From 55a871e019a879d010ef778a9549d6324a624c93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Sun, 23 Oct 2022 00:10:18 +0200 Subject: [PATCH] Initial Release --- CHANGELOG.md | 14 +++++ README.md | 125 +++++++++++++++++++++++++++++++++++++++++++ artifacthub-repo.yml | 15 ++++++ plugin.sh | 29 ++++++++++ plugin.yaml | 8 +++ 5 files changed, 191 insertions(+) create mode 100644 CHANGELOG.md create mode 100644 artifacthub-repo.yml create mode 100755 plugin.sh create mode 100644 plugin.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..ca51828 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [1.0.0] - 2022-10-22 +### Added +- Initial Release + +[Unreleased]: https://github.com/jkroepke/helm-kubectl/compare/v1.0.0...HEAD +[0.0.1]: https://github.com/jkroepke/helm-kubectl/releases/tag/v1.0.0 diff --git a/README.md b/README.md index 6882d73..f91dc78 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,127 @@ # helm-kubectl A helm plugin for ArgoCD to support the lookup function + +See https://github.com/argoproj/argo-cd/issues/5202 for upstream discussion. + +# Usage + +## Helm + +helm-kubectl can be only used as downloader plugin. + +```bash +helm template --set-file=valuesKey=kubectl:///// +``` + +The file name `kubectl://///` will be translated into `kubectl -n -o `. + +Output transformation (like base64 for secrets) can be archived through helm template functions. + +For cluster-wide resources, omit the namespace but keep the slashes. For example: + +```bash +helm template --set-file=valuesKey=--set-file=hello=kubectl:///namespace/default +``` + +To get a certain value form the kubernetes manifest, the output can be modified through `kubectl` output parameter. +You can use [JSONPath](https://kubernetes.io/docs/reference/kubectl/jsonpath/) to grab a specific key, e.g. + +```bash +helm template --set-file=valuesKey=--set-file='hello=kubectl://default/secret/mysql/jsonpath={.data.rootPassword}' +``` + +### Ignore errors + +To ignore errors (e.g. not found), put a question mark after the protocol scheme, e.g.: + +`kubectl://?default/namespace/does-not-exists"` + +## ArgoCD + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: app +spec: + source: + helm: + fileParameters: + - name: mysql.rootPassword + path: kubectl://?default/secret/mysql/jsonpath={.data.rootPassword} +``` + + +# Installation + +## Local + +```bash +helm plugin install https://github.com/jkroepke/helm-kubectl +``` + +## ArgoCD + +The given value file based on [argocd helm chart](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd). A initContainer will be used to install +the helm plugin + +
+values.yaml + +```yaml +repoServer: + clusterAdminAccess: + enabled: true + env: + - name: HELM_PLUGINS + value: /custom-tools/helm-plugins/ + - name: HELM_KUBECTL_KUBECTL_PATH + value: /custom-tools/kubectl + + serviceAccount: + create: true + + rbac: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - list + - get + + volumes: + - name: custom-tools + emptyDir: {} + volumeMounts: + - mountPath: /custom-tools + name: custom-tools + + initContainers: + - name: download-tools + image: alpine:latest + command: [sh, -ec] + env: + - name: HELM_SECRETS_VERSION + value: "1.0.0" + - name: KUBECTL_VERSION + value: "1.24.3" + args: + - | + mkdir -p /custom-tools/helm-plugins + wget -qO- https://github.com/jkroepke/helm-kubectl/releases/download/v${HELM_SECRETS_VERSION}/helm-kubectl.tar.gz | tar -C /custom-tools/helm-plugins -xzf-; + wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl + + chmod +x /custom-tools/* + volumeMounts: + - mountPath: /custom-tools + name: custom-tools + +server: + config: + helm.valuesFileSchemes: >- + kubectl, + http, + https +``` +
diff --git a/artifacthub-repo.yml b/artifacthub-repo.yml new file mode 100644 index 0000000..a9fc609 --- /dev/null +++ b/artifacthub-repo.yml @@ -0,0 +1,15 @@ +# Artifact Hub repository metadata file +# +# Some settings like the verified publisher flag or the ignored packages won't +# be applied until the next time the repository is processed. Please keep in +# mind that the repository won't be processed if it has not changed since the +# last time it was processed. Depending on the repository kind, this is checked +# in a different way. For Helm http based repositories, we consider it has +# changed if the `index.yaml` file changes. For git based repositories, it does +# when the hash of the last commit in the branch you set up changes. This does +# NOT apply to ownership claim operations, which are processed immediately. +# +repositoryID: bc64e82e-e638-4cb0-8ed0-2428a34a94d5 +owners: + - name: jkroepke + email: github@jkroepke.de diff --git a/plugin.sh b/plugin.sh new file mode 100755 index 0000000..a7ca18f --- /dev/null +++ b/plugin.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env sh + +set -euf + +if [ "${HELM_DEBUG:-}" = "1" ] || [ "${HELM_DEBUG:-}" = "true" ]; then + set -x +fi + +fragments="${4##kubectl://}" + +ignore_errors=false + +namespace="$(echo "${fragments}" | cut -d/ -f1)" +kind="$(echo "${fragments}" | cut -d/ -f2)" +name="$(echo "${fragments}" | cut -d/ -f3)" +output="$(echo "${fragments}" | cut -d/ -f4-)" + +if [ "${namespace##\?}" != "${namespace}" ]; then + namespace="${namespace##\?}" + ignore_errors=true +fi + +if [ "${ignore_errors}" = "false" ]; then + exec "${HELM_KUBECTL_KUBECTL_PATH:-kubectl}" get ${namespace:+-n "${namespace}"} "${kind}" "${name}" -o "${output:-json}" +else + if ! "${HELM_KUBECTL_KUBECTL_PATH:-kubectl}" get ${namespace:+-n "${namespace}"} "${kind}" "${name}" -o "${output:-json}" 2>/dev/null; then + : + fi +fi diff --git a/plugin.yaml b/plugin.yaml new file mode 100644 index 0000000..426c5d7 --- /dev/null +++ b/plugin.yaml @@ -0,0 +1,8 @@ +name: "kubectl" +version: "1.0.0" +description: |- + Helm plugin to support the helm lookup function in ArgoCD +downloaders: + - command: "plugin.sh" + protocols: + - "kubectl"