public_git
/
helmfile
mirror of https://github.com/helmfile/helmfile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat: Environment Secrets (#274) 

Resolves #255
This commit is contained in:
KUOKA Yusuke 2018-09-02 21:07:35 +09:00 committed by GitHub
parent 98617f78e3
commit 046281c70f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -435,6 +435,34 @@ domain: {{ .Environment.Values.domain | default "dev.example.com" }}
`helmfile sync` installs `myapp` with the value `domain=dev.example.com`, `helmfile sync` installs `myapp` with the value `domain=dev.example.com`,
whereas `helmfile --environment production sync` installs the app with the value `domain=production.example.com`. whereas `helmfile --environment production sync` installs the app with the value `domain=production.example.com`.
## Environment Secrets
Environment Secrets are encrypted versions of `Environment Values`.
You can list any number of `secrets.yaml` files created using `helm secrets` or `sops`, so that
helmfile could automatically decrypt and merge the secrets into the environment values.
Suppose you have environment secrets defined in `hemlfile.yaml`:
```yaml
environments:
production:
secrets:
- environments/produdction/secrets.yaml
releases:
- name: myapp
chart: mychart
values:
- values.yaml.gotmpl
```
an environment secret `foo.bar` can be referenced by the below template expression in your `values.yaml.gotmpl`:
```yaml
{{ .Values.foo.bar }
```
## Separating helmfile.yaml into multiple independent files ## Separating helmfile.yaml into multiple independent files
Once your `helmfile.yaml` got to contain too many releases, Once your `helmfile.yaml` got to contain too many releases,

28
state/create.go
View File

@ -4,10 +4,12 @@ import (
"fmt" "fmt"
"github.com/imdario/mergo" "github.com/imdario/mergo"
"github.com/roboll/helmfile/environment" "github.com/roboll/helmfile/environment"
"github.com/roboll/helmfile/helmexec"
"github.com/roboll/helmfile/valuesfile" "github.com/roboll/helmfile/valuesfile"
"go.uber.org/zap" "go.uber.org/zap"
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
"io/ioutil" "io/ioutil"
"os"
"path/filepath" "path/filepath"
) )
@ -63,6 +65,32 @@ func (state *HelmState) loadEnv(name string, readFile func(string) ([]byte, erro
return nil, fmt.Errorf("failed to load \"%s\": %v", envvalFile, err) return nil, fmt.Errorf("failed to load \"%s\": %v", envvalFile, err)
} }
} }
if len(envSpec.Secrets) > 0 {
helm := helmexec.New(state.logger, "")
for _, secFile := range envSpec.Secrets {
path := filepath.Join(state.basePath, secFile)
if _, err := os.Stat(path); os.IsNotExist(err) {
return nil, err
}
decFile, err := helm.DecryptSecret(path)
if err != nil {
return nil, err
}
bytes, err := readFile(decFile)
if err != nil {
return nil, fmt.Errorf("failed to load environment secrets file \"%s\": %v", secFile, err)
}
m := map[string]interface{}{}
if err := yaml.Unmarshal(bytes, &m); err != nil {
return nil, fmt.Errorf("failed to load environment secrets file \"%s\": %v", secFile, err)
}
if err := mergo.Merge(&envVals, &m, mergo.WithOverride); err != nil {
return nil, fmt.Errorf("failed to load \"%s\": %v", secFile, err)
}
}
}
} else if name != DefaultEnv { } else if name != DefaultEnv {
return nil, fmt.Errorf("environment \"%s\" is not defined in \"%s\"", name, state.FilePath) return nil, fmt.Errorf("environment \"%s\" is not defined in \"%s\"", name, state.FilePath)
} }

1
state/environment.go
View File

@ -2,4 +2,5 @@ package state
type EnvironmentSpec struct { type EnvironmentSpec struct {
Values []string `yaml:"values"` Values []string `yaml:"values"`
Secrets []string `yaml:"secrets"`
} }