Use transformers for shared patches in demo app

dsyer · Feb 5, 2020 · 8327a3b · 8327a3b
1 parent baa91ad
commit 8327a3b
Show file tree

Hide file tree

Showing 12 changed files with 109 additions and 29 deletions.
diff --git a/README.md b/README.md
@@ -208,11 +208,57 @@ The images will not be usable by k8s (even if you can run them with docker) unle
 
 ### Private Registry
 
-Articles on private Docker regsitry in GKE:
+Articles on private Docker registry in GKE:
 
 * [Offical Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). Note the need for every pod spec to refer to the `imagePullSecrets` for authentication.
 * [External with certs](https://blog.cloudhelix.io/using-a-private-docker-registry-with-kubernetes-f8d5f6b8f646). Similar requirement for secrets in pod specs.
 * As a [pod in the cluster](https://ruediste.github.io/cloud/2017/02/23/docker-registry-on-gke.html). I think you need a tunnel to the remote on port 5000 as well.
+* [Heptio docs on private registries](http://docs.heptio.com/content/private-registries/pr-gcr.html), include instructions on how to set up GCR in a non-GKE Kubernetes cluster.
+
+From the Heptio docs:
+
+```
+# create a GCP service account; format of account is email address
+SA_EMAIL=$(gcloud iam service-accounts --format='value(email)' create k8s-gcr-auth-ro)
+# create the json key file and associate it with the service account
+gcloud iam service-accounts keys create k8s-gcr-auth-ro.json --iam-account=$SA_EMAIL
+# get the project id
+PROJECT=$(gcloud config list core/project --format='value(core.project)')
+# add the IAM policy binding for the defined project and service account
+gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:$SA_EMAIL --role roles/storage.objectViewer
+```
+
+Then create the secret and specify the file that you just created:
+
+```
+SECRETNAME=varSecretName
+
+kubectl create secret docker-registry $SECRETNAME \
+  --docker-server=https://gcr.io \
+  --docker-username=_json_key \
+  --docker-email=user@example.com \
+  --docker-password="$(cat k8s-gcr-auth-ro.json)"
+```
+
+where the values must be as follows:
+
+* `$SECRETNAME`	An arbitrary string to serve as the name of the secret
+* `docker-server`	Must be set to “https://gcr.io” (or some variant, a subdomain may be required depending on your availability zone)
+* `docker-username`	Must be set to _json_key
+* `docker-email`	Must be any well-formed email address (not used, but required)
+* `docker-password`	The contents of the json key file that you created in the previous script
+
+> NOTE:	The command above only creates the secret in the default namespace. You will need to specify -n and create a secret for each namespace that your pods are in, because pods can only reference the image pull secrets in their own namespace.
+
+You can now add the secret to your Kubernetes configuration. You can add it to the default service account with the following command:
+
+```
+SECRETNAME=varSecretName
+kubectl patch serviceaccount default \
+  -p "{\"imagePullSecrets\": [{\"name\": \"$SECRETNAME\"}]}"
+```
+
+If you work with only the default service account, then all pods in the namespace pull images from the private registry. This is the case whether or not you explicitly specify the service account in the pod spec. If you work with multiple service accounts, each service account must provide the appropriate imagePullSecrets value. For more information, see the Kubernetes documentation on service accounts.
 
