helm

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 15, 2019 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Overview

Package helm contains utility functions for managing and using helm

Index

Constants

View Source 
const (
	DeployTillerWaitTimeout             = 5 * time.Minute
	DeployTillerWaitSleepBetweenRetries = 1 * time.Second
	TillerDeploymentName                = "tiller-deploy"
)
View Source 
const (
	StableRepositoryName = "stable"
	StableRepositoryURL  = "https://kubernetes-charts.storage.googleapis.com"
)
View Source 
const (
	NamespaceLabel       = "gruntwork.io/tiller-namespace"
	CredentialsLabel     = "gruntwork.io/tiller-credentials"
	CredentialsTypeLabel = "gruntwork.io/tiller-credentials-type"
	EntityIDLabel        = "gruntwork.io/tiller-entity-id"
)
View Source 
const DefaultTillerConnectionTimeout = 300

DefaultTillerConnectionTimeout is the number of seconds to wait before timing out the connection to Tiller

View Source 
const Instructions = `` /* 602-byte string literal not displayed */

Variables

This section is empty.

Functions

func ConfigureClient 

func ConfigureClient(
	kubectlOptions *kubectl.KubectlOptions,
	helmHome string,
	tillerNamespace string,
	resourceNamespace string,
	setKubectlNamespace bool,
	rbacEntity RBACEntity,
) error

ConfigureClient will configure the local helm client to be able to communicate with the Tiller server installed in the provided Tiller namespace. Note that this supports the notion where Tiller is deployed in a different namespace from where resources should go. This is to address the risk where access to the tiller-secret will grant admin access by using the tiller server TLS certs.

func Deploy 

func Deploy(
	kubectlOptions *kubectl.KubectlOptions,
	tillerNamespace string,
	resourceNamespace string,
	serviceAccount string,
	tlsOptions tls.TLSOptions,
	clientTLSOptions tls.TLSOptions,
	helmHome string,
	localClientRBACEntity RBACEntity,
	imageSpec string,
) error

Deploy will deploy a new Tiller to the Kubernetes cluster configured with KubectlOptions following best practices. Specifically, this will:

  • Require a Namespace and ServiceAccount, so that you will have to explicitly and consciously deploy a super user Tiller to get that.
  • Generate a new set of TLS certs.
  • Store the TLS certs into a Kubernetes Secret into a Namespace that only cluster admins have access to.
  • Deploy Tiller using the generated TLS certs, Namespace, and ServiceAccount. Additionally, set the flags so that the release info is stored in a Secret as opposed to ConfigMap.

Additionally, if an RBAC entity is passed in, grant access to it and configure the local client at the specified helm home directory.

func GetDefaultHelmHome added in v0.2.0 

func GetDefaultHelmHome() (string, error)

GetDefaultHelmHome returns the default helm home directory, ~/.helm

func GrantAccess 

func GrantAccess(
	kubectlOptions *kubectl.KubectlOptions,
	tlsOptions tls.TLSOptions,
	tillerNamespace string,
	rbacGroups []string,
	rbacUsers []string,
	serviceAccounts []string,
) error

GrantAccess grants the provided RBAC groups and/or service accounts access to the Tiller Pod available in the provided Tiller namespace. Specifically, this will:

  • Download the corresponding CA keypair for the Tiller deployment from Kubernetes. Assumes the CA cert is in the kube-system namespace.
  • Issue a new TLS certificate keypair using the CA keypair.
  • Upload the new TLS certificate keypair to a new Secret in the Tiller namespace.
  • Create a new RBAC role that grants read only pod access to the Tiller namespace, and read only access to the Secret containing the TLS certificate keypair.
  • Remove the local copies of the downloaded and generated certificates.

func InstallTiller added in v0.3.1 

func InstallTiller(
	kubectlOptions *kubectl.KubectlOptions,
	caKeyPairPath tls.CertificateKeyPairPath,
	tillerKeyPairPath tls.CertificateKeyPairPath,
	tillerNamespace string,
	serviceAccountName string,
	imageSpec string,
) (string, error)

InstallTiller will install Tiller onto the Kubernetes cluster. Returns the Tiller image being installed.

