opskumu / helm-wrapper Goto Github PK

@opskumu 你好，请问现在支持命令 helm show values http://10.10.10.100/chartrepo/library/charts/helloworld-0.1.0.tgz这种api,目前看api/charts？chart=xx接口是针对uploadPath/下的chart包的擦看信息
helm show
This command inspects a chart (directory, file, or URL)

使用https://{ip地址}/chartrepo/abc，自签的https证书，提示下面的错误，
x509:certificate signed by unknown authority
使用helm repo add是没有问题的，是需要传递--ca-file吗？

release 更新的时候需要仓库+chart名称才能更新，helm list或者helm get 的数据都没有仓库信息。

Is there possibly a Helm Chart that can be used to deploy the Helm Wrapper? 😎

kubectl exec -it helm-wrapper-775d679-x8dzd -c helm-wrapper -n manage -- /bin/bash 或者 /bin/sh

OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: "/bin/bash": stat /bin/bash: no such file or directory": unknown

目前是几个yaml文件，是否方便提供一个官方Chart？以统一大家的使用。谢谢～

I want to include this repo as a dependency on another Go application. Because I have to expand the capability of APIs
I added this line:
import "github.com/opskumu/helm-wrapper"
the package is loaded. But I haven't an option call to an inner method like installRelease since all methods are not exported
Any idea how can I achieve this requirement without fork the project?

项目里，对chart的版本有限制。必须是满足一定规范的Chart版本号才行。我觉得，对于版本号的长度和形式，不必做过多限制，以体现包容性。例如，1.0.0-132421234-1604475612345-1111 这样的版本号也应是允许的。

How does authentication work for this? It looks like Helm Wrapper is configured with a Kubeconfig. But that means that anyone that have access to the HTTP service can deploy whatever that Kubeconfig have access to.

Could it be an idea to provide a ServiceAccount somehow (via its token/Secret) and use that when deploying the Helm chart?

现在部署只支持从 chart 仓库的方式，是否可以考虑接口直接支持上传 chart 压缩包的方式部署

It will be convenient to have a request body parameter like helm install -f which takes a file instead of using set key with a lot of options. By adding a new option to releaseOptions and yaml file parsing to mergeValues this will be implemented.

启动命令：
./helm-wrapper --config helm-wrapper.config

错误信息：
F0924 17:30:30.478389 25285 main.go:83] error unmarshaling JSON: while decoding JSON: json: unknown field "serverInfo"

helm-wrapper.config文件内容：

uploadPath: /tmp/charts
helmRepos:
  - name: apphub
    url: https://apphub.aliyuncs.com

环境信息
本地安装v3.0.0-alpha.2版本，操作系统centos7

请教下，/api/namespaces/:namespace/releases这个接口通过这个参数filter过滤数据，好像无效，limit等参数好像也没用

Is there a unit test for this project?

当我们查询chart包的信息时，返回的为一个字符串，而且可读性很差，怎么完善一下呢？结果如下：
"data": "# Default values for test.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n repository: nginx\n pullPolicy: IfNotPresent\n # Overrides the image tag whose default is the chart appVersion.\n tag: ""\n\nimagePullSecrets: []\nnameOverride: ""\nfullnameOverride: ""\n\nserviceAccount:\n # Specifies whether a service account should be created\n create: true\n # Annotations to add to the service account\n annotations: {}\n # The name of the service account to use.\n # If not set and create is true, a name is generated using the fullname template\n name: ""\n\npodAnnotations: {}\n\npodSecurityContext: {}\n # fsGroup: 2000\n\nsecurityContext: {}\n # capabilities:\n # drop:\n # - ALL\n # readOnlyRootFilesystem: true\n # runAsNonRoot: true\n # runAsUser: 1000\n\nservice:\n type: NodePort\n port: 80\n\ningress:\n enabled: false\n annotations: {}\n # kubernetes.io/ingress.class: nginx\n # kubernetes.io/tls-acme: "true"\n hosts:\n - host: chart-example.local\n paths: []\n tls: []\n # - secretName: chart-example-tls\n # hosts:\n # - chart-example.local\n\nresources: {}\n # We usually recommend not to specify default resources and to leave this as a conscious\n # choice for the user. This also increases chances charts run on environments with little\n # resources, such as Minikube. If you do want to specify resources, uncomment the following\n # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n # limits:\n # cpu: 100m\n # memory: 128Mi\n # requests:\n # cpu: 100m\n # memory: 128Mi\n\nautoscaling:\n enabled: false\n minReplicas: 1\n maxReplicas: 1000\n targetCPUUtilizationPercentage: 80\n # targetMemoryUtilizationPercentage: 80\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n"

请问可以完善成JSON格式的吗？

helm install 部署一个业务。nodeSelector标签是a。
如果把nodeSelector标签改为b。调用upgrade接口，发现服务器上的实例Pending了。发现这个实例的nodeSelector是a和b，
而不是b。

不能正常的调用install api，总是报错 "error": "failed to download "helloworld" (hint: running helm repo update may help)"
命令可以安装
`[root@kube-master1 ~]# helm install aa helloworld --repo http://10.10.82.80/chartrepo/library --version 0.1.0
NAME: aa
LAST DEPLOYED: Wed Jul 21 02:47:40 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:

1. Get the application URL by running these commands:
   export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=helloworld,app.kubernetes.io/instance=aa" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   echo "Visit http://127.0.0.1:8080 to use your application"
   kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT`
   
   
   请问是什么原因，谢谢！

我这边想得到其yaml字符串，在界面通过文本框显示出来，用户直接修改yaml文本完成配置，现在格式化为json后，我还得转换为yaml文本，因为我看底层本来也是yaml字符串。

之前使用helm3.5客户端，配置apiServer地址和token，使用https协议，发现没法使用，不知道咱们的sdk对这一块有木有改进

env：
k8s version: 1.15.5
helm version: 3.2.3

接口调用helm-wrapper时，指定命名空间只对release生效，并未对chart包里的deployment和service等资源生效（yaml文件未指定命名空间），比如接口调用传参test命名空间，release会在test创建，但相应的chart里的其他资源还是在default命名空间下:
POST http://localhost:31021/api/namespaces/test/releases/demo-apm

在集群内直接使用helm命令指定namespace的话，release和相应集群资源均会在对应命名空间内创建：
helm install demo-apm ./apm-server-2.1.5.tgz --namespace=test

支持chart包上传到harbor仓库吗，通过接口方式

would you give me a more detailed description of config.yaml for helm-wrapper? what is the purpose?
and also for this command ./helm-wrapper --config </path/to/config.yaml> --kubeconfig </path/to/kubeconfig>, where should I run it? I get error when I run at ~ or ~/hlem-wrapper or ~/hlem-wrapper/helm-wrapper, I all get error " ./helm-wrapper: is a directory"

readme能否详细点，比如配置，安装，启动，以及目录介绍等

it is unclear what exactly makes a valid config.

the example shows:

uploadPath: /tmp/charts
helmRepos:
  - name: bitnami
    url: https://charts.bitnami.com/bitnami

can i install external repos or only repos configured inside --config <file>
are there other configuration options?

appreciate your help, this is awesome

Hi! I'm planning on using this tool for our automation process, it looks very promising! I just have one question regarding the values option. Using helm CLI, --values is the path to a YAML file. I'm assuming the values option here is the actual YAML?

I have quite complex YAML files and it would simplify a lot if I could use that. 👍

请教一个问题，我在调用 /api/namespaces/:namespace/releases/:release?chart=
这个接口时，body里的参数虽然提交了，但是在releases.go的installRelease涵数里处理的时候，经过：
var options releaseOptions
err := c.ShouldBindJSON(&options)
if err != nil && err != io.EOF {
respErr(c, err)
return
}
处理完后，options里面的变量还是空的。转json，没有解析到值。请求是哪儿的原因呢？

例如，请求体是：
{
"version": "0.0.3"
}

通过下面的方式，是能打印出来body的：
buf := make([]byte, 1024000)
n, _ := c.Request.Body.Read(buf)
fmt.Println(string(buf[0:n]))

谢谢啦！

在config.yaml里增加insecure_skip_tls_verify: true
在/api/charts接口时，或者install的时候，这个跳过没起作用。

比如--recreate-pods,--force --cleanup-on-fail
对应代码
client := action.NewRollback(actionConfig)
client.Version = reversion
//todo 多参数支持
//client.Force=true
helm/v3...下的结构体参数可以对接上
type Rollback struct {
cfg *Configuration

Version       int
Timeout       time.Duration
Wait          bool
DisableHooks  bool
DryRun        bool
Recreate      bool // will (if true) recreate pods after a rollback.
Force         bool // will (if true) force resource upgrade through uninstall/recreate if needed
CleanupOnFail bool
MaxHistory    int // MaxHistory limits the maximum number of revisions saved per release

}

通过手动拉起进程是没有问题的，但是如果通过systemd来拉起进程的话，总是出现无法获取集群信息，k8s集群无法达到的错误。
{
"code": 1,
"error": "Kubernetes cluster unreachable: Get http://localhost:8080/version?timeout=32s: dial tcp [::1]:8080: connect: connection refused"
}

Hi,

Thank you for the tool.
We have build the helm-wrapper docker and running it locally.
How do we configure helm-wrapper API Server to connect to a k8s cluster?

