• Stars
    star
    630
  • Rank 71,328 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 7 years ago
  • Updated about 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster.

kube-applier

Project Status Build Status

kube-applier is a service that enables continuous deployment of Kubernetes objects by applying declarative configuration files from a Git repository to a Kubernetes cluster.

kube-applier runs as a Pod in your cluster and watches the Git repo to ensure that the cluster objects are up-to-date with their associated spec files (JSON or YAML) in the repo.

At a specified interval, kube-applier performs a "full run", issuing kubectl apply commands for all JSON and YAML files within the repo.

When a new commit to the repo occurs, kube-applier performs a "quick run", issuing apply commands only for files that have changed since the last run.

Quick runs and full runs are handled separately and concurrently.

kube-applier serves a status page and provides metrics for monitoring.

Requirements

  • Go (1.7+)
  • Docker (17.05+)
  • Kubernetes cluster
    • kube-applier generally supports any Kubernetes server release, assuming that you are installing a compatible kubectl client in your Dockerfile.
    • The kubectl version specified in the Dockerfile must be either the same minor release as the cluster API server, or one release behind the server (e.g. client 1.3 and server 1.4 is fine, but client 1.4 and server 1.3 is not).
    • There are several known problems with kubectl apply that may affect your use of kube-applier. Some examples:
      • Releases prior to 1.6.0 are subject many known issues with using kubectl apply to apply ThirdPartyResource objects.
      • 1.5 and 1.6 releases before 1.5.8 and 1.6.3 are not supported due to an issue with namespaces, fixed here.

Setup

Download the source code and build the container image.

$ go get github.com/box/kube-applier
$ cd $GOPATH/src/github.com/box/kube-applier
$ make container

You will need to push the image to a registry in order to reference it in a Kubernetes container spec.

Usage

Container Spec

We suggest running kube-applier as a Deployment (see demo/ for example YAML files). We only support running one replica at a time at this point, so there may be a gap in application if the node serving the replica goes hard down until it is rescheduled onto another node.

IMPORTANT: The Pod containing the kube-applier container must be spawned in a namespace that has write permissions on all namespaces in the API Server (e.g. kube-system).

Environment Variables

Required:

  • REPO_PATH - (string) Absolute path to the directory containing configuration files to be applied. It must be a Git repository or a path within one. All .json and .yaml files within this directory (and its subdirectories) will be applied, unless listed on the blacklist or excluded from the whitelist.
  • LISTEN_PORT - (int) Port for the container. This should be the same port specified in the container spec.

Optional:

  • SERVER - (string) Address of the Kubernetes API server. By default, discovery of the API server is handled by kube-proxy. If kube-proxy is not set up, the API server address must be specified with this environment variable (which is then written into a kubeconfig file on the backend). Authentication to the API server is handled by service account tokens. See Accessing the Cluster for more info.
  • BLACKLIST_PATH - (string) Path to a "blacklist" file which specifies files that should not be applied. This path should be absolute (e.g. /k8s/conf/kube_applier_blacklist), not relative to REPO_PATH (although you may want to check the blacklist file into the repo). The blacklist file itself should be a plaintext file, with a file path on each line. Each of these paths should be relative to REPO_PATH (for example, if REPO_PATH is set to /git/repo, and the file to be blacklisted is /git/repo/apps/app1.json, the line in the blacklist file should be apps/app1.json).
  • WHITELIST_PATH - (string) Path to a "whitelist" file which is used to make the applier consider a specific subset of files from the repo. Only the files listed in the whitelist file will be considered for apply. Empty whitelist (or unset env var) means all files in repo are eligible to be applied. In case of a file is listed in both the whitelist and the blacklist, the file is not applied. The environment variable and file itself should formatted the same as for the blacklist above.

NOTE The blacklist and whitelist files support line comments. A single line gets ignored if the first non-blank character is # in that line.


  • POLL_INTERVAL_SECONDS - (int) Number of seconds to wait between each check for new commits to the repo (default is 5). Set to 0 to disable the wait period.
  • FULL_RUN_INTERVAL_SECONDS - (int) Number of seconds between automatic full runs (default is 300, or 5 minutes). Set to 0 to disable the wait period.
  • DIFF_URL_FORMAT - (string) If specified, allows the status page to display a link to the source code referencing the diff for a specific commit. DIFF_URL_FORMAT should be a URL for a hosted remote repo that supports linking to a commit hash. Replace the commit hash portion with "%s" so it can be filled in by kube-applier (e.g. https://github.com/kubernetes/kubernetes/commit/%s).
  • LOG_LEVEL - (int) Sets the -v flag on all kubectl commands run. Use this option to configure more verbose logging. If not specified, the -v flag is not set on kubectl commands defaulting to standard log verbosity.