 ### Google Container Registry
 

diff --git a/demo/k8s/dev/kustomization.yaml b/demo/k8s/dev/kustomization.yaml
@@ -6,8 +6,8 @@ commonLabels:
   app: dev-demo
 resources:
 - ../vendor/actuator
-patchesStrategicMerge:
-  - vendor/libs/env.yaml
+transformers:
+  - ../vendor/env
 images:
 - name: dsyer/template
   newName: dsyer/demo
diff --git a/demo/k8s/gcr/kustomization.yaml b/demo/k8s/gcr/kustomization.yaml
@@ -3,8 +3,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ../vendor/base
-patchesStrategicMerge:
-  - vendor/libs/env.yaml
+transformers:
+  - ../vendor/env
 images:
 - name: dsyer/template
   newName: gcr.io/cf-sandbox-dsyer/demo
diff --git a/demo/k8s/node/kustomization.yaml b/demo/k8s/node/kustomization.yaml
@@ -7,8 +7,9 @@ commonLabels:
 resources:
 - ../vendor/actuator
 patchesStrategicMerge:
-- vendor/libs/env.yaml
 - service.yaml
+transformers:
+- ../vendor/env
 images:
 - name: dsyer/template
   newName: dsyer/demo
diff --git a/demo/k8s/prod/kustomization.yaml b/demo/k8s/prod/kustomization.yaml
@@ -6,8 +6,8 @@ commonLabels:
   app: dev-demo
 resources:
 - ../vendor/prometheus
-patchesStrategicMerge:
-  - vendor/libs/env.yaml
+transformers:
+  - ../vendor/env
 images:
 - name: dsyer/template
   newName: dsyer/demo
diff --git a/demo/pom.xml b/demo/pom.xml
@@ -76,18 +76,6 @@
 								<copy todir="k8s/vendor" failonerror="false">
 									<fileset dir="../layers" excludes="samples/**"/>
 								</copy>
-								<copy todir="k8s/dev/vendor/libs" failonerror="false">
-									<fileset dir="k8s/libs"/>
-								</copy>
-								<copy todir="k8s/prod/vendor/libs" failonerror="false">
-									<fileset dir="k8s/libs"/>
-								</copy>
-								<copy todir="k8s/gcr/vendor/libs" failonerror="false">
-									<fileset dir="k8s/libs"/>
-								</copy>
-								<copy todir="k8s/node/vendor/libs" failonerror="false">
-									<fileset dir="k8s/libs"/>
-								</copy>
 							</target>
 						</configuration>
 						<goals>

diff --git a/layers/samples/config/application.yml b/layers/samples/config/application.yml
@@ -0,0 +1,3 @@
+logging:
+  level:
+    org.springframework: DEBUG
diff --git a/layers/samples/config/config.yaml b/layers/samples/config/config.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+      - name: app
+        volumeMounts:
+          - mountPath: /app/config
+            name: env-config
+        env:
+          - name: VERSION
+            value: green
+      volumes:
+        - name: env-config
+          configMap:
+              name: env-config
diff --git a/layers/samples/config/kustomization.yaml b/layers/samples/config/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namePrefix: demo-
+commonLabels:
+  app: demo-app
+resources:
+- ../../base
+patchesStrategicMerge:
+  - config.yaml
+images:
+  - name: dsyer/template
+    newName: dsyer/demo
+configMapGenerator:
+  - name: env-config
+    behavior: merge
+    files:
+      - application.yml
diff --git a/layers/samples/enhanced/kustomization.yaml b/layers/samples/enhanced/kustomization.yaml
@@ -11,7 +11,6 @@ resources:
 transformers:
 - ../../env
 
-
 images:
   - name: dsyer/template
     newName: dsyer/demo
diff --git a/layers/samples/simple/kustomization.yaml b/layers/samples/simple/kustomization.yaml
@@ -4,15 +4,7 @@ namePrefix: demo-
 commonLabels:
   app: demo-app
 resources:
-# Can replace this with github.com/dsyer/docker-services/layers/prometheus
 - ../../base
-transformers:
-- ../../env
 images:
   - name: dsyer/template
     newName: dsyer/demo
-configMapGenerator:
-  - name: env-config
-    behavior: merge
-    literals:
-      - SERVER_NAME=foo
diff --git a/skaffold.yaml b/skaffold.yaml
@@ -0,0 +1,14 @@
+apiVersion: skaffold/v2alpha2
+kind: Config
+metadata:
+  name: demo
+build:
+  artifacts:
+  - image: dsyer/demo
+    context: ./demo
+  local:
+    useBuildkit: true
+deploy:
+  kustomize: {
+    path: ./layers/samples/config
+  }