Specify tiller version #23

yorinasub17 · 2019-02-06T18:16:12Z

This implements the ability to specify a specific Tiller image to use when deploying. The terraform helm provider expects v2.11.0 of Tiller, so this is necessary to ensure the version installed is what the provider expects.

In addition to this, I reorganized the deploy command help so it looks better. Specifically, I floated all the required args to the top and made the way defaults show be consistent:

%~> kubergrunt helm deploy --help
Usage: kubergrunt helm deploy [options] [args]

Install and setup a best practice Helm Server. In addition to providing a basic Helm Server, this will:

  - Provision TLS certs for the new Helm Server.
  - Setup an RBAC role restricted to the specified namespace and bind it to the specified ServiceAccount.
  - Default to use Secrets for storing Helm Server releases (as opposed to ConfigMaps).
  - Store the private key of the TLS certs in a Secret resource in the kube-system namespace.

Additionally, this command will grant access to an RBAC entity and configure the local helm client to use that using one
of "--rbac-user", "--rbac-group", "--rbac-service-account" options.

Options:

   --service-account value              (Required) The name of the ServiceAccount that Tiller should use.
   --tiller-namespace value             (Required) Kubernetes namespace that Tiller will reside in.
   --resource-namespace value           (Required) Kubernetes namespace where the resources deployed by Tiller reside.
   --tls-common-name value              (Required) The name that will go into the CN (CommonName) field of the identifier.
   --tls-org value                      (Required) The name of the company that is generating this cert.
   --client-tls-common-name value       (Required) The name that will go into the CN (CommonName) field of the
                                        identifier for the client.
   --client-tls-org value               (Required) The name of the company that is generating this cert for the client.
   --rbac-user value                    Name of RBAC user that configuration of local helm client is for. Only one of --rbac-user,
                                        --rbac-group, or --rbac-service-account can be specified.
   --rbac-group value                   Name of RBAC group that configuration of local helm client is for. Only one of --rbac-user,
                                        --rbac-group, or --rbac-service-account can be specified.
   --rbac-service-account value         Name of the Service Account that configuration of local helm client is for. Only
                                        one of --rbac-user, --rbac-group, or --rbac-service-account can be specified.
   --tiller-image value                 The container image to use when deploying tiller. (default:
                                        "gcr.io/kubernetes-helm/tiller")
   --tiller-version value               The version of the container image to use when deploying tiller. (default: "v2.11.0")
   --tls-org-unit value                 The name of the unit in --tls-org that is generating this cert.
   --tls-city value                     The city where --tls-org is located.
   --tls-state value                    The state where --tls-org is located.
   --tls-country value                  The country where --tls-org is located.
   --tls-validity value                 How long the cert will be valid for, in days. (default: 3650)
   --tls-private-key-algorithm value    The name of the algorithm to use for private keys. Must be one of: ECDSA,
                                        RSA. (default: "ECDSA")
   --tls-private-key-ecdsa-curve value  The name of the elliptic curve to use. Should only be used if
                                        --tls-private-key-algorithm is ECDSA. Must be one of P224, P256, P384,
                                        P521. (default: "P256")
   --tls-private-key-rsa-bits value     The size of the generated RSA key in bits. Should only be used if
                                        --tls-private-key-algorithm is RSA. Must be at least 2048. (default: 2048)
   --client-tls-org-unit value          The name of the unit in --client-tls-org that is generating this cert.
   --client-tls-city value              The city where --client-tls-org is located.
   --client-tls-state value             The state where --client-tls-org is located.
   --client-tls-country value           The country where --client-tls-org is located.
   --helm-home value                    Home directory that is configured for accessing deployed Tiller server. (default: "~/.helm")
   --kubectl-context-name value         The kubectl config context to use for authenticating with the Kubernetes cluster.
   --kubeconfig value                   The path to the kubectl config file to use to authenticate with Kubernetes. (default:
                                        "~/.kube/config")

robmorgan

LGTM

yorinasub17 added 2 commits February 6, 2019 10:12

Allow specification of tiller image

294231b

Reorganize command help

4fc9d92

yorinasub17 requested review from robmorgan, rileykarson and autero1 February 6, 2019 18:16

robmorgan approved these changes Feb 7, 2019

View reviewed changes

rileykarson approved these changes Feb 7, 2019

View reviewed changes

autero1 approved these changes Feb 7, 2019

View reviewed changes

yorinasub17 merged commit 9703cc2 into master Feb 8, 2019

yorinasub17 deleted the yori-specify-tiller-version branch February 8, 2019 05:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Specify tiller version #23

Specify tiller version #23

yorinasub17 commented Feb 6, 2019

robmorgan left a comment

Specify tiller version #23

Specify tiller version #23

Conversation

yorinasub17 commented Feb 6, 2019

robmorgan left a comment

Choose a reason for hiding this comment