kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-06-13 18:10:59 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

update docs site

Browse Source
This commit is contained in:
Phillip Wittrock
2020-11-11 08:30:00 -08:00
parent 71b763888c
commit afff3ce5ab
49 changed files with 197 additions and 7846 deletions
Download Patch File Download Diff File Expand all files Collapse all files

497
docs/guides/plugins/gopluginguidedexample/index.html
View File

@@ -25,12 +25,12 @@
" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https://kubernetes-sigs.github.io/kustomize/guides/plugins/gopluginguidedexample/" />
<meta property="article:modified_time" content="2020-11-04T11:15:40-08:00" /><meta property="og:site_name" content="Kustomize" />
<meta property="article:modified_time" content="2020-11-11T08:29:43-08:00" /><meta property="og:site_name" content="Kustomize" />
<meta itemprop="name" content="Go plugin example">
<meta itemprop="description" content="Go plugin example
">
<meta itemprop="dateModified" content="2020-11-04T11:15:40-08:00" />
<meta itemprop="wordCount" content="1057">
<meta itemprop="dateModified" content="2020-11-11T08:29:43-08:00" />
<meta itemprop="wordCount" content="3">
@@ -310,236 +310,6 @@
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">Command Line Options</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmd">
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/build/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">build</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdbuild">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/cfg/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">cfg</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdcfg">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/create/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">create</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdcreate">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/edit/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">edit</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdedit">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/fn/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">fn</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdfn">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/help/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">help</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdhelp">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/install-completion/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">install-completion</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdinstall-completion">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/live/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">live</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdlive">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/cmd/version/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">version</a>
</li>
<ul>
<li class="collapse " id="kustomizeguidescmdversion">
</li>
</ul>
</ul>
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/guides/components/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">Kustomize Components</a>
@@ -593,34 +363,6 @@
<nav id="TableOfContents">
<ul>
<li>
<ul>
<li></li>
</ul>
</li>
<li><a href="#make-a-place-to-work">Make a place to work</a></li>
<li><a href="#install-kustomize">Install kustomize</a></li>
<li><a href="#make-a-home-for-plugins">Make a home for plugins</a>
<ul>
<li><a href="#what-apiversion-and-kind">What apiVersion and kind</a></li>
<li><a href="#define-the-plugins-home-dir">Define the plugin&rsquo;s home dir</a></li>
<li><a href="#download-the-sopsencodedsecrets-plugin">Download the SopsEncodedSecrets plugin</a></li>
<li><a href="#try-the-plugins-own-test">Try the plugin&rsquo;s own test</a></li>
</ul>
</li>
<li><a href="#create-a-kustomization">Create a kustomization</a>
<ul>
<li><a href="#assure-you-have-an-encryption-tool-installed">Assure you have an encryption tool installed</a></li>
<li><a href="#install-sops">Install <code>sops</code></a></li>
<li><a href="#create-data-encrypted-with-your-private-key">Create data encrypted with your private key</a></li>
</ul>
</li>
<li><a href="#build-your-app-using-the-plugin">Build your app, using the plugin</a></li>
</ul>
</nav>
</div>
@@ -667,240 +409,11 @@
<h1>Go plugin example</h1>
<div class="lead">Go plugin example</div>
<meta http-equiv="refresh" content="0; url=https://kubectl.docs.kubernetes.io/guides/extending_kustomize/gopluginguidedexample" />
<h1 id="go-plugin-guided-example-for-linux">Go Plugin Guided Example for Linux</h1>
<p>This is a (no reading allowed!) 60 second copy/paste guided
example.</p>
<p>Full plugin docs <a href="README.md">here</a>.
Be sure to read the <a href="goPluginCaveats.md">Go plugin caveats</a>.</p>
<p>This demo uses a Go plugin, <code>SopsEncodedSecrets</code>,
that lives in the <a href="https://github.com/monopole/sopsencodedsecrets">sopsencodedsecrets repository</a>.
