.kubes/output/shared/service.yaml
+.kubes/output/shared/secret.yaml
 
 ```yaml
 apiVersion: v1
@@ -38,6 +38,23 @@ data:
 
 {% include dsl/rolling_deployment.md kind="Secret" %}
 
+.kubes/resources/web/deployment.yaml:
+
+```yaml
+# ..
+spec:
+  template:
+    spec:
+      containers:
+      - name: demo
+        image: nginx
+        envFrom:
+        - secretRef:
+            name: demo-secret
+```
+
+Produces:
+
 .kubes/output/web/deployment.yaml:
 
 ```yaml
@@ -46,7 +63,7 @@ spec:
   template:
     spec:
       containers:
-      - name: demo-shared
+      - name: demo
         image: nginx
         envFrom:
         - secretRef:
diff --git a/docs/_docs/generators.md b/docs/_docs/generators.md
index 51083c41..548ab4c8 100644
--- a/docs/_docs/generators.md
+++ b/docs/_docs/generators.md
@@ -8,15 +8,15 @@ Kubes ships with a few generators to help you get building with Kubernetes quick
 
 Here are a few examples:
 
-    $ kubes new ingress
+    $ kubes new resource ingress
           create  .kubes/resources/web/ingress.yaml
-    $ kubes new service_account
+    $ kubes new resource service_account
           create  .kubes/resources/shared/service_account.yaml
     $
 
 Use `-h` to see the cli options:
 
-    kubes new -h
+    kubes new resource -h
 
 ## Supported Resources
 
@@ -38,4 +38,4 @@ Here's a list of some of the supported resources.
     service_account
     service
 
-Refer to the [source code](https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/yaml) to all the resources that the generator supports.
+Refer to the [source code](https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/resource/yaml) to all the resources that the generator supports.
diff --git a/docs/_docs/helpers.md b/docs/_docs/helpers.md
index fe0d96a6..232c8c5f 100644
--- a/docs/_docs/helpers.md
+++ b/docs/_docs/helpers.md
@@ -6,10 +6,10 @@ Kubes provides some helper methods to help write Kubernetes YAML files.  Here's
 
 Helper | Description
 --- | ---
-decode64 | Basey64 decode a string.
+decode64 | Base64 decode a string.
 docker_image | Method refers to the latest Docker image built by Kubes. This spares you from having to update the image manually in the deployment resource. Note, this can be overridden with the `--image` cli option or the `Kubes.config.image` setting. See: [Docker Image]({% link _docs/intro/docker-image.md %})
 dockerfile_port	| Exposed port extracted from the Dockerfile of the project.
-encode64 | Basey64 encode a string. Also available as `base64` method.
+encode64 | Base64 encode a string. Also available as `base64` method.
 extra | The `KUBES_EXTRA` value.
 with_extra | Appends the `KUBES_EXTRA` value to a string if it's set. It's covered in the [Extra Env Docs]({% link _docs/extra-env.md %}).
 
@@ -25,3 +25,17 @@ There are also provider-specific helpers:
 
 * [AWS Helpers]({% link _docs/helpers/aws.md %})
 * [Google Helpers]({% link _docs/helpers/google.md %})
+
+## Generator
+
+To help you get started quickly, you can generate starter helper code.
+
+    $ kubes new helper custom
+          create  .kubes/helpers/custom_helper.rb
+
+.kubes/helpers/custom_helper.rb
+
+```ruby
+module CustomHelper
+end
+```
\ No newline at end of file
diff --git a/docs/_docs/helpers/aws/advanced.md b/docs/_docs/helpers/aws/advanced.md
new file mode 100644
index 00000000..ca05972b
--- /dev/null
+++ b/docs/_docs/helpers/aws/advanced.md
@@ -0,0 +1,10 @@
+---
+title: Advanced AWS Helpers
+nav_text: Advanced
+categories: helpers-aws
+---
+
+{% assign docs = site.docs | where: "categories","advanced-helpers-aws" %}
+{% for doc in docs -%}
+  * [{{ doc.nav_text }}]({{ doc.url }})
+{% endfor %}
diff --git a/docs/_docs/helpers/aws/advanced/secrets.md b/docs/_docs/helpers/aws/advanced/secrets.md
new file mode 100644
index 00000000..89ec8a61
--- /dev/null
+++ b/docs/_docs/helpers/aws/advanced/secrets.md
@@ -0,0 +1,131 @@
+---
+title: AWS Secrets Advanced
+nav_text: Secrets
+categories: advanced-helpers-aws
+---
+
+This covers an advanced way so that Kubernetes Secrets are created from AWS Secrets Manager in a conventional way.
+
+## Simple Values
+
+For example if you have these secret values:
+
+    $ aws secretsmanager get-secret-value --secret-id demo/dev/db_user | jq '.SecretString'
+    user
+    $ aws secretsmanager get-secret-value --secret-id demo/dev/db_pass | jq '.SecretString'
+    pass
+
+Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
+
+.kubes/config/hooks/kubes.rb
+
+```ruby
+secrets = KubesAws::Secrets.new(upcase: true, prefix: "demo/dev/")
+before("compile",
+  label: "Get secrets from AWS Secrets Manager",
+  execute: secrets,
+)
+```
+
+Then set the secrets in the YAML:
+
+.kubes/resources/shared/secret.yaml
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: demo
+  labels:
+    app: demo
+data:
+<% KubesAws::Secrets.data.each do |k,v| -%>
+  <%= k %>: <%= base64(v) %>
+<% end -%>
+```
+
+This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data.  The values are automatically base64 encoded. Produces:
+
+.kubes/output/shared/secret.yaml
+
+```yaml
+metadata:
+  namespace: demo
+  name: demo-2a78a13682
+  labels:
+    app: demo
+apiVersion: v1
+kind: Secret
+data:
+  db_pass: dGVzdDEK
+  db_user: dGVzdDIK
+```
+
+## JSON Values
+
+For example if you have these secret values:
+
+    $ aws secretsmanager get-secret-value --secret-id demo/dev/k2 | jq '.SecretString'
+    {\"a\":1,\"b\":2}"
+
+Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
+
+.kubes/config/hooks/kubes.rb
+
+```ruby
+secrets = KubesAws::Secrets.new(prefix: "rails/dev/")
+before("compile",
+  label: "Get secrets from AWS Secrets Manager",
+  execute: secrets,
+)
+```
+
+Then set the secrets in the YAML:
+
+.kubes/resources/shared/secret.yaml
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: demo
+  labels:
+    app: demo
+data:
+<% k2 = JSON.load(KubesAws::Secrets.data["k2"]) %>
+  a: <%= base64(k2["a"]) %>
+  b: <%= base64(k2["b"]) %>
+```
+
+Produces:
+
+```yaml
+metadata:
+  namespace: demo-dev
+  name: demo-a4cd604a95
+  labels:
+    app: demo
+apiVersion: v1
+kind: Secret
+data:
+  a: MQ==
+  b: Mg==
+```
+
+## Variables
+
+These environment variables can be set:
+
+Name | Description
+---|---
+AWS_SECRET_PREFIX | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`.
+
+Secrets#initialize options:
+
+Variable | Description | Default
+---|---|---
+base64 | Automatically base64 encode the values. | false
+upcase | Automatically upcase the Kubernetes secret data keys. | false
+prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
+
+{% include helpers/base64.md %}
diff --git a/docs/_docs/helpers/aws/advanced/ssm.md b/docs/_docs/helpers/aws/advanced/ssm.md
new file mode 100644
index 00000000..80704f86
--- /dev/null
+++ b/docs/_docs/helpers/aws/advanced/ssm.md
@@ -0,0 +1,78 @@
+---
+title: AWS SSM Parameters Advanced
+nav_text: SSM
+categories: advanced-helpers-aws
+---
+
+This covers an advanced way so that Kubernetes Secrets are created from AWS SSM Parameter Store in a conventional way.
+
+For example if you have these secret values:
+
+    $ aws ssm get-parameter --name /demo/development/db_user --with-decryption | jq '.Parameter.Value'
+    user
+    $ aws ssm get-parameter --name /demo/development/db_pass --with-decryption | jq '.Parameter.Value'
+    pass
+
+Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
+
+.kubes/config/hooks/kubes.rb
+
+```ruby
+ssm = KubesAws::SSM.new(upcase: true, prefix: "/demo/development/")
+before("compile",
+  label: "Get secrets from AWS SSM Manager",
+  execute: ssm,
+)
+```
+
+Then set the secrets in the YAML:
+
+.kubes/resources/shared/secret.yaml
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: demo
+  labels:
+    app: demo
+data:
+<% KubesAws::SSM.data.each do |k,v| -%>
+  <%= k %>: <%= base64(v) %>
+<% end -%>
+```
+
+This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data.  The values are automatically base64 encoded. Produces:
+
+.kubes/output/shared/secret.yaml
+
+```yaml
+metadata:
+  namespace: demo
+  name: demo-2a78a13682
+  labels:
+    app: demo
+apiVersion: v1
+kind: Secret
+data:
+  db_pass: dGVzdDEK
+  db_user: dGVzdDIK
+```
+
+## Variables
+
+These environment variables can be set:
+
+Name | Description
+---|---
+AWS_SSM_PREFIX | Prefixed used to list and filter AWS SSM Parameters. IE: `demo/dev/`.
+
+Secrets#initialize options:
+
+Variable | Description | Default
+---|---|---
+base64 | Automatically base64 encode the values. | false
+upcase | Automatically upcase the Kubernetes secret data keys. | false
+prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
+
+{% include helpers/base64.md %}
\ No newline at end of file
diff --git a/docs/_docs/helpers/aws/secrets.md b/docs/_docs/helpers/aws/secrets.md
index ae16009e..3e42232d 100644
--- a/docs/_docs/helpers/aws/secrets.md
+++ b/docs/_docs/helpers/aws/secrets.md
@@ -4,28 +4,9 @@ nav_text: Secrets
 categories: helpers-aws
 ---
 
-## Simple Values
+The `aws_secret` helper fetches secret data from AWS Secrets Manager.
 
