updatekate

command module

v0.0.0-...-9a05313 Latest Latest Go to latest Published: Jul 28, 2017 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tingold/updatekate

Links

Open Source Insights

README ¶

Updatekate

A utility the updates a Kubernetes deployment based on a Quay.io webhook.

Why

Updatekate allows a Kubernetes deployment update to be included as part of a CI/CD workflow without
kubectl needing to be installed on the build box. This is especially useful for builds directly on Quay or GKE environments where auth is more problematic (gcloudcli etc). By providing a webhook on success it also allows post deployment steps such as interface or load testing to be performed.

Workflow

Basic workflow is this:

Updatekate starts and pulls the following info from the ENV
- UK_NAMESPACE: The k8s namespace when the target deployment lives - defaults to default
- UK_DEPLOYMENT: The k8s deployment to update - empty by default
- UK_REPO: The repository to allow updates from -- empty by default
- UK_WEBHOOK: A webhook to invoke upon success -- empty by default
- UK_INFO: Setting to false disables the /info endpoint which could possibly leak sensitive data - defaults to true (i.e. the endpoint is enabled by default)
It then listens on port container port 8888 for a Quay.io webhook post to /webhook.
See docs here for the webhooks expected format. It also exposes /info which will the deployments json to
When a webhook is received it will check the version of the deployment's container image against the updated tags in the webhook. The code uses the semantic versioning rules to evaluate which versions are newer. For example:
- 1.0.0 > 0.5.0
- 0.0.2-SNAPSHOT < 0.0.2-SNAPSHOT.2
- etc... full docs on the library used found here
If a newer tag is found the deployment will be updated to use that image. Updatekate will poll the deployments status 10 time (incremental backoff) or until there is at least 1 container available.
After a successful deployment update, updatekate will POST a simple chunk of JSON to the webhook -- if provided. todo: add json sample

Security

By restricting the image updates to a single repository, updatekate essentially restricts updates to those allowed to push to your repo. Of course, by opening listening port it does expose these system to the typical vulnerabilities (DDOS etc). Unless needed for debugging the /info endpoint should also be disabled

Building

# get source
git clone https://github.com/tingold/updatekate.git
cd update kate 
# install glide for dependencies 
curl https://glide.sh/get | sh
glide install
# build it
go build

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

updatekate.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL