rok8s-scripts is a framework for building GitOps workflows with Docker and Kubernetes. By adding rok8s-scripts to your CI/CD pipeline, you can build, push, and deploy your applications using the set of best practices we've built at Fairwinds.
In addition to building Docker images and deploying them to Kubernetes, rok8s-scripts is a great way to handle secure secrets management, environment specific configuration, Docker build caching, and much more.
Want to learn more? Fairwinds holds office hours on Zoom the first Friday of every month, at 12pm Eastern. You can also reach out via email at
To help you get started quickly, we've built a minimal example that shows how to use rok8s-scripts to build Docker images and deploy to Kubernetes using Circle CI. This example will serve as a helpful introduction regardless of your CI platform.
We've created documentation for several different use cases and workflows where rok8s-scripts can help.
- Build and push Docker images - This is the place to start to get a sense for rok8s-scripts project structure and a very basic use case.
- Deploy to Kubernetes - Learn how to get your applications into staging and production.
- Deploy to Kubernetes with Helm - If you've built a Helm chart for your application, rok8s-scripts is a great way to deploy your chart to staging and production.
- Manage secrets - Learn how rok8s-scripts can simplify and secure your secret management workflows.
- Deploy to AWS - Learn how to authenticate and deploy using rok8s-scripts with aws-cli.
- Deploy to GCP - Learn how to authenticate and deploy using rok8s-scripts with gcloud.
rok8s-scripts is designed to work well with a wide variety of use cases and environments. There are many valid ways to configure CI pipelines, but to help you get started, we've included a variety of examples in this repository.
- External secrets manager
- SOPS secrets - Shows how to use sops with rok8s-scripts.
- Using Helm - We recommend using Helm to manage your deployments.
- Optional components - Turn components (e.g. Horizontal Pod Audoscaler) on and off depending on whether you're deploying to staging or production.
- Production ready - Includes a number of recommended production features.
Each new release of rok8s-scripts generates CI images for common workflows. These images include a set of common CI/CD dependencies, including Docker, Kubernetes, Helm, AWS, and Google Cloud client libraries. Starting with these images as a base for deployment workflows ensures that you don't need to spend any build time installing extra dependencies.
We currently include CI Images based on Alpine and Debian Stretch as our recommended starting points. The latest Debian Stretch release can be pulled from
quay.io/reactiveops/ci-images:v9-stretch. A full list of image tags is available on our Quay repository.
Versioning v8.0.0 and beyond
Rok8s-scripts contains a number of dependencies that have various ways of versioning themselves. Most notably, Helm tends to break backward compatibility with every minor release. We have decided that post v8 of rok8s-scripts, we will update our versions according to the version change of the underlying tool. For example, if Helm changes from
2.14.0, we will change the version of rok8s scripts by one minor version. This will be clearly mentioned in the release notes. This means that a minor version of rok8s-scripts could introduce breaking changes to the CI/CD pipelines that are using it.
Please note that we will still commit to any patch version releases being backward-compatible. We will never release a patch version that upgrades an underlying tool beyond a patch version, and we will not release any patch versions of rok8s-scripts that introduce a breaking change.
Here is a set of guidelines to follow when deciding what version of ci-images (and thus rok8s-scripts) to use:
You are very risk-averse
You want rok8s-scripts to be stable, and just keep working until you decide to upgrade.
In this scenario, you should pin to a minor version of rok8s-scripts such as
You like to live dangerously
You are okay with your pipeline breaking occasionally and having to upgrade things as they break.
In this case, go ahead and pin to a major version such as
CircleCI has introduced the concept of reusable config in the form of Orbs. As of rok8s-scripts v9.0.0, Fairwinds publishes an orb called
fairwinds/rok8s-scripts in order to provide easier configuration inside of CircleCI.
- Building and Pushing Docker Images
- Deploying to Kubernetes with Helm
- Deploying to Kubernetes without Helm
- Managing Kubernetes Secrets Securely
Cloud Specific Documentation
Apache License 2.0