Mounting the Git Repository

There are two ways to mount the Git repository into the kube-applier container.

1. Git-sync sidecar container

Git-sync keeps a local directory up to date with a remote repo. The local directory resides in a shared emptyDir volume that is mounted in both the git-sync and kube-applier containers.

Reference the git-sync repo for setup and usage.

2. Host-mounted volume

Mount a Git repository from a host directory. This can be useful when you want kube-applier to apply changes to an object without checking the modified spec file into a remote repo.

"volumes": [
   {
      "hostPath": {
         "path": <path-to-host-directory>
      },
      "name": "repo-volume"
   }
   ...
]

What happens if the contents of the local Git repo change in the middle of a kube-applier run?

If there are changes to files in the $REPO_PATH directory during a kube-applier run, those changes may or may not be reflected in that run, depending on the timing of the changes.

Given that the $REPO_PATH directory is a Git repo or located within one, it is likely that the majority of changes will be associated with a Git commit. Thus, a change in the middle of a run will likely update the HEAD commit hash, which will immediately trigger another run upon completion of the current run (regardless of whether or not any of the changes were effective in the current run). However, changes that are not associated with a new Git commit will not trigger a run.

If I remove a configuration file, will kube-applier remove the associated Kubernetes object?

No. If a file is removed from the $REPO_PATH directory, kube-applier will no longer apply the file, but kube-applier WILL NOT delete the cluster object(s) described by the file. These objects must be manually cleaned up using kubectl delete.

"Force Run" Feature

In rare cases, you may wish to trigger a kube-applier run without checking in a commit or waiting for the next scheduled run (e.g. some of your files failed to apply because of some background condition in the cluster, and you have fixed it since the last run). This can be accomplished with the "Force Run" button on the status page, which starts a run immediately if no run is currently in progress, or queues a run to start upon completion of the current run. Only one run may sit in the queue at any given time.

Monitoring

Status UI

screenshot

kube-applier hosts a status page on a webserver, served at the service endpoint URL. The status page displays information about the most recent apply run, including:

  • Run Type
  • Start and end times
  • Latency
  • Most recent commit
  • Whitelisted files
  • Blacklisted files
  • Errors
  • Files applied successfully

The HTML template for the status page lives in templates/status.html, and static/ holds additional assets.

Metrics

kube-applier uses Prometheus for metrics. Metrics are hosted on the webserver at /metrics (status UI is the index page). In addition to the Prometheus default metrics, the following custom metrics are included:

  • run_latency_seconds - A Summary that keeps track of the durations of each apply run, tagged with the run type and a boolean for whether or not the run was a success (i.e. no failed apply attempts).
  • file_apply_count - A Counter for each file that has had an apply attempt over the lifetime of the container, incremented with each apply attempt and tagged by the filepath and the result of the attempt.

The Prometheus HTTP API (also see the Go library) can be used for querying the metrics server.

Development

All contributions are welcome to this project. Please review our contributing guidelines.

Some suggestions for running kube-applier locally for development:

  • To reach kube-applier's webserver from your browser, you can use an apiserver proxy URL.
  • Although git-sync is recommended for live environments, using a host-mounted volume can simplify basic local usage of kube-applier.

Testing

See our contributing guidelines.

Support

Need to contact us directly? Email [email protected] and be sure to include the name of this project in the subject.

Copyright and License

Copyright 2016 Box, Inc. All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

spout

Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scalable way
PHP
4,219
star
2

t3js

DEPRECATED - A minimal component-based JavaScript framework
JavaScript
1,557
star
3

Anemometer

Box SQL Slow Query Monitor
JavaScript
1,369
star
4

kube-iptables-tailer

A service for better network visibility for your Kubernetes clusters.
Go
538
star
5

box-ui-elements

React Components for Box's Design System and Pluggable Components
JavaScript
532
star
6

box-python-sdk

Box SDK for Python
Python
420
star
7

mojito

An automation platform that enables continuous localization.
Java
367
star
8

flaky

Plugin for nose or pytest that automatically reruns flaky tests.
Python
347
star
9

viewer.js

A viewer for documents converted with the Box View API
JavaScript
335
star
10

stalker

A jQuery plugin allowing elements to follow the user as they scroll a page.
JavaScript
227
star
11

boxcli

A command line interface for interacting with the Box API.
JavaScript
197
star
12

box-windows-sdk-v2

Windows SDK for v2 of the Box API. The SDK is built upon .NET Framework 4.5
C#
186
star
13

