diff --git a/deploy/helm-operator-deployment.yaml b/deploy/helm-operator-deployment.yaml index 79ecb077f..aa533873f 100644 --- a/deploy/helm-operator-deployment.yaml +++ b/deploy/helm-operator-deployment.yaml @@ -19,6 +19,20 @@ spec: spec: serviceAccountName: flux-helm-operator volumes: + # + # You will need these two volumes if you want to establish validated TLS + # connections against Tiller + # + # - name: helm-tls-ca + # configMap: + # name: flux-helm-tls-ca-config + # defaultMode: 0600 + # Secret type kubernetes.io/tls + # - name: flux-helm-tls-cert + # secret: + # secretName: flux-helm-tls-cert + # defaultMode: 0400 + # # The following volume is for using a customised known_hosts file, # which you will need to do if you host your own git repo rather # than using github or the like. You'll also need to mount it @@ -83,3 +97,19 @@ spec: # mountPath: /var/fluxd/helm/repository # - name: repositories-cache # mountPath: /var/fluxd/helm/repository/cache + # - name: helm-tls-certs + # mountPath: /etc/fluxd/helm + # readOnly: true + # - name: helm-tls-ca + # mountPath: /etc/fluxd/helm-ca + # readOnly: true + args: + # How to find Tiller + - --tiller-namespace=kube-system + # Comment out to to establish validated TLS connections against Tiller + # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt + # - --tiller-tls-enable=true + # - --tiller-tls-key-path=/etc/fluxd/helm/tls.key + # - --tiller-tls-cert-path=/etc/fluxd/helm/tls.crt + # - --tiller-tls-verify=true + # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt diff --git a/go.mod b/go.mod index 72044eb65..747c45051 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/googleapis/gnostic v0.3.0 // indirect github.com/gorilla/mux v1.7.1 github.com/hashicorp/golang-lru v0.5.3 // indirect - github.com/instrumenta/kubeval v0.0.0-20190720105720-70e32d660927 + github.com/instrumenta/kubeval v0.0.0-20190804145309-805845b47dfc github.com/json-iterator/go v1.1.7 // indirect github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829 diff --git a/go.sum b/go.sum index 7b4eeaca5..baaa26523 100644 --- a/go.sum +++ b/go.sum @@ -126,9 +126,12 @@ github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/instrumenta/kubeval v0.0.0-20190720105720-70e32d660927 h1:r1cvxQYvoKyFHUbPpDRAJw4QRvfyWyR55cp3mS1fklc= github.com/instrumenta/kubeval v0.0.0-20190720105720-70e32d660927/go.mod h1:HeTbS2psckzaIy3V3lGbcCvSGP9f9MvrQV6s9IWGy0w= +github.com/instrumenta/kubeval v0.0.0-20190804145309-805845b47dfc h1:2wBB02X45LugTLC2M5DtxFCAOK4+jgeV4Gtx1lPZu+4= +github.com/instrumenta/kubeval v0.0.0-20190804145309-805845b47dfc/go.mod h1:bpiMYvNpVxWjdJsS0hDRu9TrobT5GfWCZwJseGUstxE= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -222,6 +225,7 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/cast v1.2.0 h1:HHl1DSRbEQN2i8tJmtS6ViPyHx35+p51amrdsiTCrkg= github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= github.com/spf13/cobra v0.0.0-20180820174524-ff0d02e85550/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/jwalterweatherman v0.0.0-20180814060501-14d3d4c51834 h1:kJI9pPzfsULT/72wy7mxkRQZPtKWgFdCA2RTGZ4v8/E= github.com/spf13/jwalterweatherman v0.0.0-20180814060501-14d3d4c51834/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= @@ -312,6 +316,7 @@ golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138 h1:H3uGjxCR/6Ds0Mjgyp7LMK81+LvmbvWWEnJhzk1Pi9E= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.3.2/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= diff --git a/pkg/install/generate.go b/pkg/install/generate.go index f9ae3d981..f27e6bc77 100644 --- a/pkg/install/generate.go +++ b/pkg/install/generate.go @@ -11,7 +11,7 @@ import ( "github.com/shurcooL/vfsgen" - "github.com/weaveworks/flux/install" + "github.com/fluxcd/helm-operator/pkg/install" ) func main() { @@ -34,11 +34,7 @@ func main() { log.Fatalln(err) } case "deploy": - params := install.TemplateParameters{ - GitURL: "git@github.com:weaveworks/flux-get-started", - GitBranch: "master", - } - manifests, err := install.FillInTemplates(params) + manifests, err := install.FillInTemplates(install.TemplateParameters{}) if err != nil { fmt.Fprintf(os.Stderr, "error: failed to fill in templates: %s\n", err) os.Exit(1) diff --git a/pkg/install/generated_templates.gogen.go b/pkg/install/generated_templates.gogen.go index 5ad6b1876..a31d89cba 100644 --- a/pkg/install/generated_templates.gogen.go +++ b/pkg/install/generated_templates.gogen.go @@ -19,34 +19,42 @@ var templates = func() http.FileSystem { fs := vfsgen۰FS{ "/": &vfsgen۰DirInfo{ name: "/", - modTime: time.Date(2019, 8, 6, 14, 34, 3, 563392085, time.UTC), + modTime: time.Date(2019, 8, 8, 17, 13, 2, 915128204, time.UTC), }, "/flux-helm-operator-account.yaml.tmpl": &vfsgen۰CompressedFileInfo{ name: "flux-helm-operator-account.yaml.tmpl", - modTime: time.Date(2019, 8, 6, 14, 33, 53, 494182202, time.UTC), + modTime: time.Date(2019, 8, 8, 17, 7, 41, 155953011, time.UTC), uncompressedSize: 948, compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x92\x39\x6f\xdc\x30\x10\x85\x7b\xfe\x8a\x01\x5c\x38\x09\x2c\x05\xee\x02\x75\xb6\x8b\x14\x09\x52\x28\x47\x13\xa4\x18\x92\x4f\x59\xc6\x5c\x8e\x30\x24\x37\x87\xb0\xff\x3d\x90\xb4\x06\xbc\x8e\xed\x34\xdb\x8d\xe6\xd2\x9b\xc7\xaf\x69\x1a\x73\x46\x9f\x36\xa0\x0c\xdd\x05\x07\x62\xe7\xa4\xa6\x72\x41\x2e\xd6\x5c\xa0\xa4\x12\x91\x2f\x88\x93\x3f\x4a\x91\x0d\xc9\x87\xf4\x9d\x58\x61\xce\x48\x52\xfc\x4d\x09\xf0\xf0\x34\x88\xd2\xbb\x6a\xa1\x09\x05\x99\x7e\x86\xb2\x59\x46\x1a\xcb\x19\x7e\xfe\x03\x72\x26\x27\xa9\xa8\x44\x7a\xd1\x5f\x5f\xdd\xbc\x6c\x0d\x8f\xe1\x0b\x34\x07\x49\x1d\xed\x2e\xcd\x6d\x48\xbe\xa3\x8f\xab\xaa\xab\x55\x94\xd9\xa2\xb0\xe7\xc2\x9d\x21\x8a\x6c\x11\xf3\x1c\x11\x25\xde\xa2\xa3\x21\xd6\x5f\xcd\x06\x71\xdb\xc8\x08\xe5\x22\x6a\x9e\x2e\x4d\x13\x85\x81\xda\x0f\xbc\x45\x1e\xd9\x81\xf6\xfb\x43\xf7\xf2\xd9\xd1\x34\x1d\x57\xa7\x89\x90\xfc\x7e\x6f\x66\xcf\xee\x8b\x55\xcb\xae\xe5\x5a\x36\xa2\xe1\x0f\x97\x20\xa9\xbd\x7d\x93\xdb\x20\xaf\x77\x97\x16\x85\xef\x6e\xb9\x59\xdd\xeb\x25\xe2\x94\x87\x18\xad\x11\xcb\x78\x43\x3c\x86\xb7\x2a\x75\xcc\x1d\x7d\x3d\x7f\x75\xfe\x6d\xd9\xa9\xc8\x52\xd5\xe1\x28\xb9\x83\xda\x7b\x89\x86\x92\xa4\xfe\xd0\xf8\xb9\x7f\xff\x74\xef\x09\xae\xbf\x5e\xc9\x39\xad\x09\x12\xd1\x63\x98\x17\xdc\x99\xf0\x8c\x36\x43\xf4\xef\x9b\x3c\xb3\x3d\x57\xfb\x03\xae\x1c\x5c\x7e\x14\xcd\xff\x08\x7f\x88\xd6\x43\xf6\x1e\xa3\x2d\xe6\x39\xf2\x18\xb8\xc6\xb2\xe2\x37\x53\xfa\x37\x00\x00\xff\xff\xad\xec\xff\x2b\xb4\x03\x00\x00"), }, "/flux-helm-release-crd.yaml.tmpl": &vfsgen۰CompressedFileInfo{ name: "flux-helm-release-crd.yaml.tmpl", - modTime: time.Date(2019, 8, 6, 14, 33, 53, 502755756, time.UTC), + modTime: time.Date(2019, 8, 8, 17, 7, 41, 156199030, time.UTC), uncompressedSize: 4007, compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x57\xdf\x6f\xfb\x34\x10\x7f\xcf\x5f\x61\x0d\xa4\x02\x5a\x0a\x13\x08\x41\x5e\xd0\xc4\x34\x0d\x0d\xd8\xb4\x6a\x7b\x99\x86\x74\x4d\xae\xa9\xa9\x63\x9b\xf3\x25\x5b\x41\xfc\xef\xc8\x49\xd3\x2d\x59\x7e\x74\xed\x26\x5e\xbe\x7e\x6a\x7d\xbe\x8f\xef\x3e\xf7\xc3\x97\x30\x0c\x03\xb0\xf2\x0e\xc9\x49\xa3\x23\x01\x56\xe2\x13\xa3\xf6\xff\xdc\x74\xf5\x83\x9b\x4a\xf3\x75\x71\x32\x47\x86\x93\x60\x25\x75\x12\x89\x9f\x73\xc7\x26\xbb\x41\x67\x72\x8a\xf1\x0c\x17\x52\x4b\x96\x46\x07\x19\x32\x24\xc0\x10\x05\x42\x68\xc8\x30\x12\x4b\x54\x19\xa1\x42\x70\xe8\xa6\x0b\x95\x3f\x4d\x1f\x11\x0a\x9c\x3e\x1a\x5a\xb9\xc0\x59\x8c\xfd\xd9\x94\x4c\x6e\x23\xf1\x4a\x5e\xa1\x38\x7f\x44\x88\xea\xee\x0b\x54\xd9\x4d\x05\x58\xee\x2a\xe9\xf8\xb2\x2d\xf9\x55\x3a\x2e\xa5\x56\xe5\x04\xaa\x69\x46\x29\x70\x4b\x43\xfc\xfb\x33\x78\x28\x96\x14\x08\xe1\x62\x63\x31\x12\xa5\xc0\x42\x8c\x89\xdf\xcb\xe7\xb4\x71\x75\x73\xd8\x31\x70\xee\x22\xf1\xcf\xbf\x81\x10\x45\x4d\x5c\xcd\xd1\x76\x6b\