geryon

package module

v0.0.1 Latest Latest Go to latest Published: May 19, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/urcomputeringpal/geryon

Links

Open Source Insights

README ¶

Geryon

/‘dʒɪəriən/
ge-re-on
noun

A mythological Greek monster. Like the :octocat:, it's not entirely clear how many legs Geryon had.
A GitHub App for Kubernetes clusters. Run it on your cluster to let others in your organization connect their repo to that cluster by installing the app.

Features

Namespace creation

Geryon will create a Kubernetes namespace named after each GitHub Repository it is installed on.

ImagePullCredentials for GitHub Package Registry

Namespaces created by Geryon include a Secret containing regularly-refreshed imagePullSecrets credentials to allow them to access Docker images pushed to the GitHub Package Registry. Namespaces' default ServiceAccount are also patched to refer these imagePullSecrets.

Installation

Create a new GitHub App with the following settings:
- Name: geryon-your-cluster-name-goes-here
- Homepage URL: https://example.com/
- Webhook URL: https://example.com/ (we'll come back in a minute to update if you choose to enable webhooks)
- Webhook Secret: Generate a unique secret with openssl rand -base64 32 | tee webhook-secret
- Permissions:
  - Repository metadata: Read-only
  - Packages: Read-only
Generate and download a new key for your app. Copy it to private-key.pem
Download kustomization.example.yaml and rename it to kustomization.yaml
Update the APP_ID value to reflect the numeric ID of your GitHub app
Create an Ingress resource at ingress.yaml as required by your Kubernetes provider
- See this GKE example for reference
Create a geryon namespace on your Kubernetes cluster: kubectl create ns geryon
Apply geryon to your cluster: kubectl apply -k .
Update your GitHub app's Webhook URL to the URL of your Ingress resource

Development

Create a GitHub App and generate a private key
Create .env:

PORT=8081
WEBHOOK_SECRET=asdf
APP_ID=30576
PRIVATE_KEY_FILE=geryon-dev.2019-05-12.private-key.pem
KUBECONFIG=/path/to/your/dev-cluster/.kube/config

Run the thing:

go build ./cmd/geryon && env $(cat .env | xargs) ./geryon

Documentation ¶

Overview ¶

Package geryon contains a GitHub App for Kubernetes clusters

It automatically creates namespaces for each GitHub Repository the app is installed on, and automatically syncs ImagePullSecrets for GitHub's Package Registry

Index ¶

Constants
type Config
type Geryon
- func NewGeryon(config Config) (*Geryon, error)

Constants ¶

View Source

const (
	// InstallationIDAnnotation is added to all namespaces created by geryon
	InstallationIDAnnotation = "urcomputeringpal.com/geryon-installation-id"

	// ImagePullSyncAnnotation is used to determine whether or not to sync secrets on a namespace
	ImagePullSyncAnnotation = "urcomputeringpal.com/geryon-sync-image-pull-secrets"

	// ImagePullSyncTimestampAnnotation is added to the secret and is updated when it is synced
	ImagePullSyncTimestampAnnotation = "urcomputeringpal.com/geryon-image-pull-secrets-sync-timestamp"

	// DockerSecretName is the name of the secret containing Docker credentials
	DockerSecretName = "github-package-registry"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	WebhookPort                int
	GitHubAppID                int
	GitHubAppPrivateKeyFile    string
	GithubAppWebHookSecret     string
	Kubeconfig                 string
	InstallationResyncInterval time.Duration
	NamespaceResyncInterval    time.Duration
	Threadiness                int
}

Config contains the configuration for a Geryon controller

type Geryon ¶

type Geryon struct {
	GithubAppsClient       *github.Client
	KubernetesClient       *kubernetes.Clientset
	NamespaceInformerCache cache.Store

	Config Config
	// contains filtered or unexported fields
}

Geryon is a Kubernetes controller that keeps your cluster in sync with your GitHub account. At its core, it's a GitHub Client, a Kubernetes client, a work queue, and a bunch of workers.

func NewGeryon ¶

func NewGeryon(config Config) (*Geryon, error)

NewGeryon creates a Geryon controller

func (*Geryon) ResyncInstallationNamespaces ¶

func (g *Geryon) ResyncInstallationNamespaces()

ResyncInstallationNamespaces loads a list of Installations and Repositories from GitHub and queues up a call to SyncNamespace for each. Run calls this every Config.InstallationResyncInterval

func (*Geryon) ResyncManagedNamespaces ¶

func (g *Geryon) ResyncManagedNamespaces()

ResyncManagedNamespaces loads a list of all namespaces that were created by Geryon and queues up a call to SyncNamespace for each every Config.NamespaceResyncInterval

func (*Geryon) Run ¶

func (g *Geryon) Run(stopCh <-chan struct{}) error

Run takes one stop channel and coordinates all of our various workers

func (*Geryon) SyncNamespace ¶

func (g *Geryon) SyncNamespace(nameAndInstallationID string) error

SyncNamespace ensures a Namespace exists for each Installation, and that it's default ServiceAccount has be configured with imagePullSecrets for the GitHub Package Registry

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
geryon
webhooks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL