ipedrazas / drone-helm Goto Github PK
View Code? Open in Web Editor NEWHelm (Kubernetes) plugin for drone.io
License: MIT License
Helm (Kubernetes) plugin for drone.io
License: MIT License
Im getting this error message and I can't figure out why. As far as I can tell, the API Server is specified in my pipeline:
deploy_helm:
image: quay.io/ipedrazas/drone-helm
api_server: https://my-k8s-server.foo.com
kubernetes_token: ... token from kube ...
chart: ./kubernetes/neo
release: neo
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7},version=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
when:
branch: master
event: push
Is there anything obviously wrong with that?
Unrelated, but can I use the DNS address as I'm running Drone in the same cluster as the deployment target e.g.: api_server: http://kubernetes.default.svc.local
Resolving envvars is very cumbersome. Adding a prefix will normalise and make easier managing the secrets/envvars
I have a use case where tiller is installed into a specific (not kube-system) namespace in my clusters. I'd like to be able to pass in a value to the helm init
command with the --tiller-namespace
flag so I can use this plugin. If the parameter is set, it would append to the init command.
Hi,
Trying to use helm plugin with new drone 1.X syntax, but failing miserably:
- name: deploy
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./helm/api
update_dependencies: false
values_files: "helm/production-values.yaml"
release: api
namespace: production
when:
branch: [drone-integration]
Error: API Server is needed to deploy.
Any ideas how to incorporate api_server and token? Ideally using Vault, which I have setup and enabled in drone
Regards
Is there a recommended way of having helm lint *
run in a charts repo before packaging helm charts?
Hi! I'm looking to use this plugin but I have tiller already installed in its name space with specific settings. Will the plugin screw the installed tiller when it runs or does it see that it's installed and skip? Or does it anyway leave the existing settings instead of say reinstalling? Not sure how to read the code unfortunately. Thanks!
Hi,
I'm extendedly using this plugin. I want to contribute to make this repo work with Go Module, so that we can have benefits with Go Module.
Please let me know your thoughts. 🙂
Hi,
I checked the package, it is a fork of GO built-in text/template
package. The feature it provided is to trim Newlines, which it is actually can be done with Go. For e.g:
{{- if true -}}
hello
{{-end}}
Will produce
hello\n
I have tested in CI, it is actually not needed. If someone can tell me more about this package's usage, I'm happy to know it. Thanks
Ideally, we want to have secrets defined in Vault.
The plugin could receive a vault token/host pair and pull the secrets from there.
Sorry for asking, but is there an issue with CI/CD pipeline? https://quay.io/repository/ipedrazas/drone-helm doesn't seem to be updated for a while?
There's no option to add a custom repo.
to be able to remove the skip tls
pipeline:
ship:
when:
event: tag
image: ipedrazas/drone-helm
api_server: https://${K8S_MASTER}/
skip_tls_verify: true
chart: ./charts/myapp
values: image.tag=${DRONE_COMMIT_SHA}
release: myapp
token: ${K8S_SERVICE_ACCOUNT_KEY}
Log shows this with exit code of 0
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/repository/repositories.yaml
Writing to /root/.helm/repository/cache/stable-index.yaml
$HELM_HOME has been configured at /root/.helm.
Warning: Tiller is already installed in the cluster.
(Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
Happy Helming!
The Kubernetes package manager
To begin working with Helm, run the 'helm init' command:
$ helm init
This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.
Common actions from this point include:
- helm search: search for charts
- helm fetch: download a chart to your local directory to view
- helm install: upload the chart to Kubernetes
- helm list: list releases of charts
Environment:
$HELM_HOME set an alternative location for Helm files. By default, these are stored in ~/.helm
$HELM_HOST set an alternative Tiller host. The format is host:port
$TILLER_NAMESPACE set an alternative Tiller namespace (default "kube-namespace")
$KUBECONFIG set an alternative Kubernetes configuration file (default "~/.kube/config")
Usage:
helm [command]
Available Commands:
completion Generate bash autocompletions script
create create a new chart with the given name
delete given a release name, delete the release from Kubernetes
dependency manage a chart's dependencies
fetch download a chart from a repository and (optionally) unpack it in local directory
get download a named release
history fetch release history
home displays the location of HELM_HOME
init initialize Helm on both client and server
inspect inspect a chart
install install a chart archive
lint examines a chart for possible issues
list list releases
package package a chart directory into a chart archive
repo add, list, remove, update, and index chart repositories
reset uninstalls Tiller from a cluster
rollback roll back a release to a previous revision
search search for a keyword in charts
serve start a local http web server
status displays the status of the named release
test test a release
upgrade upgrade a release
verify verify that a chart at the given path has been signed and is valid
version print the client/server version information
Flags:
--debug enable verbose output
--home string location of your Helm config. Overrides $HELM_HOME (default "/root/.helm")
--host string address of tiller. Overrides $HELM_HOST
--kube-context string name of the kubeconfig context to use
--tiller-namespace string namespace of tiller (default "kube-system")
Use "helm [command] --help" for more information about a command.
When passing --values valueFiles
it would be good to have secrets there and replace them at run time.
Right now, there's no possibility in updating the repo
Hello! First off amazing job, this plugin is excellent and solves so many problems for me.
I'm trying to use a more customized release name than just the branch or tag or other standard Drone environment variable. I looked in the main.go file and it appears you are loading a "env-file" but I can't figure out how to use it. Where does this file need to be created in the shared volume? This is what I'm basically doing, I attempted using the variables directly when they didn't seem to be implicitly picked up from the file I created, but it may be in the wrong place? Any help is greatly appreciated!
pipeline:
step-one:
image: node:10.14.2
commands:
- export ticketNumber=$(echo "${CI_COMMIT_BRANCH}" | awk 'match($0, /(^TIX-[0-9]*)/) { print tolower( substr( $0, RSTART, RLENGTH ))}')
- echo "RELEASE: ${ticketNumber}" > env-file
- echo "VALUES: valueOne=something,valueTwo=somthing" >> env-file
- echo "NAMESPACE: my-namespace" >> env-file
- cat env-file
deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: "true"
chart: ./charts/microservices
release: ${RELEASE}
values: ${VALUES}
namespace: ${NAMESPACE}
secrets: [ api_server, kubernetes_token ]
Drone supports injecting secrets in the yaml file. Remove the secret/envvar handling in the code.
Hey,
are there already any plans to support Helm v3?
Maybe as a new plugin (which prevents breaking existing deployments).
Thanks for your awesome work!
I might be able to open a PR on this in a week or two. I recently upgraded to 1.2 and encountered this issue.
Hi,
I am stuck in a place for a while, i am using drone stable version, installed on kubernetes
here is my .drone.yaml
- name: release_staging
image: quay.io/ipedrazas/drone-helm
environment:
STAGING_API_SERVER:
from_secret: staging_api_server
STAGING_KUBERNETES_TOKEN:
from_secret: staging_kubernetes_token
settings:
skip_tls_verify: true
chart: ./helm
release: staging
values: >-
secret.APPLE_VERIFY_RECEIPT_PASSWORD=${APPLE_VERIFY_RECEIPT_PASSWORD},
secret.AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID},
secret.AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY},
secret.OPBEAT_SECRET_TOKEN=${OPBEAT_SECRET_TOKEN},
secret.FACEBOOK_KEY=${FACEBOOK_KEY},
secret.FACEBOOK_SECRET=${FACEBOOK_SECRET},
secret.GOOGLE_TAG_ID=${GOOGLE_TAG_ID},
secret.OPBEAT_ORGANIZATION_ID=${OPBEAT_ORGANIZATION_ID},
secret.AWS_BACKUP_ACCESS_KEY_ID=${AWS_BACKUP_ACCESS_KEY_ID},
secret.AWS_BACKUP_SECRET_ACCESS_KEY=${AWS_BACKUP_SECRET_ACCESS_KEY},
secret.DATABASE_URL=${DATABASE_URL},
secret.DROPBOX_KEY=${DROPBOX_KEY},
secret.DROPBOX_SECRET=${DROPBOX_SECRET},
secret.MAILCHIMP_API_KEY=${MAILCHIMP_API_KEY},
secret.MAILCHIMP_LIST_ID=${MAILCHIMP_LIST_ID},
secret.NEW_RELIC_LICENSE_KEY=${NEW_RELIC_LICENSE_KEY},
secret.OPBEAT_APP_ID=${OPBEAT_APP_ID},
secret.SECRET_KEY_BASE=${SECRET_KEY_BASE},
secret.SENDGRID_USERNAME=${SENDGRID_USERNAME},
secret.SENDGRID_PASSWORD=${SENDGRID_PASSWORD},
secret.DOCKER_CONFIG_JSON=${DOCKER_CONFIG_JSON},
SUBDOMAIN=staging,
image.tag=13
prefix: STAGING
namespace: staging
values_files: ["helm/values.staging.yaml"]
what i did it i intentionally created error and saw the debug log, it looks the helm command is not picking up these values.
