Narrenschiff
Open Source Configuration Management Tool for Kubernetes
Every good story starts with pip install
Install
Make a root project directory which will contain all the configuration for your cluster.
$ mkdir infrastructure
$ cd infrastructure
$ pip install narrenschiff
Initialize a project and encrypt a secret
A root project is collection of smaller course projects which contain either simple app configs, workflows, or even a complex set of templated manifests. You can also easily encrypt strings and files. All sensitive information in Helm’s values.yaml
override is now under the lock.
$ narrenschiff dock \
--autogenerate \
--location postgres/
$ narrenschiff chest stash \
--treasure postgresPassword \
--value "Password123!" \
--location postgres/
Turn your manifests into templates
Power up Kubernetes manifests with Jinja templating language. You can easily add cleartext variables, or even encrypted string to them. Now you can commit Kubernetes Secret
to the infrastructure repo without having to worry about secrets leaking. All secrets and files are encrypted using password and salt for better security. Even your execution workflows (i.e. Narrenschiff courses) can be turned into templates.
$ mkdir postgres/files/
$ cat > postgres/files/secret.yaml << EOF
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: postgres
data:
POSTGRES_PASSWORD: "{{ postgresPassword | b64enc }}"
EOF
Document your workflow
In Narrenschiff courses are YAML files in which you write your workflows. Courses should be idempotent, self-documenting infrastructure as code. They are collection of tasks which correspond to the commands which you would actually execute using kubectl
, helm
, or gcloud
. Courses are also templated, so you can reuse your variables and secrets. If you need to repeat a task several time, simply use for
loop with Jinja!
$ cat > postgres/course.yaml << EOF
---
- name: Add secret to default namespace
kubectl:
command: apply
args:
filename:
- secret.yaml
namespace: "default"
EOF
Apply changes to the cluster
Set sail. Deploy!
$ narrenschiff sail \
--set-course postgres/course.yaml
Features
Encryption
If you need to source control your Secrets and sensitive values.yaml files Narrenschiff gives you an easy way to encrypt them
Infrastructure as Code
No more bash scripting for your Cluster, use simple YAML files to write down sequential tasks, and document your infrastructure as you go
Templates
With the help of Jinja templating language you can easily customize your manifests, and even the Narrenschiff courses – apply DRY to your infrastructure configuration also
Kubernetes
Instead of manually executing kubectl and kustomize, or scripting them with bash, write Narrenschiff courses to document your infrastructure
Helm
With the helm module you can deploy your packaged apps, and enjoy full encryption of values.yaml file using Narrenschiff’s secretmaps
GCP
Orchestrate your cluster easily and in source controlled manner – Narrenschiff offers gcloud module to help you with automation of your workflows
But... Why?
It is really easy to encrypt values.yaml
containing sensitive information, or to template your manifests. You can even use kustomize's secretGenerator
in Narrenschiff. Although we consider the encrypted strings and files to be the most powerful features of Narrenschiff, it's also a "procedural/declarative task executor" or whatever you want to call it (it's YAML instead of a bash script - come to think of it, we should also have an acronym for that - YIOB - it just rolls off the tongue). So this is one more reason to use it. It's a Kubernetes configuration management tool for small businesses that were insane enough to start with Kubernetes in the first place.