This is an inprocess <a href="https://golang.org/pkg/plugin">Go plugin</a>, not an
sub-process exec plugin that happens to be written
in Go (which is another option for Go authors).</p>
<p>This is a guide to try it without damaging your
current setup.</p>
<h4 id="requirements">requirements</h4>
<ul>
<li>linux, git, curl, Go 1.13</li>
</ul>
<p>For encryption</p>
<ul>
<li>gpg</li>
</ul>
<p>Or</p>
<ul>
<li>Google cloud (gcloud) install</li>
<li>a Google account with KMS permission</li>
</ul>
<h2 id="make-a-place-to-work">Make a place to work</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Keeping these separate to avoid cluttering the DEMO dir.</span>
<span style="color:#000">DEMO</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>mktemp -d<span style="color:#204a87;font-weight:bold">)</span>
<span style="color:#000">tmpGoPath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>mktemp -d<span style="color:#204a87;font-weight:bold">)</span>
</code></pre></div><h2 id="install-kustomize">Install kustomize</h2>
<p>Need v3.0.0 for what follows, and you must <em>compile</em>
it (not download the binary from the release page):</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">GOPATH</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$tmpGoPath</span> go install sigs.k8s.io/kustomize/kustomize
</code></pre></div><h2 id="make-a-home-for-plugins">Make a home for plugins</h2>
<p>A kustomize plugin is fully determined by
its configuration file and source code.</p>
<p>Kustomize plugin configuration files are formatted
as kubernetes resource objects, meaning
<code>apiVersion</code>, <code>kind</code> and <code>metadata</code> are <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#required-fields">required
fields</a> in these config files.</p>
<p>The kustomize program reads the config file
(because the config file name appears in the
<code>generators</code> or <code>transformers</code> field in the
kustomization file), then locates the Go plugin&rsquo;s
object code at the following location:</p>
<blockquote>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">$XDG_CONFIG_HOME</span>/kustomize/plugin/<span style="color:#000">$apiVersion</span>/<span style="color:#000">$lKind</span>/<span style="color:#000">$kind</span>.so
</code></pre></div></blockquote>
<p>where <code>lKind</code> holds the lowercased kind. The
plugin is then loaded and fed its config, and the
plugin&rsquo;s output becomes part of the overall
<code>kustomize build</code> process.</p>
<p>The same plugin might be used multiple times in
one kustomize build, but with different config
files. Also, kustomize might customize config
data before sending it to the plugin, for whatever
reason. For these reasons, kustomize owns the
mapping between plugins and config data; it&rsquo;s not
left to plugins to find their own config.</p>
<p>This demo will house the plugin it uses at the
ephemeral directory</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">PLUGIN_ROOT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$DEMO</span>/kustomize/plugin
</code></pre></div><p>and ephemerally set <code>XDG_CONFIG_HOME</code> on a command
line below.</p>
<h3 id="what-apiversion-and-kind">What apiVersion and kind</h3>
<p>At this stage in the development of kustomize
plugins, plugin code doesn&rsquo;t know or care what
<code>apiVersion</code> or <code>kind</code> appears in the config file
sent to it.</p>
<p>The plugin could check these fields, but it&rsquo;s the
remaining fields that provide actual configuration
data, and at this point the successful parsing of
these other fields are the only thing that matters
to a plugin.</p>
<p>This demo uses a plugin called <em>SopsEncodedSecrets</em>,
and it lives in the <a href="https://github.com/monopole/sopsencodedsecrets">SopsEncodedSecrets repository</a>.</p>
<p>Somewhat arbitrarily, we&rsquo;ll chose to install
this plugin with</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">apiVersion</span><span style="color:#ce5c00;font-weight:bold">=</span>mygenerators
<span style="color:#000">kind</span><span style="color:#ce5c00;font-weight:bold">=</span>SopsEncodedSecrets
</code></pre></div><h3 id="define-the-plugins-home-dir">Define the plugin&rsquo;s home dir</h3>
<p>By convention, the ultimate home of the plugin
code and supplemental data, tests, documentation,
etc. is the lowercase form of its kind.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">lKind</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span><span style="color:#204a87">echo</span> <span style="color:#000">$kind</span> <span style="color:#000;font-weight:bold">|</span> awk <span style="color:#4e9a06">&#39;{print tolower($0)}&#39;</span><span style="color:#204a87;font-weight:bold">)</span>
</code></pre></div><h3 id="download-the-sopsencodedsecrets-plugin">Download the SopsEncodedSecrets plugin</h3>
<p>In this case, the repo name matches the lowercase
kind already, so we just clone the repo and get
the proper directory name automatically:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">mkdir -p <span style="color:#000">$PLUGIN_ROOT</span>/<span style="color:#4e9a06">${</span><span style="color:#000">apiVersion</span><span style="color:#4e9a06">}</span>
<span style="color:#204a87">cd</span> <span style="color:#000">$PLUGIN_ROOT</span>/<span style="color:#4e9a06">${</span><span style="color:#000">apiVersion</span><span style="color:#4e9a06">}</span>
git clone git@github.com:monopole/sopsencodedsecrets.git
</code></pre></div><p>Remember this directory:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">MY_PLUGIN_DIR</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$PLUGIN_ROOT</span>/<span style="color:#4e9a06">${</span><span style="color:#000">apiVersion</span><span style="color:#4e9a06">}</span>/<span style="color:#4e9a06">${</span><span style="color:#000">lKind</span><span style="color:#4e9a06">}</span>
</code></pre></div><h3 id="try-the-plugins-own-test">Try the plugin&rsquo;s own test</h3>
<p>Plugins may come with their own tests.
