Bow

Bow detects updated image tags from a Docker registry of images defined in a GitOps deployment repository containing Kubernetes Deployments/StatefulSets or Helm templates.

Since it is forked from Keel.sh, it supports many of its features as well.

Getting started

Bow needs to have write access to the deployment repository to update it when Bow detects new images. You can either set REPO_USERNAME and REPO_PASSWORD environment variables (ideally from a Kubernetes Secret) or mount the files id_rsa and known_hosts into /root/.ssh/.

create secret to use for git auth
kubectl -n bow create secret generic ssh-key-secret --from-file=/home/alwin/.ssh/id_rsa --from-file=/home/alwin/.ssh/known_hosts
check and adapt deployment/deployment-norbac.yaml
- specifically set REPO_ environment variables
apply yaml kubectl apply -f deployment/deployment-norbac.yaml
check logs

Good to know

the private key needs to be mounted in /root/.ssh/id_rsa
a valid known_hosts in /root/.ssh is needed
for username, password auth, the environment variables REPO_USERNAME and REPO_PASSWORD can be populated from a secret
to access private docker registries, a full dockercfg can be passed in DOCKER_REGISTRY_CFG
REPO_USERNAME and _PASSWORD or a private key and known_hosts need to be provided in any case, otherwise bow cannot push anyway
provide path to Helm chart home as you would for helm template from the git repos home with REPO_CHART_PATH
use REPO_BRANCH to update different and watch branch different to master
you have to use annotations like bow/pollSchedule instead of keel.sh/pollSchedule

Development

make sure to download dependencies with dep ensure
manually build cmd/bow/main.go
or build using Docker docker-compose build
run generated binary or Docker image docker-compose up -d
to test kubernetes, push new image to registry and change path in deployment/deployment-norbac.yaml

Features confirmed working (in some limited way)

webhook triggers
approvals
chat notifications
Docker registry secret from env
running from binary, in Docker container and k8s cluster
web frontend (set BASIC_AUTH_USER and BASIC_AUTH_PASSWORD to enable)
git authentication with username/password or private key
polling enabled by default (different to Keel)

Roadmap

test semver support
bug fixes - tell me about bugs

Limitations

image name including tag needs to appear somewhere - don't move only the tag to values.yml
everything is considered a Helm chart - if you have plain Kubernetes yamls, please create the folder structure of a Helm chart and put your files in the templates folder
if the same image is referenced twice with different rules, the replacement process might not work as intended

Name		Name	Last commit message	Last commit date
Latest commit History 1,164 Commits
.circleci		.circleci
.pipeline		.pipeline
.scripts		.scripts
.test		.test
approvals		approvals
bot		bot
chart/bow		chart/bow
cmd/bow		cmd/bow
constants		constants
deployment		deployment
extension		extension
internal		internal
pkg		pkg
provider		provider
registry		registry
secrets		secrets
static		static
tests		tests
trigger		trigger
types		types
ui		ui
util		util
vendor		vendor
version		version
.drone.yml		.drone.yml
.gitignore		.gitignore
Dockerfile		Dockerfile
Dockerfile.aarch64		Dockerfile.aarch64
Dockerfile.armhf		Dockerfile.armhf
Dockerfile.debian		Dockerfile.debian
Dockerfile.local		Dockerfile.local
Gopkg.lock		Gopkg.lock
Gopkg.toml		Gopkg.toml
LICENSE		LICENSE
Makefile		Makefile
docker-compose.yml		docker-compose.yml
readme.md		readme.md
readme_old.md		readme_old.md

License

Alwinius/bow

Folders and files

Latest commit

History

Repository files navigation

Bow

Getting started

Good to know

Development

Features confirmed working (in some limited way)

Roadmap

Limitations

About

Resources

License

Stars

Watchers

Forks

Languages