From 66b2406a6e585ba9200691821de9fe24b155f9a0 Mon Sep 17 00:00:00 2001 From: Joachim Hill-Grannec Date: Thu, 2 Aug 2018 14:36:58 +0200 Subject: [PATCH] Moved usage info to docs added drone file to build gitignore release, vendor remove build from docker file (now in drone) --- .drone.yml | 82 ++++++++++++++++++ .gitignore | 3 +- DOCS.md | 230 +++++++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile | 29 +------ README.md | 239 ++--------------------------------------------------- 5 files changed, 326 insertions(+), 257 deletions(-) create mode 100644 .drone.yml create mode 100644 DOCS.md diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..38cdfc0 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,82 @@ +workspace: + base: /go + path: src/github.com/josmo/drone-helm +pipeline: + deps: + image: golang:1.10 + pull: true + commands: + - go get -u github.com/golang/dep/cmd/dep + - dep ensure + + test: + image: golang:1.10 + commands: + - go vet + - go test -cover -coverprofile=coverage.out + + build_linux_amd64: + image: golang:1.10 + group: build + environment: + - GOOS=linux + - GOARCH=amd64 + - CGO_ENABLED=0 + commands: + - go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -o release/linux/amd64/drone-helm + +# build_linux_arm64: +# image: golang:1.10 +# group: build +# environment: +# - GOOS=linux +# - GOARCH=arm64 +# - CGO_ENABLED=0 +# commands: +# - go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -o release/linux/arm64/drone-helm +# +# build_linux_arm: +# image: golang:1.10 +# group: build +# environment: +# - GOOS=linux +# - GOARCH=arm +# - CGO_ENABLED=0 +# - GOARM=7 +# commands: +# - go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -o release/linux/arm/drone-helm + + publish_linux_amd64: + image: plugins/docker + group: publish + username: josmo + repo: peloton/drone-helm + auto_tag: true + secrets: [ docker_password ] + dockerfile: Dockerfile + when: + event: [ tag, push ] + +# publish_linux_arm64: +# image: plugins/docker +# group: publish +# username: josmo +# repo: peloton/drone-helm +# auto_tag: true +# auto_tag_suffix: linux-arm64 +# secrets: [ docker_password ] +# dockerfile: Dockerfile.arm64 +# when: +# event: [ tag, push ] +# +# publish_linux_arm: +# image: plugins/docker +# group: publish +# username: josmo +# repo: peloton/drone-helm +# auto_tag: true +# auto_tag_suffix: linux-arm +# secrets: [ docker_password ] +# dockerfile: Dockerfile.arm +# when: +# event: [ tag, push ] \ No newline at end of file diff --git a/.gitignore b/.gitignore index b3f5613..dc51518 100644 --- a/.gitignore +++ b/.gitignore @@ -28,4 +28,5 @@ drone-helm *.out .vscode .idea -.vendor +vendor +release diff --git a/DOCS.md b/DOCS.md new file mode 100644 index 0000000..4be9957 --- /dev/null +++ b/DOCS.md @@ -0,0 +1,230 @@ +### Simple Usage + +For example, this configuration will deploy my-app using a chart located in the repo called `my-chart` + +```YAML +pipeline: + helm_deploy: + image: quay.io/ipedrazas/drone-helm + skip_tls_verify: true + chart: ./charts/my-chart + release: ${DRONE_BRANCH} + values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} + prefix: STAGING + debug: true + wait: true + when: + branch: [master] +``` + +Last update of Drone expect you to declare the secrets you want to use: + +```YAML +pipeline: + helm_deploy: + image: quay.io/ipedrazas/drone-helm + chart: ./chart/blog + release: ${DRONE_BRANCH}-blog + values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} + prefix: PROD + secrets: [ prod_api_server, prod_kubernetes_token ] + when: + branch: [master] +``` + +Use Kubernetes Certificate Authority Data. Just add the `_kubernetes_certificate` secret + +```diff + helm_deploy: + image: quay.io/ipedrazas/drone-helm + chart: ./chart/blog + release: ${DRONE_BRANCH}-blog + values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} + prefix: PROD + - secrets: [ prod_api_server, prod_kubernetes_token ] + + secrets: [ prod_api_server, prod_kubernetes_token, prod_kubernetes_certificate ] + when: + branch: [master] +``` + +### Using Values and Value files + +Values can be passed using the `values_files` key. Use this option to define your values in a set of files +and pass them to `helm`. This option trigger the `-f` or ``--values`` flag in `helm`: + +```plain +--values valueFiles specify values in a YAML file (can specify multiple) (default []) +``` + +For example: + +```YAML +pipeline: + helm_deploy: + image: quay.io/ipedrazas/drone-helm + skip_tls_verify: true + chart: ./charts/my-chart + release: ${DRONE_BRANCH} + values_files: ["global-values.yaml", "myenv-values.yaml"] + when: + branch: [master] +``` + +### Using private Repositories + +Charts can also be fetched from your own private Chart Repository. `helm_repos` accepts a comma separated list of key value pairs where the key is the repository name and the value is the repository url. + +For Example: + +```YAML +pipeline: + helm_deploy_staging: + image: quay.io/ipedrazas/drone-helm + skip_tls_verify: true + helm_repos: hb-charts=http://helm-charts.honestbee.com + chart: hb-charts/hello-world + values: image.repository=quay.io/honestbee/hello-drone-helm,image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} + release: ${DRONE_REPO_NAME}-${DRONE_BRANCH} + prefix: STAGING + when: + branch: + exclude: [ master ] +``` + +## Updating Chart dependencies + +In some cases, the local Chart might contain external dependencies defined in `./charts/my-chart/requirements.yaml`, e.g.: + +```YAML +dependencies: + - name: redis + version: 3.3.6 + repository: '@stable' +``` + +To restore these dependecies before the deployment `update_dependencies` parameter should be used, e.g.: + +```YAML +pipeline: + helm_deploy: + image: quay.io/ipedrazas/drone-helm + skip_tls_verify: true + chart: ./charts/my-chart + update_dependencies: true + release: ${DRONE_BRANCH} + values_files: ["global-values.yaml", "myenv-values.yaml"] + when: + branch: [master] +``` + +## Drone Secrets + +There are two secrets you have to create (Note that if you specify the prefix, your secrets have to be created using that prefix): + +```bash +drone secret add --image=quay.io/ipedrazas/drone-helm \ + your-user/your-repo STAGING_API_SERVER https://mykubernetesapiserver + +drone secret add --image=quay.io/ipedrazas/drone-helm \ + your-user/your-repo STAGING_KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ... + +drone secret add --image=quay.io/ipedrazas/drone-helm \ + your-user/your-repo STAGING_SECRET_PASSWORD Sup3rS3cr3t +``` + +`Prefix` helps you to use the same block in different environments: + +```YAML +pipeline: + helm_deploy_staging: + image: quay.io/ipedrazas/drone-helm + skip_tls_verify: true + chart: ./charts/my-chart + release: ${DRONE_BRANCH} + values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} + prefix: STAGING + debug: true + wait: true + when: + branch: + exclude: [ master ] + +pipeline_production: + helm_deploy: + image: quay.io/ipedrazas/drone-helm + skip_tls_verify: true + chart: ./charts/my-chart + release: ${DRONE_BRANCH} + values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} + prefix: PROD + debug: true + wait: true + when: + branch: [master] +``` + +This last block defines how the plugin will deploy + +## Testing with Minikube + +To test the plugin, you can run `minikube` and just run the docker image as follows: + +By using the docker daemon of minikube we can test local builds without having to push to a registry: + +```bash +eval $(minikube docker-env) +``` + +Build the image locally + +```bash +./build.sh +``` + +Get the token for the default service account in the default namespace: + +```bash +KUBERNETES_TOKEN=$(kubectl get secret $(kubectl get sa default -o jsonpath='{.secrets[].name}{"\n"}') -o jsonpath="{.data.token}" | base64 -D) +``` + +## Advanced customisations and debugging + +This plugin installs [Tiller](https://github.com/kubernetes/helm/blob/master/docs/architecture.md) in the cluster, if you want to specify the namespace where `tiller` ins installed, use the `tiller_ns` attribute. + +The following example will install `tiller` in the `operations` namespace: + +```YAML +pipeline_production: + helm_deploy: + image: quay.io/ipedrazas/drone-helm + skip_tls_verify: true + chart: ./charts/my-chart + release: ${DRONE_BRANCH} + values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} + prefix: PROD + tiller_ns: operations + when: + branch: [master] +``` + +There's an option to do a `dry-run` in case you want to verify that the secrets and envvars are replaced correctly. Just add the attribute `dry-run` to true: + +```YAML +pipeline_production: + helm_deploy: + image: quay.io/ipedrazas/drone-helm + skip_tls_verify: true + chart: ./charts/my-chart + release: ${DRONE_BRANCH} + values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} + prefix: STAGING + dry-run:true + when: + branch: [master] +``` + +Happy Helming! + +## Known issues + +* Drone secrets that are part of `values` can be leaked in debug mode and in case of error as the whole helm command will be printed in the logs. See #52 \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index ec06df2..de0b771 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,3 @@ -# -# ----- Go Builder Image ------ -# -FROM golang:1.8-alpine AS builder - -RUN apk add --no-cache git - -# set working directory -RUN mkdir -p /go/src/drone-helm -WORKDIR /go/src/drone-helm - -# copy sources -COPY . . - -# add dependencies -RUN go get - -# run tests -RUN go test -v - -# build binary -RUN go build -v -o "/drone-helm" - # # ------ Drone-Helm plugin image ------ # @@ -28,13 +5,13 @@ RUN go build -v -o "/drone-helm" FROM alpine:3.6 MAINTAINER Ivan Pedrazas -# Helm version: can be passed at build time (default to v2.6.0) +# Helm version: can be passed at build time ARG VERSION ENV VERSION ${VERSION:-v2.9.1} ENV FILENAME helm-${VERSION}-linux-amd64.tar.gz ARG KUBECTL -ENV KUBECTL ${KUBECTL:-v1.10.2} +ENV KUBECTL ${KUBECTL:-v1.11.0} RUN set -ex \ && apk add --no-cache curl ca-certificates \ @@ -49,7 +26,7 @@ RUN set -ex \ LABEL description="Kubectl and Helm." LABEL base="alpine" -COPY --from=builder /drone-helm /bin/drone-helm +ADD release/linux/amd64/drone-k8s-job /bin/ COPY kubeconfig /root/.kube/kubeconfig ENTRYPOINT [ "/bin/drone-helm" ] diff --git a/README.md b/README.md index aae1a6f..185a93b 100644 --- a/README.md +++ b/README.md @@ -1,202 +1,19 @@ # Helm (Kubernetes) plugin for drone.io -[![Build Status](https://build.kube.camp/api/badges/ipedrazas/drone-helm/status.svg)](https://build.kube.camp/ipedrazas/drone-helm) +[![Build Status](https://drone.pelo.tech/api/badges/josmo/drone-helm/status.svg)](https://drone.pelo.tech/josmo/drone-helm) +[![Go Doc](https://godoc.org/github.com/josmo/drone-helm?status.svg)](http://godoc.org/github.com/josmo/drone-helm) +[![Go Report](https://goreportcard.com/badge/github.com/josmo/drone-helm)](https://goreportcard.com/report/github.com/josmo/drone-helm) +[![](https://images.microbadger.com/badges/image/peloton/drone-helm.svg)](https://microbadger.com/images/peloton/drone-helm "Get your own image badge on microbadger.com") This plugin allows to deploy a [Helm](https://github.com/kubernetes/helm) chart into a [Kubernetes](https://github.com/kubernetes/kubernetes) cluster. -* Current `helm` version: 2.6.0 -* Current `kubectl` version: 1.6.6 +* Current `helm` version: 2.9.1 +* Current `kubectl` version: 1.11.0 ## Drone Pipeline Usage -### Simple Usage +For the usage information and a listing of the available options please take a look at [the docs](DOCS.md). -For example, this configuration will deploy my-app using a chart located in the repo called `my-chart` - -```YAML -pipeline: - helm_deploy: - image: quay.io/ipedrazas/drone-helm - skip_tls_verify: true - chart: ./charts/my-chart - release: ${DRONE_BRANCH} - values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} - prefix: STAGING - debug: true - wait: true - when: - branch: [master] -``` - -Last update of Drone expect you to declare the secrets you want to use: - -```YAML -pipeline: - helm_deploy: - image: quay.io/ipedrazas/drone-helm - chart: ./chart/blog - release: ${DRONE_BRANCH}-blog - values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} - prefix: PROD - secrets: [ prod_api_server, prod_kubernetes_token ] - when: - branch: [master] -``` - -Use Kubernetes Certificate Authority Data. Just add the `_kubernetes_certificate` secret - -```diff - helm_deploy: - image: quay.io/ipedrazas/drone-helm - chart: ./chart/blog - release: ${DRONE_BRANCH}-blog - values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} - prefix: PROD - - secrets: [ prod_api_server, prod_kubernetes_token ] - + secrets: [ prod_api_server, prod_kubernetes_token, prod_kubernetes_certificate ] - when: - branch: [master] -``` - -### Using Values and Value files - -Values can be passed using the `values_files` key. Use this option to define your values in a set of files -and pass them to `helm`. This option trigger the `-f` or ``--values`` flag in `helm`: - -```plain ---values valueFiles specify values in a YAML file (can specify multiple) (default []) -``` - -For example: - -```YAML -pipeline: - helm_deploy: - image: quay.io/ipedrazas/drone-helm - skip_tls_verify: true - chart: ./charts/my-chart - release: ${DRONE_BRANCH} - values_files: ["global-values.yaml", "myenv-values.yaml"] - when: - branch: [master] -``` - -### Using private Repositories - -Charts can also be fetched from your own private Chart Repository. `helm_repos` accepts a comma separated list of key value pairs where the key is the repository name and the value is the repository url. - -For Example: - -```YAML -pipeline: - helm_deploy_staging: - image: quay.io/ipedrazas/drone-helm - skip_tls_verify: true - helm_repos: hb-charts=http://helm-charts.honestbee.com - chart: hb-charts/hello-world - values: image.repository=quay.io/honestbee/hello-drone-helm,image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} - release: ${DRONE_REPO_NAME}-${DRONE_BRANCH} - prefix: STAGING - when: - branch: - exclude: [ master ] -``` - -## Updating Chart dependencies - -In some cases, the local Chart might contain external dependencies defined in `./charts/my-chart/requirements.yaml`, e.g.: - -```YAML -dependencies: - - name: redis - version: 3.3.6 - repository: '@stable' -``` - -To restore these dependecies before the deployment `update_dependencies` parameter should be used, e.g.: - -```YAML -pipeline: - helm_deploy: - image: quay.io/ipedrazas/drone-helm - skip_tls_verify: true - chart: ./charts/my-chart - update_dependencies: true - release: ${DRONE_BRANCH} - values_files: ["global-values.yaml", "myenv-values.yaml"] - when: - branch: [master] -``` - -## Drone Secrets - -There are two secrets you have to create (Note that if you specify the prefix, your secrets have to be created using that prefix): - -```bash -drone secret add --image=quay.io/ipedrazas/drone-helm \ - your-user/your-repo STAGING_API_SERVER https://mykubernetesapiserver - -drone secret add --image=quay.io/ipedrazas/drone-helm \ - your-user/your-repo STAGING_KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ... - -drone secret add --image=quay.io/ipedrazas/drone-helm \ - your-user/your-repo STAGING_SECRET_PASSWORD Sup3rS3cr3t -``` - -`Prefix` helps you to use the same block in different environments: - -```YAML -pipeline: - helm_deploy_staging: - image: quay.io/ipedrazas/drone-helm - skip_tls_verify: true - chart: ./charts/my-chart - release: ${DRONE_BRANCH} - values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} - prefix: STAGING - debug: true - wait: true - when: - branch: - exclude: [ master ] - -pipeline_production: - helm_deploy: - image: quay.io/ipedrazas/drone-helm - skip_tls_verify: true - chart: ./charts/my-chart - release: ${DRONE_BRANCH} - values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} - prefix: PROD - debug: true - wait: true - when: - branch: [master] -``` - -This last block defines how the plugin will deploy - -## Testing with Minikube - -To test the plugin, you can run `minikube` and just run the docker image as follows: - -By using the docker daemon of minikube we can test local builds without having to push to a registry: - -```bash -eval $(minikube docker-env) -``` - -Build the image locally - -```bash -./build.sh -``` - -Get the token for the default service account in the default namespace: - -```bash -KUBERNETES_TOKEN=$(kubectl get secret $(kubectl get sa default -o jsonpath='{.secrets[].name}{"\n"}') -o jsonpath="{.data.token}" | base64 -D) -``` Run the local image (or replace `drone-helm` with `quay.io/ipedrazas/drone-helm`: @@ -215,44 +32,6 @@ docker run --rm \ quay.io/ipedrazas/drone-helm ``` -## Advanced customisations and debugging +### Fork Notes -This plugin installs [Tiller](https://github.com/kubernetes/helm/blob/master/docs/architecture.md) in the cluster, if you want to specify the namespace where `tiller` ins installed, use the `tiller_ns` attribute. - -The following example will install `tiller` in the `operations` namespace: - -```YAML -pipeline_production: - helm_deploy: - image: quay.io/ipedrazas/drone-helm - skip_tls_verify: true - chart: ./charts/my-chart - release: ${DRONE_BRANCH} - values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} - prefix: PROD - tiller_ns: operations - when: - branch: [master] -``` - -There's an option to do a `dry-run` in case you want to verify that the secrets and envvars are replaced correctly. Just add the attribute `dry-run` to true: - -```YAML -pipeline_production: - helm_deploy: - image: quay.io/ipedrazas/drone-helm - skip_tls_verify: true - chart: ./charts/my-chart - release: ${DRONE_BRANCH} - values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7} - prefix: STAGING - dry-run:true - when: - branch: [master] -``` - -Happy Helming! - -## Known issues - -* Drone secrets that are part of `values` can be leaked in debug mode and in case of error as the whole helm command will be printed in the logs. See #52 +This is currently a fork of ipedrazas/drone-helm which is published to quai. The fork image will be published to dockerhub at peloton/drone-helm in the docs just replace until we know the long term path.