This one does, and it hopefully passes:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#204a87">cd</span> <span style="color:#000">$MY_PLUGIN_DIR</span>
go <span style="color:#204a87">test</span> SopsEncodedSecrets_test.go
</code></pre></div><p>Build the object code for use by kustomize:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#204a87">cd</span> <span style="color:#000">$MY_PLUGIN_DIR</span>
<span style="color:#000">GOPATH</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$tmpGoPath</span> go build -buildmode plugin -o <span style="color:#4e9a06">${</span><span style="color:#000">kind</span><span style="color:#4e9a06">}</span>.so <span style="color:#4e9a06">${</span><span style="color:#000">kind</span><span style="color:#4e9a06">}</span>.go
</code></pre></div><p>This step may succeed, but kustomize might
ultimately fail to load the plugin because of
dependency <a href="/docs/plugins/README.md#caveats">skew</a>.</p>
<p>On load failure</p>
<ul>
<li>
<p>be sure to build the plugin with the same
version of Go (<em>go1.13</em>) on the same <code>$GOOS</code>
(<em>linux</em>) and <code>$GOARCH</code> (<em>amd64</em>) used to build
the kustomize being <a href="#install-kustomize">used in this demo</a>.</p>
</li>
<li>
<p>change the plugin&rsquo;s dependencies in its <code>go.mod</code>
to match the versions used by kustomize (check
kustomize&rsquo;s <code>go.mod</code> used in its tagged commit).</p>
</li>
</ul>
<p>Lacking tools and metadata to allow this to be
automated, there won&rsquo;t be a Go plugin ecosystem.</p>
<p>Kustomize has adopted a Go plugin architecture as
to ease accept new generators and transformers
(just write a plugin), and to be sure that native
operations (also constructed and tested as
plugins) are compartmentalized, orderable and
reusable instead of bizarrely woven throughout the
code as a individual special cases.</p>
<h2 id="create-a-kustomization">Create a kustomization</h2>
<p>Make a kustomization directory to
hold all your config:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">MYAPP</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$DEMO</span>/myapp
mkdir -p <span style="color:#000">$MYAPP</span>
</code></pre></div><p>Make a config file for the SopsEncodedSecrets plugin.</p>
<p>Its <code>apiVersion</code> and <code>kind</code> allow the plugin to be
found:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">cat <span style="color:#4e9a06">&lt;&lt;EOF &gt;$MYAPP/secGenerator.yaml
</span><span style="color:#4e9a06">apiVersion: ${apiVersion}
</span><span style="color:#4e9a06">kind: ${kind}
</span><span style="color:#4e9a06">metadata:
</span><span style="color:#4e9a06"> name: mySecretGenerator
</span><span style="color:#4e9a06">name: forbiddenValues
</span><span style="color:#4e9a06">namespace: production
</span><span style="color:#4e9a06">file: myEncryptedData.yaml
</span><span style="color:#4e9a06">keys:
</span><span style="color:#4e9a06">- ROCKET
</span><span style="color:#4e9a06">- CAR
</span><span style="color:#4e9a06">EOF</span>
</code></pre></div><p>This plugin expects to find more data in
<code>myEncryptedData.yaml</code>; we&rsquo;ll get to that shortly.</p>
<p>Make a kustomization file referencing the plugin
config:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">cat <span style="color:#4e9a06">&lt;&lt;EOF &gt;$MYAPP/kustomization.yaml
</span><span style="color:#4e9a06">commonLabels:
</span><span style="color:#4e9a06"> app: hello
</span><span style="color:#4e9a06">generators:
</span><span style="color:#4e9a06">- secGenerator.yaml
</span><span style="color:#4e9a06">EOF</span>
</code></pre></div><p>Now generate the real encrypted data.</p>
<h3 id="assure-you-have-an-encryption-tool-installed">Assure you have an encryption tool installed</h3>
<p>We&rsquo;re going to use <a href="https://github.com/mozilla/sops">sops</a> to encode a file. Choose either GPG or Google Cloud KMS as the secret provider to continue.</p>
<h4 id="gpg">GPG</h4>
<p>Try this:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gpg --list-keys
</code></pre></div><p>If it returns a list, presumably you&rsquo;ve already created keys. If not, try import test keys from sops for dev.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">curl https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc <span style="color:#000;font-weight:bold">|</span> gpg --import
<span style="color:#000">SOPS_PGP_FP</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A&#34;</span>
</code></pre></div><h4 id="google-cloude-kms">Google Cloude KMS</h4>
<p>Try this:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud kms keys list --location global --keyring sops
