mirror of
https://github.com/ipedrazas/drone-helm.git
synced 2026-06-04 18:24:13 +08:00
token renamed
This commit is contained in:
Ivan Pedrazas
@@ -1,35 +1,67 @@
|
||||
# Helm (Kubernetes) plugin for drone.io
|
||||
|
||||
[](http://drone.sohohousedigital.com/ipedrazas/drone-helm)
|
||||
](https://drone.sohohousedigital.com/ipedrazas/drone-helm)
|
||||
|
||||
This plugin allows to deploy a [Helm](https://github.com/kubernetes/helm) chart into a [Kubernetes](https://github.com/kubernetes/kubernetes) cluster.
|
||||
|
||||
For example, this configuration will deploy my-app using the [stable/jenkins chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins)
|
||||
For example, this configuration will deploy my-app using a chart located in the repo called `my-chart`
|
||||
|
||||
|
||||
pipeline:
|
||||
helm_deploy:
|
||||
image: quay.io/ipedrazas/drone-helm
|
||||
chart: stable/jenkins
|
||||
release: my-dear-jenkins
|
||||
helm_deploy:
|
||||
image: quay.io/ipedrazas/drone-helm
|
||||
skip_tls_verify: true
|
||||
chart: ./charts/my-chart
|
||||
release: ${DRONE_BRANCH}
|
||||
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
|
||||
prefix: STAGING
|
||||
debug: true
|
||||
when:
|
||||
branch: [master]
|
||||
|
||||
There are two secrets you have to create:
|
||||
There are two secrets you have to create (Note that if you specify the prefix, your secrets have to be created using that prefix):
|
||||
|
||||
drone secret add --image=quay.io/ipedrazas/drone-helm \
|
||||
your-user/your-repo API_SERVER https://mykubernetesapiserver
|
||||
your-user/your-repo STAGING_API_SERVER https://mykubernetesapiserver
|
||||
|
||||
|
||||
drone secret add --image=quay.io/ipedrazas/drone-helm \
|
||||
your-user/your-repo KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...
|
||||
your-user/your-repo STAGING_KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...
|
||||
|
||||
|
||||
If you don't know where to get a token from, you can execute the following command:
|
||||
|
||||
kubectl exec POD_NAME -- cat /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
drone secret add --image=quay.io/ipedrazas/drone-helm \
|
||||
your-user/your-repo STAGING_SECRET_PASSWORD Sup3rS3cr3t
|
||||
|
||||
For example, in a cluster where there's a pod called `nginx-1212390922-fdz1x` we coudl do:
|
||||
`Prefix` helps you to use the same block in different environments:
|
||||
|
||||
kubectl exec nginx-1212390922-fdz1x -- cat /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
pipeline:
|
||||
helm_deploy_staging:
|
||||
image: quay.io/ipedrazas/drone-helm
|
||||
skip_tls_verify: true
|
||||
chart: ./charts/my-chart
|
||||
release: ${DRONE_BRANCH}
|
||||
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
|
||||
prefix: STAGING
|
||||
debug: true
|
||||
when:
|
||||
branch:
|
||||
exclude: [ master ]
|
||||
|
||||
|
||||
pipeline_production:
|
||||
helm_deploy:
|
||||
image: quay.io/ipedrazas/drone-helm
|
||||
skip_tls_verify: true
|
||||
chart: ./charts/my-chart
|
||||
release: ${DRONE_BRANCH}
|
||||
values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
|
||||
prefix: PROD
|
||||
debug: true
|
||||
when:
|
||||
branch: [master]
|
||||
|
||||
|
||||
This last block defines how the plugin will deploy
|
||||
|
||||
|
||||
To test the plugin, you can run `minikube` and just run the docker image as follows:
|
||||
@@ -43,35 +75,13 @@ To test the plugin, you can run `minikube` and just run the docker image as foll
|
||||
-e PLUGIN_RELEASE=my-release \
|
||||
-e PLUGIMN_CHART=stable/redis \
|
||||
-e PLUGIN_VALUES="tag=TAG,api=API" \
|
||||
-e PLUGIN_SECRETS=TAG,API \
|
||||
-e PLUGIN_DEBUG=true \
|
||||
-e PLUGIN_DRY_RUN=true \
|
||||
-e DRONE_BUILD_EVENT=delete \
|
||||
-e DRONE_BUILD_EVENT=push \
|
||||
quay.io/ipedrazas/drone-helm
|
||||
|
||||
|
||||
## Secrets
|
||||
This plugin expects [Tiller](https://github.com/kubernetes/helm/blob/master/docs/architecture.md) to be already installed in the cluster
|
||||
|
||||
If you find that you need to put a secret in the `--set` values of your `Helm` command you have to create the drone secret first:
|
||||
|
||||
drone secret add --image=quay.io/ipedrazas/drone-helm \
|
||||
your-user/your-repo MYSECRET secretvalue
|
||||
|
||||
Then you have to define values as
|
||||
|
||||
|
||||
pipeline:
|
||||
helm_deploy:
|
||||
image: quay.io/ipedrazas/drone-helm
|
||||
chart: stable/jenkins
|
||||
release: my-dear-jenkins
|
||||
values: webhook.token=${MYSECRET},webhook.key=$KEY
|
||||
api_server: ${STAGING_API_SERVER}
|
||||
secrets: MYSECRET,STAGING_API_SERVER,KEY
|
||||
|
||||
You have to do this because from 0.5 version fo Drone, secrets are not expanded in plugins. This means that there's
|
||||
no possibility of passing secret parameters as part of a value to the plugin.
|
||||
|
||||
This is a limitation of Drone. to overcome that problem, we define the `SECRETS` and the plugin will resolve them
|
||||
|
||||
Happy Helming!
|
||||
|
||||
@@ -138,7 +138,7 @@ func runCommand(params []string) error {
|
||||
func resolveSecrets(p *Plugin) {
|
||||
p.Config.Values = resolveEnvVar(p.Config.Values, p.Config.Prefix)
|
||||
p.Config.APIServer = resolveEnvVar("${API_SERVER}", p.Config.Prefix)
|
||||
p.Config.Token = resolveEnvVar("${TOKEN}", p.Config.Prefix)
|
||||
p.Config.Token = resolveEnvVar("${KUBERNETES_TOKEN}", p.Config.Prefix)
|
||||
}
|
||||
|
||||
// getEnvVars will return [${TAG} {TAG} TAG]
|
||||
@@ -155,7 +155,6 @@ func resolveEnvVar(key string, prefix string) string {
|
||||
|
||||
func replaceEnvvars(envvars [][]string, prefix string, s string) string {
|
||||
for _, envvar := range envvars {
|
||||
// [${TAG} {TAG} TAG]
|
||||
envvarName := envvar[0]
|
||||
envvarKey := envvar[2]
|
||||
if prefix != "" {
|
||||
|
||||
Reference in New Issue
Block a user