-For example if you have these secret values:
-
-    $ aws secretsmanager get-secret-value --secret-id demo/dev/db_user | jq '.SecretString'
-    user
-    $ aws secretsmanager get-secret-value --secret-id demo/dev/db_pass | jq '.SecretString'
-    pass
-
-Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
-
-.kubes/config/hooks/kubes.rb
-
-```ruby
-secrets = KubesAws::Secrets.new(upcase: true, prefix: "demo/dev/")
-before("compile",
-  label: "Get secrets from AWS Secrets Manager",
-  execute: secrets,
-)
-```
-
-Then set the secrets in the YAML:
+## Example
 
 .kubes/resources/shared/secret.yaml
 
@@ -37,12 +18,17 @@ metadata:
   labels:
     app: demo
 data:
-<% KubesAws::Secrets.data.each do |k,v| -%>
-  <%= k %>: <%= base64(v) %>
-<% end -%>
+  PASS: <%= aws_secret("demo-#{Kubes.env}-PASS") %>
+  USER: <%= aws_secret("demo-#{Kubes.env}-USER") %>
 ```
 
-This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data.  The values are automatically base64 encoded. Produces:
+For example if you have these secret values:
+
+    $ aws secretsmanager get-secret-value --secret-id demo-dev-PASS | jq '.SecretString'
+    test1
+    $ aws secretsmanager get-secret-value --secret-id demo-dev-USER | jq '.SecretString'
+    test2
+    $
 
 .kubes/output/shared/secret.yaml
 
@@ -55,75 +41,19 @@ metadata:
 apiVersion: v1
 kind: Secret
 data:
-  db_pass: dGVzdDEK
-  db_user: dGVzdDIK
+  PASS: dGVzdDEK
+  USER: dGVzdDIK
 ```
 
-## JSON Values
+The values are automatically base64 encoded.
 
-For example if you have these secret values:
+## Base64 Option
 
-    $ aws secretsmanager get-secret-value --secret-id demo/dev/k2 | jq '.SecretString'
-    {\"a\":1,\"b\":2}"
-
-Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
-
-.kubes/config/hooks/kubes.rb
+The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
 
 ```ruby
-secrets = KubesAws::Secrets.new(prefix: "rails/dev/")
-before("compile",
-  label: "Get secrets from AWS Secrets Manager",
-  execute: secrets,
-)
+aws_secret("demo-#{Kubes.env}-USER", base64: true)  # default is base64=true
+aws_secret("demo-#{Kubes.env}-PASS", base64: false)
 ```
 
-Then set the secrets in the YAML:
-
-.kubes/resources/shared/secret.yaml
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: demo
-  labels:
-    app: demo
-data:
-<% k2 = JSON.load(KubesAws::Secrets.data["k2"]) %>
-  a: <%= base64(k2["a"]) %>
-  b: <%= base64(k2["b"]) %>
-```
-
-Produces:
-
-```yaml
-metadata:
-  namespace: demo-dev
-  name: demo-a4cd604a95
-  labels:
-    app: demo
-apiVersion: v1
-kind: Secret
-data:
-  a: MQ==
-  b: Mg==
-```
-
-## Variables
-
-These environment variables can be set:
-
-Name | Description
----|---
-AWS_SECRET_PREFIX | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`.
-
-Secrets#initialize options:
-
-Variable | Description | Default
----|---|---
-base64 | Automatically base64 encode the values. | false
-upcase | Automatically upcase the Kubernetes secret data keys. | false
-prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
-
 {% include helpers/base64.md %}
diff --git a/docs/_docs/helpers/aws/ssm.md b/docs/_docs/helpers/aws/ssm.md
index de9677c5..a03a6552 100644
--- a/docs/_docs/helpers/aws/ssm.md
+++ b/docs/_docs/helpers/aws/ssm.md
@@ -4,26 +4,9 @@ nav_text: SSM
 categories: helpers-aws
 ---
 
-For example if you have these secret values:
+The `aws_ssm` helper fetches data from AWS SSM Parameter Store.
 
-    $ aws ssm get-parameter --name /demo/development/db_user --with-decryption | jq '.Parameter.Value'
-    user
-    $ aws ssm get-parameter --name /demo/development/db_pass --with-decryption | jq '.Parameter.Value'
-    pass
-
-Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
-
-.kubes/config/hooks/kubes.rb
-
-```ruby
-ssm = KubesAws::SSM.new(upcase: true, prefix: "/demo/development/")
-before("compile",
-  label: "Get secrets from AWS SSM Manager",
-  execute: ssm,
-)
-```
-
-Then set the secrets in the YAML:
+## Example
 
 .kubes/resources/shared/secret.yaml
 
@@ -35,12 +18,16 @@ metadata:
   labels:
     app: demo
 data:
-<% KubesAws::SSM.data.each do |k,v| -%>
-  <%= k %>: <%= base64(v) %>
-<% end -%>
+  PASS: <%= aws_ssm("/demo/#{Kubes.env}/PASS") %>
+  USER: <%= aws_ssm("/demo/#{Kubes.env}/USER") %>
 ```
 
-This results in AWS secrets with the prefix the `demo/dev/` being added to the Kubernetes secret data.  The values are automatically base64 encoded. Produces:
+For example if you have these ssm parameter values:
+
+    $ aws ssm get-parameter --name /demo/dev/PASS --with-decryption | jq '.Parameter.Value'
+    test1
+    $ aws ssm get-parameter --name /demo/dev/USER --with-decryption | jq '.Parameter.Value'
+    test2
 
 .kubes/output/shared/secret.yaml
 
@@ -53,24 +40,19 @@ metadata:
 apiVersion: v1
 kind: Secret
 data:
-  db_pass: dGVzdDEK
-  db_user: dGVzdDIK
+  PASS: dGVzdDEK
+  USER: dGVzdDIK
 ```
 
-## Variables
-
-These environment variables can be set:
+The values are automatically base64 encoded.
 
-Name | Description
----|---
-AWS_SSM_PREFIX | Prefixed used to list and filter AWS SSM Parameters. IE: `demo/dev/`.
+## Base64 Option
 
-Secrets#initialize options:
+The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
 
-Variable | Description | Default
----|---|---
-base64 | Automatically base64 encode the values. | false
-upcase | Automatically upcase the Kubernetes secret data keys. | false
-prefix | Prefixed used to list and filter AWS secrets. IE: `demo/dev/`. Can also be set with the `AWS_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
+```ruby
+aws_ssm("/demo/#{Kubes.env}/USER", base64: true)  # default is base64=true
+aws_ssm("/demo/#{Kubes.env}/PASS", base64: false)
+```
 
-{% include helpers/base64.md %}
\ No newline at end of file
+{% include helpers/base64.md %}
diff --git a/docs/_docs/helpers/google/advanced.md b/docs/_docs/helpers/google/advanced.md
new file mode 100644
index 00000000..790be995
--- /dev/null
+++ b/docs/_docs/helpers/google/advanced.md
@@ -0,0 +1,10 @@
+---
+title: Advanced Google Helpers
+nav_text: Advanced
+categories: helpers-google
+---
+
+{% assign docs = site.docs | where: "categories","advanced-helpers-google" %}
+{% for doc in docs -%}
+  * [{{ doc.nav_text }}]({{ doc.url }})
+{% endfor %}
diff --git a/docs/_docs/helpers/google/advanced/secrets.md b/docs/_docs/helpers/google/advanced/secrets.md
new file mode 100644
index 00000000..9567fb96
--- /dev/null
+++ b/docs/_docs/helpers/google/advanced/secrets.md
@@ -0,0 +1,78 @@
+---
+title:  Advanced Google Secrets
+nav_text: Secrets
+categories: advanced-helpers-google
+---
+
+This covers an advanced way so that Kubernetes Secrets are created from Google Secrets in a conventional way.
+
+Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
+
+.kubes/config/hooks/kubes.rb
+
+```ruby
+before("compile",
+  execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
+)
+```
+
+Then set the secrets in the YAML:
+
+.kubes/resources/shared/secret.yaml
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: demo
+  labels:
+    app: demo
+data:
+<% KubesGoogle::Secrets.data.each do |k,v| -%>
+  <%= k %>: <%= base64(v) %>
+<% end -%>
+```
+
+This results in Google secrets with the prefix the `demo-dev-` being added to the Kubernetes secret data.  The values are automatically base64 encoded.
+
+For example if you have these secret values:
+
+    $ gcloud secrets versions access latest --secret demo-dev-db_user
+    test1
+    $ gcloud secrets versions access latest --secret demo-dev-db_pass
+    test2
+    $
+
+.kubes/output/shared/secret.yaml
+
+```yaml
+metadata:
+  namespace: demo
+  name: demo-2a78a13682
+  labels:
+    app: demo
+apiVersion: v1
+kind: Secret
+data:
+  db_pass: dGVzdDEK
+  db_user: dGVzdDIK
+```
+
+## Variables
+
+These environment variables can be set:
+
+Name | Description
+---|---
+GCP_SECRET_PREFIX | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`.
+GOOGLE_PROJECT | Google project id.
+
+Secrets#initialize options:
+
+Variable | Description | Default
+---|---|---
+base64 | Automatically base64 encode the values. | false
+upcase | Automatically upcase the Kubernetes secret data keys. | false
+prefix | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`. Can also be set with the `GCP_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
+
+{% include helpers/base64.md %}
\ No newline at end of file
diff --git a/docs/_docs/helpers/google/secrets.md b/docs/_docs/helpers/google/secrets.md
index a2194aa4..1e9e09d2 100644
--- a/docs/_docs/helpers/google/secrets.md
+++ b/docs/_docs/helpers/google/secrets.md
@@ -4,17 +4,9 @@ nav_text: Secrets
 categories: helpers-google
 ---
 
-Set up a [Kubes hook](https://kubes.guru/docs/config/hooks/kubes/).
+The `google_secret` helper fetches secret data from Google Secrets.
 
-.kubes/config/hooks/kubes.rb
-
-```ruby
-before("compile",
-  execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
-)
-```
-
-Then set the secrets in the YAML:
+## Example
 
 .kubes/resources/shared/secret.yaml
 
@@ -26,18 +18,17 @@ metadata:
   labels:
     app: demo
 data:
-<% KubesGoogle::Secrets.data.each do |k,v| -%>
-  <%= k %>: <%= base64(v) %>
-<% end -%>
+  PASS: <%= google_secret("demo-#{Kubes.env}-PASS") %>
+  USER: <%= google_secret("demo-#{Kubes.env}-USER") %>
 ```
 
-This results in Google secrets with the prefix the `demo-dev-` being added to the Kubernetes secret data.  The values are automatically base64 encoded.
+The values are automatically base64 encoded.
 
 For example if you have these secret values:
 
-    $ gcloud secrets versions access latest --secret demo-dev-db_user
+    $ gcloud secrets versions access latest --secret demo-dev-USER
     test1
-    $ gcloud secrets versions access latest --secret demo-dev-db_pass
+    $ gcloud secrets versions access latest --secret demo-dev-PASS
     test2
     $
 
@@ -52,8 +43,8 @@ metadata:
 apiVersion: v1
 kind: Secret
 data:
-  db_pass: dGVzdDEK
-  db_user: dGVzdDIK
+  PASS: dGVzdDEK
+  USER: dGVzdDIK
 ```
 
 ## Variables
@@ -62,15 +53,15 @@ These environment variables can be set:
 
 Name | Description
 ---|---
-GCP_SECRET_PREFIX | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`.
-GOOGLE_PROJECT | Google project id.
+GOOGLE_PROJECT | Google project id. This is required.
 
