k8shhh

package module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2021 License: MIT Imports: 8 Imported by: 0

README

GoDoc Build Status Go Report Card Coverage Status

k8shhh

Quickly encode your configuration into K8s secrets.

Contents

Features

  • Written in simple Go
  • No installation necessary - binary is provided
  • Intuitive and easy to use
  • Supports encoding to both JSON and YAML
  • Works on Linux, Mac and Windows

Installation

Option 1: Binary

Download the latest binary from the Releases page. This is the easiest way to get started with k8shhh.

Don't forget to add the location of the binary to your $PATH.

Option 2: From source

Install the package via the following:

go get -u github.com/jwangsadinata/k8shhh

Usage

Commands:
encode  | encode key value as a kubernetes secret
decode  | decode the kubernetes secret into a readable configuration
version | print the current version of k8shhh
Some Examples:
Encode from the standard input
$ echo "ETCD_NAME=kube-etcd" | k8shhh encode
apiVersion: v1
data:
  ETCD_NAME: a3ViZS1ldGNk
kind: Secret
metadata:
  name: mysecret
type: Opaque

$ cat <<EOF | k8shhh encode
ETCD_NAME=kube-etcd
ETCD_SNAPSHOT_COUNT=5000
ETCD_HEARTBEAT_INTERVAL=100
ETCD_ELECTION_TIMEOUT=500
ETCD_LISTEN_PEER_URLS=http://10.0.0.1:2380
ETCD_LISTEN_CLIENT_URLS=http://10.0.0.1:2379
EOF
apiVersion: v1
data:
  ETCD_ELECTION_TIMEOUT: NTAw
  ETCD_HEARTBEAT_INTERVAL: MTAw
  ETCD_LISTEN_CLIENT_URLS: aHR0cDovLzEwLjAuMC4xOjIzNzk=
  ETCD_LISTEN_PEER_URLS: aHR0cDovLzEwLjAuMC4xOjIzODA=
  ETCD_NAME: a3ViZS1ldGNk
  ETCD_SNAPSHOT_COUNT: NTAwMA==
kind: Secret
metadata:
  name: mysecret
type: Opaque

The result can then be outputted into a .yaml or .json file, like the following:

$ cat <<EOF | k8shhh encode -o example
ETCD_NAME=kube-etcd
ETCD_SNAPSHOT_COUNT=5000
ETCD_HEARTBEAT_INTERVAL=100
ETCD_ELECTION_TIMEOUT=500
ETCD_LISTEN_PEER_URLS=http://10.0.0.1:2380
ETCD_LISTEN_CLIENT_URLS=http://10.0.0.1:2379
EOF
example.yaml

$ cat example.yaml
apiVersion: v1
data:
  ETCD_ELECTION_TIMEOUT: NTAw
  ETCD_HEARTBEAT_INTERVAL: MTAw
  ETCD_LISTEN_CLIENT_URLS: aHR0cDovLzEwLjAuMC4xOjIzNzk=
  ETCD_LISTEN_PEER_URLS: aHR0cDovLzEwLjAuMC4xOjIzODA=
  ETCD_NAME: a3ViZS1ldGNk
  ETCD_SNAPSHOT_COUNT: NTAwMA==
kind: Secret
metadata:
  name: example
type: Opaque

$ cat <<EOF | k8shhh encode -f json -o example
ETCD_NAME=kube-etcd
ETCD_SNAPSHOT_COUNT=5000
ETCD_HEARTBEAT_INTERVAL=100
ETCD_ELECTION_TIMEOUT=500
ETCD_LISTEN_PEER_URLS=http://10.0.0.1:2380
ETCD_LISTEN_CLIENT_URLS=http://10.0.0.1:2379
EOF
example.json

$ cat example.json
{
    "apiVersion": "v1",
    "data": {
        "ETCD_ELECTION_TIMEOUT": "NTAw",
        "ETCD_HEARTBEAT_INTERVAL": "MTAw",
        "ETCD_LISTEN_CLIENT_URLS": "aHR0cDovLzEwLjAuMC4xOjIzNzk=",
        "ETCD_LISTEN_PEER_URLS": "aHR0cDovLzEwLjAuMC4xOjIzODA=",
        "ETCD_NAME": "a3ViZS1ldGNk",
        "ETCD_SNAPSHOT_COUNT": "NTAwMA=="
    },
    "kind": "Secret",
    "metadata": {
        "name": "example"
    },
    "type": "Opaque"
}
Encode from existing file
$ ls
example-file

$ cat example-file
DB_HOST=localhost
DB_PORT=5432

$ k8shhh encode -i example-file
apiVersion: v1
data:
  DB_HOST: bG9jYWxob3N0
  DB_PORT: NTQzMg==
kind: Secret
metadata:
  name: mysecret
type: Opaque

Similarly, the result can also be outputted into a proper .yaml or .json file, as follows:

