Skip to content
GitOps Operator to automate Helm, DaemonSet, StatefulSet & Deployment updates
Go Vue JavaScript CSS Shell Makefile Other
Branch: master
Clone or download
Pull request Compare This branch is 19 commits ahead, 87 commits behind keel-hq:master.
alwin
Latest commit c5ab296 Jul 23, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci
.pipeline
.scripts
.test
approvals
bot
chart/bow rename project to bow Jul 9, 2019
cmd/bow
constants
deployment
extension
internal improve readme Jul 23, 2019
pkg
provider
registry
secrets
static added readme May 29, 2019
tests rename project to bow Jul 9, 2019
trigger
types
ui
util
vendor
version
.drone.yml rename project to bow Jul 9, 2019
.gitignore
Dockerfile
Dockerfile.aarch64 rename project to bow Jul 9, 2019
Dockerfile.armhf rename project to bow Jul 9, 2019
Dockerfile.debian
Dockerfile.local
Gopkg.lock support branch selection Jun 28, 2019
Gopkg.toml
LICENSE license, readme Jun 11, 2017
Makefile
docker-compose.yml
readme.md
readme_old.md

readme.md

Bow

Bow detects updated image tags from a Docker registry of images defined in a GitOps deployment repository containing Kubernetes Deployments/StatefulSets or Helm templates.

Since it is forked from Keel.sh, it supports many of its features as well.

Getting started

Bow needs to have write access to the deployment repository to update it when Bow detects new images. You can either set REPO_USERNAME and REPO_PASSWORD environment variables (ideally from a Kubernetes Secret) or mount the files id_rsa and known_hosts into /root/.ssh/.

  • create secret to use for git auth
    kubectl -n bow create secret generic ssh-key-secret --from-file=/home/alwin/.ssh/id_rsa --from-file=/home/alwin/.ssh/known_hosts
  • check and adapt deployment/deployment-norbac.yaml
    • specifically set REPO_ environment variables
  • apply yaml kubectl apply -f deployment/deployment-norbac.yaml
  • check logs

Good to know

  • the private key needs to be mounted in /root/.ssh/id_rsa
  • a valid known_hosts in /root/.ssh is needed
  • for username, password auth, the environment variables REPO_USERNAME and REPO_PASSWORD can be populated from a secret
  • to access private docker registries, a full dockercfg can be passed in DOCKER_REGISTRY_CFG
  • REPO_USERNAME and _PASSWORD or a private key and known_hosts need to be provided in any case, otherwise bow cannot push anyway
  • provide path to Helm chart home as you would for helm template from the git repos home with REPO_CHART_PATH
  • use REPO_BRANCH to update different and watch branch different to master
  • you have to use annotations like bow/pollSchedule instead of keel.sh/pollSchedule

Development

  • make sure to download dependencies with dep ensure
  • manually build cmd/bow/main.go
  • or build using Docker docker-compose build
  • run generated binary or Docker image docker-compose up -d
  • to test kubernetes, push new image to registry and change path in deployment/deployment-norbac.yaml

Features confirmed working (in some limited way)

  • webhook triggers
  • approvals
  • chat notifications
  • Docker registry secret from env
  • running from binary, in Docker container and k8s cluster
  • web frontend (set BASIC_AUTH_USER and BASIC_AUTH_PASSWORD to enable)
  • git authentication with username/password or private key
  • polling enabled by default (different to Keel)

Roadmap

  • test semver support
  • bug fixes - tell me about bugs

Limitations

  • image name including tag needs to appear somewhere - don't move only the tag to values.yml
  • everything is considered a Helm chart - if you have plain Kubernetes yamls, please create the folder structure of a Helm chart and put your files in the templates folder
  • if the same image is referenced twice with different rules, the replacement process might not work as intended
You can’t perform that action at this time.