ClusterRunner

ClusterRunner makes it easy to parallelize test suites across your infrastructure in the fastest and most efficient way possible.
Python
180
star
14

box-node-sdk

A Javascript interface for interacting with the Box API. You can find the node package at
JavaScript
177
star
15

augmented_types

A PHP extension to enforce parameter and return type annotations
C++
166
star
16

bart

A collection of our critical PHP tools
PHP
163
star
17

box-java-sdk

The Box SDK for Java.
Java
156
star
18

memsniff

A tool for recording and displaying statistics on memcached traffic written in golang.
Go
143
star
19

genty

Genty, pronounced "gen-tee", stands for "generate tests". It promotes generative testing, where a single test can execute over a variety of input.
Python
119
star
20

box-ios-sdk

iOS SDK for the Box Content API
Swift
117
star
21

kube-exec-controller

An admission controller service and kubectl plugin to handle container drift in K8s clusters
Go
109
star
22

RainGauge

RainGauge
JavaScript
107
star
23

box-content-preview

JavaScript library for rendering files stored on Box
JavaScript
105
star
24

leche

DEPRECATED - Testing extensions for Mocha and Sinon
JavaScript
103
star
25

box-openapi

OpenAPI 3.0 Specification for the Box APIs
JavaScript
93
star
26

rotunicode

Python library for converting between a string of ASCII and Unicode chars maintaining readability
Python
77
star
27

brainy

A faster, safer templating library for PHP
PHP
66
star
28

mysqlutilities

Box's MySQL Utilities
Shell
65
star
29

samples

Code snippets and samples to demonstrate how to get the most out of the Box platform & API
JavaScript
64
star
30

box-android-sdk

Java
62
star
31

box-salesforce-sdk

This is the Salesforce SDK for integrating with the Box Platform.
Apex
57
star
32

box-android-apptoapp-sdk

This SDK supports Box OneCloud integrations on Android that handle file โ€˜roundtripsโ€™. That is, it enables file open-edit-save scenarios between the Box app and partner apps without the need for partner apps to authenticate a Box user independently.
Java
57
star
33

fast_assert

PHP
37
star
34

StatusWolf

Configurable operations dashboard designed to bring together the disparate datasources that operations teams need to manage and present them in a flexible and beautiful way.
PHP
36
star
35

shmock

SHorthand for MOCKing in PHPUnit
PHP
34
star
36

Makefile.test

A makefile used for running test executables
Python
32
star
37

error-reporting-with-kubernetes-events

A demonstration of how Box utilizes Kubernetes CustomResourceDefinitions and Events
Go
32
star
38

box-skills-kit-nodejs

Official toolkit library and boilerplate code for developing Box Skills.
JavaScript
27
star
39

box-python-sdk-gen

Repository for generated Box Python SDK
Python
26
star
40

shalam

DEPRECATED - A friendly tool for CSS spriting
JavaScript
25
star
41

developer.box.com

Box Developer Documentation - Content & Configuration
JavaScript
24
star
42

box-ios-browse-sdk

Objective-C
18
star
43

wavectl

Command Line Client For Wavefront
Python
18
star
44

box-ios-preview-sdk

Box iOS Preview SDK
Swift
17
star
45

clusterrunner-javascript-sdk

ClusterRunner JavaScript SDK that works in both node and browsers
HTML
16
star
46

box-typescript-sdk-gen

Repository for generated Box TS SDK
TypeScript
15
star
47

box-ui-elements-demo

Demo react app for UI Elements
JavaScript
14
star
48

sdks

SDKs, CLI and other tools for using Box Platform
14
star
49

box-android-preview-sdk

Box Android Preview SDK
Java
13
star
50

box-android-browse-sdk

Java
12
star
51

hdrCompressor

Tool for saving HDR file as RGBM, RGBD, RGBE or LogLuv TGA file.
C
12
star
52

box-annotations

JavaScript library for annotations on files rendered with Box Content Preview
TypeScript
11
star
53

etcdb

Etcd PEP 249 driver.
Python
10
star
54

box-content-preview-demo

Demo React App using the Preview UI Element
JavaScript
8
star
55

box-postman

The official Box Postman Collection
JavaScript
7
star
56

box-dotnet-sdk-gen

Repository for Box .NET autogenerated SDK
C#
6
star
57

verold.github.io

Verold developer docs and tutorials
JavaScript
5
star
58

uploaders

Write your own custom uploader to send 3D models/textures to Verold Studio.
4
star
59

box-ios-share-sdk

Objective-C
4
star
60

box-windows-metadata-sdk-v2

Box Metadata C# SDK Plugin
C#
4
star
61

homebrew-mojito

Homebrew tap for Box/mojito
Ruby
3
star
62

box-developer-changelog

Box Developer Changelog
JavaScript
3
star
63

box-languages

Languages used by other box projects
JavaScript
2
star
64

box-android-share-sdk

Java
2
star
65

puppet-clusterrunner

Installs ClusterRunner using Puppet
Puppet
2
star
66

box-java-sdk-samples

Sample apps for the Box Java SDK.
Java
2
star
67

cla

Landing page for CLA Agreements
1
star