third/plugin-drone-helm
1
0
Fork 0
mirror of https://github.com/ipedrazas/drone-helm.git synced 2026-06-04 10:15:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Moved usage info to docs

Browse Source 
added drone file to build
gitignore release, vendor
remove build from docker file (now in drone)
This commit is contained in:
Joachim Hill-Grannec
2018-08-02 14:36:58 +02:00
parent 25b1da52a4
commit 66b2406a6e
5 changed files with 326 additions and 257 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.drone.yml
+82
View File
@@ -0,0 +1,82 @@
workspace:
base: /go
path: src/github.com/josmo/drone-helm
pipeline:
deps:
image: golang:1.10
pull: true
commands:
- go get -u github.com/golang/dep/cmd/dep
- dep ensure
test:
image: golang:1.10
commands:
- go vet
- go test -cover -coverprofile=coverage.out
build_linux_amd64:
image: golang:1.10
group: build
environment:
- GOOS=linux
- GOARCH=amd64
- CGO_ENABLED=0
commands:
- go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -o release/linux/amd64/drone-helm
# build_linux_arm64:
# image: golang:1.10
# group: build
# environment:
# - GOOS=linux
# - GOARCH=arm64
# - CGO_ENABLED=0
# commands:
# - go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -o release/linux/arm64/drone-helm
#
# build_linux_arm:
# image: golang:1.10
# group: build
# environment:
# - GOOS=linux
# - GOARCH=arm
# - CGO_ENABLED=0
# - GOARM=7
# commands:
# - go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -o release/linux/arm/drone-helm
publish_linux_amd64:
image: plugins/docker
group: publish
username: josmo
repo: peloton/drone-helm
auto_tag: true
secrets: [ docker_password ]
dockerfile: Dockerfile
when:
event: [ tag, push ]
# publish_linux_arm64:
# image: plugins/docker
# group: publish
# username: josmo
# repo: peloton/drone-helm
# auto_tag: true
# auto_tag_suffix: linux-arm64
# secrets: [ docker_password ]
# dockerfile: Dockerfile.arm64
# when:
# event: [ tag, push ]
#
# publish_linux_arm:
# image: plugins/docker
# group: publish
# username: josmo
# repo: peloton/drone-helm
# auto_tag: true
# auto_tag_suffix: linux-arm
# secrets: [ docker_password ]
# dockerfile: Dockerfile.arm
# when:
# event: [ tag, push ]
.gitignore
+2 -1
View File
@@ -28,4 +28,5 @@ drone-helm
*.out
.vscode
.idea
.vendor
vendor
release
DOCS.md
+230
View File
@@ -0,0 +1,230 @@
### Simple Usage
For example, this configuration will deploy my-app using a chart located in the repo called `my-chart`
```YAML
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: STAGING
debug: true
wait: true
when:
branch: [master]
```
Last update of Drone expect you to declare the secrets you want to use:
```YAML
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
chart: ./chart/blog
release: ${DRONE_BRANCH}-blog
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: PROD
secrets: [ prod_api_server, prod_kubernetes_token ]
when:
branch: [master]
```
Use Kubernetes Certificate Authority Data. Just add the `<prefix>_kubernetes_certificate` secret
```diff
helm_deploy:
image: quay.io/ipedrazas/drone-helm
chart: ./chart/blog
release: ${DRONE_BRANCH}-blog
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: PROD
- secrets: [ prod_api_server, prod_kubernetes_token ]
+ secrets: [ prod_api_server, prod_kubernetes_token, prod_kubernetes_certificate ]
when:
branch: [master]
```
### Using Values and Value files
Values can be passed using the `values_files` key. Use this option to define your values in a set of files
and pass them to `helm`. This option trigger the `-f` or ``--values`` flag in `helm`:
```plain
--values valueFiles specify values in a YAML file (can specify multiple) (default [])
```
For example:
```YAML
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values_files: ["global-values.yaml", "myenv-values.yaml"]
when:
branch: [master]
```
### Using private Repositories
Charts can also be fetched from your own private Chart Repository. `helm_repos` accepts a comma separated list of key value pairs where the key is the repository name and the value is the repository url.
For Example:
```YAML
pipeline:
helm_deploy_staging:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
helm_repos: hb-charts=http://helm-charts.honestbee.com
chart: hb-charts/hello-world
values: image.repository=quay.io/honestbee/hello-drone-helm,image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
release: ${DRONE_REPO_NAME}-${DRONE_BRANCH}
prefix: STAGING
when:
branch:
exclude: [ master ]
```
## Updating Chart dependencies
In some cases, the local Chart might contain external dependencies defined in `./charts/my-chart/requirements.yaml`, e.g.:
```YAML
dependencies:
- name: redis
version: 3.3.6
repository: '@stable'
```
To restore these dependecies before the deployment `update_dependencies` parameter should be used, e.g.:
```YAML
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
update_dependencies: true
release: ${DRONE_BRANCH}
values_files: ["global-values.yaml", "myenv-values.yaml"]
when:
branch: [master]
```
## Drone Secrets
There are two secrets you have to create (Note that if you specify the prefix, your secrets have to be created using that prefix):
```bash
drone secret add --image=quay.io/ipedrazas/drone-helm \
your-user/your-repo STAGING_API_SERVER https://mykubernetesapiserver
drone secret add --image=quay.io/ipedrazas/drone-helm \
your-user/your-repo STAGING_KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...
drone secret add --image=quay.io/ipedrazas/drone-helm \
your-user/your-repo STAGING_SECRET_PASSWORD Sup3rS3cr3t
```
`Prefix` helps you to use the same block in different environments:
```YAML
pipeline:
helm_deploy_staging:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: STAGING
debug: true
wait: true
when:
branch:
exclude: [ master ]
pipeline_production:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: PROD
debug: true
wait: true
when:
branch: [master]
```
This last block defines how the plugin will deploy
## Testing with Minikube
To test the plugin, you can run `minikube` and just run the docker image as follows:
By using the docker daemon of minikube we can test local builds without having to push to a registry:
```bash
eval $(minikube docker-env)
```
Build the image locally
```bash
./build.sh
```
Get the token for the default service account in the default namespace:
```bash
KUBERNETES_TOKEN=$(kubectl get secret $(kubectl get sa default -o jsonpath='{.secrets[].name}{"\n"}') -o jsonpath="{.data.token}" | base64 -D)
```
## Advanced customisations and debugging
This plugin installs [Tiller](https://github.com/kubernetes/helm/blob/master/docs/architecture.md) in the cluster, if you want to specify the namespace where `tiller` ins installed, use the `tiller_ns` attribute.
The following example will install `tiller` in the `operations` namespace:
```YAML
pipeline_production:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: PROD
tiller_ns: operations
when:
branch: [master]
```
There's an option to do a `dry-run` in case you want to verify that the secrets and envvars are replaced correctly. Just add the attribute `dry-run` to true:
```YAML
pipeline_production:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: STAGING
dry-run:true
when:
branch: [master]
```
Happy Helming!
## Known issues
* Drone secrets that are part of `values` can be leaked in debug mode and in case of error as the whole helm command will be printed in the logs. See #52
Dockerfile
+3 -26
View File
@@ -1,26 +1,3 @@
#
# ----- Go Builder Image ------
#
FROM golang:1.8-alpine AS builder
RUN apk add --no-cache git
# set working directory
RUN mkdir -p /go/src/drone-helm
WORKDIR /go/src/drone-helm
# copy sources
COPY . .
# add dependencies
RUN go get
# run tests
RUN go test -v
# build binary
RUN go build -v -o "/drone-helm"
#
# ------ Drone-Helm plugin image ------
#
@@ -28,13 +5,13 @@ RUN go build -v -o "/drone-helm"
FROM alpine:3.6
MAINTAINER Ivan Pedrazas <ipedrazas@gmail.com>
# Helm version: can be passed at build time (default to v2.6.0)
# Helm version: can be passed at build time
ARG VERSION
ENV VERSION ${VERSION:-v2.9.1}
ENV FILENAME helm-${VERSION}-linux-amd64.tar.gz
ARG KUBECTL
ENV KUBECTL ${KUBECTL:-v1.10.2}
ENV KUBECTL ${KUBECTL:-v1.11.0}
RUN set -ex \
&& apk add --no-cache curl ca-certificates \
@@ -49,7 +26,7 @@ RUN set -ex \
LABEL description="Kubectl and Helm."
LABEL base="alpine"
COPY --from=builder /drone-helm /bin/drone-helm
ADD release/linux/amd64/drone-k8s-job /bin/
COPY kubeconfig /root/.kube/kubeconfig
ENTRYPOINT [ "/bin/drone-helm" ]
README.md
+9 -230
View File
@@ -1,202 +1,19 @@
# Helm (Kubernetes) plugin for drone.io
[![Build Status](https://build.kube.camp/api/badges/ipedrazas/drone-helm/status.svg)](https://build.kube.camp/ipedrazas/drone-helm)
[![Build Status](https://drone.pelo.tech/api/badges/josmo/drone-helm/status.svg)](https://drone.pelo.tech/josmo/drone-helm)
[![Go Doc](https://godoc.org/github.com/josmo/drone-helm?status.svg)](http://godoc.org/github.com/josmo/drone-helm)
[![Go Report](https://goreportcard.com/badge/github.com/josmo/drone-helm)](https://goreportcard.com/report/github.com/josmo/drone-helm)
[![](https://images.microbadger.com/badges/image/peloton/drone-helm.svg)](https://microbadger.com/images/peloton/drone-helm "Get your own image badge on microbadger.com")
This plugin allows to deploy a [Helm](https://github.com/kubernetes/helm) chart into a [Kubernetes](https://github.com/kubernetes/kubernetes) cluster.
* Current `helm` version: 2.6.0
* Current `kubectl` version: 1.6.6
* Current `helm` version: 2.9.1
* Current `kubectl` version: 1.11.0
## Drone Pipeline Usage
### Simple Usage
For the usage information and a listing of the available options please take a look at [the docs](DOCS.md).
For example, this configuration will deploy my-app using a chart located in the repo called `my-chart`
```YAML
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: STAGING
debug: true
wait: true
when:
branch: [master]
```
Last update of Drone expect you to declare the secrets you want to use:
```YAML
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
chart: ./chart/blog
release: ${DRONE_BRANCH}-blog
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: PROD
secrets: [ prod_api_server, prod_kubernetes_token ]
when:
branch: [master]
```
Use Kubernetes Certificate Authority Data. Just add the `<prefix>_kubernetes_certificate` secret
```diff
helm_deploy:
image: quay.io/ipedrazas/drone-helm
chart: ./chart/blog
release: ${DRONE_BRANCH}-blog
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: PROD
- secrets: [ prod_api_server, prod_kubernetes_token ]
+ secrets: [ prod_api_server, prod_kubernetes_token, prod_kubernetes_certificate ]
when:
branch: [master]
```
### Using Values and Value files
Values can be passed using the `values_files` key. Use this option to define your values in a set of files
and pass them to `helm`. This option trigger the `-f` or ``--values`` flag in `helm`:
```plain
--values valueFiles specify values in a YAML file (can specify multiple) (default [])
```
For example:
```YAML
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values_files: ["global-values.yaml", "myenv-values.yaml"]
when:
branch: [master]
```
### Using private Repositories
Charts can also be fetched from your own private Chart Repository. `helm_repos` accepts a comma separated list of key value pairs where the key is the repository name and the value is the repository url.
For Example:
```YAML
pipeline:
helm_deploy_staging:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
helm_repos: hb-charts=http://helm-charts.honestbee.com
chart: hb-charts/hello-world
values: image.repository=quay.io/honestbee/hello-drone-helm,image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
release: ${DRONE_REPO_NAME}-${DRONE_BRANCH}
prefix: STAGING
when:
branch:
exclude: [ master ]
```
## Updating Chart dependencies
In some cases, the local Chart might contain external dependencies defined in `./charts/my-chart/requirements.yaml`, e.g.:
```YAML
dependencies:
- name: redis
version: 3.3.6
repository: '@stable'
```
To restore these dependecies before the deployment `update_dependencies` parameter should be used, e.g.:
```YAML
pipeline:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
update_dependencies: true
release: ${DRONE_BRANCH}
values_files: ["global-values.yaml", "myenv-values.yaml"]
when:
branch: [master]
```
## Drone Secrets
There are two secrets you have to create (Note that if you specify the prefix, your secrets have to be created using that prefix):
```bash
drone secret add --image=quay.io/ipedrazas/drone-helm \
your-user/your-repo STAGING_API_SERVER https://mykubernetesapiserver
drone secret add --image=quay.io/ipedrazas/drone-helm \
your-user/your-repo STAGING_KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...
drone secret add --image=quay.io/ipedrazas/drone-helm \
your-user/your-repo STAGING_SECRET_PASSWORD Sup3rS3cr3t
```
`Prefix` helps you to use the same block in different environments:
```YAML
pipeline:
helm_deploy_staging:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: STAGING
debug: true
wait: true
when:
branch:
exclude: [ master ]
pipeline_production:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: PROD
debug: true
wait: true
when:
branch: [master]
```
This last block defines how the plugin will deploy
## Testing with Minikube
To test the plugin, you can run `minikube` and just run the docker image as follows:
By using the docker daemon of minikube we can test local builds without having to push to a registry:
```bash
eval $(minikube docker-env)
```
Build the image locally
```bash
./build.sh
```
Get the token for the default service account in the default namespace:
```bash
KUBERNETES_TOKEN=$(kubectl get secret $(kubectl get sa default -o jsonpath='{.secrets[].name}{"\n"}') -o jsonpath="{.data.token}" | base64 -D)
```
Run the local image (or replace `drone-helm` with `quay.io/ipedrazas/drone-helm`:
@@ -215,44 +32,6 @@ docker run --rm \
quay.io/ipedrazas/drone-helm
```
## Advanced customisations and debugging
### Fork Notes
This plugin installs [Tiller](https://github.com/kubernetes/helm/blob/master/docs/architecture.md) in the cluster, if you want to specify the namespace where `tiller` ins installed, use the `tiller_ns` attribute.
The following example will install `tiller` in the `operations` namespace:
```YAML
pipeline_production:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: PROD
tiller_ns: operations
when:
branch: [master]
```
There's an option to do a `dry-run` in case you want to verify that the secrets and envvars are replaced correctly. Just add the attribute `dry-run` to true:
```YAML
pipeline_production:
helm_deploy:
image: quay.io/ipedrazas/drone-helm
skip_tls_verify: true
chart: ./charts/my-chart
release: ${DRONE_BRANCH}
values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
prefix: STAGING
dry-run:true
when:
branch: [master]
```
Happy Helming!
## Known issues
* Drone secrets that are part of `values` can be leaked in debug mode and in case of error as the whole helm command will be printed in the logs. See #52
This is currently a fork of ipedrazas/drone-helm which is published to quai. The fork image will be published to dockerhub at peloton/drone-helm in the docs just replace until we know the long term path.