$ k8shhh encode -i example-file -o example
example.yaml

$ cat example.yaml
apiVersion: v1
data:
  DB_HOST: bG9jYWxob3N0
  DB_PORT: NTQzMg==
kind: Secret
metadata:
  name: example
type: Opaque

$ k8shhh encode -f json -n local-postgres -i example-file -o example
example.json

$ cat example.json
{
    "apiVersion": "v1",
    "data": {
        "DB_HOST": "bG9jYWxob3N0",
        "DB_PORT": "NTQzMg=="
    },
    "kind": "Secret",
    "metadata": {
        "name": "local-postgres"
    },
    "type": "Opaque"
}
Using kubectl with k8shhh encode

k8shhh encode works well with kubectl, which is the command line client for kubernetes. Some of the examples include the following:

$ kubectl create -f $(echo "TOKEN=8fd41973acac04e5fc76fde5439c8b94f1eb1233" | k8shhh encode -o token)
secret "token" created

$ kubectl describe secrets/token
Name:         token
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
TOKEN:  40 bytes

The most common use case will be to encode directly from a relatively long .env file, and pass it as kubernetes secrets, as follows:

$ ls -a
.env

$ cat .env
CI_JOB_ID="50"
CI_COMMIT_SHA="1ecfd275763eff1d6b4844ea3168962458c9f27a"
CI_COMMIT_REF_NAME="master"
CI_REPOSITORY_URL="https://gitlab-ci-token:abcde-1234ABCD5678ef@example.com/gitlab-org/gitlab-ce.git"
CI_COMMIT_TAG="1.0.0"
CI_JOB_NAME="spec:other"
CI_JOB_STAGE="test"
CI_JOB_MANUAL="true"
CI_JOB_TRIGGERED="true"
CI_JOB_TOKEN="abcde-1234ABCD5678ef"
CI_PIPELINE_ID="1000"
CI_PIPELINE_IID="10"
CI_PROJECT_ID="34"
CI_PROJECT_DIR="/builds/gitlab-org/gitlab-ce"
CI_PROJECT_NAME="gitlab-ce"
CI_PROJECT_NAMESPACE="gitlab-org"
CI_PROJECT_PATH="gitlab-org/gitlab-ce"
CI_PROJECT_URL="https://example.com/gitlab-org/gitlab-ce"
CI_REGISTRY="registry.example.com"
CI_REGISTRY_IMAGE="registry.example.com/gitlab-org/gitlab-ce"
CI_RUNNER_ID="10"
CI_RUNNER_DESCRIPTION="my runner"
CI_RUNNER_TAGS="docker, linux"
CI_SERVER="yes"
CI_SERVER_NAME="GitLab"
CI_SERVER_REVISION="70606bf"
CI_SERVER_VERSION="8.9.0"
CI_SERVER_VERSION_MAJOR="8"
CI_SERVER_VERSION_MINOR="9"
CI_SERVER_VERSION_PATCH="0"
GITLAB_USER_ID="42"
GITLAB_USER_EMAIL="user@example.com"
CI_REGISTRY_USER="gitlab-ci-token"
CI_REGISTRY_PASSWORD="longalfanumstring"

$ kubectl create -f $(k8shhh encode -i .env -o gitlab)
secret "gitlab" created

$ kubectl describe secrets/gitlab
Name:         gitlab
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
GITLAB_USER_EMAIL:        16 bytes
CI_SERVER_VERSION_MINOR:  1 bytes
CI_PROJECT_ID:            2 bytes
CI_REGISTRY:              20 bytes
CI_JOB_STAGE:             4 bytes
CI_PROJECT_PATH:          20 bytes
CI_PROJECT_URL:           40 bytes
CI_REPOSITORY_URL:        81 bytes
CI_COMMIT_REF_NAME:       6 bytes
CI_COMMIT_SHA:            40 bytes
CI_JOB_TRIGGERED:         4 bytes
CI_PIPELINE_IID:          2 bytes
CI_PROJECT_DIR:           28 bytes
CI_PROJECT_NAME:          9 bytes
CI_RUNNER_DESCRIPTION:    9 bytes
CI_SERVER:                3 bytes
CI_JOB_ID:                2 bytes
CI_JOB_TOKEN:             20 bytes
CI_SERVER_VERSION_MAJOR:  1 bytes
GITLAB_USER_ID:           2 bytes
CI_PIPELINE_ID:           4 bytes
CI_PROJECT_NAMESPACE:     10 bytes
CI_JOB_NAME:              10 bytes
CI_REGISTRY_PASSWORD:     17 bytes
CI_SERVER_REVISION:       7 bytes
CI_SERVER_VERSION:        5 bytes
CI_COMMIT_TAG:            5 bytes
CI_JOB_MANUAL:            4 bytes
CI_SERVER_VERSION_PATCH:  1 bytes
CI_RUNNER_TAGS:           13 bytes
CI_SERVER_NAME:           6 bytes
CI_RUNNER_ID:             2 bytes
CI_REGISTRY_IMAGE:        41 bytes
CI_REGISTRY_USER:         15 bytes
Decode from standard input
$ echo "{\"apiVersion\":\"v1\",\"data\":{\"DB_HOST\":\"bG9jYWxob3N0\",\"DB_PORT\":\"NTQzMg==\"},\"kind\":\"Secret\",\"metadata\":{\"name\":\"postgres\"},\"type\":\"Opaque\"}" | k8shhh decode
DB_HOST=localhost
DB_PORT=5432