Error running helm command: upgrade --install staging ./helm --set secret.APPLE_VERIFY_RECEIPT_PASSWORD=, secret.AWS_ACCESS_KEY_ID=, secret.AWS_SECRET_ACCESS_KEY=, secret.OPBEAT_SECRET_TOKEN=, secret.FACEBOOK_KEY=, secret.FACEBOOK_SECRET=, secret.GOOGLE_TAG_ID=, secret.OPBEAT_ORGANIZATION_ID=, secret.AWS_BACKUP_ACCESS_KEY_ID=, secret.AWS_BACKUP_SECRET_ACCESS_KEY=, secret.DATABASE_URL=, secret.DROPBOX_KEY=, secret.DROPBOX_SECRET=, secret.MAILCHIMP_API_KEY=, secret.MAILCHIMP_LIST_ID=, secret.NEW_RELIC_LICENSE_KEY=, secret.OPBEAT_APP_ID=, secret.SECRET_KEY_BASE=, secret.SENDGRID_USERNAME=, secret.SENDGRID_PASSWORD=, secret.DOCKER_CONFIG_JSON=, image.tag=13 --values helm/values.staging.yaml --namespace staging
and even if it successfully deploys i can see in deployment the image tag is latest
which is written in values.yaml
file,
image:
tag: latest
its picking that one, but not my value 13
.
I have no clue.
is ${SECRET_NAME}
is the right way to write values in .drone.yaml
? I have exactly copied the content of my yaml, so i am asking if dollarsign-bracket-value-bracket
is that right format?
why my image.tag
not reaching to my deployment template?
FYI: i added secrets from drone UI under that project with prefixed with STAGING
. I am using postgres as data storage, and i enabled encryption.
I'd like to verify the origin of my packages when they are installed via the drone pipeline. I understand that this would likely require loading my public keyring into the drone environment. It seems that no one has undertaken this effort so far and I might be able to start working on a PR.
Does anyone have thoughts on how to best accomplish this or things to consider? Any reason this hasn't been added yet?
Got this error message from the latest image quay.io/ipedrazas/drone-helm:latest
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Error: Looks like "https://kubernetes-charts.storage.googleapis.com" is not a valid chart repository or cannot be reached: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: x509: failed to load system roots and no roots provided
Error running helm command: init --upgrade
Notice there are some changes from here
i have a current need to use this tool with my EKS cluster. i am currently working another pull request.
Something I've found incredibly useful for secret management is https://github.com/futuresimple/helm-secrets. The gist is its a wrapper + plugin for Helm that delegates secret enc/dec to https://github.com/mozilla/sops.
In general I think this would be a relatively easy addition. Not sure if others are interested in this so just throwing it out as a suggestion.
�how to setting the username and password ?
The service-account
option at
Line 166 in 8e7b0b3
I noticed a previous issue for adding these into the docker image in the past, but that was reverted due to the size of the iamge.
