Deploy Helm Charts from Concourse.
Heavily based on the work of linkyard/concourse-helm-resource
.
You can pull the resource image from typositoire/concourse-helm3-resource
.
resource_types:
- name: helm
type: docker-image
source:
repository: typositoire/concourse-helm3-resource
cluster_url
: Optional. URL to Kubernetes Master API service. Do not set when using thekubeconfig_path
parameter, otherwise required.cluster_ca
: Optional. Cluster CA certificate PEM, optionally Base64 encoded. (Required ifinsecure_cluster
== false)insecure_cluster
: Optional. Skip TLS verification for cluster API. (Required ifcluster_ca
is nil)token
: Optional. Bearer token for Kubernetes. This,token_path
oradmin_key
/admin_cert
are required ifcluster_url
is https.token_path
: Optional. Path to file containing the bearer token for Kubernetes. This, 'token' oradmin_key
/admin_cert
are required ifcluster_url
is https.admin_key
: Optional. Base64 encoded PEM. Required ifcluster_url
is https and notoken
or 'token_path' is provided.admin_cert
: Optional. Base64 encoded PEM. Required ifcluster_url
is https and notoken
or 'token_path' is provided.release
: Optional. Name of the release (not a file, a string). (Default: autogenerated by helm)namespace
: Optional. Kubernetes namespace the chart will be installed into. (Default: default)helm_history_max
: Optional. Limits the maximum number of revisions. (Default: 0 = no limit)repos
: Optional. Array of Helm repositories to initialize, each repository is defined as an object with propertiesname
,url
(required) username and password (optional).plugins
: Optional. Array of Helm plugins to install, each defined as an object with propertiesurl
(required),version
(optional).stable_repo
: Optional Afalse
value will disable using a default Helm stable repo. Any other value will be used to Override default Helm stable repo URL https://charts.helm.sh/stable. Useful if running helm deploys without internet access.tracing_enabled
: Optional. Enable extremely verbose tracing for this resource. Useful when developing the resource itself. May allow secrets to be displayed. (Default: false)helm_setup_purge_all
: Optional. Delete and purge every helm release. Use with extreme caution. (Default: false)kubernetes_provider
: Optional. Useaws
ordigitalocean
if you plan to use any of the configuration below.
digitalocean.cluster_id
Optional. ClusterID on digitalocean to fetch kubeconfig.digitalocean.access_token
Optionl. Read Access Token to fetch kubeconfig.
aws.cluster_name
Required. Cluster name on AWS EKS to fetch kubeconfig.aws.assume_aws_role
Optional. Assume role ARN to generate kubeconfig.aws.aws_region
Optional. Region in which the cluster resides (Default: us-west-2)aws.aws_access_key_id
Required. Access Key ID to authenticate into AWSaws.aws_secret_access_key
Required. Secret Access Key to authenticate into AWSaws.aws_role_arn
Optional. Role ARN to assume for kubernetes access (kubeconfig)
Deploy an helm chart
chart
: Required. Either the file containing the helm chart to deploy (ends with .tgz), the path to a local directory containing the chart or the name of the chart from a repo (e.g.stable/mysql
).namespace
: Optional. Either a file containing the name of the namespace or the name of the namespace. (Default: taken from source configuration).create_namespace
: Optional. Create the namespace if it doesn't exist (Default: false).release
: Optional. Either a file containing the name of the release or the name of the release. (Default: taken from source configuration).values
: Optional. File containing the values.yaml for the deployment. Supports setting multiple value files using an array.override_values
: Optional. Array of values that can override those defined in values.yaml. Each entry in the array is a map containing a key and a value or path. Value is set directly while path reads the contents of the file in that path. Ahide: true
parameter ensures that the value is not logged and instead replaced with***HIDDEN***
. Atype: string
parameter makes sure Helm always treats the value as a string (uses the--set-string
option to Helm; useful if the value varies and may look like a number, eg. if it's a Git commit hash). Averbatim: true
parameter escapes backslashes so the value is passed as-is to the Helm chart (useful for((credentials))
). The default behaviour of backslashes in--set
is to quote the next character soval\ue
is treated asvalue
by Helm.token_path
: Optional. Path to file containing the bearer token for Kubernetes. This, 'token' oradmin_key
/admin_cert
are required ifcluster_url
is https.version
: Optional Chart version to deploy, can be a file or a value. Only applies ifchart
is not a file.test
: Optional. Test the release instead of installing it. Requires therelease
. (Default: false)test_logs
: Optional. Display pod logs when runningtest
. (Default: false)delete
: Optional. Deletes the release instead of installing it. Requires therelease
. (Default: false)replace
: Optional. Replace deleted release with same name. (Default: false)force
: Optional. Force resource update through delete/recreate if needed. (Default: false)devel
: Optional. Allow development versions of chart to be installed. This is useful when wanting to install pre-release charts (i.e. 1.0.2-rc1) without having to specify a version. (Default: false)debug
: Optional. Dry run the helm install with the debug flag which logs interpolated chart templates. (Default: false)check_is_ready
: Optional. Requires thatwait
is set to Default. Applies --wait without timeout. (Default: false)atomic
: Optional. This flag will cause failed installs to purge the release, and failed upgrades to rollback to the previous release. (Default: false)reuse_values
: Optional. When upgrading, reuse the last release's values. (Default: false)reset_values
: Optional. When upgrading, reset the values to the ones built into the chart. (Default: false)timeout
: Optional. This flag sets the max time to wait for any individual Kubernetes operation. (Default: 5m0s)wait
: Optional. Allows deploy task to sleep for X seconds before continuing to next task. Allows pods to restart and become stable, useful where dependency between pods exists. (Default: 0)kubeconfig_path
: Optional. File containing a kubeconfig. Overrides source configuration for cluster, token, and admin config.show_diff
: Optional. Show the diff that is applied if upgrading an existing successful release. Will not be used whendevel
is set. (Default: false)skip_missing_values:
Optional. Missing values files are skipped if they are specified in the values but do not exist. (Default false)
Define the resource:
Generic
resources:
- name: myapp-helm
type: helm
source:
cluster_url: https://kube-master.domain.example
cluster_ca: _base64 encoded CA pem_
admin_key: _base64 encoded key pem_
admin_cert: _base64 encoded certificate pem_
repos:
- name: some_repo
url: https://somerepo.github.io/charts
DigitalOcean
resources:
- name: myapp-helm
type: helm
source:
kubernetes_provider: digitalocean
digitalocean:
cluster_id: XXXXXXXXXXXXXX
access_token: XXXXXXXXXXX
repos:
- name: some_repo
url: https://somerepo.github.io/charts
AWS
resources:
- name: myapp-helm
type: helm
source:
kubernetes_provider: aws
aws:
cluster_name: my_aws_cluster
aws_access_key_id: XXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXX
repos:
- name: some_repo
url: https://somerepo.github.io/charts
Add to job:
jobs:
# ...
plan:
- put: myapp-helm
params:
chart: source-repo/chart-0.0.1.tgz
values: source-repo/values.yaml
override_values:
- key: replicas
value: 2
- key: version
path: version/number # Read value from version/number
- key: secret
value: ((my-top-secret-value)) # Pulled from a credentials backend like Vault
hide: true # Hides value in output
- key: image.tag
path: version/image_tag # Read value from version/number
type: string # Make sure it's interpreted as a string by Helm (not a number)