From 8112ddad05d673445c73f17498557afddd87523b Mon Sep 17 00:00:00 2001 From: Thong Kuah Date: Tue, 2 Oct 2018 11:53:15 +1300 Subject: [PATCH 1/2] Use tiller locally for Auto Devops Rather than installing a long-lived tiller-deploy pod, which will require securing (e.g. with TLS), we can install the tiller binary locally have have the helm client connect to that local tiller. The local tiller will run with local KUBECONFIG settings. Requires Helm 2.11.0 which is the first version to distribute the tiller binary in releases --- .../unreleased/51942-auto-devops-local-tiller.yml | 5 +++++ lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml | 15 ++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 changelogs/unreleased/51942-auto-devops-local-tiller.yml diff --git a/changelogs/unreleased/51942-auto-devops-local-tiller.yml b/changelogs/unreleased/51942-auto-devops-local-tiller.yml new file mode 100644 index 00000000000..0088d6dc598 --- /dev/null +++ b/changelogs/unreleased/51942-auto-devops-local-tiller.yml @@ -0,0 +1,5 @@ +--- +title: Use local tiller for Auto DevOps +merge_request: 22036 +author: +type: changed diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index d8fcdfac266..faa6b71fc28 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -49,7 +49,7 @@ variables: POSTGRES_DB: $CI_ENVIRONMENT_SLUG KUBERNETES_VERSION: 1.8.6 - HELM_VERSION: 2.10.0 + HELM_VERSION: 2.11.0 DOCKER_DRIVER: overlay2 @@ -254,6 +254,7 @@ stop_review: GIT_STRATEGY: none script: - install_dependencies + - install_tiller - delete environment: name: review/$CI_COMMIT_REF_NAME @@ -640,7 +641,12 @@ rollout 100%: curl "https://kubernetes-helm.storage.googleapis.com/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | tar zx mv linux-amd64/helm /usr/bin/ + mv linux-amd64/tiller /usr/bin/ helm version --client + tiller -version + + helm init --client-only + helm plugin install https://github.com/adamreese/helm-local curl -L -o /usr/bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" chmod +x /usr/bin/kubectl @@ -749,8 +755,11 @@ rollout 100%: function install_tiller() { echo "Checking Tiller..." - helm init --upgrade - kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy" + + helm local start + helm local status + export HELM_HOST=":44134" + if ! helm version --debug; then echo "Failed to init Tiller." return 1 -- 2.24.1 From ae67c3ac6afda54f5cad8a89732b696776b9b59b Mon Sep 17 00:00:00 2001 From: Thong Kuah Date: Tue, 2 Oct 2018 16:47:47 +1300 Subject: [PATCH 2/2] Change function name to reflect new purpose As we now longer install tiller into a pod but we merely initialize tiller locally --- lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index faa6b71fc28..8c50e788243 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -228,7 +228,7 @@ review: - install_dependencies - download_chart - ensure_namespace - - install_tiller + - initialize_tiller - create_secret - deploy - persist_environment_url @@ -254,7 +254,7 @@ stop_review: GIT_STRATEGY: none script: - install_dependencies - - install_tiller + - initialize_tiller - delete environment: name: review/$CI_COMMIT_REF_NAME @@ -289,7 +289,7 @@ staging: - install_dependencies - download_chart - ensure_namespace - - install_tiller + - initialize_tiller - create_secret - deploy environment: @@ -313,7 +313,7 @@ canary: - install_dependencies - download_chart - ensure_namespace - - install_tiller + - initialize_tiller - create_secret - deploy canary environment: @@ -334,7 +334,7 @@ canary: - install_dependencies - download_chart - ensure_namespace - - install_tiller + - initialize_tiller - create_secret - deploy - delete canary @@ -382,7 +382,7 @@ production_manual: - install_dependencies - download_chart - ensure_namespace - - install_tiller + - initialize_tiller - create_secret - deploy rollout $ROLLOUT_PERCENTAGE - scale stable $((100-ROLLOUT_PERCENTAGE)) @@ -753,7 +753,7 @@ rollout 100%: echo "" } - function install_tiller() { + function initialize_tiller() { echo "Checking Tiller..." helm local start -- 2.24.1