keel

New:

• keel.sh/match-tag=true functionality for Kubernetes provider: https://github.com/keel-hq/keel/pull/191, thanks to @azr !
• Azure webhooks: https://github.com/keel-hq/keel/pull/197, thanks to @alonisser !

Added:

• Optional delay during deletion of pods when force policy is used. Thanks to @hexsprite ! https://github.com/keel-hq/keel/issues/177
• Versioned tags with metadata affect only each other, ie: 1.1.0-staging will only update deployments with version 1.0.0-staging. Thanks @azr ! https://github.com/keel-hq/keel/issues/182

Fixed:

• Memory leak in polling trigger https://github.com/keel-hq/keel/pull/178

Added:

• Initial prometheus metrics, viewable at http://keel:9300/metrics

Fixes:

• ECR issue https://github.com/keel-hq/keel/issues/173, many thanks to @cparedes for reporting and fixing it!

Added:

• Ability to set environment variable INSECURE_REGISTRY=true to skip cert verification for private registries.

Fixed:

• Issue with watchers not being setup when there was more than 1 non semver tag for the same image in the cluster https://github.com/keel-hq/keel/issues/166

New:

• rollout history:

➜  kubectl rollout history deployment/whr
deployments "whr"
REVISION  CHANGE-CAUSE
41        keel automated update version 0.10.5 -> 0.10.6

added in https://github.com/keel-hq/keel/pull/162

Fixed:

• Deprecated format for GCR pubsub is no longer in use, fixed in https://github.com/keel-hq/keel/pull/161

Fixed:

• Bug due to the approval identifier structure had to move to different API structure on approvals endpoint. Current API:

Method: POST
Endpoint: /v1/approvals

{
  "identifier": "default/myimage:1.5.5", // identifier for the approval request
  "action": "approve", // approve/reject/delete, defaults to "approve"
  "voter": "john",  
}

Fixed:

• Problem with 3rd party registries when it couldn't find manifest.
• Force update not working. Refactored Kubernetes deployer to terminate the pods if tag hasn't change which would force pull new image.

Added:

• HTTP endpoint to approve/reject/delete pending approval requests.

Added:

• Ability to configure Slack and Hipchat notification channels per deployment/chart: https://keel.sh/v1/guide/documentation.html#Overriding-default-channels-per-deployment https://github.com/keel-hq/keel/pull/146 https://github.com/keel-hq/keel/issues/142

Fixed:

• added GOOGLE_APPLICATION_CREDENTIALS to fix authentication problems, thanks @alitari

Added:

• Mattermost notification support, docs: https://keel.sh/v1/guide/documentation.html#Mattermost-notifications, PR: https://github.com/keel-hq/keel/pull/145

Updated:

• Fixes for hipchat bot integration https://github.com/keel-hq/keel/pull/138 by @glower

Updated:

• Further improvements on bot implementation, big thanks to @glower

Read 0.5.0-rc.1 notes for major additions (approvals.

Since quite some time passed since the last release and considering few minor things added to the release candidate, it made sense to bump the version to 0.5.1.

Added:

• New environment variable SLACK_APPROVALS_CHANNEL for approvals, example use: SLACK_APPROVALS_CHANNEL=approvals.
• RBAC - huge thanks to @Anthony25 and @rimusz for reviewing!

Fixed:

• Minor fix in helm provider, thanks @azhi !
• From 0.5.0-rc.1 but worth to mention, .dockercfg secret format parsing.

