v1.5.0-rc1 upgrade helm major version to v3

* upgrades helm to new major version v3.4.1 * removes tiller configuration and parameters as --service-account

v1.5.0-rc1 upgrade helm major version to v3
* upgrades helm to new major version v3.4.1 * removes tiller configuration and parameters as --service-account
512a04fb · Steffen Köhler · Frank Morgner · 4dc34af4 · 512a04fb · 512a04fb
Commit 512a04fb authored 4 years ago by Steffen Köhler Committed by Frank Morgner 4 years ago
--- a/.gitignore
+++ b/.gitignore
+/.idea
 /.tmp
\ No newline at end of file
--- a/Changelog.md
+++ b/Changelog.md
 # Changelog

+## [1.5.0-rc1] - 2020-12-18
+### Changes
+* upgrades **helm** to new major version v3.4.1
+* removes **tiller** configuration and parameter as _--service-account_  
+
 ## [1.4.7] - 2019-04-02
 ### Added
 * `jq`-binary to docker-image
@@ -42,14 +47,14 @@
 * new command `init` to only initialize docker, helm and kubectl
 * `--reset` flag to remove eventually existing config-folders

-### Changed
-* updated helm from 2.12.3 to 2.13.0
+### Changes
+* updates **helm** from 2.12.3 to 2.13.0
 * script now runs as non-root user
-* removed namespace from kubectl-context and added it explicitely to helm
+* removes namespace from kubectl-context and added it explicitely to helm

 ## [1.3.2] - 2019-02-21
 ### Changed
-* updated helm from 2.9.1 to 2.12.3
+* updates helm from 2.9.1 to 2.12.3

 ## [1.3.1] - 2019-02-21
 ### Added
@@ -115,4 +120,5 @@
 [1.4.4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.3...release%2F1.4.4
 [1.4.5]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.4...release%2F1.4.5
 [1.4.6]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.5...release%2F1.4.6
-[1.4.7]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.6...release%2F1.4.7
\ No newline at end of file
+[1.4.7]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.6...release%2F1.4.7
+[1.5.0-rc1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/webmasterei/deployer/compare/release%2F1.4.7...release%2F1.5.0-rc1
\ No newline at end of file
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ ENV APP_USER=deployer

 RUN apk add --no-cache bash curl git jq \
 	&& curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl >/usr/local/bin/kubectl \
-	&& curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.13.0-linux-amd64.tar.gz | tar -zxf - -C /tmp linux-amd64/helm -O >/usr/local/bin/helm \
+	&& curl -L https://get.helm.sh/helm-v3.4.1-linux-amd64.tar.gz | tar -zxf - -C /tmp linux-amd64/helm -O >/usr/local/bin/helm \
 	&& chmod a+x /usr/local/bin/deployer /usr/local/bin/kubectl /usr/local/bin/helm \
 	&& addgroup -S ${APP_USER} \
 	&& adduser -S -h /home/${APP_USER} -G ${APP_USER} -s /bin/sh ${APP_USER}