-Secrets#initialize options:
+## Base64 Option
 
-Variable | Description | Default
----|---|---
-base64 | Automatically base64 encode the values. | false
-upcase | Automatically upcase the Kubernetes secret data keys. | false
-prefix | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`. Can also be set with the `GCP_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
+The value is automatically base64 encoded. You can set the `base64` option to turn on and off the automated base64 encoding.
+
+```ruby
+google_secret("demo-#{Kubes.env}-USER", base64: true)  # default is base64=true
+google_secret("demo-#{Kubes.env}-PASS", base64: false)
+```
 
-{% include helpers/base64.md %}
\ No newline at end of file
+{% include helpers/base64.md %}
diff --git a/docs/_docs/layering.md b/docs/_docs/layering.md
index 87ca325b..5e3a0798 100644
--- a/docs/_docs/layering.md
+++ b/docs/_docs/layering.md
@@ -6,3 +6,5 @@ Kubes supports layering files together so you can use the same Kubernetes files
 
 * [YAML Layering]({% link _docs/layering/yaml.md %})
 * [DSL Layering]({% link _docs/layering/dsl.md %})
+* [Mix Layering]({% link _docs/layering/mix.md %})
+* [Merge Behavior]({% link _docs/layering/merge.md %})
diff --git a/docs/_docs/layering/mix.md b/docs/_docs/layering/mix.md
new file mode 100644
index 00000000..f64409e3
--- /dev/null
+++ b/docs/_docs/layering/mix.md
@@ -0,0 +1,99 @@
+---
+title: Mixed Layering
+---
+
+You can mix and match the YAML and DSL forms together and layering still works.
+
+## Project Structure
+
+Here's an example structure, so we can understand how layering works.
+
+    .kubes/resources/
+    ├── base
+    │   ├── all.yaml
+    │   └── deployment.yaml
+    └── web
+        ├── deployment
+        │   ├── dev.yaml
+        │   └── prod.yaml
+        ├── deployment.rb
+        └── service.yaml
+
+Notice, how deployment.rb is defined as a DSL. The layers will still be merged like so:
+
+    .kubes/resources/base/all.yaml
+    .kubes/resources/base/deployment.yaml
+    .kubes/resources/web/deployment.rb
+    .kubes/resources/web/deployment/dev.rb
+
+## Resources Files
+
+.kubes/resources/base/all.yaml
+
+```yaml
+metadata:
+  namespace: demo-<%= Kubes.env %>
+  labels:
+    app: demo
+```
+
+.kubes/resources/base/deployment.yaml
+
+```yaml
+metadata:
+  labels:
+    app: demo
+spec:
+  selector:
+    matchLabels:
+      app: demo
+  template:
+    metadata:
+      labels:
+        app: demo
+```
+
+.kubes/resources/web/deployment.rb
+
+```ruby
+name "web"
+labels(role: "web")
+image "nginx"
+```
+
+.kubes/resources/web/deployment/dev.yaml
+
+```yaml
+spec:
+  replicas: 2
+```
+
+## Output
+
+The result is the merge layered files.
+
+```yaml
+metadata:
+  namespace: demo-dev
+  labels:
+    app: demo
+    role: web
+  name: web
+spec:
+  selector:
+    matchLabels:
+      app: demo
+      role: web
+  template:
+    metadata:
+      labels:
+        app: demo
+        role: web
+    spec:
+      containers:
+      - image: nginx
+        name: web
+  replicas: 2
+apiVersion: apps/v1
+kind: Deployment
+```
diff --git a/docs/_docs/patterns/multiple-envs.md b/docs/_docs/patterns/multiple-envs.md
new file mode 100644
index 00000000..b4901724
--- /dev/null
+++ b/docs/_docs/patterns/multiple-envs.md
@@ -0,0 +1,55 @@
+---
+title: Multiple Enviroments with Layering
+nav_text: Multiple Enviroments
+categories: patterns
+---
+
+You can use Kubes to easily create multiple enviroments with the same YAML configs.  This is thanks to [Kubes Layering]({% link _docs/layering.md %}). We'll walk through an example to help understand how it works.
+
+## Creating Multiple Enviroments
+
+To create multiple enviroments like dev and prod just change KUBES_ENV. Example:
+
+    KUBES_ENV=dev  kubes deploy
+    KUBES_ENV=prod kubes deploy
+
+Different env files will be layered and merged to produce YAML files specific to each environment.
+
+## Project Structure
+
+Here's an example structure, so we can understand how layering works to create multiple enviroments.
+
+    .kubes/resources/
+    ├── base
+    │   ├── all.yaml
+    │   └── deployment.yaml
+    └── web
+        ├── deployment
+        │   ├── dev.yaml
+        │   └── prod.yaml
+        ├── deployment.yaml
+        └── service.yaml
+
+## Concrete Example
+
+Let's look at a concrete web/deployment.yaml.
+
+Here are the files that get layered when `KUBES_ENV=dev`:
+
+    .kubes/resources/base/all.yaml
+    .kubes/resources/base/deployment.yaml
+    .kubes/resources/web/deployment.yaml
+    .kubes/resources/web/deployment/dev.yaml
+
+And when `KUBES_ENV=prod`:
+
+    .kubes/resources/base/all.yaml
+    .kubes/resources/base/deployment.yaml
+    .kubes/resources/web/deployment.yaml
+    .kubes/resources/web/deployment/prod.yaml
+
+Layering allows us to have common settings that are processed before your main `.kubes/resources/web/deployment.yaml` YAML manifest. And then add **environment** specific YAML files that get merged.
+
+## Variables and Helpers
+
+Additional, you can use variables and helpers to provide environment specific values.
diff --git a/docs/_docs/variables.md b/docs/_docs/variables.md
new file mode 100644
index 00000000..f50f27d0
--- /dev/null
+++ b/docs/_docs/variables.md
@@ -0,0 +1,23 @@
+---
+title: Variables
+---
+
+You can set variables to be made available to the templates. Generally, it is recommended to use Basic layering.
+
+{% assign docs = site.docs | where: "categories","variables" %}
+{% for doc in docs -%}
+* [{{ doc.title }}]({{ doc.url }})
+{% endfor %}
+
+## Generator
+
+To help you get started quickly, you can generate starter variable code.
+
+    $ kubes new variable
+          create  .kubes/variables/dev.rb
+
+.kubes/variables/dev.rb
+
+```ruby
+@example = "dev-value"
+```
diff --git a/docs/_docs/variables/advanced.md b/docs/_docs/variables/advanced.md
new file mode 100644
index 00000000..65dc23c6
--- /dev/null
+++ b/docs/_docs/variables/advanced.md
@@ -0,0 +1,62 @@
+---
+title: Advanced Variables
+nav_text: Advanced
+categories: variables
+---
+
+Basic variables layering should provides enough flexibility and is generally recommended. This page  covers more advanced variables layering.
+
+## Advanced Layering Example
+
+Here's a more complex structure to demonstrate advanced layering.
+
+    .kubes/variables
+    ├── base
+    │   └── deployment.rb
+    ├── base.rb
+    ├── dev.rb
+    ├── prod.rb
+    └── web
+        ├── deployment
+        │   ├── dev.rb
+        │   └── prod.rb
+        └── deployment.rb
+
+## Concrete Example
+
+Let's look at a concrete web/deployment.yaml.
+
+Here are the files that get layered when `KUBES_ENV=dev`:
+
+    .kubes/variables/base.rb
+    .kubes/variables/dev.rb
+    .kubes/variables/base/deployment.rb
+    .kubes/variables/web/deployment.rb
+    .kubes/variables/web/deployment/dev.rb
+
+And when `KUBES_ENV=prod`:
+
+    .kubes/variables/base.rb
+    .kubes/variables/prod.rb
+    .kubes/variables/base/deployment.rb
+    .kubes/variables/web/deployment.rb
+    .kubes/variables/web/deployment/prod.rb
+
+With advanced layering you can target a specific role and kind. So variables are only scoped to the resources you want.
+
+## Full Layering Table
+
+Here's a table showing the the full layering.
+
+Folder/Pattern    | Example
+------------------|--------------------------------------------
+base.rb           | base.rb
+ENV.rb            | dev.rb
+base/all.rb       | base/all.rb
+base/all/ENV.rb   | base/all/dev.rb
+base/KIND.rb      | base/deployment.rb
+base/KIND/base.rb | base/deployment/base.rb
+base/KIND/ENV.rb  | base/deployment/dev.rb
+ROLE/KIND.rb      | web/deployment.rb
+ROLE/KIND/base.rb | web/deployment/base.rb
+ROLE/KIND/ENV.rb  | web/deployment/dev.rb
diff --git a/docs/_docs/variables/basic.md b/docs/_docs/variables/basic.md
new file mode 100644
index 00000000..5dc8fed6
--- /dev/null
+++ b/docs/_docs/variables/basic.md
@@ -0,0 +1,137 @@
+---
+title: Basic Variables
+nav_text: Basic
+categories: variables
+---
+
+## Basic Layering Example
+
+Here's an example variables directory structure:
+
+    .kubes/variables
+    ├── base.rb
+    ├── dev.rb
+    └── prod.rb
+
+base.rb
+
+```ruby
+@endpoint = "base-endpoint" # overriden by ENV specific variable files.
+```
+
+dev.rb
+
+```ruby
+@endpoint = "dev-endpoint"
+```
+
+prod.rb
+
+```ruby
+@endpoint = "prod-endpoint"
+```
+
+The `@endpoint` value will be overriden by the ENV specific variable files.
+
+## Deployment YAML
+
+Here's an example deployment.yaml
+
+.kubes/resources/web/deployment.yaml
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web
+  labels:
+    role: web
+spec:
+  replicas: 1  # overridden on a env basis
+  selector:
+    matchLabels:
+      role: web
+  template:
+    metadata:
+      labels:
+        role: web
+    spec:
+      containers:
+      - name: web
+        image: <%= docker_image %>
+        env:
+        - name: endpoint
+          value: <%= @endpoint %>
+```
+
+## Deploy
+
+When you deploy you can use `KUBES_ENV` to and the ENV specific variables will be used:
+
+    KUBES_ENV=dev  kubes deploy
+
+Results in:
+
+```yaml
+metadata:
+  namespace: demo-dev
+  labels:
+    app: demo
+    role: web
+  name: web
+spec:
+  selector:
+    matchLabels:
+      app: demo
+      role: web
+  template:
+    metadata:
+      labels:
+        app: demo
+        role: web
+    spec:
+      containers:
+      - name: web
+        image: gcr.io/GOOGLE_PROJECT/demo:kubes-2020-11-07T22-29-02
+        env:
+        - name: endpoint
+          value: dev-endpoint
+  replicas: 1
+apiVersion: apps/v1
+kind: Deployment
+```
+
+When using `KUBES_ENV=prod` the endpoint will use the `variables/prod.rb` values.
+
+    KUBES_ENV=prod kubes deploy
+
+Results in:
+
+```yaml
+metadata:
+  namespace: demo-prod
+  labels:
+    app: demo
+    role: web
+  name: web
+spec:
+  selector:
+    matchLabels:
+      app: demo
+      role: web
+  template:
+    metadata:
+      labels:
+        app: demo
+        role: web
+    spec:
+      containers:
+      - name: web
+        image: gcr.io/GOOGLE_PROJECT/demo:kubes-2020-11-07T22-29-02
+        env:
+        - name: endpoint
+          value: prod-endpoint
+  replicas: 1
+apiVersion: apps/v1
+kind: Deployment
+```
diff --git a/docs/_includes/layering/layers.md b/docs/_includes/layering/layers.md
index fd567d17..a4835ae4 100644
--- a/docs/_includes/layering/layers.md
+++ b/docs/_includes/layering/layers.md
@@ -1,6 +1,6 @@
 Kubes Layering in it's full form allows you to keep your resource definitions DRY and create different environments with the same code.
 