</code></pre></div><p>If it succeeds, presumably you&rsquo;ve already created keys and placed them in a keyring called sops. If not, do this:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud kms keyrings create sops --location global
gcloud kms keys create sops-key --location global <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> --keyring sops --purpose encryption
</code></pre></div><p>Extract your keyLocation for use below:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">keyLocation</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span><span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> gcloud kms keys list --location global --keyring sops <span style="color:#000;font-weight:bold">|</span><span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> grep GOOGLE <span style="color:#000;font-weight:bold">|</span> cut -d <span style="color:#4e9a06">&#34; &#34;</span> -f1<span style="color:#204a87;font-weight:bold">)</span>
<span style="color:#204a87">echo</span> <span style="color:#000">$keyLocation</span>
</code></pre></div><h3 id="install-sops">Install <code>sops</code></h3>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">GOPATH</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$tmpGoPath</span> go install go.mozilla.org/sops/cmd/sops
</code></pre></div><h3 id="create-data-encrypted-with-your-private-key">Create data encrypted with your private key</h3>
<p>Create raw data to encrypt:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">cat <span style="color:#4e9a06">&lt;&lt;EOF &gt;$MYAPP/myClearData.yaml
</span><span style="color:#4e9a06">VEGETABLE: carrot
</span><span style="color:#4e9a06">ROCKET: saturn-v
</span><span style="color:#4e9a06">FRUIT: apple
</span><span style="color:#4e9a06">CAR: dymaxion
</span><span style="color:#4e9a06">EOF</span>
</code></pre></div><p>Encrypt the data into file the plugin wants to read:</p>
<p>With PGP</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">$tmpGoPath</span>/bin/sops --encrypt <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> --pgp <span style="color:#000">$SOPS_PGP_FP</span> <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> <span style="color:#000">$MYAPP</span>/myClearData.yaml &gt;<span style="color:#000">$MYAPP</span>/myEncryptedData.yaml
</code></pre></div><p>Or GCP KMS</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">$tmpGoPath</span>/bin/sops --encrypt <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> --gcp-kms <span style="color:#000">$keyLocation</span> <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> <span style="color:#000">$MYAPP</span>/myClearData.yaml &gt;<span style="color:#000">$MYAPP</span>/myEncryptedData.yaml
</code></pre></div><p>Review the files</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">tree <span style="color:#000">$DEMO</span>
</code></pre></div><p>This should look something like:</p>
<blockquote>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">/tmp/tmp.0kIE9VclPt
├── kustomize
│   └── plugin
│   └── mygenerators
│   └── sopsencodedsecrets
│   ├── go.mod
│   ├── go.sum
│   ├── LICENSE
│   ├── README.md
│   ├── SopsEncodedSecrets.go
│   ├── SopsEncodedSecrets.so
│   └── SopsEncodedSecrets_test.go
└── myapp
├── kustomization.yaml
├── myClearData.yaml
├── myEncryptedData.yaml
└── secGenerator.yaml
</code></pre></div></blockquote>
<h2 id="build-your-app-using-the-plugin">Build your app, using the plugin</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">XDG_CONFIG_HOME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$DEMO</span> <span style="color:#000">$tmpGoPath</span>/bin/kustomize build --enable_alpha_plugins <span style="color:#000">$MYAPP</span>
</code></pre></div><p>This should emit a kubernetes secret, with
encrypted data for the names <code>ROCKET</code> and <code>CAR</code>.</p>
<p>Above, if you had set</p>
<blockquote>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">PLUGIN_ROOT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$HOME</span>/.config/kustomize/plugin
</code></pre></div></blockquote>
<p>there would be no need to use <code>XDG_CONFIG_HOME</code> in the
<em>kustomize</em> command above.</p>
<p>Moved to <a href="https://github.com/kubernetes-sigs/cli-experimental">https://github.com/kubernetes-sigs/cli-experimental</a></p>
<div class="text-muted mt-5 pt-3 border-top">Last modified November 4, 2020: <a href="https://github.com/kubernetes-sigs/kustomize/commit/0834e152b203ffeccfbbf1ddd3c1f49debdac341">Redirect kustomize docs to the new unified site. (0834e152)</a>
<div class="text-muted mt-5 pt-3 border-top">Last modified November 11, 2020: <a href="https://github.com/kubernetes-sigs/kustomize/commit/71b763888cad614abb44b3086e291fe72d601080">Remove duplicate kustomize docs content (71b76388)</a>
</div>
</div>