Deploy application on Kubernetes.

• Deploy application using manifests.
• Deploy application using kustomize.
• Manifests can contain environment variables.
• Contain security scanner for Kubernetes resources.
• Contain security scanner for docker images.

docker build \
  --build-arg VAULT_URL=<host-to-vault> \
  --build-arg VAULT_APPROLE_ID=<vault-approle-id> \ 
  --build-arg VAULT_APPROLE_SECRET=<vault-approle-secret> \ 
  --build-arg VAULT_SECRETS_PREFIX=<vault-secret-prefix> \
  -t kubedeployer \
  -f Dockerfile .

• VAULT_URL - Vault URL.
• VAULT_APPROLE_ID - the approle id allows machines or apps to authenticate with Vault-defined roles.
• VAULT_APPROLE_SECRET - approle secret.
• VAULT_SECRETS_PREFIX - template of vault-path to secret where store connection settings to Kubernetes (ex.: template/to/cluster/*/secret).

deploy:
  stage: deploy
  image: kubedeployer
  environment:
    name: development
  variables:
    KUBE_URL: $KUBERNETES_URL
    KUBE_TOKEN: $KUBERNETES_TOKEN
    KUBE_NAMESPACE: $KUBERNETES_NAMESPACE
    ENVIRONMENT: $APPLICATION_ENVIRONMENT
    MANIFEST_FOLDER: ./manifests
  script:
    - kubedeploy

# Kubernetes URL where need to deploy application.
KUBE_URL: "https://kube.local"
# Directory inside project where manifests are located.
MANIFEST_FOLDER: "./manifests"

# If the KUBECONFIG environment variable does exist, kubectl uses an effective
# configuration that is the result of merging the files listed in the KUBECONFIG
# environment variable.
KUBECONFIG: "${HOME}/.kube/config"
# Kubernetes access token.
KUBE_TOKEN: "ey3423423423dfeg34gr34..."
# Kubernetes namespace where application will be deployed by default if
# namespace not set in manifests.
KUBE_NAMESPACE: "default"
# Environments describe where code is deployed (ex.: stage, production, ..).
ENVIRONMENT: "development"
# Show manifests that will be applied.
SHOW_MANIFESTS: "False"
# Template that allows filtering docker image names for Trivy report.
TRIVY_IMAGE_TEMPLATE: "registry\.example\.com"

Kubedeployer collect directories inside which manifests will be found. Root directory are set with variable MANIFEST_FOLDER, also to use extended searching need to set value in variable ENVIRONMENT. For example:

└── applications
    └── manifests
        ├── development
        │   ├── configurations
        │   │   └── cm.yaml
        │   └── ingress.yaml
        ├── deployment.yaml
        └── svc.yaml
        
I. Found directories if MANIFEST_FOLDER set only:

    MANIFEST_FOLDER = ./manifests
    
    ./manifests

II. Found directories if MANIFEST_FOLDER and ENVIRONMENT are set
    (in current case subdirectory `production` does not  exist):

    MANIFEST_FOLDER = ./manifests
    ENVIRONMENT = production
    
    ./manifests

III. Found directories if MANIFEST_FOLDER and ENVIRONMENT are set:

    MANIFEST_FOLDER = ./manifests
    ENVIRONMENT = development

    ./manifests
    ./manifests/development
    ./manifests/development/configurations

There are next variants when Kubedeployer was found kustomization.yaml in getting directories:

1. kustomization.yaml successfully found.
2. If Kubedeployer found multiple kustomization.yaml files then will throw exception. To fix it you are need set path to directory in MANIFEST_FOLDER that contain required kustomization.yaml.
3. Kubedeployer auto create kustomization.yaml in MANIFEST_FOLER if it can't find it.

Examples:

• Project without kustomization.yaml

  └── applications
      └── manifests
          ├── development
          │   ├── cm.yaml
          │   └── ingress.yaml
          ├── production
          │   ├── cm.yaml
          │   └── ingress.yaml
          ├── deployment.yaml
          └── svc.yaml
  
  MANIFEST_FOLDER = ./manifests
  ENVIRONMENT = development
  
  Kubedeployer will create kustomization.yaml with content:
  
  ./manifests/kustomization.yaml
      resources:
      - ./manifests/deployment.yaml
      - ./manifests/svc.yaml
      - ./manifests/development/cm.yaml
      - ./manifests/development/ingress.yaml
  

• Project with kustomization.yaml

  
  └── applications
      └── manifests
          ├── base
          │   ├── kustomization.yaml
          │   ├── development.yaml
          │   └── svc.yaml
          └── overlays
              ├── development
              │   ├── kustomization.yaml
              │   ├── cm.yaml
              │   └── ingress.yaml
              └── production
                  ├── kustomization.yaml
                  ├── cm.yaml
                  └── ingress.yaml
  
  MANIFEST_FOLDER = ./manifests/overlays/development
  
  In our case, Kubedeployer will use the following file:
      ./manifests/overlays/development/kustomization.yaml
  

• Project contains error

  └── applications
      └── manifests
          ├── development
          │   ├── kustomization.yaml
          │   ├── ingress.yaml
          │   └── configurations
          │       ├── kustomization.yaml
          │       └── cm.yaml
          ├── kustomization.yaml
          ├── deployment.yaml
          └── svc.yaml
  
  MANIFEST_FOLDER = ./manifests
  ENVIRONMENT = development
  
  Kubedeployer will throw an exception after found multiple files:
      - ./manifests/kustomization.yaml
      - ./manifests/development/kustomization.yaml
      - ./manifests/development/configurations/kustomization.yaml