x0b\x5d\x51\xf1\x2c\x2f\x31\x90\x0a\x4c\x22\xc1\x94\x63\xbd\xc5\x86\x20\xc5\xed\x5e\x01\x4a\x26\xe0\x89\xad\x80\x8c\x45\x7d\x7a\xfd\xcb\xdd\xb7\xb3\x78\x89\x19\x44\x1b\x35\x4b\xc6\x22\xb1\xac\xad\x2b\xa1\x36\xc4\xd6\x8b\xf0\xaf\x5c\x92\xbf\xef\x7e\x12\x2f\x81\x78\xf2\xf0\x42\xda\x85\x50\x69\x95\x8c\x79\x36\x9a\x02\x21\x78\xed\x79\x72\x4c\x52\xa7\x2d\x91\x05\x66\x24\x1d\x89\xa3\x3f\xee\x21\xfc\xfb\x9b\xf0\xc7\x87\x2f\xee\xc3\xcd\xaf\xaf\xea\xad\x2f\x7f\xfa\xfc\xa8\xa1\xc8\x32\x43\x93\x73\xf7\x45\x52\x33\xa6\x48\x2d\xd9\xc2\x50\x06\x5c\x4a\xbf\xff\xae\x65\xb9\x43\xbe\x03\x95\xb7\x5d\xaa\x01\xe7\xc6\x28\x04\x1d\xb4\xe0\x62\xbc\xb5\x29\x41\xd2\xe3\x6f\x97\x16\x19\xa5\xe6\x10\xaf\xba\x35\xcc\xfc\x4f\x8c\xb9\xcd\x50\x0f\xdf\x7e\xa1\x86\xb9\x7a\x75\xfd\xb0\x09\x5b\xe3\xdf\xae\x46\x18\x13\x02\xef\xa1\x99\x48\xe7\x2d\xbd\x30\x66\xd5\xe1\xc6\x98\x76\x4f\xb4\xc5\x48\xc4\xc5\x60\xd4\xfd\x7a\x04\x39\x80\xda\x65\x4e\xe1\xd3\xe4\x5c\x2a\x9c\x79\x2e\xb8\x27\x61\x80\x08\xd6\x2d\x89\x64\xcc\x3a\x7c\x1f\x88\x7c\xb3\x12\x7d\x5f\x68\x14\x62\xb5\x86\xd2\x63\xd3\x57\x3b\xf6\x07\x6a\xb2\xf4\xd0\x9d\x93\xc9\x3e\xd6\xb7\x61\xc3\x63\xa3\x17\x32\xfd\x0d\xec\x25\xae\x6f\x70\x31\xe4\x43\x0f\xbe\xd8\x8d\xbf\x71\x53\xc4\x20\x8f\x62\xb8\xbf\xd5\x6b\x85\xeb\x83\xf4\x8d\xf5\xad\x1d\xd4\x18\x48\x5f\x09\xf9\x37\xc4\x27\xec\x27\x3a\xcb\x75\x38\x9d\x7e\xec\x21\x0d\x6a\x56\xbe\xf5\xef\xc3\x69\x4e\x6a\x6f\x4a\x73\x1a\x75\xe6\x83\x19\x29\x47\x05\xdf\x1a\xdf\x87\x0c\x0b\xbc\xdc\x9b\x0d\xaf\xfc\xbf\xd2\x61\x34\x5e\x75\xb0\x10\x36\x87\xab\x66\x93\xeb\xf0\xb6\x79\xfe\x65\x09\x8f\x1e\x7e\x95\xa0\xa3\x1a\x2f\x03\xd8\x3a\x5c\x0c\x4c\x47\x1d\xf1\x2c\x91\xda\xa7\x3b\x29\x69\x5a\x90\x4a\x9e\x1c\x8b\xbe\xd0\x0f\x87\x3d\xed\x7e\xca\x77\x88\x76\x3d\x23\xa4\x92\xc5\x67\x42\x1b\x16\x89\xff\x4a\xc1\x44\xcc\xd7\xe2\xea\x74\xd6\xa1\xd4\x9f\x5f\x23\xb7\xd1\x70\x6d\xf4\xea\xb9\x95\xb4\x67\x68\x6f\x6d\xd2\x33\x7f\x0d\x27\x64\x93\x66\x42\x6b\x9c\x64\x43\x6b\xcf\x76\xd9\xc9\x8f\xc5\x64\xf3\x21\xf2\x66\xe2\x9f\xd1\x0e\xe4\x3f\x27\xb5\x2b\xff\x7b\xcc\x35\xd5\xaa\x3f\xc0\x0e\xb3\xd4\x61\x56\x20\xed\x6a\x6c\x59\x0d\xd7\xb9\x52\xd5\xcc\xd8\x7d\xf7\xbb\x3e\x9a\xff\x05\x00\x00\xff\xff\x50\xad\xd4\x1b\xa7\x0f\x00\x00"), }, "/helm-operator-deployment.yaml.tmpl": &vfsgen۰CompressedFileInfo{ name: "helm-operator-deployment.yaml.tmpl", - modTime: time.Date(2019, 8, 6, 14, 33, 53, 503124839, time.UTC), - uncompressedSize: 3085, + modTime: time.Date(2019, 8, 8, 17, 8, 15, 681493154, time.UTC), + uncompressedSize: 5671, - compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x94\x56\x4f\x8f\xdb\xc6\x0e\xbf\xfb\x53\x10\xce\x21\x17\x5b\x72\x90\xbc\x77\x50\x4e\xef\x21\x48\xb3\x40\x77\xbb\x68\x82\x02\x39\x25\xf4\x88\xb6\xa6\x1e\x0d\xd5\x19\xca\xae\x60\xa4\x9f\xbd\xe0\x48\x96\xa5\xec\x9f\x20\x7b\xf2\x52\xe4\x8f\xff\x7e\x24\x67\xbd\x5e\x2f\xb0\xb1\x7f\x50\x88\x96\x7d\x01\xd8\x34\x31\x3f\xbe\x5a\x1c\xac\x2f\x0b\x78\x47\x8d\xe3\xae\x26\x2f\x8b\x9a\x04\x4b\x14\x2c\x16\x00\x1e\x6b\x2a\x60\xe7\xda\xbf\xd7\x15\xb9\x7a\xcd\x0d\x05\x14\x0e\xe7\x33\xd8\x1d\x64\x77\x58\x53\x6c\xd0\x10\x7c\xfb\x36\x68\xa7\x7f\x0b\x38\x9f\xe7\x5f\xcf\x67\x20\x5f\xaa\x5a\x6c\xc8\x28\x74\xa0\xc6\x59\x83\xb1\x80\x57\x0b\x80\x48\x8e\x8c\x70\xd0\x2f\x00\x35\x8a\xa9\x7e\xc5\x2d\xb9\xd8\x0b\x9e\x8e\x44\x6d\x25\xa0\xd0\xbe\xeb\x55\xa5\x6b\xa8\x80\xdf\xc9\x04\x42\xa1\x05\x80\x50\xdd\x38\x14\x1a\xa0\x27\xd9\xe9\x9f\x9b\x79\x79\xd6\x8f\xfe\xa1\xf7\x2c\x28\x96\xfd\xc4\xa6\x09\x5c\x93\x54\xd4\xc6\xcc\x72\x1e\x4d\x40\x0d\x61\x29\xa1\xa5\x65\x52\xba\xe4\x9c\x7e\x53\x38\x5a\x43\xff\x33\x86\x5b\x2f\x77\xcf\xbb\x3b\xb2\x6b\x6b\x1a\x5d\xbd\x80\x4f\x15\xc1\x8e\x9d\xe3\x93\xf5\xfb\xe1\x33\xd8\x08\x3b\x0e\xd0\x46\x95\x21\x98\x36\x0a\xd7\x36\x52\x09\x07\xcf\x27\xff\xa5\xe2\x28\x11\x76\xd6\xd1\x6a\x04\x3a\x55\xd6\x54\xd0\x71\x0b\x27\xeb\x1c\x78\xa2\x12\x84\xa1\x64\x6d\xac\x8a\xd5\x48\x7f\x04\xe0\x93\x87\xbd\x15\xed