I'm wondering if we can dynamically download kubectl packages and run them on the fly? Here's a shell script that can do something similar. Thinking the user could provide the version in the settings.
os=darwin # or linux
arch=amd64
version=1.16.0
curl -LO https://storage.googleapis.com/kubernetes-release/release/v${version}/bin/${os}/${arch}/kubectl
chmod +x ./kubectl
./kubectl version
I have a simple pipeline:
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: stable/prometheus
update_dependencies: false
release: prometheus
namespace: production-prometheus
dry-run: true
secrets: [ api_server, kubernetes_token ]
when:
branch: [master]
Interestingly, when this ran, it actually deployed prometheus, into that namespace.
It might help with visibility & search to add some tags to this repo? :)
For example: https://github.com/songsterr/drone-kubernetes-job.
Secrets that are passed as values using the values
option can be leaked when using debug mode or in case of error as the whole helm
command will be printed.
I don't know if there's a good fix for this as I don't know if it can be determined which of those values
come from drone env variables, e.g. DRONE_TAG
or from custom secrets, e.g SECRET_PASSWORD
in the README example
I've tried not setting debug
at all in the drone.yml, i've tried setting debug: false
and i've tried debug: null
.
Every time the plugin runs it echo's all the environment vars and I'm not sure how to turn that off. Please help!
I want to : helm --stable-repo-url http://192.168.3.3 ...
reason: stable-repo-url kubernetes-charts.storage.googleapis.com not connection, in china.
======= drone log =========
......
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Error: Looks like "https://kubernetes-charts.storage.googleapis.com" is not a valid chart repository or cannot be reached: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: net/http: TLS handshake timeout
Error running helm command: init
exit code 1
Hello @ipedrazas
I try to use the latest code in master but I think the container repository is not being updated. The latest change is 20 days ago.
https://quay.io/repository/ipedrazas/drone-helm?tab=tags
can you please confirm?
After using the plugin this morning, I've found that if I add braces around my variables (as seen in the docs), then variable substitution does not work correctly (at least for values in the Values parameter).
Dropping the braces, leaving just $MYVARIABLE
, instead of ${MYVARIABLE}
does work, though. Having looked at the code and tests it seems both should be interchangeable, is this not the case?
The value I'm substituting is fetched from a Drone secret. My pipeline step looks something like this:
- name: deploy-qa
image: myrepo/drone-helm
settings:
chart: mycharts/chart
skip_tls_verify: true
debug: true
release: app-qa
namespace: qa
helm_repos: mycharts=https://charts.domain
client_only: true
values: rabbitmq.uri=${RABBITMQ_URI},otherThing.uri="http://bla",rabbitmq.exchange="exchange",rabbitmq.bindingKey=#
environment:
RABBITMQ_URI:
from_secret: RABBITMQ_URI
API_SERVER:
from_secret: API_SERVER
KUBERNETES_TOKEN:
from_secret: KUBERNETES_TOKEN
when:
event:
- promote
target:
- qa
In the example above, ${RABBITMQ_URI}
isn't substituted, but $RABBITMQ_URI
is. In the debug logs, I can see -ReplVar: _RABBITMQ_URI => RABBITMQ_URI--
when I don't add braces, but this is missing with braces around the variable.
So far as I can tell, the variable name matches the regex that the plugin seems to use match environment variables, so I'm unsure why this isn't working. Is this the intended behaviour and I'm just misunderstanding?
I'm using Drone 1.2 with a version of the plugin built from the latest commit on master.
It would be great to include this in the newly created plugin registry. I'm happy to help if you have any questions. http://readme.drone.io/tutorials/how-to-register-a-plugin/
Helm supports setting value overrides on the command line, and also giving files containing additional values. Can you please add support for value files?
I have about 10 deep path values to set per environment for deployment, and setting these with files would keep the drone.yaml clean.
Suggested entry:
valueFiles: [ '/path/to/file1', '/path/to/file2' ]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.