0.5.1

Read 0.5.0-rc.1 notes for major additions (approvals.

Since quite some time passed since the last release and considering few minor things added to the release candidate, it made sense to bump the version to 0.5.1.

Added:

• New environment variable SLACK_APPROVALS_CHANNEL for approvals, example use: SLACK_APPROVALS_CHANNEL=approvals.
• RBAC - huge thanks to @Anthony25 and @rimusz for reviewing!

Fixed:

• Minor fix in helm provider, thanks @azhi !
• From 0.5.0-rc.1 but worth to mention, .dockercfg secret format parsing.

Updated:

• Repository moved to keel-hq organisation.
• Go version bump
• Slightly refactored Dockerfile

0.5.0-rc.1

Added:

• Approvals (more info below)
• Ability to set notification levels via NOTIFICATION_LEVEL env variable, available levels: debug, info, success, warn, error, fatal (#101)
• Support for dockerconfigjson format secrets (#100, #104)

Approvals integration, features:

• no breaking api changes - existing Keel configuration is fine, nothing changes
• non-blocking - multiple deployments/helm releases can be queued for approvals, the ones without specified approvals will be auto updated.
• extensible - current implementation focuses on Slack but additional approval collection mechanisms are trivial to implement.
• out of the box Slack integration - the only needed Keel configuration is Slack auth token, Keel will start requesting approvals and users will be able to approve.
• stateful - uses https://github.com/rusenask/k8s-kv for persistence so even after updating itself (restarting) it will retain existing info.
• self cleaning - expired approvals will be removed after deadline is exceeded.

Enabling approvals

Approvals are enabled by default but currently there is only one way to approve/reject updates:

• Slack - commands like keel get approvals, keel approve <identifier>, keel reject <identifier> lets users to vote for updates. Make sure you have set export SLACK_TOKEN=<your slack token here> environment variable for Keel deployment.

You can also view pending/rejected/approved update request on http://localhost:9300/v1/approvalsKeel endpoint (make sure you have service exported). Example response:

[
	{
		"provider": "helm",
		"identifier": "default/wd:0.0.15",
		"event": {
			"repository": {
				"host": "",
				"name": "index.docker.io/karolisr/webhook-demo",
				"tag": "0.0.15",
				"digest": ""
			},
			"createdAt": "0001-01-01T00:00:00Z",
			"triggerName": "poll"
		},
		"message": "New image is available for release default/wd (0.0.13 -> 0.0.15).",
		"currentVersion": "0.0.13",
		"newVersion": "0.0.15",
		"votesRequired": 1,
		"deadline": "2017-09-26T09:14:54.979211563+01:00",
		"createdAt": "2017-09-26T09:14:54.980936804+01:00",
		"updatedAt": "2017-09-26T09:14:54.980936824+01:00"
	}
]

Kubernetes provider example

The only required configuration for Kubernetes deployment to enable approvals is to add keel.sh/approvals: "1" with a number (string! as the underlying type is map[string]string) of required approvals.

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata: 
  name: wd
  namespace: default
  labels: 
      name: "wd"
      keel.sh/policy: all
      keel.sh/trigger: poll      
      keel.sh/approvals: "1"

Helm provider example

To enable approvals for a Helm chart update Keel config section in values.yaml with a required number of approvals:

replicaCount: 1
image:
  repository: karolisr/webhook-demo
  tag: "0.0.13"
  pullPolicy: IfNotPresent 
service:
  name: webhookdemo
  type: ClusterIP
  externalPort: 8090
  internalPort: 8090

keel:
  # keel policy (all/major/minor/patch/force)
  policy: all
  # trigger type, defaults to events such as pubsub, webhooks
  trigger: poll
  # polling schedule
  pollSchedule: "@every 1m"
  # approvals required to proceed with an update
  approvals: 1
  # images to track and update
  images:
    - repository: image.repository
      tag: image.tag

0.4.7

Fixed:

• Missing error handling in pubsub trigger.

0.4.6

Fixed:

• Missing notifications when force policy was used.
• Cleanup, comments

0.4.5

Fixed:

• #80 - a bug in polling trigger that 'semverified' versions like 1.5 into 1.5.0. Thanks @stickycode for contribution!

0.4.4

Fixed:

• Registry client for Artifactory

0.4.3

Added:

Private registry support when secrets are created through:

kubectl create secret docker-registry myregistrykey --docker-server=https://index.docker.io/v1/ --docker-username=<user> --docker-password=<pass> --docker-email=<email>

For Kubernetes provider - nothing is needed to be done from user (except adding secret to either deployment pod spec or binding to your account).

For Helm provider, make sure it has standard labels of app and release, Keel is using them to identify particular pods that belong to each Helm release:

  labels:
    app: {{ template "name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }

Fixed:
A problem with non semver tags, ie: myimage:50 being replaced to myimage:50.0.0

0.4.2

Fixed:

• When running multiple clusters in the same project - create separate pubsub subscriptions with cluster metadata

0.4.1

Fixed:

• Helm update timeout increased to 300 seconds (from 30s)

0.4.0

Added:

• New Helm provider: https://keel.sh/user-guide/providers/#helm
• Quay webhooks support: https://keel.sh/user-guide/triggers/#quay-webhooks

Changed:

• Polling trigger enabled by default for your Keel installation (you still need to specify trigger: poll for your deployments or helm releases).