public_git
/
helmfile
mirror of https://github.com/helmfile/helmfile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Support client certs when accessing remote repos (#47) 

This is important for deployments where the chart repo is protected by client cert validation.

helmfile.yaml is extended to support `certFile` and `keyFile`:

```
 repositories:
   - name: roboll
     url: http://roboll.io/charts
    certFile: optional_client_cert
    keyFile: optional_client_key
```

Everything works the same if you don't provide values for them.

Regarding the implementation, the "helm repo add" command already supports the cert-file and key-file values, so we just have to pass them through.
This commit is contained in:
Greg Burton 2018-03-10 05:16:31 -08:00 committed by KUOKA Yusuke
parent e4961a8c34
commit 1ad426b338
4 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -20,6 +20,8 @@ The default helmfile is `helmfile.yaml`:
repositories: repositories:
- name: roboll - name: roboll
url: http://roboll.io/charts url: http://roboll.io/charts
certFile: optional_client_cert
keyFile: optional_client_key
context: kube-context # kube-context (--kube-context) context: kube-context # kube-context (--kube-context)

9
helmexec/exec.go
View File

@ -30,8 +30,13 @@ func (helm *execer) SetExtraArgs(args ...string) {
helm.extra = args helm.extra = args
} }
func (helm *execer) AddRepo(name, repository string) error { func (helm *execer) AddRepo(name, repository, certfile, keyfile string) error {
out, err := helm.exec("repo", "add", name, repository) var args []string
args = append(args, "repo", "add", name, repository)
if certfile != "" && keyfile != "" {
args = append(args, "--cert-file", certfile, "--key-file", keyfile)
}
out, err := helm.exec(args...)
if helm.writer != nil { if helm.writer != nil {
helm.writer.Write(out) helm.writer.Write(out)
} }

2
helmexec/helmexec.go
View File

@ -3,7 +3,7 @@ package helmexec
type Interface interface { type Interface interface {
SetExtraArgs(args ...string) SetExtraArgs(args ...string)
AddRepo(name, repository string) error AddRepo(name, repository, certfile, keyfile string) error
UpdateRepo() error UpdateRepo() error
SyncRelease(name, chart string, flags ...string) error SyncRelease(name, chart string, flags ...string) error

4
state/state.go
View File

@ -31,6 +31,8 @@ type HelmState struct {
type RepositorySpec struct { type RepositorySpec struct {
Name string `yaml:"name"` Name string `yaml:"name"`
URL string `yaml:"url"` URL string `yaml:"url"`
CertFile string `yaml:"certFile"`
KeyFile string `yaml:"keyFile"`
} }
type ReleaseSpec struct { type ReleaseSpec struct {
@ -127,7 +129,7 @@ func (state *HelmState) SyncRepos(helm helmexec.Interface) []error {
errs := []error{} errs := []error{}
for _, repo := range state.Repositories { for _, repo := range state.Repositories {
if err := helm.AddRepo(repo.Name, repo.URL); err != nil { if err := helm.AddRepo(repo.Name, repo.URL, repo.CertFile, repo.KeyFile); err != nil {
errs = append(errs, err) errs = append(errs, err)
} }
} }