kubedeployer RU
Deploy application on Kubernetes.
- Deploy application using manifests.
- Deploy application using kustomize.
- Manifests can contain environment variables.
- Contain security scanner for Kubernetes resources.
- Contain security scanner for docker images.
- Contain dry-run mode, where only the manifest is built without applying it.
pip install kubedeployer
docker run itlabsio/kubedeployer
docker build \
--build-arg VAULT_URL=<host-to-vault> \
--build-arg VAULT_APPROLE_ID=<vault-approle-id> \
--build-arg VAULT_APPROLE_SECRET=<vault-approle-secret> \
--build-arg VAULT_SECRETS_PREFIX=<vault-secret-prefix> \
-t kubedeployer \
-f Dockerfile .
- VAULT_URL - Vault URL.
- VAULT_APPROLE_ID - the approle id allows machines or apps to authenticate with Vault-defined roles.
- VAULT_APPROLE_SECRET - approle secret.
- VAULT_SECRETS_PREFIX - template of vault-path to secret where store connection settings to Kubernetes (ex.: template/to/cluster/*/secret).
kubedeploy options
Example
kubedeploy -d orthodox --dry-run --env-file ./base.txt ./production.txt
- -d, -deployer=smart: structure maintenance types (see Supported structure maintenance types);
- --dry-run: only show built manifest without apply it;
- --env-file list: read in a file of environment variables. If environment variable does contain in several files, then it will be has value from last file.
- --project-dir <path>: full path to folder with project, if it is not setted,
used value from environment variable
CI_PROJECT_DIR
, if variable is not setted, as default value used current working directory - --environment <env_name>: environment for builder, if it is not setted, used
value from environment variable
ENVIRONMENT
- --manifest-folder <path>: path to folder with manifest, path is relative to project_dir. If it is not set, will get value from environment variable
MANIFEST_FOLDER
Kubedeployer supports three structure maintenance types of manifests to deploy:
- orthodox
- smart - this one is default
- kustomize
Each deployer is responding for collecting and processing manifest files
- Find yaml-files in
MANIFEST_FOLDER
; - Append files from subdirectory with name
ENVIRONMENT
.
- Replace placeholder like
${VAR_NAME}
by corresponding environment variablesVAR_NAME
in found files from previous step; - Concatenate all files in one.
Smart deployer has different behavior depending on presence of the kustomization.yaml
file
in MANIFEST_FOLDER
xor MANIFEST_FOLDER
/ENVIRONMENT
:
- it has not been found
- it has been found
- Work like orthodox deployer
- Create
kustomization.yaml
with all collected yaml-files; - Replace placeholder like orthodox deployer
- Create resulting manifest by
kustomize build
- It does not collect files because they all are listed in
kustomization.yaml
- Create resulting manifest by
kustomize build
- Replace placeholder like orthodox deployer in resulting manifest
If you want to have quoted values after replacing placeholders like
"123"
not123
, you should to make double quotes around the placeholder like'"${PLACEHOLDER}"'
because of specific of working kustomize
If in MANIFEST_FOLDER
were found kustomization.yaml
file then deployer will collect files by kustomize.
Deploy happens by applying kustomization.yaml
Unlike previous deployers this one does not replace placeholders and do not try to guess what can be deployed.
deploy:
stage: deploy
image: kubedeployer
environment:
name: development
variables:
KUBE_URL: $KUBERNETES_URL
KUBE_TOKEN: $KUBERNETES_TOKEN
KUBE_NAMESPACE: $KUBERNETES_NAMESPACE
ENVIRONMENT: $APPLICATION_ENVIRONMENT
MANIFEST_FOLDER: ./manifests
script:
- kubedeploy
script has options to choose deployer type (orthodox, smart and kustomize). Default value is orthodox. Example:
deploy:
script:
- kubedeploy -d smart
# Kubernetes URL where need to deploy application.
KUBE_URL: "https://kube.local"
# Directory inside project where manifests are located.
MANIFEST_FOLDER: "./manifests"
# If the KUBECONFIG environment variable does exist, kubectl uses an effective
# configuration that is the result of merging the files listed in the KUBECONFIG
# environment variable.
KUBECONFIG: "${HOME}/.kube/config"
# Kubernetes access token.
KUBE_TOKEN: "ey3423423423dfeg34gr34..."
# Kubernetes namespace where application will be deployed by default if
# namespace not set in manifests.
KUBE_NAMESPACE: "default"
# Environments describe where code is deployed (ex.: stage, production, ..).
ENVIRONMENT: "development"
# Show manifests that will be applied.
SHOW_MANIFESTS: "False"
# Template that allows filtering docker image names for Trivy report.
TRIVY_IMAGE_TEMPLATE: "registry\.example\.com"
Kubedeployer collect directories inside which manifests will be found. Root
directory are set with variable MANIFEST_FOLDER
, also to use extended
searching need to set value in variable ENVIRONMENT
. For example:
└── applications
└── manifests
├── development
│ ├── configurations
│ │ └── cm.yaml
│ └── ingress.yaml
├── deployment.yaml
└── svc.yaml
I. Found directories if MANIFEST_FOLDER set only:
MANIFEST_FOLDER = ./manifests
./manifests
II. Found directories if MANIFEST_FOLDER and ENVIRONMENT are set
(in current case subdirectory `production` does not exist):
MANIFEST_FOLDER = ./manifests
ENVIRONMENT = production
./manifests
III. Found directories if MANIFEST_FOLDER and ENVIRONMENT are set:
MANIFEST_FOLDER = ./manifests
ENVIRONMENT = development
./manifests
./manifests/development
./manifests/development/configurations
There are next variants when Kubedeployer was found kustomization.yaml
in
getting directories:
kustomization.yaml
successfully found.- If Kubedeployer found multiple
kustomization.yaml
files then will throw exception. To fix it you are need set path to directory inMANIFEST_FOLDER
that contain requiredkustomization.yaml
. - Kubedeployer auto create
kustomization.yaml
inMANIFEST_FOLER
if it can't find it.
Examples:
-
Project without kustomization.yaml
└── applications └── manifests ├── development │ ├── cm.yaml │ └── ingress.yaml ├── production │ ├── cm.yaml │ └── ingress.yaml ├── deployment.yaml └── svc.yaml MANIFEST_FOLDER = ./manifests ENVIRONMENT = development Kubedeployer will create kustomization.yaml with content: ./manifests/kustomization.yaml resources: - ./manifests/deployment.yaml - ./manifests/svc.yaml - ./manifests/development/cm.yaml - ./manifests/development/ingress.yaml
-
Project with kustomization.yaml
└── applications └── manifests ├── base │ ├── kustomization.yaml │ ├── development.yaml │ └── svc.yaml └── overlays ├── development │ ├── kustomization.yaml │ ├── cm.yaml │ └── ingress.yaml └── production ├── kustomization.yaml ├── cm.yaml └── ingress.yaml MANIFEST_FOLDER = ./manifests/overlays/development In our case, Kubedeployer will use the following file: ./manifests/overlays/development/kustomization.yaml
-
Project contains error
└── applications └── manifests ├── development │ ├── kustomization.yaml │ ├── ingress.yaml │ └── configurations │ ├── kustomization.yaml │ └── cm.yaml ├── kustomization.yaml ├── deployment.yaml └── svc.yaml MANIFEST_FOLDER = ./manifests ENVIRONMENT = development Kubedeployer will throw an exception after found multiple files: - ./manifests/kustomization.yaml - ./manifests/development/kustomization.yaml - ./manifests/development/configurations/kustomization.yaml