-## Structure
+## Project Structure
 
 Here's an example structure, so we can understand how layering works.
 
@@ -25,9 +25,7 @@ To explain the layering, here's the general processing order that Kubes takes.
 2. Then Kubes will process your `.kubes/resources/ROLE` definitions.
 3. Lastly, Kubes processes any post-layers in the `.kubes/resources/ROLE/KIND` folders.
 
-Note, both YAML and DSL forms support layering.
-
-Layering only combines resources definitions with the same form. For example, the DSL form `base/all.rb` will not be combined with YAML form `web/deployment.yaml`.
+Note, both YAML and DSL forms support layering. They can be mixed together.
 
 ## Full Layering
 
diff --git a/docs/_includes/sidebar.html b/docs/_includes/sidebar.html
index cced7bbd..f0e84906 100644
--- a/docs/_includes/sidebar.html
+++ b/docs/_includes/sidebar.html
@@ -91,6 +91,7 @@ <h2><a href="{% link docs.md %}">Docs</a></h2>
         <ul>
           <li><a href="{% link _docs/layering/yaml.md %}">YAML</a></li>
           <li><a href="{% link _docs/layering/dsl.md %}">DSL</a></li>
+          <li><a href="{% link _docs/layering/mix.md %}">Mix</a></li>
           <li><a href="{% link _docs/layering/merge.md %}">Merge Behavior</a></li>
         </ul>
       </li>
@@ -107,6 +108,14 @@ <h2><a href="{% link docs.md %}">Docs</a></h2>
           <li><a href="{% link _docs/dsl/multiple-resources.md %}">Multiple Resources</a>
         </ul>
       </li>
+      <li><a href="{% link _docs/variables.md %}">Variables</a>
+        <ul>
+          {% assign docs = site.docs | where: "categories","variables" %}
+          {% for doc in docs -%}
+            <li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
+          {% endfor %}
+        </ul>
+      </li>
       <li><a href="{% link _docs/helpers.md %}">Helpers</a>
         <ul>
           <li><a href="{% link _docs/helpers/custom.md %}">Custom</a></li>
@@ -114,7 +123,18 @@ <h2><a href="{% link docs.md %}">Docs</a></h2>
             <ul>
               {% assign docs = site.docs | where: "categories","helpers-aws" %}
               {% for doc in docs -%}
+                {% if doc.nav_text == "Advanced" %}
+                <li><a href='{{ doc.url }}'>{{ doc.nav_text }}</a>
+                  <ul>
+                    {% assign docs = site.docs | where: "categories","advanced-helpers-aws" %}
+                    {% for doc in docs -%}
+                    <li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
+                    {% endfor %}
+                  </ul>
+                </li>
+                {% else %}
                 <li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
+                {% endif %}
               {% endfor %}
             </ul>
           </li>
@@ -122,7 +142,18 @@ <h2><a href="{% link docs.md %}">Docs</a></h2>
             <ul>
               {% assign docs = site.docs | where: "categories","helpers-google" %}
               {% for doc in docs -%}
+                {% if doc.nav_text == "Advanced" %}
+                <li><a href='{{ doc.url }}'>{{ doc.nav_text }}</a>
+                  <ul>
+                    {% assign docs = site.docs | where: "categories","advanced-helpers-google" %}
+                    {% for doc in docs -%}
+                    <li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
+                    {% endfor %}
+                  </ul>
+                </li>
+                {% else %}
                 <li><a href="{{ doc.url }}">{{ doc.nav_text }}</a></li>
+                {% endif %}
               {% endfor %}
             </ul>
           </li>
diff --git a/docs/_reference/kubes-new-help.md b/docs/_reference/kubes-new-help.md
new file mode 100644
index 00000000..f562c4b8
--- /dev/null
+++ b/docs/_reference/kubes-new-help.md
@@ -0,0 +1,15 @@
+---
+title: kubes new help
+reference: true
+---
+
+## Usage
+
+    kubes new help [COMMAND]
+
+## Description
+
+Describe subcommands or one specific subcommand
+
+
+
diff --git a/docs/_reference/kubes-new-helper.md b/docs/_reference/kubes-new-helper.md
new file mode 100644
index 00000000..68bb559d
--- /dev/null
+++ b/docs/_reference/kubes-new-helper.md
@@ -0,0 +1,25 @@
+---
+title: kubes new helper
+reference: true
+---
+
+## Usage
+
+    kubes new helper
+
+## Description
+
+Generates kubes helper file.
+
+## Examples
+
+    $ kubes new helper custom
+          create  .kubes/helpers/custom_helper.rb
+
+
+## Options
+
+```
+y, [--force]  # Bypass overwrite are you sure prompt for existing files
+```
+
diff --git a/docs/_reference/kubes-new-resource.md b/docs/_reference/kubes-new-resource.md
new file mode 100644
index 00000000..7d113597
--- /dev/null
+++ b/docs/_reference/kubes-new-resource.md
@@ -0,0 +1,56 @@
+---
+title: kubes new resource
+reference: true
+---
+
+## Usage
+
+    kubes new resource
+
+## Description
+
+Generates Kubes Kubernetes resource definition.
+
+## Examples
+
+    $ kubes new resource ingress
+          create  .kubes/resources/web/ingress.yaml
+    $ kubes new resource service_account
+          create  .kubes/resources/shared/service_account.yaml
+    $
+
+## Supported Resources
+
+Here's a list of some of the supported resources.
+
+    backend_config
+    config_map
+    daemon_set
+    deployment
+    ingress
+    job
+    managed_certificate
+    namespace
+    network_policy
+    pod
+    role_binding
+    role
+    secret
+    service_account
+    service
+
+Refer to the source code to all the resources that the generator supports:
+https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/resource/yaml
+
+
+## Options
+
+```
+a, [--app=APP]    # App name
+                  # Default: demo
+y, [--force]      # Bypass overwrite are you sure prompt for existing files
+r, [--role=ROLE]  # Role. IE: web, clock, worker, migrate, etc. Defaults to convention: web or shared when not set
+t, [--type=TYPE]  # Type: dsl or yaml
+                  # Default: yaml
+```
+
diff --git a/docs/_reference/kubes-new-variable.md b/docs/_reference/kubes-new-variable.md
new file mode 100644
index 00000000..ab9a4cb7
--- /dev/null
+++ b/docs/_reference/kubes-new-variable.md
@@ -0,0 +1,20 @@
+---
+title: kubes new variable
+reference: true
+---
+
+## Usage
+
+    kubes new variable
+
+## Description
+
+Generates kubes variable file.
+
+
+## Options
+
+```
+y, [--force]  # Bypass overwrite are you sure prompt for existing files
+```
+
diff --git a/docs/_reference/kubes-new.md b/docs/_reference/kubes-new.md
index 2862ead8..6761931b 100644
--- a/docs/_reference/kubes-new.md
+++ b/docs/_reference/kubes-new.md
@@ -11,48 +11,16 @@ reference: true
 
 Generates new resource.
 
-## Examples
-
-    $ kubes new ingress
-          create  .kubes/resources/web/ingress.yaml
-    $ kubes new service_account
-          create  .kubes/resources/shared/service_account.yaml
-    $
-
-## Supported Resources
-
-Here's a list of some of the supported resources.
-
-    backend_config
-    config_map
-    daemon_set
-    deployment
-    ingress
-    job
-    managed_certificate
-    namespace
-    network_policy
-    pod
-    role_binding
-    role
-    secret
-    service_account
-    service
-
-Refer to the source code to all the resources that the generator supports:
-https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/yaml
+## Subcommands
 
+* [kubes new helper]({% link _reference/kubes-new-helper.md %}) - Generates kubes helper file.
+* [kubes new resource]({% link _reference/kubes-new-resource.md %}) - Generates Kubes Kubernetes resource definition.
+* [kubes new variable]({% link _reference/kubes-new-variable.md %}) - Generates kubes variable file.
 
