keel
Kubernetes Operator to automate Helm, DaemonSet, StatefulSet & Deployment updates
MPL-2.0 License
Published by rusenask almost 6 years ago
- A lot more tests (end to end)
- Webhook notifications now support proxy settings: https://github.com/keel-hq/keel/commit/c1f5512b1d77777ef4f82ce774ebf7af1e4ed026
- Got autobuild for charts.keel.sh working, thanks @rimusz !
- Further work on https://github.com/keel-hq/keel/issues/306
Published by rusenask almost 6 years ago
Added:
- Policies and trigger type (if poll) can now be specified in annotations, this unblocks:
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: wd
namespace: default
labels:
name: "wd"
annotations:
keel.sh/policy: "glob:build-*" # <- build-1, build-2, build-foo will match this.
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: wd
namespace: default
labels:
name: "wd"
annotations:
keel.sh/policy: "regexp:^([a-zA-Z]+)$"
Fixed:
- a bug in docker registry notifications handler
- a bug in helm provider where it was complaining on each helm chart that didn't have a keel config
Published by rusenask about 6 years ago
Added:
- Registry notifications support https://github.com/keel-hq/keel/issues/289 so it should work with Gitlab webhooks.
- Minor changes to enable raspberry pi build
Published by rusenask about 6 years ago
Fixed:
- Approval issues https://github.com/keel-hq/keel/issues/284
Published by rusenask about 6 years ago
Added:
- added HIPCHAT_SERVER environment variable https://github.com/keel-hq/keel/commit/3d982272fe3e3044e21f24313daf3e64ba6d5b7d thanks @schubter !
- Rollout history entries now have timestamp: https://github.com/keel-hq/keel/commit/cac5c61be2f200f13488aef48b58eac6c5a6b077, thanks @artmello !
Published by rusenask about 6 years ago
Fixed:
- getting secrets when registry address has port https://github.com/keel-hq/keel/pull/279, thanks @stickycode
- Helm chart updates, thanks @The-Loeki
- Helm provider now has matchTag just like k8s provider: https://github.com/keel-hq/keel/pull/264
Added:
New features introduced regarding how we do policies https://github.com/keel-hq/keel/issues/252 https://github.com/keel-hq/keel/issues/223.
Basically, policy is now an interface:
type Policy interface {
ShouldUpdate(current, new string) (bool, error)
Name() string
Type() PolicyType
}
Kubernetes and Helm providers were refactored into a relatively small implementations of this policy interface. For example unversioned updates (force) becomes a file with less than 20 lines of code.
Additionally, I am adding two new policies:
- Glob - based on https://github.com/ryanuber/go-glob library, provides easy to use matching, such as:
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: wd
namespace: default
labels:
name: "wd"
keel.sh/policy: "glob:build-*" # <- build-1, build-2, build-foo will match this.
- Regexp - well, regexp based matcher, for example
keel.sh/policy = regexp:^([a-zA-Z]+)$
As a user, do I have to change anything?
Not as far as I know, existing policies (patch, minor, major, all, force) were ported to the new design as is and should just continue to work.
Policy "all" now behaves differently from "major"
Since all policy was doing the same as major, we will be slightly empowering it, however it's still strictly semver policy:
1.4.5-rc1 -> 1.4.5-rc2 - will update
1.4.5-rc2 -> 1.4.5-rc1 - will not update
1.4.5-rc1 -> 1.4.5 - will update
Little change to polling trigger
Since the introduction of polling trigger, we had some code to skip updates with force policy. This was required for a scenario where multiple tags of the same image were watched by multiple deployments (for example 3 branches: dev, prod, staging). However, since then we have got "match tag" functionality, so no need for that anymore. What is more, now you can just specify a regexp or a glob to match instead of blind force.
Published by rusenask about 6 years ago
Added:
- Helm matchTag functionality https://github.com/keel-hq/keel/issues/263
Published by rusenask about 6 years ago
Added:
- Cron Job support, example (https://github.com/keel-hq/keel/pull/257):
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: hello
labels:
# force policy will ensure that deployment is updated
# even when tag is unchanged (latest remains)
keel.sh/policy: force
keel.sh/trigger: poll
annotations:
keel.sh/pollSchedule: "@every 30s"
spec:
schedule: "* * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: keelhq/cron-example:latest
restartPolicy: OnFailure
Published by rusenask about 6 years ago
Changed:
- Using in-memory cache for approvals (configmaps causing too much trouble at the moment, we should probably use CRDs for state).
Published by rusenask over 6 years ago
Added:
- Optional "release notes" for Kubernetes and Helm resources to make reviews easier. https://github.com/keel-hq/keel/issues/227
Published by rusenask over 6 years ago
Changed:
- Once approval is received and a workload is updated, deleting approval. This addresses an issue when no versioning is being used and after the initial approval, workloads would be updated due to a previously approved image. Initial investigation into digest checks reached a dead end as not all triggers provide digest. https://github.com/keel-hq/keel/issues/222
Published by rusenask over 6 years ago
Added:
- Ability to set default Docker registry authentication details to avoid secret lookup: https://github.com/keel-hq/keel/issues/226
Example value:
DOCKER_REGISTRY_CFG={"auths":{"https://index.docker.io/v1/":{"username":"login","password":"somepass","email":"[email protected]","auth":"longbase64secret"}}}
Published by rusenask over 6 years ago
Fixed:
- https://github.com/keel-hq/keel/issues/212 thanks @azr
Published by rusenask over 6 years ago
Fixed:
- Untracked images would still be watched by polling trigger https://github.com/keel-hq/keel/pull/219
- Slack approvals now work with private channels https://github.com/keel-hq/keel/pull/218
Updated:
- Keel is now installed into a specified namespace, thanks @dln
Added:
- Unversioned Helm releases can now use
image.digestchart value to force upgrade specific resource https://github.com/keel-hq/keel/pull/214, thanks @so0k
Published by rusenask over 6 years ago
Added:
- DaemonSet, StatefulSet support
- AWS ECR support
- Various prometheus metrics
Fixed:
- Approvals cache bug
Published by rusenask over 6 years ago
Fixed:
- Approvals not working due to cache bug in https://github.com/keel-hq/keel/pull/204
Published by rusenask over 6 years ago
Added:
- Caching AWS ECR tokens. https://github.com/keel-hq/keel/pull/203
Published by rusenask over 6 years ago
Added:
- AWS ECR support for polling trigger. Required environment variables (https://github.com/keel-hq/keel/pull/202):
export AWS_REGION=us-east-2
export AWS_ACCESS_KEY_ID=AKIA..
export AWS_SECRET_ACCESS_KEY=hEZ...
There were also changes like credentialshelper package addition which should make it a lot easier to add custom support for different authentication mechanisms.
Published by rusenask over 6 years ago
Fixes:
- Prometheus labels
- Uninitialised template spec annotations
Published by rusenask over 6 years ago
Added:
- Support for daemonsets, statefulsets https://github.com/keel-hq/keel/pull/192 https://github.com/keel-hq/keel/issues/68