jobs(helm_review): remove job (88da6611) · Commits · mirror-bot / Hub

helm_review.r2.yml

deleted100644 → 0

+0 −12

Original line number	Diff line number	Diff line
		files:
		template: ./jobs/helm_review/helm_review.yml
		documentation: ./jobs/helm_review/README.md
		changelog: ./jobs/helm_review/CHANGELOG.md
		data:
		description: A ready-to-use helm job to deploy your review environment in a merge request
		public: true
		license: MIT
		icon: ⌛
		labels:
		- Helm
		- Kubernetes

jobs/helm_review/CHANGELOG.md

deleted100644 → 0

+0 −16

Original line number	Diff line number	Diff line
		# Changelog
		All notable changes to this job will be documented in this file.

		## [0.3.0] - 2022-06-13
		* Add docker image tag in variable

		## [0.2.0] - 2021-01-13
		* Upgrade `lachlanevenson/k8s-helm` image version from `v3.0.2` to `v3.4.2`
		* Upgrade `kubectl` version from `v1.17.0` to `v1.20.1`
		* Upgrade `helm-secrets` version to `v3.4.0`
		* Update `HELMSECRETS_URL` to the new repository `https://github.com/jkroepke/helm-secrets` because the old one is now [deprecated](https://github.com/zendesk/helm-secrets#deprecation-information)
		* Update `STABLE_REPO_URL` default value to the new official address: `https://charts.helm.sh/stable`


		## [0.1.0] - 2020-10-12
		Initial version
		No newline at end of file

jobs/helm_review/README.md

deleted100644 → 0

+0 −46

Original line number	Diff line number	Diff line
		## Objective

		Deploy your [helm](https://helm.sh/docs/intro/quickstart/){:target="_blank"} charts as a review environment when a pipeline is run in a merge request

		## How to use it

		1. To use this job, you have to provide a helm chart to deploy your project. The chart location must be defined in the CHART_PATH variable. If you want to use custom values files, check the `VALUES_FILE` and `VALUES_SECRET_FILE` variables. More information about helm charts in [documentation](https://helm.sh/docs/chart_template_guide/getting_started/){:target="_blank"}
		1. Prepare the secret PGP variables (`PGP_PUBLIC` and `PGP_PRIVATE`) in your CI/CD variables (as files and not variables!) in [gitlab](https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project){:target="_blank"} if you need encrypted variables
		1. Copy/paste job URL in `include` list of your `.gitlab-ci.yml` (see the [quick setup](/use-the-hub/#quick-setup)). You can specify [a fixed version](#changelog) instead of `latest`.
		1. If you need to customize the job (stage, variables, ...) 👉 check the [jobs
		customization](/use-the-hub/#jobs-customization)
		1. Well done, your job is ready to work ! 😀

		## Variables

		\| Name \| Description \| Default \| Mandatory \|
		\| ---- \| ----------- \| ------- \| --------- \|
		\| `CHART_PATH` <img width=250/> \| Path to the directory of the chart <img width=400/> \| `./charts/$CI_PROJECT_NAME` \| Yes \|
		\| `VALUES_PATH` \| Path to value files \| `./conf/values` \| Yes \|
		\| `VALUES_FILE` \| Name of the review configuration yaml file \| `review.yaml` \| Yes \|
		\| `VALUES_SECRET_FILE` \| Name of the secrets review configuration yaml file \| `secrets.review.yaml` \| Only if the secret file `VALUES_SECRET_FILE` exists \|
		\| `REGISTRY` \| Registry from where to pull container image \| `${CI_REGISTRY_IMAGE}` \| Yes \|
		\| `KUBECTL_URL` \| Url to get kubectl binary \| `https://storage.googleapis.com/kubernetes-release/release/v1.20.1/bin/linux/amd64/kubectl ` \| Yes \|
		\| `HELMSECRETS_URL` \| Url to get kubectl secrets plugin \| `https://github.com/jkroepke/helm-secrets ` \| Yes \|
		\| `HELMSECRETS_VERSION` \| Version of kubectl secrets plugin \| `v3.4.0` \| Only if the secret file `VALUES_SECRET_FILE` exists \|
		\| `STABLE_REPO_URL` \| Url of stable repo to add to helm \| `https://charts.helm.sh/stable ` \| Yes \|
		\| `HELM_ADDITIONAL_OPTIONS` \| Additional settings to give to helm for deployment \| ` ` \| No \|
		\| `IMAGE_TAG` \| The default tag for the docker image \| `v3.4.2` \| Yes \|

		Gitlab CI/CD variables:

		\| Name \| Description \| Type \| Mandatory \|
		\| ---- \| ----------- \| ---- \| --------- \|
		\| `PGP_PUBLIC` \| PGP public key used to encrypt secret file \| File \| Only if the secret file `VALUES_SECRET_FILE` exists \|
		\| `PGP_PRIVATE` \| PGP private key used to encrypt secret file \| File \| Only if the secret file `VALUES_SECRET_FILE` exists \|

		## Secrets

		Secrets files are encrypted with the helm plugin [secrets](https://github.com/zendesk/helm-secrets){:target="_blank"}.
		It will allow encrypting or decrypting any yaml files that you have in your `${VALUES_PATH}` so you can push values that will be decrypted at runtime but not seen from the source code.
		For example, you can `helm secrets enc review.yaml` to encrypt it to a `secret.review.yaml`, so you will have some public variables in a `review.yalm` file and a password for example in `secrets.review.yaml`.



		## Author
		This resource is an [official job](https://docs.r2devops.io/faq-labels/) added in [R2Devops repository](https://gitlab.com/r2devops/hub) by [@thomasboni](https://gitlab.com/thomasboni)

jobs/helm_review/helm_review.yml

deleted100644 → 0

+0 −83

Original line number	Diff line number	Diff line
		# "Helm review" jobs
		# See https://gitlab.com/r2devops/jobs/ for more information

		stages:
		- review

		.helm:
		image:
		name: lachlanevenson/k8s-helm:${IMAGE_TAG}
		entrypoint: [""]
		variables:
		CHART_PATH: "./charts/$CI_PROJECT_NAME"
		VALUES_PATH: "./conf/values"
		VALUES_FILE: "review.yaml"
		VALUES_SECRET_FILE: "secrets.review.yaml"
		REGISTRY: "${CI_REGISTRY_IMAGE}"
		KUBECTL_URL: "https://storage.googleapis.com/kubernetes-release/release/v1.20.1/bin/linux/amd64/kubectl"
		HELMSECRETS_URL: "https://github.com/jkroepke/helm-secrets"
		HELMSECRETS_VERSION: "v3.4.0"
		STABLE_REPO_URL: "https://charts.helm.sh/stable"
		HELM_ADDITIONAL_OPTIONS: ""
		IMAGE_TAG: "v3.4.2"
		helm_review:
		extends: .helm
		stage: review
		environment:
		name: review/${CI_COMMIT_REF_SLUG}
		url: https://${CI_ENVIRONMENT_SLUG}.${CI_PROJECT_NAME}.${KUBE_INGRESS_BASE_DOMAIN}/
		on_stop: cleanup_helm_review
		except:
		refs:
		- master
		script:
		- apk add --no-cache curl gnupg git bash
		- curl --output /bin/kubectl ${KUBECTL_URL} && chmod a+x /bin/kubectl
		- if [ ! -z ${VALUES_SECRET_FILE} ]; then
		- mkdir ${HELM_HOME}/plugins
		- helm plugin install $HELMSECRETS_URL --version ${HELMSECRETS_VERSION}
		- gpg --import "${PGP_PUBLIC}"
		- gpg --allow-secret-key-import --import "${PGP_PRIVATE}"
		- fi
		- helm repo add stable ${STABLE_REPO_URL}
		- helm repo update
		- if [ -f "${VALUES_PATH}/${VALUES_SECRET_FILE}" ]
		- then
		- SECRET_OPTION="-f ${VALUES_PATH}/${VALUES_SECRET_FILE}"
		- fi
		- helm secrets upgrade ${CI_PROJECT_PATH_SLUG} ${CHART_PATH}
		--namespace "${KUBE_NAMESPACE}" --install
		-f ${VALUES_PATH}/${VALUES_FILE} ${SECRET_OPTION}
		--set-string image.registry=${REGISTRY}
		--set-string image.tag=${CI_COMMIT_SHA}
		--set-string ingress.hostPrefix="${CI_ENVIRONMENT_SLUG}."
		--set-string gitlab.env=${CI_ENVIRONMENT_SLUG}
		--set-string gitlab.app=${CI_PROJECT_PATH_SLUG}
		${HELM_ADDITIONAL_OPTIONS}

		cleanup_helm_review:
		extends: .helm
		stage: review
		variables:
		GIT_STRATEGY: none
		when: manual
		script:
		- apk add --no-cache curl gnupg git bash
		- curl --output /bin/kubectl ${KUBECTL_URL}
		&& chmod a+x /bin/kubectl
		&& mkdir ${HELM_HOME}/plugins
		&& helm plugin install $HELMSECRETS_URL --version ${HELMSECRETS_VERSION}
		- gpg --import "${PGP_PUBLIC}"
		- gpg --allow-secret-key-import --import "${PGP_PRIVATE}"
		- helm repo add stable ${STABLE_REPO_URL}
		- helm repo update
		- apk add --no-cache findutils
		- helm ls --all --short -n ${KUBE_NAMESPACE} \| xargs -L1 helm -n ${KUBE_NAMESPACE} delete
		# - kubectl delete namespace $KUBE_NAMESPACE # TODO: it's forbidden due to user RBAC
		environment:
		name: review/${CI_COMMIT_REF_SLUG}
		action: stop
		allow_failure: true
		except:
		refs:
		- master