 ## Options
 
 ```
-a, [--app=APP]                   # App name
-                                 # Default: demo
-y, [--force]                     # Bypass overwrite are you sure prompt for existing files
-r, [--role=ROLE]                 # Role. IE: web, clock, worker, migrate, etc. Defaults to convention: web or shared when not set
-t, [--type=TYPE]                 # Type: dsl or yaml
-                                 # Default: yaml
-    [--verbose], [--no-verbose]  
-    [--noop], [--no-noop]        
+[--verbose], [--no-verbose]  
+[--noop], [--no-noop]        
 ```
 
diff --git a/kubes.gemspec b/kubes.gemspec
index 71e4969e..e58250dc 100644
--- a/kubes.gemspec
+++ b/kubes.gemspec
@@ -29,8 +29,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency "zeitwerk"
 
   # core helper libs
-  spec.add_dependency "kubes_aws"
-  spec.add_dependency "kubes_google"
+  spec.add_dependency "kubes_aws" # , "~> 0.2.0"
+  spec.add_dependency "kubes_google" # , "~> 0.2.0"
 
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "byebug"
diff --git a/lib/kubes.rb b/lib/kubes.rb
index 3c697db2..7bbb2ff4 100644
--- a/lib/kubes.rb
+++ b/lib/kubes.rb
@@ -1,6 +1,10 @@
 $stdout.sync = true unless ENV["KUBES_STDOUT_SYNC"] == "0"
 
 $:.unshift(File.expand_path("../", __FILE__))
+
+require "kubes/autoloader"
+Kubes::Autoloader.setup
+
 require "active_support/core_ext/class"
 require "active_support/core_ext/hash"
 require "active_support/core_ext/string"
@@ -20,9 +24,6 @@
 
 DslEvaluator.backtrace_reject = "lib/kubes"
 
-require "kubes/autoloader"
-Kubes::Autoloader.setup
-
 module Kubes
   class Error < StandardError; end
   class MissingDockerImage < Error; end
diff --git a/lib/kubes/auth.rb b/lib/kubes/auth.rb
index 04c3aa97..b660493f 100644
--- a/lib/kubes/auth.rb
+++ b/lib/kubes/auth.rb
@@ -10,11 +10,14 @@ def run
       klass.new(@image).run
     end
 
-    # Currently only support ECR
+    # Currently only support ECR and GCR
+    # TODO: consider moving this to plugin gems
     def strategy_class
       case @image
       when /\.amazonaws\.com/ # IE: 112233445566.dkr.ecr.us-west-2.amazonaws.com/demo/sinatra
         Ecr
+      when /gcr\.io/
+        Gcr
       end
     end
   end
diff --git a/lib/kubes/auth/base.rb b/lib/kubes/auth/base.rb
new file mode 100644
index 00000000..3f8ad7ec
--- /dev/null
+++ b/lib/kubes/auth/base.rb
@@ -0,0 +1,21 @@
+require "json"
+
+class Kubes::Auth
+  class Base
+    include Kubes::Logging
+
+    def initialize(image)
+      @image = image
+      @repo_domain = "#{image.split('/').first}"
+    end
+
+    def ensure_dotdocker_exists
+      dirname = File.dirname(docker_config)
+      FileUtils.mkdir_p(dirname) unless File.exist?(dirname)
+    end
+
+    def docker_config
+      "#{ENV['HOME']}/.docker/config.json"
+    end
+  end
+end
diff --git a/lib/kubes/auth/ecr.rb b/lib/kubes/auth/ecr.rb
index 9c0dc1c5..c2e4ee83 100644
--- a/lib/kubes/auth/ecr.rb
+++ b/lib/kubes/auth/ecr.rb
@@ -14,14 +14,9 @@
 # If that format changes, the update will need to be updated.
 #
 class Kubes::Auth
-  class Ecr
+  class Ecr < Base
     include Kubes::AwsServices
 
-    def initialize(image)
-      @image = image
-      @repo_domain = "#{image.split('/').first}"
-    end
-
     def run
       auth_token = fetch_auth_token
       if File.exist?(docker_config)
@@ -42,14 +37,5 @@ def run
     def fetch_auth_token
       ecr.get_authorization_token.authorization_data.first.authorization_token
     end
-
-    def docker_config
-      "#{ENV['HOME']}/.docker/config.json"
-    end
-
-    def ensure_dotdocker_exists
-      dirname = File.dirname(docker_config)
-      FileUtils.mkdir_p(dirname) unless File.exist?(dirname)
-    end
   end
 end
diff --git a/lib/kubes/auth/gcr.rb b/lib/kubes/auth/gcr.rb
new file mode 100644
index 00000000..71aac99c
--- /dev/null
+++ b/lib/kubes/auth/gcr.rb
@@ -0,0 +1,24 @@
+class Kubes::Auth
+  class Gcr < Base
+    def run
+      authorize! unless authorized?
+    end
+
+    def authorize!
+      command = "gcloud auth configure-docker"
+      logger.debug "Authorizing GCR with: #{command}"
+      success = system(command)
+      unless success
+        logger.error "ERROR: running #{command}".color(:red)
+        exit $?.exitstatus if exit_on_fail
+      end
+      success
+    end
+
+    def authorized?
+      return false unless File.exist?(docker_config)
+      data = JSON.load(IO.read(docker_config))
+      !!data.dig('credHelpers', 'gcr.io')
+    end
+  end
+end
diff --git a/lib/kubes/cli/help/new/helper.md b/lib/kubes/cli/help/new/helper.md
new file mode 100644
index 00000000..0186adae
--- /dev/null
+++ b/lib/kubes/cli/help/new/helper.md
@@ -0,0 +1,4 @@
+## Examples
+
+    $ kubes new helper custom
+          create  .kubes/helpers/custom_helper.rb
diff --git a/lib/kubes/cli/help/new.md b/lib/kubes/cli/help/new/resource.md
similarity index 85%
rename from lib/kubes/cli/help/new.md
rename to lib/kubes/cli/help/new/resource.md
index af021112..5c3746ba 100644
--- a/lib/kubes/cli/help/new.md
+++ b/lib/kubes/cli/help/new/resource.md
@@ -1,8 +1,8 @@
 ## Examples
 
-    $ kubes new ingress
+    $ kubes new resource ingress
           create  .kubes/resources/web/ingress.yaml
-    $ kubes new service_account
+    $ kubes new resource service_account
           create  .kubes/resources/shared/service_account.yaml
     $
 
@@ -27,4 +27,4 @@ Here's a list of some of the supported resources.
     service
 
 Refer to the source code to all the resources that the generator supports:
-https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/yaml
+https://github.com/boltops-tools/kubes/blob/master/lib/templates/new/resource/yaml
diff --git a/lib/kubes/cli/new.rb b/lib/kubes/cli/new.rb
index 9f68b923..1f1484e9 100644
--- a/lib/kubes/cli/new.rb
+++ b/lib/kubes/cli/new.rb
@@ -1,97 +1,15 @@
 class Kubes::CLI
-  class New < Sequence
-    argument :kind
-
-    def self.options
-      [
-        [:app, aliases: ["a"], default: "demo", desc: "App name"],
-        [:force, aliases: ["y"], type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files"],
-        [:role, aliases: ["r"], desc: "Role. IE: web, clock, worker, migrate, etc. Defaults to convention: web or shared when not set"],
-        [:type, aliases: ["t"], default: "yaml", desc: "Type: dsl or yaml"],
-      ]
-    end
-    options.each { |args| class_option(*args) }
-
-  private
-    def app
-      options[:app]
-    end
-
-    def role
-      role = options[:role]
-      return role if role
-      shared = %w[
-        config_map
-        namespace
-        network_policy
-        persistent_volume
-        persistent_volume_claim
-        secret
-        service_account
-      ]
-      if shared.include?(full_kind)
-        "shared"
-      elsif full_kind == "job"
-        "migrate"
-      else
-        "web"
-      end
-    end
-
-    def full_kind
-      # shorthands
-      map = {
-        cj:     "cron_job",
-        cm:     "config_map",
-        crd:    "custom_resource_definition",
-        crds:   "custom_resource_definition",
-        cs:     "component_statuses",
-        csr:    "certificate_signing_request",
-        deploy: "deployment",
-        ds:     "daemonset",
-        ep:     "endpoints",
-        ev:     "event",
-        hpa:    "horizontal_pod_autoscaler",
-        ing:    "ingress",
-        limits: "limit_range",
-        netpol: "network_policy",
-        no:     "node",
-        ns:     "namespace",
-        pc:     "priority_class",
-        pdb:    "pod_disruption_budget",
-        po:     "pod",
-        psp:    "pods_ecurity_policy",
-        pv:     "persistent_volume",
-        pvc:    "persistent_volume_claim",
-        quota:  "resource_quota",
-        rc:     "replication_controller",
-        rs:     "replica_set",
-        sa:     "service_account",
-        sc:     "storage_classes",
-        sgp:    "security_group_policy",
-        sts:    "stateful_set",
-        svc:    "service",
-      }.stringify_keys!
-      map[kind] || kind
-    end
-
-    def file
-      ext = options[:type] == "yaml" ? "yaml" : "rb"
-      "#{full_kind}.#{ext}"
-    end
-
-  public
-    def set_template_source
-      path = File.expand_path("../../templates/new/#{options[:type]}/#{file}", __dir__)
-      unless File.exist?(path)
-        logger.info "ERROR: Generator for #{file} not supported".color(:red)
-        exit 1
-      end
-      set_source("new/#{options[:type]}")
-    end
-
-    def create_resource
-      template file, ".kubes/resources/#{role}/#{file}"
-    end
+  class New < Kubes::Command
+    long_desc Help.text("new/resource")
+    Resource.options.each { |args| option(*args) }
+    register(Resource, "resource", "resource", "Generates Kubes Kubernetes resource definition.")
+
+    long_desc Help.text("new/helper")
+    Helper.options.each { |args| option(*args) }
+    register(Helper, "helper", "helper", "Generates kubes helper file.")
+
+    long_desc Help.text("new/variable")
+    Variable.options.each { |args| option(*args) }
+    register(Variable, "variable", "variable", "Generates kubes variable file.")
   end
 end
diff --git a/lib/kubes/cli/new/helper.rb b/lib/kubes/cli/new/helper.rb
new file mode 100644
index 00000000..e2e24548
--- /dev/null
+++ b/lib/kubes/cli/new/helper.rb
@@ -0,0 +1,24 @@
+class Kubes::CLI::New
+  class Helper < Kubes::CLI::Sequence
+    argument :name, default: "custom"
+
+    def self.options
+      [
+        [:force, aliases: ["y"], type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files"],
+      ]
+    end
+    options.each { |args| class_option(*args) }
+
+  private
+    def underscored_name
+      name.include?("_helper") ? name : "#{name}_helper"
+    end
+
+  public
+    def create_helper
+      set_source("new/helper")
+      file = "#{underscored_name}.rb"
+      template "file.rb", ".kubes/helpers/#{file}"
+    end
+  end
+end
diff --git a/lib/kubes/cli/new/resource.rb b/lib/kubes/cli/new/resource.rb
new file mode 100644
index 00000000..ce704187
--- /dev/null
+++ b/lib/kubes/cli/new/resource.rb
@@ -0,0 +1,97 @@
+class Kubes::CLI::New
+  class Resource < Kubes::CLI::Sequence
+    argument :kind
+
+    def self.options
+      [
+        [:app, aliases: ["a"], default: "demo", desc: "App name"],
+        [:force, aliases: ["y"], type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files"],
+        [:role, aliases: ["r"], desc: "Role. IE: web, clock, worker, migrate, etc. Defaults to convention: web or shared when not set"],
+        [:type, aliases: ["t"], default: "yaml", desc: "Type: dsl or yaml"],
+      ]
+    end
+    options.each { |args| class_option(*args) }
+
+  private
+    def app
+      options[:app]
+    end
+
+    def role
+      role = options[:role]
+      return role if role
+      shared = %w[
+        config_map
+        namespace
+        network_policy
+        persistent_volume
+        persistent_volume_claim
+        secret
+        service_account
+      ]
+      if shared.include?(full_kind)
+        "shared"
+      elsif full_kind == "job"
+        "migrate"
+      else
+        "web"
+      end
+    end
+
+    def full_kind
+      # shorthands
+      map = {
+        cj:     "cron_job",
+        cm:     "config_map",
+        crd:    "custom_resource_definition",
+        crds:   "custom_resource_definition",
+        cs:     "component_statuses",
+        csr:    "certificate_signing_request",
+        deploy: "deployment",
+        ds:     "daemonset",
+        ep:     "endpoints",
+        ev:     "event",
+        hpa:    "horizontal_pod_autoscaler",
+        ing:    "ingress",
+        limits: "limit_range",
+        netpol: "network_policy",
+        no:     "node",
+        ns:     "namespace",
+        pc:     "priority_class",
+        pdb:    "pod_disruption_budget",
+        po:     "pod",
+        psp:    "pods_ecurity_policy",
+        pv:     "persistent_volume",
+        pvc:    "persistent_volume_claim",
+        quota:  "resource_quota",
+        rc:     "replication_controller",
+        rs:     "replica_set",
+        sa:     "service_account",
+        sc:     "storage_classes",
+        sgp:    "security_group_policy",
+        sts:    "stateful_set",
+        svc:    "service",
+      }.stringify_keys!
+      map[kind] || kind
+    end
+
+    def file
+      ext = options[:type] == "yaml" ? "yaml" : "rb"
+      "#{full_kind}.#{ext}"
+    end
+
+  public
+    def set_template_source
+      path = File.expand_path("../../../templates/new/resource/#{options[:type]}/#{file}", __dir__)
+      unless File.exist?(path)
+        logger.info "ERROR: Generator for #{file} not supported".color(:red)
+        exit 1
+      end
+      set_source("new/resource/#{options[:type]}")
+    end
+
+    def create_resource
+      template file, ".kubes/resources/#{role}/#{file}"
+    end
+  end
+end
diff --git a/lib/kubes/cli/new/variable.rb b/lib/kubes/cli/new/variable.rb
new file mode 100644
index 00000000..0045768f
--- /dev/null
+++ b/lib/kubes/cli/new/variable.rb
@@ -0,0 +1,16 @@
+class Kubes::CLI::New
+  class Variable < Kubes::CLI::Sequence
+    def self.options
+      [
+        [:force, aliases: ["y"], type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files"],
+      ]
+    end
+    options.each { |args| class_option(*args) }
+
+    def create_helper
+      set_source("new/variable")
+      file = "#{Kubes.env}.rb"
+      template "file.rb", ".kubes/variables/#{file}"
+    end
+  end
+end
diff --git a/lib/kubes/command.rb b/lib/kubes/command.rb
index 1aa342bd..d0864af0 100644
--- a/lib/kubes/command.rb
+++ b/lib/kubes/command.rb
@@ -57,7 +57,7 @@ def dispatch(m, args, options, config)
       end
 