\x18\x43\x40\xa9\x28\x8c\x30\x52\xa1\x1f\x1c\xef\xad\x54\xed\x16\x38\x80\x54\x04\xce\x1e\x28\x83\xcf\xdc\xbe\x74\x0e\xd0\x45\x1e\x5d\xd4\x9a\x37\x58\x19\x31\xac\x17\x4e\x36\x86\xbd\xa0\xf5\x14\x56\xb0\x25\xc7\xa7\xec\xa2\x32\xaa\x7e\xe6\x16\x6a\xec\x7a\xc0\x93\x8d\x95\x02\x36\x81\x8f\xb6\x24\x40\x0f\x31\x56\x5f\x0c\xfb\x9d\xdd\x7f\x97\xae\x32\xdb\xb2\xd7\x38\x6b\x0e\xd4\xc7\xcd\x9e\xe0\xeb\x4d\xa9\x9f\xa4\x7b\x6f\x1d\x7d\x7d\x9b\x0a\x69\x7d\x14\xf4\x86\x56\x43\x2d\x5e\x06\x1a\x81\xfa\x5c\xe7\x18\xbf\x58\xf9\xd0\x6e\x53\x7d\x32\xb8\xfb\x7f\xca\x85\xbc\x84\x0e\x0e\xd4\x41\xac\xb8\x75\x25\x6c\xaf\x18\xcb\x3e\xc4\xe5\x50\xcc\x1e\x68\x79\x8d\x7d\xa9\x7e\x53\x99\xa8\x04\xeb\xe1\x9f\x3c\x8b\xb1\xca\x1f\x96\x63\x3d\xd0\x35\xc6\xaa\xb4\xd7\xa6\x00\xf4\x38\xb7\xd8\x14\x13\xe1\x8c\xdc\x31\x56\xeb\x5e\x6b\xa6\x51\xd2\x0e\x5b\x27\xb7\x5c\x52\x01\x9b\x37\x9b\xcd\xa3\x2d\x98\x50\xa6\xb2\x71\xa4\xe1\xa5\x58\x23\x13\x47\xd6\x48\x85\xd7\x7e\xab\x61\xd4\x6e\x7d\xfc\xf8\x21\x55\x48\x6b\x8e\xc6\x50\x8c\x6f\x81\xb2\x7d\xb6\x02\xbc\xd4\xb4\x4c\x7b\x49\xb5\x32\xb8\xd9\x8d\x10\x33\x3f\x7f\xb6\x51\x52\x1f\x62\x6b\xaa\xe4\x6f\x95\x5a\x30\xe4\x32\x21\xc5\x68\x8f\x2e\x10\x96\x1d\x34\x6c\xbd\x44\x40\x81\x9c\xc4\xe4\x5a\x99\x32\xd7\x5a\xdb\x81\x15\x80\x11\xf0\xe2\x5e\xdd\x5e\x07\x08\xbd\x28\xfb\xda\x48\xdf\xd1\xe1\x40\xdd\x2a\x45\x38\x99\xab\x0b\x47\x2f\x03\x35\xc2\x4c\x18\x8b\x5b\x3e\xd2\x0a\x4e\x56\x2a\xad\xce\x9c\x99\x03\xa1\xd2\x66\xd4\xa4\x09\x4d\x35\x82\x68\x11\xad\x4f\x49\x47\x5d\x7c\x72\xe1\x3b\x95\x50\x51\xa0\xa7\x99\xb3\xb7\xb2\x3e\x50\x37\xe1\x40\x0f\x30\xe7\x4d\x2f\x9b\xec\x2a\x35\xeb\x5b\xf3\x3c\x7b\xd2\xa2\x21\x3f\x92\x59\xab\xbe\x66\xef\xba\x15\x9c\x08\x4e\xec\x5f\x0a\x6c\x09\x70\xeb\x48\xab\x64\xaa\x9a\xcb\x07\xb1\x7e\xaa\x28\x12\xc8\x89\x2f\xeb\x10\x30\x50\x22\x4d\x82\xed\xa9\xa6\x6d\x8f\x56\x38\x58\x8a\x59\x87\xb5\xfb\x6e\x01\xa0\x2f\x87\x26\x0c\x4b\x12\x8d\x52\xc4\x86\x74\x76\xba\x2c\x6d\x56\x87\x22\x14\x74\x9f\x6a\xdf\x48\x87\xd6\x60\x1b\xaf\x93\x3b\x3a\x94\xb4\x87\x43\x4d\xa1\x1f\x86\x1a\x0f\xd4\xef\x30\xc5\xcd\xaf\xc0\xd7\x94\x9f\x6e\xc2\x34\xf6\xb5\xc6\xfe\xb3\xed\x48\xa7\x63\x8a\xf2\xbc\x8b\x14\xe3\x04\x91\xea\x46\xba\x77\x36\x14\x70\xfe\xb6\x18\xe4\xe3\x2e\x1e\x8f\xcf\xfa\x47\xb7\x71\xe8\x55\xa0\xd4\x1f\xcf\xb0\x2c\xf4\xee\x46\x59\x82\xad\x71\x4f\xfd\x95\x9a\x59\x66\xf0\xde\xfa\x32\x15\xae\xd6\x7b\x13\xc8\xe8\x13\xe4\x8a\x17\xc8\x11\x46\xd2\xab\x92\x30\xe0\xd8\xbf\x5f\x74\x64\x2b\x91\x26\x16\x79\x5e\xb5\xdb\xac\x64\x73\xa0\x90\x19\xae\xf3\x90\x9f\x08\x8f\x74\xe2\x70\x88\xf9\xcc\x5b\x2e\xb8\x8f\x13\x70\xe5\x84\x3e\x43\xf4\x89\xa2\x21\x08\xee\x67\xe3\x02\xbd\xcf\x02\x06\x74\xcb\x69\x43\x98\x72\x0e\x5b\x6c\xb2\x57\x9b\x6c\x33\x37\xba\x6f\x9d\xbb\x67\x67\x4d\x57\xc0\xcd\xee\x8e\xe5\x3e\x50\x9c\xe6\xd6\x70\x90\xc9\x1b\xe2\x52\x5d\x4d\x6a\x14\x4e\xda\x70\xcf\x41\x0a\x78\xbd\x79\x7d\xf5\x13\x28\x72\x1b\x0c\x4d\x50\x54\xf8\x57\x4b\x51\x66\x32\x00\xd3\xb4\x05\xfc\x67\x53\xcf\x84\x35\xd5\x1c\xba\x02\xfe\xfb\xe6\xd6\x8e\x1f\xfa\x11\xbb\x55\x9e\x4f\x30\x5e\xc0\x8d\x37\xae\x2d\xa9\x5f\xf8\xc3\x13\x61\x7e\xd1\x9f\x7c\x78\x70\x78\xb8\x82\x15\x52\x07\xf4\xed\x65\x51\x4e\x9e\x08\x15\x5d\x2e\x4a\x49\xc6\x61\xa0\xb2\x5f\x8d\xd9\xc4\xf6\xd1\xcb\xd7\xb3\x39\x45\x73\x8f\x52\x15\x90\x07\x66\x49\xc7\x73\xa6\xa1\x23\xf9\x9b\x77\x5d\x01\xfa\x44\x7b\x04\x75\xbe\x15\x1f\xc2\xce\x6e\xc5\x23\xf6\x4f\x0d\xf4\x43\xa4\x23\x86\x01\x49\x29\x95\x8f\x86\xdd\x8f\x50\xa7\x33\xfc\x13\xb0\x79\x6f\xf7\x6f\x00\x00\x00\xff\xff\x57\x65\xcf\x4a\x0d\x0c\x00\x00"), + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x58\xcd\x8e\xdb\xc8\x11\xbe\xcf\x53\x14\x66\x0e\xbe\x8c\x48\x19\xeb\xec\x81\x86\x0f\xc9\x6e\x76\x6d\xc0\x76\x06\x19\x23\x40\x4e\xbb\xa5\x66\x49\xec\xa8\xd9\xcd\x74\x17\xa5\x10\xc2\xe4\xd9\x83\x6a\x52\x14\x29\x8a\x9a\x19\x67\x75\xf1\x98\xac\xff\xfa\xea\x8f\x8b\xc5\xe2\x06\x2b\xfd\x0f\xf2\x41\x3b\x9b\x01\x56\x55\x48\x77