--- a/Readme.md
+++ b/Readme.md
@@ -43,7 +43,6 @@ $ deployer deploy \
 	--cluster-url https://k8s-cluster.example.com:6443 \
 	--certificate-authority "$base64_encoded_cacert" \
 	--token "$base64_encoded_bearer_token" \
-	--service-account tiller-service-account \
 	--name example-staging \
 	--charts ./helmcharts
 ```
@@ -63,7 +62,6 @@ $ deployer undeploy \
 	--cluster-url https://k8s-cluster.example.com:6443 \
 	--certificate-authority "$base64_encoded_cacert" \
 	--token "$base64_encoded_bearer_token" \
-	--service-account tiller-service-account \
 	--name example-staging
 ```
 *undeploys deployment named *example-staging* from  namespace *example_namespace**
@@ -78,7 +76,6 @@ $ deployer deploy \
 	--cluster-url https://k8s-cluster.example.com:6443 \
 	--certificate-authority "$base64_encoded_cacert" \
 	--token "$base64_encoded_bearer_token" \
-	--service-account tiller-service-account \
 	--name incubator \
 	--repo-url https://kubernetes-charts-incubator.storage.googleapis.com/
 ```
@@ -95,7 +92,6 @@ From now on charts located in this repository can be deployed by using the `--ch
 * `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
 * `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
 * `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
-* `--service-account`: this is the name of the service-account, that is used to perform the deployment.
 * `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
 * `--debug`: outputs executed commands

@@ -127,7 +123,6 @@ From now on charts located in this repository can be deployed by using the `--ch
 * `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
 * `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
 * `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
-* `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
 * `--name`: sets the name of the deployment.
 * `--charts`: sets the path where the helm-charts reside or the public chart e.g. `stable/maridb`.
 * `--values`: overrides the values from `Values.yaml` in the helm-charts with values in the specified YAML file. May be provided multiple times.
@@ -143,7 +138,6 @@ From now on charts located in this repository can be deployed by using the `--ch
 * `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
 * `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
 * `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
-* `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
 * `--name`: sets the name of the deployment.
 * `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
 * `--debug`: outputs executed commands
@@ -154,7 +148,6 @@ From now on charts located in this repository can be deployed by using the `--ch
 * `--certificate-authority`: sets the certificate-authority certificate as base64-encoded string. This string is provided by the k8s-admin
 * `--token`: sets the bearer token of the service-account as bas64-encoded string. This string is provided by the k8s-admin.
 * `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
-* `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
 * `--name`: sets the name of the repo to add.
 * `--repo-url`: sets the repository-url of the repo to add.
 * `--reset`: this ignores eventually existing config-folders of docker, helm and kubectl and removes them.
@@ -172,10 +165,6 @@ The rights of a service account are bound to a namespace, therefore each namespa

 By this we are able to publish the credentials of uncritical deployments such as *alpha* and *staging* to developers, so they can independently deploy their features. The credentials of critical deployments such as *production* are restricted to maintainers which are held responsible for their deployments.

-## One Tiller per namespace
-
-*Tiller* - the service component of *Helm* - is deployed in each namespace so they are independent from each other. Also *Tiller* is using the service account of the namespace to create deployments, so that a user can modify or interact with the deployments by using the service accounts credentials.
-
 ## Helmchart location

 Each project consists of one or more applications which are deployed together in the projects deployment-environment. Each application is responsible for its own components and defines it via helm charts located in the application repository. For consistency this folders should be named `helmchart`.

--- a/assets/deployer
+++ b/assets/deployer
@@ -269,17 +269,6 @@ prepare_helm() {
 		return 0
 	fi

-	echo -ne "Preparing helm..."
-
-	debug "helm init --wait --tiller-namespace=\"${namespace}\" --service-account=\"${service_account}\" --upgrade --force-upgrade"
-	out=`helm init --wait --tiller-namespace="${namespace}" --service-account="${service_account}" --upgrade --force-upgrade`
-	if [ "$?" != "0" ];then
-		echo "failed!"
-		echo "$out"
-		return 1
-	fi
-
-	echo "done"
 	return 0
 }

@@ -298,7 +287,7 @@ helm_add_repo() {
 		return 1
 	fi

-	local cmd="helm repo add --tiller-connection-timeout=120 --tiller-namespace=\"${namespace}\" ${name} ${repo_url}"
+	local cmd="helm repo add ${name} ${repo_url}"
 	debug "$cmd"
 	local out=`$cmd 2>&1`
 	if [ "$?" != "0" ];then
@@ -328,9 +317,9 @@ helm_deploy() {
 	local out
 	local cmd

-	if [ "$(helm ls --tiller-namespace=${namespace} --namespace=${namespace} --pending --deleted --failed --short | grep ${name})" != "" ];then
-		debug "helm delete --tiller-namespace=${namespace} --purge ${name}"
-		out=`helm delete --tiller-namespace=${namespace} --purge ${name} 2>&1`
+	if [ "$(helm ls --namespace=${namespace} --pending --failed --short | grep ${name})" != "" ];then
+		debug "helm uninstall --namespace=${namespace} ${name}"
+		out=`helm uninstall --namespace=${namespace} ${name} 2>&1`
 		if [ "$?" != "0" ];then
 			echo "failed"
 			echo "$out"
@@ -339,8 +328,8 @@ helm_deploy() {
 	fi

 	helmargs=$(echo -e "$helmargs" | sed -E 's/(^[[:space:]]*)|([[:space:]]*$)//g')
-	cmd="helm upgrade --install --wait --timeout=${timeout} --tiller-namespace=${namespace} --namespace=${namespace}"
-	cmd="$cmd --namespace=${namespace} --force --recreate-pods ${name} ${charts} ${helmargs}"
+	cmd="helm upgrade --install --wait --timeout=${timeout} --namespace=${namespace}"
+	cmd="$cmd --namespace=${namespace} --force ${name} ${charts} ${helmargs}"
 	debug "$cmd"
 	out=`$cmd 2>&1`
 	if [ "$?" != "0" ];then
@@ -363,8 +352,8 @@ helm_undeploy() {

 	local out

-	debug "helm delete --tiller-namespace=\"${namespace}\" ${name}"
-	out=`helm delete --tiller-namespace="${namespace}" ${name} 2>&1`
+	debug "helm uninstall --namespace=\"${namespace}\" ${name}"
+	out=`helm uninstall --namespace="${namespace}" ${name} 2>&1`

 	if [ "$?" != "0" ];then
 		echo "failed"

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -114,7 +114,7 @@ services:
      - docker
    environment:
      DOCKER_HOST: tcp://docker:2375
-    command: deployer deploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --name testdeploy --charts ./examplechart --set image.tag=stable --timeout 120
+    command: deployer deploy --namespace test --cluster-url https://172.18.85.125:6443 --certificate-authority ${ca_cert} --token ${token} --service-account test --name testdeploy --charts ./examplechart --set image.tag=stable --timeout 120s

  deploy-without-ca:
    build: .