Original line number	Diff line number	Diff line
		## Objective

		Deploy your [helm](https://helm.sh/docs/intro/quickstart/){:target="_blank"} charts as a review environment when a pipeline is run in a merge request

		## How to use it

		1. To use this job, you have to provide a helm chart to deploy your project. The chart location must be defined in the CHART_PATH variable. If you want to use custom values files, check the `VALUES_FILE` and `VALUES_SECRET_FILE` variables. More information about helm charts in [documentation](https://helm.sh/docs/chart_template_guide/getting_started/){:target="_blank"}
		1. Prepare the secret PGP variables (`PGP_PUBLIC` and `PGP_PRIVATE`) in your CI/CD variables (as files and not variables!) in [gitlab](https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project){:target="_blank"} if you need encrypted variables
		1. Copy/paste job URL in `include` list of your `.gitlab-ci.yml` (see the [quick setup](/use-the-hub/#quick-setup)). You can specify [a fixed version](#changelog) instead of `latest`.
		1. If you need to customize the job (stage, variables, ...) 👉 check the [jobs
		customization](/use-the-hub/#jobs-customization)
		1. Well done, your job is ready to work ! 😀

		## Variables

		\| Name \| Description \| Default \| Mandatory \|
		\| ---- \| ----------- \| ------- \| --------- \|
		\| `CHART_PATH` <img width=250/> \| Path to the directory of the chart <img width=400/> \| `./charts/$CI_PROJECT_NAME` \| Yes \|
		\| `VALUES_PATH` \| Path to value files \| `./conf/values` \| Yes \|
		\| `VALUES_FILE` \| Name of the review configuration yaml file \| `review.yaml` \| Yes \|
		\| `VALUES_SECRET_FILE` \| Name of the secrets review configuration yaml file \| `secrets.review.yaml` \| Only if the secret file `VALUES_SECRET_FILE` exists \|
		\| `REGISTRY` \| Registry from where to pull container image \| `${CI_REGISTRY_IMAGE}` \| Yes \|
		\| `KUBECTL_URL` \| Url to get kubectl binary \| `https://storage.googleapis.com/kubernetes-release/release/v1.20.1/bin/linux/amd64/kubectl ` \| Yes \|
		\| `HELMSECRETS_URL` \| Url to get kubectl secrets plugin \| `https://github.com/jkroepke/helm-secrets ` \| Yes \|
		\| `HELMSECRETS_VERSION` \| Version of kubectl secrets plugin \| `v3.4.0` \| Only if the secret file `VALUES_SECRET_FILE` exists \|
		\| `STABLE_REPO_URL` \| Url of stable repo to add to helm \| `https://charts.helm.sh/stable ` \| Yes \|
		\| `HELM_ADDITIONAL_OPTIONS` \| Additional settings to give to helm for deployment \| ` ` \| No \|
		\| `IMAGE_TAG` \| The default tag for the docker image \| `v3.4.2` \| Yes \|

		Gitlab CI/CD variables:

		\| Name \| Description \| Type \| Mandatory \|
		\| ---- \| ----------- \| ---- \| --------- \|
		\| `PGP_PUBLIC` \| PGP public key used to encrypt secret file \| File \| Only if the secret file `VALUES_SECRET_FILE` exists \|
		\| `PGP_PRIVATE` \| PGP private key used to encrypt secret file \| File \| Only if the secret file `VALUES_SECRET_FILE` exists \|

		## Secrets

		Secrets files are encrypted with the helm plugin [secrets](https://github.com/zendesk/helm-secrets){:target="_blank"}.
		It will allow encrypting or decrypting any yaml files that you have in your `${VALUES_PATH}` so you can push values that will be decrypted at runtime but not seen from the source code.
		For example, you can `helm secrets enc review.yaml` to encrypt it to a `secret.review.yaml`, so you will have some public variables in a `review.yalm` file and a password for example in `secrets.review.yaml`.



		## Author
		This resource is an [official job](https://docs.r2devops.io/faq-labels/) added in [R2Devops repository](https://gitlab.com/r2devops/hub) by [@thomasboni](https://gitlab.com/thomasboni)