\x6f\x6f\xb6\xda\xe6\x19\xfc\x4c\x95\x71\x4d\x49\x96\x6f\x4a\x62\xcc\x91\x31\xbb\x01\xb0\x58\x52\x06\x6b\x53\xff\x67\x51\x90\x29\x17\xae\x22\x8f\xec\xfc\xe1\x00\x7a\x0d\xc9\x57\x2c\x29\x54\xa8\x08\x9e\x9e\x3a\xea\xf8\xdf\x0c\x0e\x87\xf1\xdb\xc3\x01\xc8\xe6\x42\x16\x2a\x52\x22\xda\x53\x65\xb4\xc2\x90\xc1\xdb\x1b\x80\x40\x86\x14\x3b\x2f\x6f\x00\x4a\x64\x55\x7c\xc6\x15\x99\xd0\x3e\x98\xb7\x44\x78\xd9\x23\xd3\xa6\x69\x49\xb9\xa9\x28\x83\xbf\x93\xf2\x84\x4c\x37\x00\x4c\x65\x65\x90\xa9\x13\x3d\xf0\x4e\x7e\x66\xa4\xe5\xaa\x1e\xf9\xa1\xb5\x8e\x91\xb5\xb3\x03\x9e\xca\xbb\x92\xb8\xa0\x3a\x24\xda\xa5\x41\x79\x14\x13\x6e\xd9\xd7\x74\x1b\x89\x8e\x3e\xc7\xbf\xc9\xef\xb4\xa2\x3f\x2b\xe5\x6a\xcb\x5f\xaf\xab\xdb\x39\x53\x97\x14\xb2\x2e\xde\x7f\xb5\xb8\x32\xf4\x4d\x1b\x43\xfe\xdb\xe7\xc7\x36\xea\xed\x6f\xd1\x59\x1e\xa5\xb0\x09\x0b\x85\xfd\x3b\x00\xe5\xec\x5a\x6f\xbe\x60\x95\x0d\x1e\x4e\x9d\x6d\xf9\x16\x2d\xf5\x88\x32\xa7\x35\xd6\x86\xbf\xb8\x9c\x32\x58\xfe\xb8\x5c\x5e\x51\x4c\x9e\xc3\x80\x39\x48\x2a\x78\xac\xb8\x7d\xd6\x3a\xdf\xf9\xd6\x7b\xf5\x13\x79\x7e\xec\xdf\xc3\xd3\xd3\xdc\xab\x03\x90\x09\x42\x70\xe6\x00\x79\x3e\xc1\x6d\xde\x89\x77\xcb\xe5\xa1\x17\xd1\xd1\xdd\x1d\xff\x85\x7f\xba\x1a\xf6\xda\x18\xb0\x44\x39\x70\x41\x81\x80\xf7\xee\x98\x11\x31\xb9\x11\x12\xb4\x0c\xec\x80\x02\xe3\xca\xe8\x50\xc0\x0e\x8d\xce\x91\x29\x87\x6f\x9f\x1f\x7b\x71\xca\x59\x4b\x2a\xe2\x06\x70\x83\xda\x06\x86\xd6\xad\x89\xe6\xf9\x4c\xde\x5d\xca\xe4\xdd\x8b\x33\x79\x77\x35\x93\x77\xd0\x46\x36\x16\x10\x6c\xeb\x15\x79\x4b\x4c\x11\xd2\x6c\xc2\xc4\xbc\x69\xd0\x07\x6a\xc6\x39\xbf\xfb\x03\x73\xfe\x8a\xa4\x5f\xf2\xf7\xdd\xc9\xdf\xc3\x81\x6c\x3e\x20\xfe\x56\x10\xac\x9d\x31\x6e\xaf\xed\xa6\xcb\x33\xe8\x00\x6b\xe7\xa1\x0e\xf2\x0c\x41\xd5\x81\x5d\xa9\x03\xe5\xb0\xb5\x6e\x6f\x7f\x2b\x5c\xe0\x00\x6b\x6d\xe8\xbe\x17\xb4\x2f\xb4\x2a\x5a\x74\x9c\x00\xe4\x20\x77\x47\xd0\x08\x93\xfc\xe1\xc1\xed\x2d\x6c\x34\x4b\x33\x74\xe0\x91\x8b\x13\x1e\x80\x0b\xb4\x9d\xe2\x8d\xe6\xa2\x5e\x81\xf3\x02\x44\x30\x7a\x4b\x89\x00\xf4\x8d\x31\x80\x26\xb8\x5e\x45\x29\x2d\x05\xf4\x29\x13\xda\xb2\x8b\x3c\xca\x59\x46\x6d\xc9\xdf\xc3\x8a\x8c\xdb\x27\x17\x01\x5f\x62\xd3\x0a\xdc\x0b\x92\xd9\x49\x67\xdb\xe9\x9c\x00\x2d\x84\x50\xfc\xd6\xc2\xe9\xcc\x5d\x19\x1a\xda\x59\xb1\xb3\x74\x9e\x5a\xbb\x9d\x25\xf8\xfd\x53\x2e\xaf\xb8\xf9\x45\x1b\xfa\xfd\x7d\x0c\xa4\x00\x1f\xad\xa2\xfb\x2e\x16\x6f\x3c\xf5\x82\x5a\x5f\xc7\x32\x7e\xd5\xfc\xb1\x5e\xc5\xf8\x24\xf0\xf5\x2f\xd1\x17\xb2\xec\x1b\xd8\x52\x03\xa1\x70\xb5\xc9\x61\x75\x92\x71\xdb\x9a\x78\xdb\x05\xb3\x15\x74\x7b\xb2\xfd\x56\xf4\xc6\x30\x51\x0e\xda\xc2\x7f\xd3\x24\x84\x22\x9d\x86\xe3\x08\xf3\x10\x8a\x5c\xfb\x57\x15\x60\x08\xc5\xf3\x85\xd7\x76\x1f\x29\x82\xc7\xc7\x8f\x23\xe8\xdf\x9c\x0a\xf2\xf1\x63\x74\x93\x1d\xa0\x52\x14\x42\x74\xff\xd7\x0e\x2f\x41\xb3\xf3\xcd\xa4\x0f\x6f\x34\x2f\xb6\xd4\xbc\xae\x01\x4f\x8d\x18\x12\x4f\x2c\x8f\x20\x27\xdb\x07\xd2\x13\xe6\x0b\x67\x4d\x73\x0f\x7b\x82\xbd\xb3\x6f\x18\x56\x04\x32\xac\xc4\x78\x55\x94\x2e\xbf\x79\x45\xb3\xd5\xa1\xaf\xbf\x23\x4a\xfa\x12\xec\xcb\x85\x0b\x3c\x01\x5d\x18\x83\xc0\xf4\x18\x33\x01\x5b\x1b\xb4\xf7\x40\xc9\x26\xb9\x07\x3c\x82\x29\x8f\xbb\x8e\x50\x25\xf0\x69\xdd\x8b\x18\xe9\xf9\x57\x1d\x38\x02\x30\xd4\xaa\x88\xfa\xee\x63\xf0\xbb\x50\x0c\xaa\xa1\xe7\x47\x23\x61\x68\xa0\x72\xda\x72\x00\x64\x48\x89\x55\x2a\x90\xc8\x53\x01\x99\xee\xca\x01\x30\x00\x1e\xd5\x8b\xda\x53\xe7\xe8\xa6\x49\x1d\xe8\xac\x0e\xb6\xd4\xdc\x47\x0b\x07\x0d\xe5\x58\x9c\xc7\x4e\xd2\x8b\x19\x94\x2a\xae\xdc\x8e\xee\x61\xaf\xb9\x90\xe8\x8c\x4b\xb2\xab\xa4\xb8\x6d\x89\xd3\x84\xaa\xe8\x85\x48\x10\xb5\x8d\x4e\xb7\x60\x39\x16\x3a\xe5\x50\x90\xa7\xf9\x92\x19\x23\xf0\x25\xe3\x20\x96\x8d\xb0\xb5\xa9\xb9\x5e\x36\xdf\x05\xbe\xf9\x9e\x7f\x36\xd7\xd1\x53\xc4\x4e\x94\xde\x22\xae\x2f\x36\x4d\x21\x69\xb0\x34\x67\x0d\x10\x6d\xde\xe5\xa2\x1b\x12\xa8\x04\x29\xda\xc7\x8d\xb6\x49\xe2\x64\x31\xc8\x4c\x5e\xe6\x89\xa4\x8f\xa4\x69\x29\xac\xc3\xa