/drone-helm

Helm (Kubernetes) plugin for drone.io

Primary LanguageGoMIT LicenseMIT

Helm (Kubernetes) plugin for drone.io

This plugin allows to deploy a Helm chart into a Kubernetes cluster.

  • Current helm version: 2.2.2
  • Current kubectl version: 1.5.3

For example, this configuration will deploy my-app using a chart located in the repo called my-chart

pipeline:
  helm_deploy:
  image: quay.io/ipedrazas/drone-helm
  skip_tls_verify: true
  chart: ./charts/my-chart
  release: ${DRONE_BRANCH}
  values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
  prefix: STAGING
  debug: true
  wait: true
  when:
    branch: [master]

Last update of Drone expect you to declare the secrets you want to use:

  helm_deploy:
    image: quay.io/ipedrazas/drone-helm
    chart: ./chart/blog
    release: ${DRONE_BRANCH}-blog
    values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
    prefix: PROD
    secrets: [ prod_api_server, prod_kubernetes_token ]
    when:
      branch: [master]

Values can be passed using the values_files key. Use this option to define your values in a set of files and pass them to helm. This option trigger the -f or --values flag in helm:

--values valueFiles   specify values in a YAML file (can specify multiple) (default [])

For example:

pipeline:
  helm_deploy:
  image: quay.io/ipedrazas/drone-helm
  skip_tls_verify: true
  chart: ./charts/my-chart
  release: ${DRONE_BRANCH}
  values_files: ["global-values.yaml", "myenv-values.yaml"]
  when:
    branch: [master]

There are two secrets you have to create (Note that if you specify the prefix, your secrets have to be created using that prefix):

drone secret add --image=quay.io/ipedrazas/drone-helm \
  your-user/your-repo STAGING_API_SERVER https://mykubernetesapiserver

drone secret add --image=quay.io/ipedrazas/drone-helm \
  your-user/your-repo STAGING_KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...

drone secret add --image=quay.io/ipedrazas/drone-helm \
  your-user/your-repo STAGING_SECRET_PASSWORD Sup3rS3cr3t

Prefix helps you to use the same block in different environments:

pipeline:
  helm_deploy_staging:
  image: quay.io/ipedrazas/drone-helm
  skip_tls_verify: true
  chart: ./charts/my-chart
  release: ${DRONE_BRANCH}
  values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
  prefix: STAGING
  debug: true
  wait: true
  when:
    branch:
      exclude: [ master ]

pipeline_production:
  helm_deploy:
  image: quay.io/ipedrazas/drone-helm
  skip_tls_verify: true
  chart: ./charts/my-chart
  release: ${DRONE_BRANCH}
  values: secret.password=${SECRET_PASSWORD},image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
  prefix: PROD
  debug: true
  wait: true
  when:
    branch: [master]

This last block defines how the plugin will deploy

To test the plugin, you can run minikube and just run the docker image as follows:

docker run --rm \
  -e PLUGIN_API_SERVER=https://192.168.64.5:8443 \
  -e PLUGIN_TOKEN="" \
  -e PLUGIN_NAMESPACE=default \
  -e PLUGIN_SKIP_TLS_VERIFY=true \
  -e PLUGIN_RELEASE=my-release \
  -e PLUGIMN_CHART=stable/redis \
  -e PLUGIN_VALUES="tag=TAG,api=API" \
  -e PLUGIN_DEBUG=true \
  -e PLUGIN_DRY_RUN=true \
  -e DRONE_BUILD_EVENT=push \
  quay.io/ipedrazas/drone-helm

This plugin installs Tiller in the cluster, if you want to specify the namespace where tiller ins installed, use the tiller_ns attribute.

The following example will install tiller in the operations namespace:

pipeline_production:
  helm_deploy:
  image: quay.io/ipedrazas/drone-helm
  skip_tls_verify: true
  chart: ./charts/my-chart
  release: ${DRONE_BRANCH}
  values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
  prefix: PROD
  tiller_ns: operations
  when:
    branch: [master]

There's an option to do a dry-run in case you want to verify that the secrets and envvars are replaced correctly. Just add the attribute dry-run to true:

pipeline_production:
  helm_deploy:
  image: quay.io/ipedrazas/drone-helm
  skip_tls_verify: true
  chart: ./charts/my-chart
  release: ${DRONE_BRANCH}
  values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
  prefix: STAGING
  dry-run:true
  when:
    branch: [master]

Happy Helming!