       def check_project!(command_name)
-        return if %w[init new].include?(command_name)
+        return if %w[-h help init new].include?(command_name)
         Kubes.check_project!
       end
 
diff --git a/lib/kubes/compiler/decorator/base.rb b/lib/kubes/compiler/decorator/base.rb
index bcc1e880..f8d8d118 100644
--- a/lib/kubes/compiler/decorator/base.rb
+++ b/lib/kubes/compiler/decorator/base.rb
@@ -11,7 +11,7 @@ def run
     end
 
     def result
-      if @data.is_a?(Kubes::Compiler::Dsl::Core::Blocks)
+      if @data.key?(Kubes::Compiler::Dsl::Core::Blocks)
         @data.results.each { |k,v| process(v) } # returns nil
       else
         process # processes and returns @data
diff --git a/lib/kubes/compiler/dsl/core/base.rb b/lib/kubes/compiler/dsl/core/base.rb
index 77503bce..957b6cb6 100644
--- a/lib/kubes/compiler/dsl/core/base.rb
+++ b/lib/kubes/compiler/dsl/core/base.rb
@@ -3,25 +3,22 @@ class Base
     extend Fields
     include DslEvaluator
     include Helpers
-    include Kubes::Compiler::Layering
+    include Kubes::Compiler::Shared::CustomHelpers
+    include Kubes::Compiler::Shared::CustomVariables
+    include Kubes::Compiler::Shared::PluginHelpers
 
     def initialize(options={})
       @options = options
       @name = options[:name]
       @path = options[:path]
+      load_plugin_helpers
+      load_custom_variables
+      load_custom_helpers
     end
 
     def run
-      evaluate_files(pre_layers)
       evaluate_file(@path) # main resource definition
-      evaluate_files(post_layers)
       result if respond_to?(:result) # block form doesnt have result
     end
-
-    def evaluate_files(paths)
-      paths.each do |path|
-        evaluate_file(path)
-      end
-    end
   end
 end
diff --git a/lib/kubes/compiler/layering.rb b/lib/kubes/compiler/layering.rb
index f1516fea..01f87746 100644
--- a/lib/kubes/compiler/layering.rb
+++ b/lib/kubes/compiler/layering.rb
@@ -11,14 +11,26 @@ def pre_layers
         all = all.pluralize
       end
       layers = [
-        "#{all}#{ext}",
-        "#{all}/#{Kubes.env}#{ext}",
-        "#{kind}#{ext}",
-        "#{kind}/#{Kubes.env}#{ext}",
+        "#{all}",
+        "#{all}/#{Kubes.env}",
+        "#{kind}",
+        "#{kind}/#{Kubes.env}",
       ]
-      layers.map do |layer|
+      layers = add_exts(layers)
+      layers.map! do |layer|
         "#{Kubes.root}/.kubes/resources/base/#{layer}"
       end
+      layers.select { |layer| File.exist?(layer) }
+    end
+
+    def add_exts(layers)
+      layers.map do |layer|
+        [
+          "#{layer}.rb",
+          "#{layer}.yaml",
+          "#{layer}.yml",
+        ]
+      end.flatten
     end
 
     def post_layers
@@ -31,9 +43,11 @@ def post_layers
         "base",
         Kubes.env.to_s
       ]
-      layers.map do |layer|
-        "#{kind_path}/#{layer}#{ext}"
+      layers = add_exts(layers)
+      layers.map! do |layer|
+        "#{kind_path}/#{layer}"
       end
+      layers.select { |layer| File.exist?(layer) }
     end
   end
 end
diff --git a/lib/kubes/compiler/shared/custom_variables.rb b/lib/kubes/compiler/shared/custom_variables.rb
new file mode 100644
index 00000000..6a76226f
--- /dev/null
+++ b/lib/kubes/compiler/shared/custom_variables.rb
@@ -0,0 +1,38 @@
+module Kubes::Compiler::Shared
+  module CustomVariables
+    include DslEvaluator
+
+    # Load custom variables from project
+    @@custom_variables_loaded = false
+    def load_custom_variables
+      return if Kubes.kustomize?
+
+      ext = File.extname(@path)
+      role = @path.sub(%r{.*\.kubes/resources/},'').sub(ext,'').split('/').first # IE: web
+      kind = File.basename(@path).sub(ext,'') # IE: deployment
+      all = "all"
+      if @block_form
+        kind = kind.pluralize
+        all = all.pluralize
+      end
+
+      layers = [
+        "base.rb",
+        "#{Kubes.env}.rb",
+        "base/all.rb",
+        "base/all/#{Kubes.env}.rb",
+        "base/#{kind}.rb",
+        "base/#{kind}/base.rb",
+        "base/#{kind}/#{Kubes.env}.rb",
+        "#{role}/#{kind}.rb",
+        "#{role}/#{kind}/base.rb",
+        "#{role}/#{kind}/#{Kubes.env}.rb",
+      ]
+
+      layers.each do |layer|
+        path = "#{Kubes.root}/.kubes/variables/#{layer}"
+        evaluate_file(path)
+      end
+    end
+  end
+end
diff --git a/lib/kubes/compiler/shared/plugin_helpers.rb b/lib/kubes/compiler/shared/plugin_helpers.rb
new file mode 100644
index 00000000..ae3f7580
--- /dev/null
+++ b/lib/kubes/compiler/shared/plugin_helpers.rb
@@ -0,0 +1,14 @@
+module Kubes::Compiler::Shared
+  module PluginHelpers
+    # Load plugin helper methods from project
+    @@plugin_helpers_loaded = false
+    def load_plugin_helpers
+      return if @@plugin_helpers_loaded
+      Kubes::Plugin.plugins.each do |klass|
+        helpers_class = "#{klass}::Helpers".constantize
+        self.class.send :include, helpers_class
+      end
+      @@plugin_helpers_loaded = true
+    end
+  end
+end
diff --git a/lib/kubes/compiler/strategy.rb b/lib/kubes/compiler/strategy.rb
index a78ff673..7d18b2c6 100644
--- a/lib/kubes/compiler/strategy.rb
+++ b/lib/kubes/compiler/strategy.rb
@@ -16,12 +16,13 @@ def compile
     end
 
     def strategy_class
-      ext = File.extname(@path)
-      case ext
-      when '.rb'   then Dsl
-      when '.yaml','.yml' then Erb
-      else Pass
-      end
+      ext = File.extname(@path).sub('.','').to_sym
+      map = {
+        rb: Dsl,
+        yaml: Erb,
+        yml: Erb,
+      }
+      map[ext]
     end
   end
 end
diff --git a/lib/kubes/compiler/strategy/base.rb b/lib/kubes/compiler/strategy/base.rb
index 8bc6e6f1..65c2fd75 100644
--- a/lib/kubes/compiler/strategy/base.rb
+++ b/lib/kubes/compiler/strategy/base.rb
@@ -1,13 +1,70 @@
 class Kubes::Compiler::Strategy
   class Base
-    include Kubes::Logging
+    include Kubes::Compiler::Layering
+    include Kubes::Compiler::Util::Normalize
     include Kubes::Compiler::Util::SaveFile
-    include Kubes::Compiler::Shared::CustomHelpers
+    include Kubes::Logging
 
     def initialize(options={})
       @options = options
       @path = options[:path]
       @save_file = save_file(@path)
+      @data = @options[:data] || {}
+    end
+
+    def run
+      render_files(pre_layers)
+      render(@path) # main resource definition
+      render_files(post_layers)
+
+      Result.new(@save_file, @data)
+    end
+
+    def render_files(paths)
+      paths.each do |path|
+        next unless File.exist?(path) # layers may not exist
+        render(path)
+      end
+    end
+
+    # render and merge
+    def render(path)
+      result = render_strategy(path)
+      if result.is_a?(Kubes::Compiler::Dsl::Core::Blocks)
+        result = result.results
+      end
+      @data.deeper_merge!(result)
+    end
+
+    # Delegate to Dsl or Erb strategy again and pass @data down to allow rendering of a mix of yaml and rb files.
+    def render_strategy(path)
+      if path.include?('.rb')
+        dsl_class.new(@options.merge(path: path, data: @data)).run
+      else
+        Erb.new(@options.merge(data: @data)).render_result(path)
+      end
+    end
+
+    # Must be defined here in case coming from Kubes::Compiler::Strategy::Erb#render_strategy
+    def dsl_class
+      if block_form?
+        Kubes::Compiler::Dsl::Core::Blocks
+      else
+        syntax_class
+      end
+    end
+
+    def syntax_class
+      klass_name = normalize_kind(@save_file) # IE: @save_file: web/service.yaml
+      "Kubes::Compiler::Dsl::Syntax::#{klass_name}".constantize
+    rescue NameError
+      logger.debug "Using default resource for: #{klass_name}"
+      Kubes::Compiler::Dsl::Syntax::Resource # default
+    end
+
+    def block_form?
+      type = extract_type(@save_file)
+      type.pluralize == type
     end
   end
 end
diff --git a/lib/kubes/compiler/strategy/dsl.rb b/lib/kubes/compiler/strategy/dsl.rb
index 77376d13..07b6256e 100644
--- a/lib/kubes/compiler/strategy/dsl.rb
+++ b/lib/kubes/compiler/strategy/dsl.rb
@@ -1,33 +1,4 @@
 class Kubes::Compiler::Strategy
   class Dsl < Base
-    include Kubes::Compiler::Util::Normalize
-
-    def run
-      load_custom_helpers
-      dsl = dsl_class.new(@options) # Deployment, Service, etc
-      data = dsl.run
-      Result.new(@save_file, data)
-    end
-
-    def dsl_class
-      if block_form?
-        Kubes::Compiler::Dsl::Core::Blocks
-      else
-        syntax_class
-      end
-    end
-
-    def syntax_class
-      klass_name = normalize_kind(@save_file)
-      "Kubes::Compiler::Dsl::Syntax::#{klass_name}".constantize
-    rescue NameError
-      logger.debug "Using default resource for: #{klass_name}"
-      Kubes::Compiler::Dsl::Syntax::Resource # default
-    end
-
-    def block_form?
-      type = extract_type(@save_file)
-      type.pluralize == type
-    end
   end
 end
diff --git a/lib/kubes/compiler/strategy/erb.rb b/lib/kubes/compiler/strategy/erb.rb
index 2e87d26b..8ac2ae27 100644
--- a/lib/kubes/compiler/strategy/erb.rb
+++ b/lib/kubes/compiler/strategy/erb.rb
@@ -4,31 +4,19 @@ class Kubes::Compiler::Strategy
   class Erb < Base
     extend Kubes::Compiler::Dsl::Core::Fields
     include Kubes::Compiler::Dsl::Core::Helpers
+    include Kubes::Compiler::Layering
     include Kubes::Compiler::Shared::CustomHelpers
+    include Kubes::Compiler::Shared::CustomVariables
     include Kubes::Compiler::Shared::Helpers
-    include Kubes::Compiler::Layering
-
-    def run
+    include Kubes::Compiler::Shared::PluginHelpers
+
+    def initialize(options={})
+      super
+      # For ERB scope is in this same Strategy::Erb class
+      # For DSL scope is within the each for the Resource classes. IE: kubes/compile/dsl/core/base.rb
+      load_plugin_helpers
+      load_custom_variables
       load_custom_helpers
-      @data = {}
-
-      render_files(pre_layers)
-      render(@path) # main resource definition
-      render_files(post_layers)
-
-      Result.new(@save_file, @data)
-    end
-
-    def render_files(paths)
-      paths.each do |path|
-        render(path)
-      end
-    end
-
-    # render and merge
-    def render(path)
-      result = render_result(path)
-      @data.deeper_merge!(result)
     end
 
     def render_result(path)
diff --git a/lib/kubes/compiler/util/normalize.rb b/lib/kubes/compiler/util/normalize.rb
index e97f7b41..31c95cf6 100644
--- a/lib/kubes/compiler/util/normalize.rb
+++ b/lib/kubes/compiler/util/normalize.rb
@@ -1,11 +1,14 @@
 module Kubes::Compiler::Util
   module Normalize
     def normalize_kind(path)
-      extract_type(path).underscore.camelize # Deployment, Service, Ingress, ManagedCertificate, etc
+      info = path.sub(%r{.*/.kubes/resources/}, '')
+      extract_type(info).underscore.camelize # Deployment, Service, Ingress, ManagedCertificate, etc
     end
 
-    def extract_type(path)
-      File.basename(path).sub('.yaml','').sub('.yml','').sub('.rb','').sub(/-.*/,'')
+    # info: web/service.yaml
+    def extract_type(info)
+      _, kind = info.split('/')
+      kind.sub('.yaml','').sub('.yml','').sub('.rb','').sub(/-.*/,'')
     end
   end
 end
diff --git a/lib/kubes/compiler/util/yaml_dump.rb b/lib/kubes/compiler/util/yaml_dump.rb
index 841ffdad..bd159a52 100644
--- a/lib/kubes/compiler/util/yaml_dump.rb
+++ b/lib/kubes/compiler/util/yaml_dump.rb
@@ -4,12 +4,12 @@
 module Kubes::Compiler::Util
   module YamlDump
     def yaml_dump(data)
-      if data.is_a?(Kubes::Compiler::Dsl::Core::Blocks)
-        items = data.results.map { |k,v| standardize_yaml(v) }
-        items.map(&:to_yaml).join("")
-      else
+      if data.key?("kind")  # single resource in YAML
         data = standardize_yaml(data)
         data.to_yaml
+      else
+        items = data.map { |k,v| standardize_yaml(v) }
+        items.map(&:to_yaml).join("")
       end
     end
 
diff --git a/lib/kubes/plugin.rb b/lib/kubes/plugin.rb
new file mode 100644
index 00000000..5127e280
--- /dev/null
+++ b/lib/kubes/plugin.rb
@@ -0,0 +1,14 @@
+module Kubes
+  module Plugin
+    @@plugins = []
+    def plugins
+      @@plugins
+    end
+
+    def register(klass)
+      @@plugins << klass
+    end
+
+    extend self
+  end
+end
diff --git a/lib/kubes/util/sh.rb b/lib/kubes/util/sh.rb
index caace095..7abd0af5 100644
--- a/lib/kubes/util/sh.rb
+++ b/lib/kubes/util/sh.rb
@@ -32,7 +32,7 @@ def sh(command, options={})
 