9\x73\xf5\x0a\x39\xce\x21\x5f\x92\x6f\x6b\xa2\xc4\x2d\xb5\x3d\x5c\xe4\xa6\x27\xc1\x27\xcf\xe7\x73\x31\xb4\x7d\x21\xb6\xbf\x36\x2b\x71\xc2\x0e\xa5\x5c\x57\x11\x6d\x1c\x48\xa4\xb2\xe2\xe6\x67\xed\x33\x38\xf4\x8d\xad\x9f\x45\xfd\x0a\x3d\xdd\x29\xce\xf6\xe0\x2e\x57\x9e\x62\x7e\xac\x83\xdb\x4c\x56\xfa\xc0\xb7\xa0\x4b\xdc\x50\x3b\xa5\x47\x9c\x09\xfc\xa2\x6d\xdc\xdc\xa0\x94\x79\xeb\x49\xc9\x75\x73\x92\xe7\xc9\x10\x06\x92\xa9\x1a\x65\xc0\xae\x3d\x8d\xa4\x72\x0b\xe6\x2a\x64\x69\x5a\xd4\xab\x24\x77\x6a\x4b\x3e\x51\xae\x4c\x7d\xba\x27\xdc\xd1\xde\xf9\x6d\x48\x47\xda\x52\xc6\x4d\x18\x08\x17\x4c\xc8\x85\x23\xd7\x8f\x98\xc0\xb8\x19\x55\x0d\xb4\x3a\x33\xe8\xa4\x6b\x17\x1b\x85\xca\xc7\x62\xb3\x65\xf2\x76\x99\xbc\x1d\x33\x3d\xd4\xc6\x3c\x38\xa3\x55\x93\xc1\xa7\xf5\x57\xc7\x0f\x9e\xc2\xd0\xb7\xca\x79\x1e\x9c\x27\xfd\x42\xc9\x5c\x8d\x6f\x82\x36\x0d\x0f\xce\x73\x06\x3f\x2c\x7f\x38\x2d\xf5\x9e\x82\xab\xbd\xa2\x30\x9c\x1a\x9e\xfe\x5d\x53\xe0\x30\x9e\x24\xaa\xaa\x33\xf8\xd3\xb2\x1c\x3d\x2c\xa9\x74\xbe\xc9\xe0\xc7\x77\x5f\x74\xff\xa2\x2d\xb1\x2f\x82\xf3\x81\x8c\x3b\xf8\x64\x95\xa9\x73\x6a\xfb\x7e\xb7\x22\x8d\x37\x9a\xd9\xc5\xcb\xf9\x69\x27\x16\x91\x52\xa0\xef\x8f\xfd\x72\xb0\x22\x15\x74\x1c\x2c\x39\x29\x83\x9e\xf2\xb6\x43\x26\x03\xde\x8b\x93\xbf\x45\x73\xb4\xe6\x01\xb9\xc8\x20\xf5\xce\x71\x5c\x1e\x46\x14\x52\x92\x7f\xb3\xa6\xc9\x40\xae\xbf\x67\x26\x3c\x5c\x1d\xdb\x63\x75\xa3\x51\x32\x9d\xa5\xf3\xfd\x77\x6a\xf9\x48\xd4\xf4\x52\x7a\xbe\x79\x4c\x45\xee\xd0\x77\x22\x05\xbe\xe9\x85\xf5\xe4\x05\xfd\xe2\x15\x62\xd3\xc8\x37\x7f\x15\x5f\x08\xf0\xec\x7d\x3a\x17\x1c\x61\x18\x91\x8d\x73\x7b\x55\x05\xbe\x50\xfe\x39\xe5\x99\x8a\xab\x69\x9e\x71\x68\x3e\xdb\x23\x87\xa6\x60\xbd\xaa\x02\x5f\x28\xff\x9c\x72\x52\x0f\x67\x60\x43\xbf\x19\xf5\x82\x8f\x6e\x2f\x65\xbf\x96\xd6\x3d\xba\x8f\x25\xca\x8b\x05\xc7\x47\x8b\xfe\x43\xd3\x87\xd1\x21\x39\xfc\xe0\x74\xfe\xe8\x14\x4a\x39\x6d\x17\xa1\x09\x4c\x65\x6f\xcf\xf3\xdf\x57\xee\xe4\x9c\xef\x96\xff\xda\xc7\x2f\x40\x97\x2c\x3b\xde\xdd\xe4\x79\x51\x21\x17\x1f\xa6\xf1\x49\x15\x26\xca\xf3\x1c\x37\x45\x1b\x3e\x8c\x32\x72\x46\xb2\xa5\xe6\xa2\x70\xb9\xd3\x93\x61\xe5\x9f\x1b\x36\x67\x55\x64\xbc\x62\xd3\x8e\xbc\x5e\x37\x57\x6d\x7a\x99\xd3\x17\x01\xfd\x93\x2b\x65\xb5\x04\x57\xc7\xe5\x77\xfe\x6b\xca\xf3\x5f\x51\x5a\xf0\xfe\x3f\xd9\x98\xf0\x5f\xca\xc7\x84\xe8\xc5\x19\x99\x9a\xf7\xe2\x9c\x4c\x58\x2f\x65\xe5\x3b\xdd\x3f\x15\xe6\xff\x02\x00\x00\xff\xff\x2e\x92\x75\x6a\x27\x16\x00\x00"), + }, + "/tiller-ca-cert-configmap.yaml.tmpl": &vfsgen۰CompressedFileInfo{ + name: "tiller-ca-cert-configmap.yaml.tmpl", + modTime: time.Date(2019, 8, 8, 17, 13, 2, 907216598, time.UTC), + uncompressedSize: 235, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x54\x8e\xc1\x4a\x07\x21\x10\x87\xef\x3e\xc5\xef\x05\x5c\x08\xa2\x83\xb7\x92\xff\xad\xba\xb4\x74\x9f\x74\xb6\x24\x1d\x17\xb5\x08\xcc\x77\x8f\x95\x2d\xe8\x38\xcc\x37\xdf\x37\xbd\x23\x6c\x58\x2e\x42\x2f\x91\xd7\x10\x23\x97\xf5\xfe\x09\x63\xd0\x1e\x9e\xb9\xd4\x90\xc5\xe0\xf3\x4a\xbd\x07\xf1\x06\x36\xcb\x16\x5e\x1f\x68\x57\x89\x1b\x79\x6a\x64\x14\x20\x94\xd8\x60\x8b\x1f\x5f\xfa\x8d\x63\xd2\x2d\x56\xed\x48\xbb\x09\x2b\xe0\x6c\x3c\x52\xe2\xba\x93\x63\x8c\x71\x5e\xcd\xd1\x1c\xc0\xbf\x6d\xef\x60\xf1\x07\xf6\x9b\x70\xb4\xb8\xd2\x0c\xbe\x15\x30\x85\x77\x54\xf9\xe6\xfa\x22\x2e\x7b\xc6\xf2\xf7\xb8\xbd\xb5\x5c\x9a\xcd\xd2\x58\xda\x21\xe8\x5d\x4f\x97\x1e\xe3\x27\x00\x00\xff\xff\xc5\x26\x85\x7a\xeb\x00\x00\x00"), }, } fs["/"].(*vfsgen۰DirInfo).entries = []os.FileInfo{ fs["/flux-helm-operator-account.yaml.tmpl"].(os.FileInfo), fs["/flux-helm-release-crd.yaml.tmpl"].(os.FileInfo), fs["/helm-operator-deployment.yaml.tmpl"].(os.FileInfo), + fs["/tiller-ca-cert-configmap.yaml.tmpl"].