Updated:

• Repository moved to keel-hq organisation.
• Go version bump
• Slightly refactored Dockerfile

Added:

• Approvals (more info below)
• Ability to set notification levels via NOTIFICATION_LEVEL env variable, available levels: debug, info, success, warn, error, fatal (https://github.com/rusenask/keel/issues/101)
• Support for dockerconfigjson format secrets (https://github.com/rusenask/keel/issues/100, https://github.com/rusenask/keel/issues/104)

Approvals integration, features:

• no breaking api changes - existing Keel configuration is fine, nothing changes
• non-blocking - multiple deployments/helm releases can be queued for approvals, the ones without specified approvals will be auto updated.
• extensible - current implementation focuses on Slack but additional approval collection mechanisms are trivial to implement.
• out of the box Slack integration - the only needed Keel configuration is Slack auth token, Keel will start requesting approvals and users will be able to approve.
• stateful - uses https://github.com/rusenask/k8s-kv for persistence so even after updating itself (restarting) it will retain existing info.
• self cleaning - expired approvals will be removed after deadline is exceeded.

Enabling approvals

Approvals are enabled by default but currently there is only one way to approve/reject updates:

• Slack - commands like keel get approvals, keel approve <identifier>, keel reject <identifier> lets users to vote for updates. Make sure you have set export SLACK_TOKEN=<your slack token here> environment variable for Keel deployment.

You can also view pending/rejected/approved update request on http://localhost:9300/v1/approvalsKeel endpoint (make sure you have service exported). Example response:

[
	{
		"provider": "helm",
		"identifier": "default/wd:0.0.15",
		"event": {
			"repository": {
				"host": "",
				"name": "index.docker.io/karolisr/webhook-demo",
				"tag": "0.0.15",
				"digest": ""
			},
			"createdAt": "0001-01-01T00:00:00Z",
			"triggerName": "poll"
		},
		"message": "New image is available for release default/wd (0.0.13 -> 0.0.15).",
		"currentVersion": "0.0.13",
		"newVersion": "0.0.15",
		"votesRequired": 1,
		"deadline": "2017-09-26T09:14:54.979211563+01:00",
		"createdAt": "2017-09-26T09:14:54.980936804+01:00",
		"updatedAt": "2017-09-26T09:14:54.980936824+01:00"
	}
]

Kubernetes provider example

The only required configuration for Kubernetes deployment to enable approvals is to add keel.sh/approvals: "1" with a number (string! as the underlying type is map[string]string) of required approvals.

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata: 
  name: wd
  namespace: default
  labels: 
      name: "wd"
      keel.sh/policy: all
      keel.sh/trigger: poll      
      keel.sh/approvals: "1"

Helm provider example

To enable approvals for a Helm chart update Keel config section in values.yaml with a required number of approvals:

replicaCount: 1
image:
  repository: karolisr/webhook-demo
  tag: "0.0.13"
  pullPolicy: IfNotPresent 
service:
  name: webhookdemo
  type: ClusterIP
  externalPort: 8090
  internalPort: 8090

keel:
  # keel policy (all/major/minor/patch/force)
  policy: all
  # trigger type, defaults to events such as pubsub, webhooks
  trigger: poll
  # polling schedule
  pollSchedule: "@every 1m"
  # approvals required to proceed with an update
  approvals: 1
  # images to track and update
  images:
    - repository: image.repository
      tag: image.tag

Fixed:

• Missing error handling in pubsub trigger.

Fixed:

• Missing notifications when force policy was used.
• Cleanup, comments

Fixed:

• https://github.com/rusenask/keel/issues/80 - a bug in polling trigger that 'semverified' versions like 1.5 into 1.5.0. Thanks @stickycode for contribution!

Fixed:

• Registry client for Artifactory

Added:

Private registry support when secrets are created through:

kubectl create secret docker-registry myregistrykey --docker-server=https://index.docker.io/v1/ --docker-username=<user> --docker-password=<pass> --docker-email=<email>

For Kubernetes provider - nothing is needed to be done from user (except adding secret to either deployment pod spec or binding to your account).

For Helm provider, make sure it has standard labels of app and release, Keel is using them to identify particular pods that belong to each Helm release:

  labels:
    app: {{ template "name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }

Fixed:
A problem with non semver tags, ie: myimage:50 being replaced to myimage:50.0.0