initial commit

8031bc06 · Vickie Shen · 98e3cfab · 8031bc06 · 8031bc06 · 8031bc06
Commit 8031bc06 authored Dec 03, 2020 by Vickie Shen
7 changed files
--- a/Dockerfile
+++ b/Dockerfile
+ARG BASE_REGISTRY=registry1.dsop.io
+ARG BASE_IMAGE=ironbank/opensource/python/python38
+ARG BASE_TAG=3.8
+FROM kiwigrid/k8s-sidecar:1.3.0 as base
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+LABEL org.opencontainers.image.title="kiwigrid/k8s-sidecar" \
+      org.opencontainers.image.description="k8s-sidecar container allows the internal k8s api to collect configmaps and store them in a path" \
+      org.opencontainers.image.licenses="MIT License" \
+      org.opencontainers.image.url="https://github.com/kiwigrid/k8s-sidecar" \
+      org.opencontainers.image.version="1.3.0" \
+      maintainer="cht@dsop.io"
+USER 0
+ENV PYTHON_VERSION=3.8
+COPY --from=base /app /app
+WORKDIR /app
+COPY scripts/requirements.txt .
+RUN dnf upgrade -y && \
+    /usr/local/bin/python3.8 -m pip install --upgrade pip && \
+    pip install -r requirements.txt && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf requirements.txt
+ENV PYTHONUNBUFFERED=1
+RUN groupadd -g 1002 k8s-sidecar && \
+    useradd -r -u 1002 -m -s /sbin/nologin -g k8s-sidecar k8s-sidecar
+USER k8s-sidecar
+CMD [ "python", "-u", "/app/sidecar.py" ]
--- a/Jenkinsfile
+++ b/Jenkinsfile
+@Library('DCCSCR@timeouts-to-env') _
+dccscrPipeline(version: "1.3.0")
--- a/LICENSE
+++ b/LICENSE
+MIT License
+Copyright (c) 2018 Kiwigrid GmbH
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/README.md
+++ b/README.md
-# <application name>
+# k8s-sidecar
-Project template for all Iron Bank container repositories.
+## What?
\ No newline at end of file
+This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in an local folder. It can also send an HTTP request to a specified URL after a configmap change. The main target is to be run as a sidecar container to supply an application with information from the cluster. The contained Python script is working from Kubernetes API 1.10.
+## Why?
+Currently there is no simple way to hand files in configmaps to a service and keep them updated during runtime.
+## How?
+Run the container created by this repo together with your application in an single pod with a shared volume. Specify which label should be monitored and where the files should be stored.
+By adding additional env variables the container can send an HTTP request to specified URL.
+## Features
+- Extract files from config maps
+- Filter based on label
+- Update/Delete on change of configmap
+- Enforce unique filenames
+## Usage
+Example for a simple deployment can be found in [`example.yaml`](./example.yaml). Depending on the cluster setup you have to grant yourself admin rights first: `kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin   --user $(gcloud config get-value account)`
+One can override the default directory that files are copied into using a configmap annotation defined by the environment variable "FOLDER_ANNOTATION" (if not present it will default to "k8s-sidecar-target-directory"). The sidecar will attempt to create directories defined by configmaps if they are not present. Example configmap annotation:
+  `k8s-sidecar-target-directory: "/path/to/target/directory"`
+If the filename ends with `.url` suffix, the content will be processed as an URL the target file will be downloaded and used as the content file.
+## Configuration Environment Variables
+- `LABEL`
+  - description: Label that should be used for filtering
+  - required: true
+  - type: string
+- `LABEL_VALUE`
+  - description: The value for the label you want to filter your resources on. Don't set a value to filter by any value
+  - required: false
+  - type: string
+- `FOLDER`
+  - description: Folder where the files should be placed
+  - required: true
+  - type: string
+- `FOLDER_ANNOTATION`
+  - description: The annotation the sidecar will look for in configmaps to override the destination folder for files, defaults to "k8s-sidecar-target-directory"
+  - required: false
+  - type: string
+- `NAMESPACE`
+  - description: If specified, the sidecar will search for config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify `ALL` to search in all namespaces.