     def sh_capture(command, options={})
       exit_on_fail = options[:exit_on_fail].nil? ? true : options[:exit_on_fail]
-      logger.info "=> #{command}" if options[:show_command]
+      logger.debug "=> #{command}"
       out = `#{command}`.strip
       unless $?.success?
         logger.error "ERROR: running #{command}".color(:red)
diff --git a/lib/templates/new/helper/file.rb b/lib/templates/new/helper/file.rb
new file mode 100644
index 00000000..7bcf4e12
--- /dev/null
+++ b/lib/templates/new/helper/file.rb
@@ -0,0 +1,2 @@
+module <%= underscored_name.camelize %>
+end
diff --git a/lib/templates/new/dsl/backend_config.rb b/lib/templates/new/resource/dsl/backend_config.rb
similarity index 100%
rename from lib/templates/new/dsl/backend_config.rb
rename to lib/templates/new/resource/dsl/backend_config.rb
diff --git a/lib/templates/new/dsl/config_map.rb b/lib/templates/new/resource/dsl/config_map.rb
similarity index 100%
rename from lib/templates/new/dsl/config_map.rb
rename to lib/templates/new/resource/dsl/config_map.rb
diff --git a/lib/templates/new/dsl/daemon_set.rb b/lib/templates/new/resource/dsl/daemon_set.rb
similarity index 100%
rename from lib/templates/new/dsl/daemon_set.rb
rename to lib/templates/new/resource/dsl/daemon_set.rb
diff --git a/lib/templates/new/dsl/deployment.rb b/lib/templates/new/resource/dsl/deployment.rb
similarity index 100%
rename from lib/templates/new/dsl/deployment.rb
rename to lib/templates/new/resource/dsl/deployment.rb
diff --git a/lib/templates/new/dsl/ingress.rb b/lib/templates/new/resource/dsl/ingress.rb
similarity index 100%
rename from lib/templates/new/dsl/ingress.rb
rename to lib/templates/new/resource/dsl/ingress.rb
diff --git a/lib/templates/new/dsl/job.rb b/lib/templates/new/resource/dsl/job.rb
similarity index 100%
rename from lib/templates/new/dsl/job.rb
rename to lib/templates/new/resource/dsl/job.rb
diff --git a/lib/templates/new/dsl/managed_certificate.rb b/lib/templates/new/resource/dsl/managed_certificate.rb
similarity index 100%
rename from lib/templates/new/dsl/managed_certificate.rb
rename to lib/templates/new/resource/dsl/managed_certificate.rb
diff --git a/lib/templates/new/dsl/namespace.rb b/lib/templates/new/resource/dsl/namespace.rb
similarity index 100%
rename from lib/templates/new/dsl/namespace.rb
rename to lib/templates/new/resource/dsl/namespace.rb
diff --git a/lib/templates/new/dsl/network_policy.rb b/lib/templates/new/resource/dsl/network_policy.rb
similarity index 100%
rename from lib/templates/new/dsl/network_policy.rb
rename to lib/templates/new/resource/dsl/network_policy.rb
diff --git a/lib/templates/new/dsl/pod.rb b/lib/templates/new/resource/dsl/pod.rb
similarity index 100%
rename from lib/templates/new/dsl/pod.rb
rename to lib/templates/new/resource/dsl/pod.rb
diff --git a/lib/templates/new/dsl/role.rb b/lib/templates/new/resource/dsl/role.rb
similarity index 100%
rename from lib/templates/new/dsl/role.rb
rename to lib/templates/new/resource/dsl/role.rb
diff --git a/lib/templates/new/dsl/role_binding.rb b/lib/templates/new/resource/dsl/role_binding.rb
similarity index 100%
rename from lib/templates/new/dsl/role_binding.rb
rename to lib/templates/new/resource/dsl/role_binding.rb
diff --git a/lib/templates/new/dsl/secret.rb b/lib/templates/new/resource/dsl/secret.rb
similarity index 100%
rename from lib/templates/new/dsl/secret.rb
rename to lib/templates/new/resource/dsl/secret.rb
diff --git a/lib/templates/new/dsl/service.rb b/lib/templates/new/resource/dsl/service.rb
similarity index 100%
rename from lib/templates/new/dsl/service.rb
rename to lib/templates/new/resource/dsl/service.rb
diff --git a/lib/templates/new/dsl/service_account.rb b/lib/templates/new/resource/dsl/service_account.rb
similarity index 100%
rename from lib/templates/new/dsl/service_account.rb
rename to lib/templates/new/resource/dsl/service_account.rb
diff --git a/lib/templates/new/yaml/backend_config.yaml b/lib/templates/new/resource/yaml/backend_config.yaml
similarity index 100%
rename from lib/templates/new/yaml/backend_config.yaml
rename to lib/templates/new/resource/yaml/backend_config.yaml
diff --git a/lib/templates/new/yaml/config_map.yaml b/lib/templates/new/resource/yaml/config_map.yaml
similarity index 100%
rename from lib/templates/new/yaml/config_map.yaml
rename to lib/templates/new/resource/yaml/config_map.yaml
diff --git a/lib/templates/new/yaml/daemon_set.yaml b/lib/templates/new/resource/yaml/daemon_set.yaml
similarity index 100%
rename from lib/templates/new/yaml/daemon_set.yaml
rename to lib/templates/new/resource/yaml/daemon_set.yaml
diff --git a/lib/templates/new/yaml/deployment.yaml b/lib/templates/new/resource/yaml/deployment.yaml
similarity index 100%
rename from lib/templates/new/yaml/deployment.yaml
rename to lib/templates/new/resource/yaml/deployment.yaml
diff --git a/lib/templates/new/yaml/ingress.yaml b/lib/templates/new/resource/yaml/ingress.yaml
similarity index 100%
rename from lib/templates/new/yaml/ingress.yaml
rename to lib/templates/new/resource/yaml/ingress.yaml
diff --git a/lib/templates/new/yaml/job.yaml b/lib/templates/new/resource/yaml/job.yaml
similarity index 100%
rename from lib/templates/new/yaml/job.yaml
rename to lib/templates/new/resource/yaml/job.yaml
diff --git a/lib/templates/new/yaml/managed_certificate.yaml b/lib/templates/new/resource/yaml/managed_certificate.yaml
similarity index 100%
rename from lib/templates/new/yaml/managed_certificate.yaml
rename to lib/templates/new/resource/yaml/managed_certificate.yaml
diff --git a/lib/templates/new/yaml/namespace.yaml b/lib/templates/new/resource/yaml/namespace.yaml
similarity index 100%
rename from lib/templates/new/yaml/namespace.yaml
rename to lib/templates/new/resource/yaml/namespace.yaml
diff --git a/lib/templates/new/yaml/network_policy.yaml b/lib/templates/new/resource/yaml/network_policy.yaml
similarity index 100%
rename from lib/templates/new/yaml/network_policy.yaml
rename to lib/templates/new/resource/yaml/network_policy.yaml
diff --git a/lib/templates/new/yaml/pod.yaml b/lib/templates/new/resource/yaml/pod.yaml
similarity index 100%
rename from lib/templates/new/yaml/pod.yaml
rename to lib/templates/new/resource/yaml/pod.yaml
diff --git a/lib/templates/new/yaml/role.yaml b/lib/templates/new/resource/yaml/role.yaml
similarity index 100%
rename from lib/templates/new/yaml/role.yaml
rename to lib/templates/new/resource/yaml/role.yaml
diff --git a/lib/templates/new/yaml/role_binding.yaml b/lib/templates/new/resource/yaml/role_binding.yaml
similarity index 100%
rename from lib/templates/new/yaml/role_binding.yaml
rename to lib/templates/new/resource/yaml/role_binding.yaml
diff --git a/lib/templates/new/yaml/secret.yaml b/lib/templates/new/resource/yaml/secret.yaml
similarity index 100%
rename from lib/templates/new/yaml/secret.yaml
rename to lib/templates/new/resource/yaml/secret.yaml
diff --git a/lib/templates/new/yaml/service.yaml b/lib/templates/new/resource/yaml/service.yaml
similarity index 100%
rename from lib/templates/new/yaml/service.yaml
rename to lib/templates/new/resource/yaml/service.yaml
diff --git a/lib/templates/new/yaml/service_account.yaml b/lib/templates/new/resource/yaml/service_account.yaml
similarity index 100%
rename from lib/templates/new/yaml/service_account.yaml
rename to lib/templates/new/resource/yaml/service_account.yaml
diff --git a/lib/templates/new/variable/file.rb b/lib/templates/new/variable/file.rb
new file mode 100644
index 00000000..b47e58e3
--- /dev/null
+++ b/lib/templates/new/variable/file.rb
@@ -0,0 +1 @@
+@example = "<%= Kubes.env %>-value"
diff --git a/spec/fixtures/multiple-files/deployment-1.rb b/spec/fixtures/multiple-files/.kubes/resources/web/deployment-1.rb
similarity index 100%
rename from spec/fixtures/multiple-files/deployment-1.rb
rename to spec/fixtures/multiple-files/.kubes/resources/web/deployment-1.rb
diff --git a/spec/fixtures/multiple-files/deployment-2.rb b/spec/fixtures/multiple-files/.kubes/resources/web/deployment-2.rb
similarity index 100%
rename from spec/fixtures/multiple-files/deployment-2.rb
rename to spec/fixtures/multiple-files/.kubes/resources/web/deployment-2.rb
diff --git a/spec/fixtures/project/.kubes/resources/deployment.rb b/spec/fixtures/project/.kubes/resources/web/deployment.rb
similarity index 100%
rename from spec/fixtures/project/.kubes/resources/deployment.rb
rename to spec/fixtures/project/.kubes/resources/web/deployment.rb
diff --git a/spec/fixtures/project/.kubes/resources/foobar.rb b/spec/fixtures/project/.kubes/resources/web/empty.rb
similarity index 100%
rename from spec/fixtures/project/.kubes/resources/foobar.rb
rename to spec/fixtures/project/.kubes/resources/web/empty.rb
diff --git a/spec/fixtures/project/.kubes/resources/service.rb b/spec/fixtures/project/.kubes/resources/web/service.rb
similarity index 58%
rename from spec/fixtures/project/.kubes/resources/service.rb
rename to spec/fixtures/project/.kubes/resources/web/service.rb
index 51a54652..4329ed46 100644
--- a/spec/fixtures/project/.kubes/resources/service.rb
+++ b/spec/fixtures/project/.kubes/resources/web/service.rb
@@ -1,3 +1,3 @@
 name "demo-web"
 port 80
-target_port 3000
+targetPort 3000
diff --git a/spec/fixtures/syntax/network_policy.rb b/spec/fixtures/syntax/.kubes/resources/web/network_policy.rb
similarity index 100%
rename from spec/fixtures/syntax/network_policy.rb
rename to spec/fixtures/syntax/.kubes/resources/web/network_policy.rb
diff --git a/spec/fixtures/syntax/pod.rb b/spec/fixtures/syntax/.kubes/resources/web/pod.rb
similarity index 100%
rename from spec/fixtures/syntax/pod.rb
rename to spec/fixtures/syntax/.kubes/resources/web/pod.rb
diff --git a/spec/kubes/compiler/strategy/dsl_spec.rb b/spec/kubes/compiler/strategy/dsl_spec.rb
index b379de66..1e14bba8 100644
--- a/spec/kubes/compiler/strategy/dsl_spec.rb
+++ b/spec/kubes/compiler/strategy/dsl_spec.rb
@@ -3,7 +3,7 @@
   let(:options) { {path: fixture(resource) } }
 
   context "standard" do
-    let(:resource) { "project/.kubes/resources/deployment" }
+    let(:resource) { "project/.kubes/resources/web/deployment" }
     it "run" do
       result = dsl.run
       expect(dsl.dsl_class).to eq(Kubes::Compiler::Dsl::Syntax::Deployment)
@@ -25,7 +25,7 @@
   end
 
   context "multiple files" do
-    let(:resource) { "multiple-files/deployment-1" }
+    let(:resource) { "multiple-files/.kubes/resources/web/deployment-1" }
     it "run" do
       result = dsl.run
       expect(dsl.dsl_class).to eq(Kubes::Compiler::Dsl::Syntax::Deployment)
diff --git a/spec/kubes/compiler_spec.rb b/spec/kubes/compiler_spec.rb
index f7d83d94..2a38a1fa 100644
--- a/spec/kubes/compiler_spec.rb
+++ b/spec/kubes/compiler_spec.rb
@@ -4,7 +4,7 @@
     allow(compiler).to receive(:write_full)
     compiler
   end
-  let(:options) { {path: "spec/fixtures/project/.kubes/deployment.rb" } }
+  let(:options) { {path: "spec/fixtures/project/.kubes/resources/web/deployment.rb" } }
 
   describe "compiler" do
     it "run" do
diff --git a/spec/kubes/dsl/network_policy_spec.rb b/spec/kubes/dsl/network_policy_spec.rb
index c45ddba4..1272d61c 100644
--- a/spec/kubes/dsl/network_policy_spec.rb
+++ b/spec/kubes/dsl/network_policy_spec.rb
@@ -1,6 +1,6 @@
 describe Kubes::Compiler::Dsl::Syntax::NetworkPolicy do
   let(:evaluator) { described_class.new(options) }
-  let(:options) { {path: fixture("syntax/network_policy") } }
+  let(:options) { {path: fixture("syntax/.kubes/resources/web/network_policy") } }
 
   context "network_policy" do
     it "run" do
diff --git a/spec/kubes/dsl/pod_spec.rb b/spec/kubes/dsl/pod_spec.rb
index a28af2cc..5fd38975 100644
--- a/spec/kubes/dsl/pod_spec.rb
+++ b/spec/kubes/dsl/pod_spec.rb
@@ -1,6 +1,6 @@
 describe Kubes::Compiler::Dsl::Syntax::Pod do
   let(:evaluator) { described_class.new(options) }
-  let(:options) { {path: fixture("syntax/pod") } }
+  let(:options) { {path: fixture("syntax/.kubes/resources/web/pod") } }
 
   context "pod" do
     it "run" do