The result can then be easily outputted into a file by using the following command:

$ echo "{\"apiVersion\":\"v1\",\"data\":{\"DB_HOST\":\"bG9jYWxob3N0\",\"DB_PORT\":\"NTQzMg==\"},\"kind\":\"Secret\",\"metadata\":{\"name\":\"postgres\"},\"type\":\"Opaque\"}" | k8shhh decode -o postgres-env
file "postgres-env" created

$ cat postgres-env
DB_HOST=localhost
DB_PORT=5432
Decode directly from file
$ ls
token-secret.yaml

$ cat token-secret.yaml
apiVersion: v1
data:
  TOKEN: OGZkNDE5NzNhY2FjMDRlNWZjNzZmZGU1NDM5YzhiOTRmMWViMTIzMw==
kind: Secret
metadata:
  name: token
type: Opaque

$ k8shhh decode -i token-secret.yaml
TOKEN=8fd41973acac04e5fc76fde5439c8b94f1eb1233

The decoded output can also be saved into a file, which can then be used as a configuration file for your program.

$ k8shhh decode -i token-secret.yaml -o token
file "token" created

$ cat token
TOKEN=8fd41973acac04e5fc76fde5439c8b94f1eb1233
Using kubectl with k8shhh decode

k8shhh decode also works well with kubectl. Some of the examples include the following:

$ kubectl get secret mysecret -o yaml
apiVersion: v1
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm
kind: Secret
metadata:
  creationTimestamp: 2016-01-22T18:41:56Z
  name: mysecret
  namespace: default
  resourceVersion: "164619"
  selfLink: /api/v1/namespaces/default/secrets/mysecret
  uid: cfee02d6-c137-11e5-8d73-42010af00002
type: Opaque

$ kubectl get secret mysecret -o yaml | k8shhh decode
password=1f2d1e2e67df
username=admin

$ kubectl get secret mysecret -o json | k8shhh decode
password=1f2d1e2e67df
username=admin
More information

Please see the GoDoc API page for a full API listing. For more examples, please consult examples directory located in each subpackages.

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

PRs are welcome. To begin developing, do this:

$ git clone git@github.com:jwangsadinata/k8shhh.git
$ cd k8shhh/
$ go build -mod=vendor ./cmd/k8shhh
$ ./k8shhh
usage: k8shhh [<flags>] <command> [<args> ...]

k8shhh: Quickly encode your configuration into K8s secrets.

Flags:
  --help  Show context-sensitive help (also try --help-long and --help-man).

Commands:
  help [<command>...]
    Show help.

  encode [<flags>]
    encode your configuration as k8s secrets

  decode [<flags>]
    decode your k8s secrets into a readable format

  version
    print the current version of k8shhh.

This project uses go modules for managing dependencies, which comes with Go 1.11 and above. After adding a new dependency, please run the following:

$ GO111MODULE=on go mod tidy
$ GO111MODULE=on go mod vendor

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decode 

func Decode(input io.Reader, decoder Decoder) ([]byte, error)

Decode decodes the input based on the given decoder

func DecodeJSON added in v1.0.1 

func DecodeJSON(input io.Reader) (interface{}, error)

DecodeJSON decodes the json formatted input into the readable secret

func DecodeYAML added in v1.0.1 

func DecodeYAML(input io.Reader) (interface{}, error)

DecodeYAML decodes the yaml formatted input into the readable secret

func Encode 

func Encode(input io.Reader, encoder Encoder, name string) ([]byte, error)

Encode encodes the input based on the given encoder

func EncodeJSON added in v1.0.1 

func EncodeJSON(secret Secret) ([]byte, error)

EncodeJSON encodes the secret and output it to a json format

func EncodeYAML added in v1.0.1 

func EncodeYAML(secret Secret) ([]byte, error)

EncodeYAML encodes the secret and output it to a yaml format

Types

type Decoder 

type Decoder func(io.Reader) (interface{}, error)

Decoder is a type for function that decodes a given io.Reader input

type Encoder 

type Encoder func(Secret) ([]byte, error)

Encoder is a type for function that encodes the given Secret

type Secret 

type Secret struct {
	Name string
	Data map[string]string
}

Secret is the type containing the name and the underlying data

Source Files

View all Source files

Directories

Path Synopsis
cmd
k8shhh

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.