(os.FileInfo), } return fs diff --git a/pkg/install/install.go b/pkg/install/install.go index 6d18b3877..e71b62956 100644 --- a/pkg/install/install.go +++ b/pkg/install/install.go @@ -2,6 +2,7 @@ package install import ( "bytes" + "encoding/base64" "fmt" "io" "io/ioutil" @@ -13,7 +14,12 @@ import ( ) type TemplateParameters struct { - Namespace string + Namespace string + TillerNamespace string + SSHSecretName string + EnableTillerTLS bool + TillerTLSCACertContent []byte + TillerTLSCertSecretName string } func FillInTemplates(params TemplateParameters) (map[string][]byte, error) { @@ -29,8 +35,9 @@ func FillInTemplates(params TemplateParameters) (map[string][]byte, error) { if err != nil { return fmt.Errorf("cannot read embedded file %q: %s", info.Name(), err) } + manifestTemplate, err := template.New(info.Name()). - Funcs(template.FuncMap{"StringsJoin": strings.Join}). + Funcs(template.FuncMap{"Base64Encode": base64.StdEncoding.EncodeToString}). Parse(string(manifestTemplateBytes)) if err != nil { return fmt.Errorf("cannot parse embedded file %q: %s", info.Name(), err) @@ -39,6 +46,9 @@ func FillInTemplates(params TemplateParameters) (map[string][]byte, error) { if err := manifestTemplate.Execute(out, params); err != nil { return fmt.Errorf("cannot execute template for embedded file %q: %s", info.Name(), err) } + if len(out.Bytes()) <= 1 { // empty file + return nil + } result[strings.TrimSuffix(info.Name(), ".tmpl")] = out.Bytes() return nil }) diff --git a/pkg/install/install_test.go b/pkg/install/install_test.go index 2bc8521bc..0b538bde3 100644 --- a/pkg/install/install_test.go +++ b/pkg/install/install_test.go @@ -7,13 +7,19 @@ import ( "github.com/stretchr/testify/assert" ) -func testFillInTemplates(t *testing.T, params TemplateParameters) { +func testFillInTemplates(t *testing.T, params TemplateParameters, expectedManifestNum int) { manifests, err := FillInTemplates(params) assert.NoError(t, err) - assert.Len(t, manifests, 3) + assert.Len(t, manifests, expectedManifestNum) + + config := &kubeval.Config{ + IgnoreMissingSchemas: true, + KubernetesVersion: "master", + } for fileName, contents := range manifests { - validationResults, err := kubeval.Validate(contents, fileName) - assert.NoError(t, err) + config.FileName = fileName + validationResults, err := kubeval.Validate(contents, config) + assert.NoError(t, err, "contents: %s", string(contents)) for _, result := range validationResults { if len(result.Errors) > 0 { t.Errorf("found problems with manifest %s (Kind %s):\ncontent:\n%s\nerrors: %s", @@ -26,15 +32,17 @@ func testFillInTemplates(t *testing.T, params TemplateParameters) { } } -func TestFillInTemplates(t *testing.T) { +func TestFillInTemplates(t *testing.T) { testFillInTemplates(t, TemplateParameters{ - Namespace: "flux", - }) - + Namespace: "flux", + TillerNamespace: "tiller", + SSHSecretName: "mysshsecretname", + EnableTillerTLS: true, + TillerTLSCACertContent: []byte("foo bar"), + TillerTLSCertSecretName: "mytlssecretname", + }, 4) } -func TestFillInTemplatesNoNamespace(t *testing.T) { - testFillInTemplates(t, TemplateParameters{ - Namespace: "", - }) +func TestFillInTemplatesEmpty(t *testing.T) { + testFillInTemplates(t, TemplateParameters{}, 3) } diff --git a/pkg/install/templates/helm-operator-deployment.yaml.tmpl b/pkg/install/templates/helm-operator-deployment.yaml.tmpl index 7b32b4039..2184b3dc2 100644 --- a/pkg/install/templates/helm-operator-deployment.yaml.tmpl +++ b/pkg/install/templates/helm-operator-deployment.yaml.tmpl @@ -19,7 +19,29 @@ spec: prometheus.io/scrape: "true" spec: serviceAccountName: flux-helm-operator - volumes: + volumes:{{ if .EnableTillerTLS }} + - name: helm-tls-ca + configMap: + name: flux-helm-tls-ca-config + defaultMode: 0600 + - name: helm-tls-certs + secret: + secretName: {{ if .TillerTLSCertSecretName }}.TillerTLSCertSecretName{ else }}flux-helm-tls-cert{{ end }} + defaultMode: 0400{{ else }} + # + # You will need these two volumes if you want to establish validated TLS + # connections against Tiller + # + # - name: helm-tls-ca + # configMap: + # name: flux-helm-tls-ca-config + # defaultMode: 0600 + # Secret type kubernetes.io/tls + # - name: flux-helm-tls-cert + # secret: + # secretName: {{ if .TillerTLSCertSecretName }}.TillerTLSCertSecretName{{ else }}flux-helm-tls-cert{{ end }} + # defaultMode: 0400 + #{{end}} # The following volume is for using a customised known_hosts file, # which you will need to do if you host your own git repo rather # than using github or the like. You'll also need to mount it @@ -33,7 +55,14 @@ spec: # - name: sshdir # configMap: # name: flux-ssh-config - # defaultMode: 0400 + # defaultMode: 0400{{ if .SSHSecretName }} + + # SSH key to access the Git repository + - name: git-key + secret: + secretName: {{ .SSHSecretName }} + defaultMode: 0400 # when mounted read-only, we won't be able to chmod +{{ else }} # # You will need this volume if you're using a git repo that # needs an SSH key for access; e.g., a GitHub deploy key. If @@ -47,7 +76,7 @@ spec: # secret: # secretName: flux-git-deploy # defaultMode: 0400 # when mounted read-only, we won't be able to chmod - # + #{{end}} # These two volumes are for mounting a repositories.yaml file, # and providing a cache directory. The latter is needed because # mounting the former will make the cache/ directory read-only. @@ -63,7 +92,7 @@ spec: # There are no ":latest" images for helm-operator. Find the most recent # release or image version at https://hub.docker.com/r/weaveworks/helm-operator/tags # and replace the tag here. - image: docker.io/fluxcd/helm-operator:0.10.0 + image: docker.io/fluxcd/helm-operator:0.10.1 imagePullPolicy: IfNotPresent ports: - name: http @@ -77,10 +106,45 @@ spec: # file; you'll also need the volume declared above. # - name: sshdir # mountPath: /root/.ssh - # readOnly: true + # readOnly: true{{ if .SSHSecretName }} + + - name: git-key + mountPath: /etc/fluxd/ssh +{{ else }} # - name: git-key - # mountPath: /etc/fluxd/ssh + # mountPath: /etc/fluxd/ssh{{ end }} # - name: repositories-yaml # mountPath: /var/fluxd/helm/repository # - name: repositories-cache - # mountPath: /var/fluxd/helm/repository/cache + # mountPath: /var/fluxd/helm/repository/cache{{ if .EnableTillerTLS }} + + - name: helm-tls-certs + mountPath: /etc/fluxd/helm + readOnly: true + - name: helm-tls-ca + mountPath: /etc/fluxd/helm-ca + readOnly: true +{{ else }} + # - name: helm-tls-certs + # mountPath: /etc/fluxd/helm + # readOnly: true + # - name: helm-tls-ca + # mountPath: /etc/fluxd/helm-ca + # readOnly: true{{ end }} + args: + # How to find Tiller + - --tiller-namespace={{ if .TillerNamespace }}.TillerNamespace{{ else }}kube-system{{ end }}{{ if .EnableTillerTLS }} + # TLS configuration + - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt + - --tiller-tls-enable=true + - --tiller-tls-key-path=/etc/fluxd/helm/tls.key + - --tiller-tls-cert-path=/etc/fluxd/helm/tls.crt + - --tiller-tls-verify=true + - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt{{ else }} + # Comment out to to establish validated TLS connections against Tiller + # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt + # - --tiller-tls-enable=true + # - --tiller-tls-key-path=/etc/fluxd/helm/tls.key + # - --tiller-tls-cert-path=/etc/fluxd/helm/tls.crt + # - --tiller-tls-verify=true + # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt{{ end }} diff --git a/pkg/install/templates/tiller-ca-cert-configmap.yaml.tmpl b/pkg/install/templates/tiller-ca-cert-configmap.yaml.tmpl new file mode 100644 index 000000000..c88cecf35 --- /dev/null +++ b/pkg/install/templates/tiller-ca-cert-configmap.yaml.tmpl @@ -0,0 +1,11 @@ +{{ if .EnableTillerTLS }}--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: flux-helm-tls-ca-config + {{ if .Namespace }} + namespace: {{ .Namespace }}{{ end }} +data: + ca.crt: | + {{ Base64Encode .TillerTLSCACertContent }} +{{- end -}}