public_git
/
helmfile
mirror of https://github.com/helmfile/helmfile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat: Tiller configuration per release (#516) 

Resolves #486
This commit is contained in:
KUOKA Yusuke 2019-03-29 23:45:31 +09:00 committed by GitHub
parent 5f8b2e5c7f
commit f5e565ea3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 141 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -52,6 +52,14 @@ helmDefaults:
timeout: 600 timeout: 600
recreatePods: true recreatePods: true
force: true force: true
# enable TLS for request to Tiller
tls: true
# path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
tlsCACert: "path/to/ca.pem"
# path to TLS certificate file (default "$HELM_HOME/cert.pem")
tlsCert: "path/to/cert.pem"
# path to TLS key file (default "$HELM_HOME/key.pem")
tlsKey: "path/to/key.pem"
releases: releases:
# Published chart example # Published chart example
@ -101,6 +109,14 @@ releases:
installed: true installed: true
# restores previous state in case of failed release # restores previous state in case of failed release
atomic: true atomic: true
# enable TLS for request to Tiller
tls: true
# path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
tlsCACert: "path/to/ca.pem"
# path to TLS certificate file (default "$HELM_HOME/cert.pem")
tlsCert: "path/to/cert.pem"
# path to TLS key file (default "$HELM_HOME/key.pem")
tlsKey: "path/to/key.pem"
# Local chart example # Local chart example
- name: grafana # name of this release - name: grafana # name of this release

3
args/args.go
View File

@ -83,9 +83,6 @@ func GetArgs(args string, state *state.HelmState) []string {
} }
} }
if state.HelmDefaults.TillerNamespace != "" {
argsMap.SetArg("--tiller-namespace", state.HelmDefaults.TillerNamespace, false)
}
if state.HelmDefaults.KubeContext != "" { if state.HelmDefaults.KubeContext != "" {
argsMap.SetArg("--kube-context", state.HelmDefaults.KubeContext, false) argsMap.SetArg("--kube-context", state.HelmDefaults.KubeContext, false)
} }

48
state/state.go
View File

@ -68,6 +68,11 @@ type HelmSpec struct {
Force bool `yaml:"force"` Force bool `yaml:"force"`
// Atomic, when set to true, restore previous state in case of a failed install/upgrade attempt // Atomic, when set to true, restore previous state in case of a failed install/upgrade attempt
Atomic bool `yaml:"atomic"` Atomic bool `yaml:"atomic"`
TLS bool `yaml:"tls"`
TLSCACert string `yaml:"tlsCACert"`
TLSKey string `yaml:"tlsKey"`
TLSCert string `yaml:"tlsCert"`
} }
// RepositorySpec that defines values for a helm repo // RepositorySpec that defines values for a helm repo
@ -121,6 +126,13 @@ type ReleaseSpec struct {
ValuesPathPrefix string `yaml:"valuesPathPrefix"` ValuesPathPrefix string `yaml:"valuesPathPrefix"`
TillerNamespace string `yaml:"tillerNamespace"`
TLS *bool `yaml:"tls"`
TLSCACert string `yaml:"tlsCACert"`
TLSKey string `yaml:"tlsKey"`
TLSCert string `yaml:"tlsCert"`
// generatedValues are values that need cleaned up on exit // generatedValues are values that need cleaned up on exit
generatedValues []string generatedValues []string
} }
@ -929,6 +941,38 @@ func findChartDirectory(topLevelDir string) (string, error) {
return topLevelDir, errors.New("No Chart.yaml found") return topLevelDir, errors.New("No Chart.yaml found")
} }
func (st *HelmState) appendTillerFlags(flags []string, release *ReleaseSpec) []string {
if release.TillerNamespace != "" {
flags = append(flags, "--tiller-namespace", release.TillerNamespace)
} else if st.HelmDefaults.TillerNamespace != "" {
flags = append(flags, "--tiller-namespace", st.HelmDefaults.TillerNamespace)
}
if release.TLS != nil && *release.TLS || release.TLS == nil && st.HelmDefaults.TLS {
flags = append(flags, "--tls")
}
if release.TLSKey != "" {
flags = append(flags, "--tls-key", release.TLSKey)
} else if st.HelmDefaults.TLSKey != "" {
flags = append(flags, "--tls-key", st.HelmDefaults.TLSKey)
}
if release.TLSCert != "" {
flags = append(flags, "--tls-cert", release.TLSCert)
} else if st.HelmDefaults.TLSCert != "" {
flags = append(flags, "--tls-cert", st.HelmDefaults.TLSCert)
}
if release.TLSCACert != "" {
flags = append(flags, "--tls-ca-cert", release.TLSCACert)
} else if st.HelmDefaults.TLSCACert != "" {
flags = append(flags, "--tls-ca-cert", st.HelmDefaults.TLSCACert)
}
return flags
}
func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSpec) ([]string, error) { func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSpec) ([]string, error) {
flags := []string{} flags := []string{}
if release.Version != "" { if release.Version != "" {
@ -967,6 +1011,8 @@ func (st *HelmState) flagsForUpgrade(helm helmexec.Interface, release *ReleaseSp
flags = append(flags, "--atomic") flags = append(flags, "--atomic")
} }
flags = st.appendTillerFlags(flags, release)
common, err := st.namespaceAndValuesFlags(helm, release) common, err := st.namespaceAndValuesFlags(helm, release)
if err != nil { if err != nil {
return nil, err return nil, err
@ -995,6 +1041,8 @@ func (st *HelmState) flagsForDiff(helm helmexec.Interface, release *ReleaseSpec)
flags = append(flags, "--devel") flags = append(flags, "--devel")
} }
flags = st.appendTillerFlags(flags, release)
common, err := st.namespaceAndValuesFlags(helm, release) common, err := st.namespaceAndValuesFlags(helm, release)
if err != nil { if err != nil {
return nil, err return nil, err

