Skip to content
This repository has been archived by the owner on Mar 29, 2023. It is now read-only.

Update to latest method of deploying tiller #29

Merged
merged 4 commits into from
May 6, 2019
Merged

Update to latest method of deploying tiller #29

merged 4 commits into from
May 6, 2019

Conversation

yorinasub17
Copy link
Contributor

Recently, we updated terraform-kubernetes-helm to provide a module for the actual deployment of Tiller (https://github.com/gruntwork-io/terraform-kubernetes-helm/releases/tag/v0.3.0) that uses the kubernetes_deployment resource of the kubernetes provider, as opposed to using kubergrunt. In this model, kubergrunt is used to manage the TLS certificates, but not the deployment of Tiller itself. This has a few advantages:

  • We still get to keep the main reason we use kubergrunt: securely managing the TLS certificates so that they don't leak into Terraform state.
  • The steps are broken up in Terraform, which leads to better error handling when something goes wrong. Before, any failure in the command will mess up the deployment and recovery was difficult because the command was not idempotent. (See notes in slack about why it was difficult to make the deploy command itself idempotent).
  • This leads to better composability/flexibility. Our users can now pick and choose which features to use, including avoiding kubergrunt altogether by either hand generating certs, or using the tls provider.
  • Now you can upgrade and adjust the tiller deployment in Terraform. E.g rolling out a new version can be done by updating a variable and applying the Terraform code.

The main disadvantage of this approach is that there is more code to copy from the example, because it is more broken up. There is more work to be done to address this, but I think this is sufficient for now.

autero1
autero1 reviewed May 6, 2019
View reviewed changes
examples/gke-basic-tiller/README.md
calling out to our `kubergrunt` utility in order to securely deploy Tiller - the server component of Helm.
utilizing the [k8s-tiller module in the terraform-kubernetes-helm
repository](https://github.com/gruntwork-io/terraform-kubernetes-helm/tree/master/modules/k8s-tiller).
Note that we utilize our `kubergrunt` utility to securely manage TLS certificate key pairs used by Tiller - the server
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When will kubergrunt be open sourced?

@rileykarson rileykarson mentioned this pull request May 6, 2019
Merged
@yorinasub17
Copy link
Contributor Author

Ok going to merge this.

@yorinasub17 yorinasub17 merged commit 0f3cf50 into master May 6, 2019
@yorinasub17 yorinasub17 deleted the yori-update-to-latest-tiller branch May 6, 2019 18:52
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@autero1 autero1 autero1 approved these changes

@rileykarson rileykarson rileykarson approved these changes

@robmorgan robmorgan Awaiting requested review from robmorgan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yorinasub17 @rileykarson @autero1