+  - required: false
+  - type: string
+- `RESOURCE`
+  - description: Resouce type, which is monitored by the sidecar. Options: configmap (default), secret, both
+  - required: false
+  - default: configmap
+  - type: string
+- `METHOD`
+  - description: If `METHOD` is set with `LIST`, the sidecar will just list config-maps and exit. With `SLEEP` it will list all config-maps, then sleep for `SLEEP_TIME` seconds. Default is watch.
+  - required: false
+  - type: string
+- `SLEEP_TIME`
+  - description: How many seconds to wait before updating config-maps when using `SLEEP` method.
+  - required: false
+  - default: 60
+  - type: integer
+- `REQ_URL`
+  - description: URL to which send a request after a configmap got reloaded
+  - required: false
+  - type: URI
+- `REQ_USERNAME`
+  - description: Username to use for basic authentication
+  - required: false
+  - type: string
+- `REQ_METHOD`
+  - description: Request method GET(default) or POST
+  - required: false
+  - type: string
+- `REQ_PAYLOAD`
+  - description: If you use POST you can also provide json payload
+  - required: false
+  - type: json
+- `REQ_PASSWORD`
+  - description: Password to use for basic authentication
+  - required: false
+  - type: string
+- `REQ_RETRY_TOTAL`
+  - description: Total number of retries to allow
+  - required: false
+  - default: 5
+  - type: integer
+- `REQ_RETRY_CONNECT`
+  - description: How many connection-related errors to retry on
+  - required: false
+  - default: 5
+  - type: integer
+- `REQ_RETRY_READ`
+  - description: How many times to retry on read errors
+  - required: false
+  - default: 5
+  - type: integer
+- `REQ_RETRY_BACKOFF_FACTOR`
+  - description: A backoff factor to apply between attempts after the second try
+  - required: false
+  - default: 0.2
+  - type: float
+- `REQ_TIMEOUT`
+  - description: How many seconds to wait for the server to send data before giving up
+  - required: false
+  - default: 10
+  - type: float
+- `ERROR_THROTTLE_SLEEP`
+  - description: How many seconds to wait before watching resources again when an error occurs
+  - required: false
+  - default: 5
+  - type: integer
+- `SKIP_TLS_VERIFY`
+  - description: Set to true to skip tls verification for kube api calls
+  - required: false
+  - type: boolean
+- `UNIQUE_FILENAMES`
+  - description: Set to true to produce unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces.
+  - required: false
+  - default: false
+  - type: boolean
+- `DEFAULT_FILE_MODE`
+  - description: The default file system permission for every file. Use three digits (e.g. '500', '440', ...)
+  - required: false
+  - type: string
--- a/download.yaml
+++ b/download.yaml
+resources:
+  - url: "docker://docker.io/kiwigrid/k8s-sidecar@sha256:2110aac25e4ab8c8a1fb5ead821406cb7de5861ab164296b4606f0215ab2275a"
+    tag: "kiwigrid/k8s-sidecar:1.3.0"
--- a/renovate.json
+++ b/renovate.json
+{
+  "assignees": ["@vickie.shen"],
+  "baseBranches": ["development"],
+  "regexManagers": [
+    {
+      "fileMatch": ["^Dockerfile$"],
+      "matchStrings": [
+        "version=\"(?<currentValue>.*?)\""
+      ],
+      "depNameTemplate": "kiwigrid/k8s-sidecar",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "fileMatch": ["^Jenkinsfile$"],
+      "matchStrings": [
+        "version:\\s+\"(?<currentValue>.*?)\""
+      ],
+      "depNameTemplate": "kiwigrid/k8s-sidecar",
+      "datasourceTemplate": "docker"
+    }
+  ]
+}
--- a/scripts/requirements.txt
+++ b/scripts/requirements.txt
+kubernetes==12.0.0
+requests==2.24.0