Introduction

narrenschiff is a configuration management tool for Kubernetes inspired by Ansible. It can be used to easily source control your manifests, deployment workflows, and to encrypt secrets. In addition to encrypting secrets, it can also encrypt whole configuration files. In essence, it is a wrapper around various tools (e.g. helm, and kubectl). All tools are executed locally on the host OS.

Requirements

  • Python 3.6 or higher

  • kubectl v1.20 or higher

  • helm v3.0 or higher

  • gcloud 343.0.0 or higher

Installation

You can easily install it with pip:

pip install narrenschiff

We advise you to install it in virtualenv.

Quickstart

To install Narrenschiff in virtualenv execute:

$ mkdir infrastructure && cd infrastructure
$ git init
$ python3 -m venv env  && echo 'env' > .gitignore
$ . env/bin/activate
$ pip install narrenschiff

Initialize a course project, and encrypt a treasure:

$ narrenschiff dock --autogenerate --location postgres/
$ narrenschiff chest stash --treasure postgresPassword --value "Password123!" --location postgres/

Create a template for Secret Kubernetes resource, using encrypted treasure:

$ mkdir postgres/files/
$ cat > postgres/files/secret.yaml << EOF
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: postgres
data:
  POSTGRES_PASSWORD: "{{ postgresPassword | b64enc }}"
EOF

Create a course:

$ cat > postgres/course.yaml << EOF
---
- name: Add secret to default namespace
  kubectl:
  command: apply
  args:
    filename:
      - secret.yaml
  namespace: "default"
EOF

Deploy:

$ narrenschiff sail --set-course postgres/course.yaml

That’s it! Secret is now deployed to your cluster. Head over to General Overview to get familiar with Narrenschiff terminology, or to Getting Started to learn how to make your first project.