func NewHelmClient added in v0.3.1 

func NewHelmClient(
	tillerHost string,
	connectionTimeout int64,
	helmHome string,
) (helm.Interface, error)

NewHelmClient constructs a new helm client that can be used to interact with Tiller.

func RevokeAccess added in v0.4.0 

func RevokeAccess(
	kubectlOptions *kubectl.KubectlOptions,
	tillerNamespace string,
	rbacGroups []string,
	rbacUsers []string,
	serviceAccounts []string,
) error

RevokeAccess revokes access to a Tiller pod from a provided RBAC user, group, or serviceaccount in a provided Tiller namespace by deleting the secret, role, and rolebindings associated with said entities. Note that due to limitations in the Go TLS library used by helm, helm/tiller does not support checking certificate revocation lists. As a consequence, the signed TLS certificate will continue to be trusted by Tiller after running "kubergrunt helm revoke" since it was signed by the Tiller CA. However, the user's authorizations are removed by way of deleting the role and role binding and access is effectively removed. See https://github.com/helm/helm/issues/4273

func RunHelm 

func RunHelm(options *kubectl.KubectlOptions, args ...string) error

RunHelm will make a call to helm, setting the config and context to the ones specified in the provided options.

func RunHelmAndGetOutput 

func RunHelmAndGetOutput(options *kubectl.KubectlOptions, args ...string) (string, error)

RunHelmAndGetOutput will make a call to helm, setting the config and context to the ones specified in the provided options, and return the output of the command.

func SetupConnection added in v0.3.1 

func SetupConnection(kubeClient *kubernetes.Clientset, kubectlOptions *kubectl.KubectlOptions, tillerNamespace string) (*helmkube.Tunnel, error)

SetupConnection will setup a tunnel to a deployed Tiller instance.

func Undeploy 

func Undeploy(
	kubectlOptions *kubectl.KubectlOptions,
	namespace string,
	helmHome string,
	force bool,
	undeployReleases bool,
) error

Undeploy will undeploy (uninstall) the helm server and related Secrets from the Kubernetes cluster.

func VerifyTiller added in v0.3.1 

func VerifyTiller(
	kubectlOptions *kubectl.KubectlOptions,
	tillerNamespace string,
	helmHome string,
) error

VerifyTiller pings the Tiller host with the helm client configured using the settings in the provided helmHome to verify it is up.

func WaitForTiller added in v0.3.1 

func WaitForTiller(
	kubectlOptions *kubectl.KubectlOptions,
	newImage string,
	tillerNamespace string,
	tillerDeploymentName string,
	timeout time.Duration,
	sleepBetweenRetries time.Duration,
) error

WaitForTiller will poll Kubernetes until Tiller is available, and then verify the Tiller instance is up. This is ported from the helm client: https://github.com/helm/helm/blob/master/cmd/helm/init.go#L322

Types

type DeployedHelmInfo 

type DeployedHelmInfo struct {
	HelmHome        string
	TillerNamespace string
}

func (DeployedHelmInfo) Render 

func (info DeployedHelmInfo) Render() error

Render renders a platform specific environment file that can be dot sourced to setup the shell to be able to authenticate helm correctly to the deployed Tiller. See `env_generator_unix.go` for the unix based env file, and `env_generator_windows.go` for the windows Powershell based env file.

type GroupInfo 

type GroupInfo struct {
	Name string
}

Represents an RBAC Group

func (GroupInfo) EntityID 

func (group GroupInfo) EntityID() string

func (GroupInfo) EntityType 

func (group GroupInfo) EntityType() string

func (GroupInfo) String 

func (group GroupInfo) String() string

func (GroupInfo) Subject 

func (group GroupInfo) Subject() rbacv1.Subject

type HelmHomeIsFileError added in v0.3.1 

type HelmHomeIsFileError struct {
	HelmHome string
}

HelmHomeIsFileError is returned when the helm home path is a file and not a directory

func (HelmHomeIsFileError) Error added in v0.3.1 

func (err HelmHomeIsFileError) Error() string

type HelmValidationError 

type HelmValidationError struct {
	Message string
}

HelmValidationError is returned when a command validation fails.

func (HelmValidationError) Error 

func (err HelmValidationError) Error() string

type InvalidServiceAccountInfo 

type InvalidServiceAccountInfo struct {
	EncodedServiceAccount string
}

InvalidServiceAccountInfo error is returned when the encoded service account is not encoded correctly.

func (InvalidServiceAccountInfo) Error 

func (err InvalidServiceAccountInfo) Error() string

type MultiHelmError 

type MultiHelmError struct {
	Action string
	Errors []error
}

MultiHelmError is returned when there are multiple errors in a helm action.

func (MultiHelmError) AddError 

func (err MultiHelmError) AddError(newErr error)

func (MultiHelmError) Error 

func (err MultiHelmError) Error() string

func (MultiHelmError) IsEmpty 

func (err MultiHelmError) IsEmpty() bool

type RBACEntity 

type RBACEntity interface {
	// The type of entity (user, group, or service-account)
	EntityType() string
	// A unique string to identify the entity
	EntityID() string
	// Represented as an RBAC subject
	Subject() rbacv1.Subject
}

type RepoFileIsDirectoryError added in v0.3.1 

type RepoFileIsDirectoryError struct {
	RepoFilePath string
}

RepoFileIsDirectoryError is returned when the helm repository file path is unexpectedly a directory

func (RepoFileIsDirectoryError) Error added in v0.3.1 

func (err RepoFileIsDirectoryError) Error() string

type RepositoryUnreachableError added in v0.3.1 

type RepositoryUnreachableError struct {
	RepositoryURL   string
	UnderlyingError error
}

RepositoryUnreachableError is returned when the chart repository is unreachable or does not exist.

func (RepositoryUnreachableError) Error added in v0.3.1 

func (err RepositoryUnreachableError) Error() string

type ResourceDoesNotExistError added in v0.4.0 

type ResourceDoesNotExistError struct {
	Resource string
	Name     string
}

ResourceDoesNotExistError is returned when the resource that is being deleted is not found.

func (*ResourceDoesNotExistError) Error added in v0.4.0 

func (d *ResourceDoesNotExistError) Error() string

type ServiceAccountInfo 

type ServiceAccountInfo struct {
	Name      string
	Namespace string
}

Represents a ServiceAccount

func ExtractServiceAccountInfo 

func ExtractServiceAccountInfo(serviceAccountID string) (ServiceAccountInfo, error)

ExtractServiceAccountInfo takes a service account identifier and extract out the namespace and name.

func (ServiceAccountInfo) EntityID 

func (serviceAccount ServiceAccountInfo) EntityID() string

func (ServiceAccountInfo) EntityType 

func (serviceAccount ServiceAccountInfo) EntityType() string

func (ServiceAccountInfo) String 

func (serviceAccount ServiceAccountInfo) String() string

func (ServiceAccountInfo) Subject 

func (serviceAccount ServiceAccountInfo) Subject() rbacv1.Subject

type TillerDeployWaitTimeoutError added in v0.3.1 

type TillerDeployWaitTimeoutError struct {
	Namespace string
}

TillerDeployWaitTimeoutError is returned when deploy times out waiting for Tiller to come up.

func (TillerDeployWaitTimeoutError) Error added in v0.3.1 

func (err TillerDeployWaitTimeoutError) Error() string

type TillerPingError added in v0.3.1 

type TillerPingError struct {
	Namespace       string
	UnderlyingError error
}

TillerPingError is returned when we fail to reach the Tiller pod using the helm client.

func (TillerPingError) Error added in v0.3.1 

func (err TillerPingError) Error() string

type UnknownRBACEntityType added in v0.2.0 

type UnknownRBACEntityType struct {
	RBACEntityType string
}

UnknownRBACEntityType error is returned when the RBAC entity type is something unexpected

func (UnknownRBACEntityType) Error added in v0.2.0 

func (err UnknownRBACEntityType) Error() string

type UserInfo 

type UserInfo struct {
	Name string
}

Represents an RBAC User

func (UserInfo) EntityID 

func (user UserInfo) EntityID() string

func (UserInfo) EntityType 

func (user UserInfo) EntityType() string

func (UserInfo) String 

func (user UserInfo) String() string

func (UserInfo) Subject 

func (user UserInfo) Subject() rbacv1.Subject

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.