Is there any file where we can set the kubecontext before running the server?

我们的包放在某一路径下，用户通过rest接口可以查看chart包的配置信息，那么如何用户如果想修改呢？目前好像是不支持修改的吧？我觉得这个需求貌似更实际一点，用户想安装某一个应用，但是发现这个chart包有一些配置是需要修改的，然后调用接口进行修改，修改完成之后进行部署，是不是更接近实际的应用情况？

检测到 opskumu/helm-wrapper 一共引入了444个开源组件，存在3个漏洞

漏洞标题：jwt-go 安全漏洞
缺陷组件：github.com/dgrijalva/[email protected]+incompatible
漏洞编号：CVE-2020-26160
漏洞描述：jwt-go是个人开发者的一个Go语言的JWT实现。
jwt-go 4.0.0-preview1之前版本存在安全漏洞。攻击者可利用该漏洞在使用[]string{} for m[\"aud\"](规范允许)的情况下绕过预期的访问限制。
影响范围：(∞, 4.0.0-preview1)
最小修复版本：4.0.0-preview1
缺陷组件引入路径：github.com/opskumu/helm-wrapper@->github.com/dgrijalva/[email protected]+incompatible

另外还有3个漏洞，详细报告：https://mofeisec.com/jr?p=a10ef1

我看您在其他issues中说明要传values 本身的内容,是直接把values.yaml里面的内容传递给这个参数么,这个要怎么传呢？我要如何转义一下value.yaml文件中的内容 以便能通过这种方式传递且能被解析正确？

安裝接口 helm install 的参数列表 中没有 version
如果要指定版本安装 实现 helm install test-my-name chartmuseum/test --version 0.1.0
的效果要如何做呢?

执行 helm uninstall 接口 卸载如下状态的 jjj、jj1j 应用时，会返回异常：uninstallation completed with 1 error(s): uninstall: Failed to purge the release: release: not found

请问代码中helm_driver是该怎么设置？
还有运行时抛出Kubernetes cluster unreachable: CreateFile config : Thesystem cannot find th file specified，求大佬指点。

{
"code": 1,
"error": "Kubernetes cluster unreachable: demo.yaml: no such file or directory"
}
请求参数：kube_config=demo.yaml
dockerfile配置
COPY demo.yaml /demo.yaml
COPY config-example.yaml /config.yaml
COPY bin/helm-wrapper /helm-wrapper

用命令行的话支持很多参数，现在接口只支持三种values, set set-string，可以添加一下atomic参数的支持吗

通过上传 chart 接口，上传chart之后，部署应用，无法部署。
部署接口提示 ：cannot re-use a name that is still in use
查看日志：

ps: 通过原生的 helm 命令 helm list -A 查看该命名空间是没有部署过该 chart 包的应用的

通过helm install --atomic 部署应用之后，应用的状态是pending-install 。没有成功，这个时候调用/api/namespaces/:namespace/releases接口会出现没有返回结果的情况。
这种状态只能通过helm list -a 查询出来：

Hi Kumu,
Just wondering if you can let me know if this is GPL?
I'm doing integration work, for the company I'm working for. I'm not using your helm-wrapper to build commercial solution.
Thanks.

对这两个接口，是否有必要将REVISION、STATUS等信息也返回出来。这样，可以将信息存储，自己能知道这个服务是否有历史记录可以回滚。否则，只能list的时候，才知道REVISION。

Hi @opskumu , big thanks for your work on this amazing project. And also I know the best situation for the repo is use to one cluster, because we all know that the helm with init command with an necessary kubeconfig.

But if there another situation is that we want to support for the multiple cluster. how should we do?

* Should we init with all the cluster kubeconfig?

• In fact, that can be easy to implement, but there may have a another issue is that

* How we should clarify the multiple cluster?

• I have a solution may we can use the kubeconfig context to clarify the different cluster.

* If we want to add new cluster, all should we add the new cluster configuration into the helm-wrapper?

• Oh, may be we can restart the pods

• Should we add the parameter cluster configuration context into the APIs? The user may want to deploy to different cluster

Yep, I answer myself