Helm Provider The Helm provider is used to deploy software packages - - PDF document

helm provider
SMART_READER_LITE
LIVE PREVIEW

Helm Provider The Helm provider is used to deploy software packages - - PDF document

Jan 30, 2024 43 likes •126 views

Helm Provider The Helm provider is used to deploy software packages in Kubernetes. The provider needs to be congured with the proper credentials before it can be used. Data Sources Data Sources: helm_repository

slide-1
SLIDE 1

Helm Provider

The Helm provider is used to deploy software packages in Kubernetes. The provider needs to be congured with the proper credentials before it can be used.

Data Sources

Data Sources: helm_repository (/docs/providers/helm/repository.html)

Resources

Resource: helm_release (/docs/providers/helm/release.html)

Example Usage

resource "helm_release" "mydatabase" { name = = "mydatabase" chart = = "stable/mariadb" set { name = = "mariadbUser" value = = "foo" } set { name = = "mariadbPassword" value = = "qux" } }

Requirements

You must have Kubernetes installed. We recommend version 1.4.1 or later. You should also have a local congured copy of kubectl.

Authentication

There are generally two ways to congure the Helm provider.

File cong

slide-2
SLIDE 2

The provider always rst tries to load a cong le (usually $HOME/.kube/config ), for access kubernetes and reads all the Helm les from home (usually $HOME/.helm ). You can also dene that le with the following setting:

provider "helm" { kubernetes { config_path = = "/path/to/kube_cluster.yaml" } }

Statically dened credentials

The other way is statically dene all the credentials:

provider "helm" { kubernetes { host = = "https://104.196.242.174" username = = "ClusterMaster" password = = "MindTheGap" client_certificate = = file("~/.kube/client-cert.pem") client_key = = file("~/.kube/client-key.pem") cluster_ca_certificate = = file("~/.kube/cluster-ca-cert.pem") } }

If you have both valid conguration in a cong le and static conguration, the static one is used as override. i.e. any static eld will override its counterpart loaded from the cong.

Argument Reference

The following arguments are supported:

host - (Required) Set an alternative Tiller host. The format is host:port. Can be sourced from HELM_HOST

environment variable.

home - (Required) Set an alternative location for Helm les. By default, these are stored in $HOME/.helm . Can be

sourced from HELM_HOME environment variable.

namespace - (Optional) Set an alternative Tiller namespace. Defaults to kube-system . init_helm_home - (Optional) Initialize Helm home directory congured by the home attribute if it is not already

initialized, defaults to true.

install_tiller - (Optional) Install Tiller if it is not already installed. Defaults to true . tiller_image - (Optional) Tiller image to install. Defaults to gcr.io/kubernetes-helm/tiller:v2.15.1 . service_account - (Optional) Service account to install Tiller with. Defaults to default . automount_service_account_token - (Optional) Auto-mount the given service account to tiller. Defaults to true .

slide-3
SLIDE 3
  • verride - (Optional) Override values for the Tiller Deployment manifest. Defaults to true .

max_history - (Optional) Maximum number of release versions stored per release. Defaults to 0 (no limit). debug - (Optional) - Debug indicates whether or not Helm is running in Debug mode. Defaults to false . plugins_disable - (Optional) Disable plugins. Can be sourced from HELM_NO_PLUGINS environment variable, set HELM_NO_PLUGINS=0 to enable plugins. Defaults to true . insecure - (Optional) Whether server should be accessed without verifying the TLS certicate. Defaults to false . enable_tls - (Optional) Enables TLS communications with the Tiller. Defaults to false . client_key - (Optional) PEM-encoded client certicate key for TLS authentication. By default read from key.pem in

the location set by home .

client_certificate - (Optional) PEM-encoded client certicate for TLS authentication. By default read from cert.pem in the location set by home . ca_certificate - (Optional) PEM-encoded root certicates bundle for TLS authentication. By default read from ca.pem in the location set by home . kubernetes - Kubernetes conguration block.

The kubernetes block supports:

config_path - (Optional) Path to the kube cong le, defaults to ~/.kube/config . Can be sourced from KUBE_CONFIG or KUBECONFIG .. host - (Optional) The hostname (in form of URI) of Kubernetes master. Can be sourced from KUBE_HOST . username - (Optional) The username to use for HTTP basic authentication when accessing the Kubernetes master

  • endpoint. Can be sourced from KUBE_USER .

password - (Optional) The password to use for HTTP basic authentication when accessing the Kubernetes master

  • endpoint. Can be sourced from KUBE_PASSWORD .

token - (Optional) The bearer token to use for authentication when accessing the Kubernetes master endpoint. Can

be sourced from KUBE_BEARER_TOKEN .