77
state/state_test.go
View File

@ -129,6 +129,10 @@ func TestHelmState_applyDefaultsTo(t *testing.T) {
} }
} }
func boolValue(v bool) *bool {
return &v
}
func TestHelmState_flagsForUpgrade(t *testing.T) { func TestHelmState_flagsForUpgrade(t *testing.T) {
enable := true enable := true
disable := false disable := false
@ -424,6 +428,79 @@ func TestHelmState_flagsForUpgrade(t *testing.T) {
"--namespace", "test-namespace", "--namespace", "test-namespace",
}, },
}, },
{
name: "tiller",
defaults: HelmSpec{},
release: &ReleaseSpec{
Chart: "test/chart",
Version: "0.1",
Name: "test-charts",
TLS: boolValue(true),
TillerNamespace: "tiller-system",
TLSKey: "key.pem",
TLSCert: "cert.pem",
TLSCACert: "ca.pem",
},
want: []string{
"--version", "0.1",
"--tiller-namespace", "tiller-system",
"--tls",
"--tls-key", "key.pem",
"--tls-cert", "cert.pem",
"--tls-ca-cert", "ca.pem",
},
},
{
name: "tiller-override-defaults",
defaults: HelmSpec{
TLS: false,
TillerNamespace: "a",
TLSKey: "b.pem",
TLSCert: "c.pem",
TLSCACert: "d.pem",
},
release: &ReleaseSpec{
Chart: "test/chart",
Version: "0.1",
Name: "test-charts",
TLS: boolValue(true),
TillerNamespace: "tiller-system",
TLSKey: "key.pem",
TLSCert: "cert.pem",
TLSCACert: "ca.pem",
},
want: []string{
"--version", "0.1",
"--tiller-namespace", "tiller-system",
"--tls",
"--tls-key", "key.pem",
"--tls-cert", "cert.pem",
"--tls-ca-cert", "ca.pem",
},
},
{
name: "tiller-from-defaults",
defaults: HelmSpec{
TLS: true,
TillerNamespace: "tiller-system",
TLSKey: "key.pem",
TLSCert: "cert.pem",
TLSCACert: "ca.pem",
},
release: &ReleaseSpec{
Chart: "test/chart",
Version: "0.1",
Name: "test-charts",
},
want: []string{
"--version", "0.1",
"--tiller-namespace", "tiller-system",
"--tls",
"--tls-key", "key.pem",
"--tls-cert", "cert.pem",
"--tls-ca-cert", "ca.pem",
},
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {