Deploy Helm Charts from Concourse.
Heavily based on the work of linkyard/concourse-helm-resource
.
You can pull the resource image from typositoire/concourse-helm3-resource
.
resource_types:
- name: helm
type: docker-image
source:
repository: typositoire/concourse-helm3-resource
cluster_url
: Optional. URL to Kubernetes Master API service. Do not set when using thekubeconfig_path
parameter, otherwise required.cluster_ca
: Optional. Cluster CA certificate PEM, optionally Base64 encoded. (Required ifinsecure_cluster
== false)insecure_cluster
: Optional. Skip TLS verification for cluster API. (Required ifcluster_ca
is nil)token
: Optional. Bearer token for Kubernetes. This, 'token_path' oradmin_key
/admin_cert
are required ifcluster_url
is https.token_path
: Optional. Path to file containing the bearer token for Kubernetes. This, 'token' oradmin_key
/admin_cert
are required ifcluster_url
is https.admin_key
: Optional. Base64 encoded PEM. Required ifcluster_url
is https and notoken
or 'token_path' is provided.admin_cert
: Optional. Base64 encoded PEM. Required ifcluster_url
is https and notoken
or 'token_path' is provided.release
: Optional. Name of the release (not a file, a string). (Default: autogenerated by helm)namespace
: Optional. Kubernetes namespace the chart will be installed into. (Default: default)helm_history_max
: Optional. Limits the maximum number of revisions. (Default: 0 = no limit)repos
: Optional. Array of Helm repositories to initialize, each repository is defined as an object with propertiesname
,url
(required) username and password (optional).plugins
: Optional. Array of Helm plugins to install, each defined as an object with propertiesurl
(required),version
(optional).stable_repo
: Optional Override default Helm stable repo https://kubernetes-charts.storage.googleapis.com. Useful if running helm deploys without internet access.tracing_enabled
: Optional. Enable extremely verbose tracing for this resource. Useful when developing the resource itself. May allow secrets to be displayed. (Default: false)helm_setup_purge_all
: Optional. Delete and purge every helm release. Use with extreme caution. (Default: false)
use_aws_iam_authenticator
: Optional. If true, the aws_iam_authenticator, required for connecting with EKS, is used.assume_aws_role
: Optional. When using aws_iam_authenticator. If true, a role will be assumed before using the aws_iam_authenticator to connect to EKS.aws_region
: Optional. When using the optional aws_iam_authenticator and optional assume_aws_role, setting the aws_region is required. This defaults to us-east-1aws_secret_access_key
: Optional Default to empty. It is going to be used together with aws_secret_key_id instead of the aws_iam_authenticator.aws_access_key_id
: Optional Default to empty. It is going to be used together with aws_secret_access_key instead of the aws_iam_authenticator.aws_eks_cluster_name
: Optional. the AWS EKS cluster name, required when use_aws_iam_authenticator or use_awscli_eks_auth is true.
use_awscli_eks_auth
: Optional Defaults to false. If "true", uses the awscli generate the kube config. You can even leave out cluster_url and cluster_ca then. Required is only the aws_eks_cluster_name
Deploy an helm chart
chart
: Required. Either the file containing the helm chart to deploy (ends with .tgz), the path to a local directory containing the chart or the name of the chart from a repo (e.g.stable/mysql
).namespace
: Optional. Either a file containing the name of the namespace or the name of the namespace. (Default: taken from source configuration).create_namespace
: Optional. Create the namespace if it doesn't exist (Default: false).release
: Optional. Either a file containing the name of the release or the name of the release. (Default: taken from source configuration).values
: Optional. File containing the values.yaml for the deployment. Supports setting multiple value files using an array.override_values
: Optional. Array of values that can override those defined in values.yaml. Each entry in the array is a map containing a key and a value or path. Value is set directly while path reads the contents of the file in that path. Ahide: true
parameter ensures that the value is not logged and instead replaced with***HIDDEN***
. Atype: string
parameter makes sure Helm always treats the value as a string (uses the--set-string
option to Helm; useful if the value varies and may look like a number, eg. if it's a Git commit hash). Averbatim: true
parameter escapes backslashes so the value is passed as-is to the Helm chart (useful for((credentials))
). The default behaviour of backslashes in--set
is to quote the next character soval\ue
is treated asvalue
by Helm.token_path
: Optional. Path to file containing the bearer token for Kubernetes. This, 'token' oradmin_key
/admin_cert
are required ifcluster_url
is https.version
: Optional Chart version to deploy, can be a file or a value. Only applies ifchart
is not a file.test
: Optional. Test the release instead of installing it. Requires therelease
. (Default: false)test_logs
: Optional. Display pod logs when runningtest
. (Default: false)delete
: Optional. Deletes the release instead of installing it. Requires therelease
. (Default: false)replace
: Optional. Replace deleted release with same name. (Default: false)force
: Optional. Force resource update through delete/recreate if needed. (Default: false)devel
: Optional. Allow development versions of chart to be installed. This is useful when wanting to install pre-release charts (i.e. 1.0.2-rc1) without having to specify a version. (Default: false)debug
: Optional. Dry run the helm install with the debug flag which logs interpolated chart templates. (Default: false)check_is_ready
: Optional. Requires thatwait
is set to Default. Applies --wait without timeout. (Default: false)atomic
: Optional. This flag will cause failed installs to purge the release, and failed upgrades to rollback to the previous release. (Default: false)reuse_values
: Optional. When upgrading, reuse the last release's values. (Default: false)reset_values
: Optional. When upgrading, reset the values to the ones built into the chart. (Default: false)timeout
: Optional. This flag sets the max time to wait for any individual Kubernetes operation. (Default: 5m0s)wait
: Optional. Allows deploy task to sleep for X seconds before continuing to next task. Allows pods to restart and become stable, useful where dependency between pods exists. (Default: 0)kubeconfig_path
: Optional. File containing a kubeconfig. Overrides source configuration for cluster, token, and admin config.show_diff
: Optional. Show the diff that is applied if upgrading an existing successful release. Will not be used whendevel
is set. (Default: false)disable_openapi_validation
: Optional. The upgrade process will not validate rendered templates against the Kubernetes OpenAPI Schema. (Default: false)
Define the resource:
resources:
- name: myapp-helm
type: helm
source:
cluster_url: https://kube-master.domain.example
cluster_ca: _base64 encoded CA pem_
admin_key: _base64 encoded key pem_
admin_cert: _base64 encoded certificate pem_
repos:
- name: some_repo
url: https://somerepo.github.io/charts
Add to job:
jobs:
# ...
plan:
- put: myapp-helm
params:
chart: source-repo/chart-0.0.1.tgz
values: source-repo/values.yaml
override_values:
- key: replicas
value: 2
- key: version
path: version/number # Read value from version/number
- key: secret
value: ((my-top-secret-value)) # Pulled from a credentials backend like Vault
hide: true # Hides value in output
- key: image.tag
path: version/image_tag # Read value from version/number
type: string # Make sure it's interpreted as a string by Helm (not a number)
Example EKS config:
resource_types:
- name: helm
type: docker-image
source:
repository: yourrepo/concourse-helm-eks-resource
standard-artifactory-helm-source: &STANDARD-ARTIFACTORY-HELM-SOURCE
use_awscli_eks_auth: "true"
repos:
- name: {{ artifactory.repository }}
url: {{ artifactory.url }}/{{ artifactory.repository }}
username: {{ artifactory.user }}
password: "{{ artifactory_password }}"
- name: fluentd-chart
type: helm
source:
<<: *STANDARD-ARTIFACTORY-HELM-SOURCE
aws_eks_cluster_name: someekscluster
assume_aws_role: arn:aws:iam::{{someaccount}}:role/somerole
namespace: kube-system
release: fluentd
jobs:
- name: helm-rollout-on-{{somecluster}}
plan:
- get: values
trigger: true
- put: fluentd-chart-on-{{account}}
params:
chart: {{ artifactory.repository }}/fluentd-cloudwatch
values: values/kubernetes/charts/fluentd/values.yaml
recreate_pods: true