insecure - (Optional) Whether server should be accessed without verifying the TLS certicate. Can be sourced from KUBE_INSECURE . client_certificate - (Optional) PEM-encoded client certicate for TLS authentication. Can be sourced from KUBE_CLIENT_CERT_DATA . client_key - (Optional) PEM-encoded client certicate key for TLS authentication. Can be sourced from KUBE_CLIENT_KEY_DATA . cluster_ca_certificate - (Optional) PEM-encoded root certicates bundle for TLS authentication. Can be sourced

from KUBE_CLUSTER_CA_CERT_DATA .

config_context - (Optional) Context to choose from the cong le. Can be sourced from KUBE_CTX . load_config_file - (Optional) By default the local cong (~/.kube/cong) is loaded when you use this provider. This

  • ption at false disable this behaviour. Can be sourced from KUBE_LOAD_CONFIG_FILE .
slide-4
SLIDE 4

Resource: helm_release

A Release is an instance of a chart running in a Kubernetes cluster. A Chart is a Helm package. It contains all of the resource denitions necessary to run an application, tool, or service inside of a Kubernetes cluster.

helm_release describes the desired status of a chart in a kubernetes cluster.

Example Usage

data "helm_repository" "stable" { name = "stable" url = "https://kubernetes-charts.storage.googleapis.com" } resource "helm_release" "example" { name = "my-redis-release" repository = data.helm_repository.stable.metadata[0].name chart = "redis" version = "6.0.1" values = [ "${file("values.yaml")}" ] set { name = "cluster.enabled" value = "true" } set { name = "metrics.enabled" value = "true" } set_string { name = "service.annotations.prometheus\\.io/port" value = "9127" } }

Argument Reference

The following arguments are supported:

name - (Required) Release name. repository - (Optional) Repository where to locate the requested chart. If is an URL the chart is installed without

install the repository.

chart - (Required) Chart name to be installed.

slide-5
SLIDE 5

devel - (Optional) Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is

ignored.

version - (Optional) Specify the exact chart version to install. If this is not specied, the latest version is installed. values - (Optional) List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with

multiple -f options.

set - (Optional) Value block with custom values to be merged with the values yaml. set_sensitive - (Optional) Value block with custom sensitive values to be merged with the values yaml that won't be

exposed in the plan's di.

set_string - (Optional) Value block with custom STRING values to be merged with the values yaml. namespace - (Optional) Namespace to install the release into. verify - (Optional) Verify the package before installing it. keyring - (Optional) Location of public keys used for verication. timeout - (Optional) Time in seconds to wait for any individual kubernetes operation. disable_webhooks - (Optional) Prevent hooks from running. reuse_values - (Optional) Reuse values from previous revision when upgrading a release. Same as --reuse-values

ag in Helm CLI. Default is false.

force_update - (Optional) Force resource update through delete/recreate if needed. reuse - (Optional) Instructs Tiller to re-use an existing name. Default is true. recreate_pods - (Optional) On update performs pods restart for the resource if applicable. wait - (Optional) Will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment are in a

ready state before marking the release as successful. It will wait for as long as timeout . Default is true. The set , set_sensitive and set_strings blocks support:

name - (Required) full name of the variable to be set. value - (Required) value of the variable to be set.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

metadata - Block status of the deployed release.

The metadata block supports:

chart - The name of the chart. name - Name is the name of the release. namespace - Namespace is the kubernetes namespace of the release. revision - Version is an int32 which represents the version of the release.

slide-6
SLIDE 6

status - Status of the release. version - A SemVer 2 conformant version string of the chart. values - The compounded values from values and set* attributes.

Import

helm_release does not support import yet.

slide-7
SLIDE 7

Data Source: helm_repository

A chart repository is a location where packaged charts can be stored and shared.

helm_repository describes a helm repository.

Example Usage

data "helm_repository" "incubator" { name = = "incubator" url = = "https://kubernetes-charts-incubator.storage.googleapis.com" } resource "helm_release" "my_cache" { name = = "my-cache" repository = = data.helm_repository helm_repository.incubator incubator.metadata metadata[0].name name chart = = "redis-cache" }

Argument Reference

The following arguments are supported:

name - (Required) Chart repository name. url - (Required) Chart repository URL. key_file - (Optional) Identify HTTPS client using this SSL key le cert_file - (Optional) Identify HTTPS client using this SSL certicate le. ca_file - (Optional) Verify certicates of HTTPS-enabled servers using this CA bundle username - (Optional) Username for HTTP basic authentication. password - (Optional) Password for HTTP basic authentication.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

metadata - Status of the deployed release.

The metadata block supports:

name - Name of the repository read from the home. url - URL of the repository read from the home.

slide-8
SLIDE 8

Old resource helm_repository

Before 0.9.0 helm_repository was a resource and not a data source. The old resource is now a shim to the data source to preserve backwards compatibility. As the use of the resource is deprecated it is strongly suggested to move to the new data source as the compatibility will be removed in a future release.