Add helmfile (#114)

* Add helmfile * add helm-secrets for helmfile
cloudposse · Apr 6, 2018 · 8cfe518 · 8cfe518
1 parent 8f43de2
commit 8cfe518
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 7 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -21,7 +21,9 @@ RUN apk update \
           gcc libffi-dev python-dev musl-dev openssl-dev py-pip py-virtualenv \
           git coreutils less groff bash-completion \
           fuse syslog-ng libc6-compat && \
-          mkdir -p /etc/bash_completion.d/ /etc/profile.d/
+          mkdir -p /etc/bash_completion.d/ /etc/profile.d/ \
+    && mkdir -p /conf \
+    && touch /conf/.gitconfig \
 
 RUN echo "net.ipv6.conf.all.disable_ipv6=0" > /etc/sysctl.d/00-ipv6.conf
 
@@ -106,11 +108,17 @@ ENV NODE_MACHINE_TYPE "t2.medium"
 ENV NODE_MAX_SIZE 2
 ENV NODE_MIN_SIZE 2
 
+#
+# Install sops (required by `helm-secrets`)
+# 
+ENV SOPS_VERSION 3.0.2
+RUN curl --fail -sSL -o /usr/local/bin/sops https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux \
+    && chmod +x /usr/local/bin/sops
+
 #
 # Install helm
 #
 ENV HELM_VERSION 2.8.2
-ENV HELM_GITHUB_VERSION 0.2.0
 ENV HELM_HOME /var/lib/helm
 ENV HELM_VALUES_PATH=${SECRETS_PATH}/helm/values
 RUN curl --fail -sSL -O http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz \
@@ -122,12 +130,38 @@ RUN curl --fail -sSL -O http://storage.googleapis.com/kubernetes-helm/helm-v${HE
     && mkdir -p ${HELM_HOME} \
     && helm init --client-only \
     && mkdir -p ${HELM_HOME}/plugins \
-    && helm plugin install https://github.com/mstrzele/helm-edit \
-    && helm plugin install https://github.com/app-registry/appr-helm-plugin \
-    && helm plugin install https://github.com/sagansystems/helm-github --version ${HELM_GITHUB_VERSION} \
-    && helm repo add cloudposse-incubator https://charts.cloudposse.com/incubator/ \
+
+#
+# Install helm repos
+#
+RUN helm repo add cloudposse-incubator https://charts.cloudposse.com/incubator/ \
+    && helm repo add incubator  https://kubernetes-charts-incubator.storage.googleapis.com/ \
+    && helm repo add coreos-stable https://s3-eu-west-1.amazonaws.com/coreos-charts/stable/ \
     && helm repo update
 
+# 
+# Install helm plugins
+# 
+ENV HELM_APPR_VERSION 0.7.0
+ENV HELM_DIFF_VERSION 2.8.0+1
+ENV HELM_EDIT_VERSION 0.2.0
+ENV HELM_GITHUB_VERSION 0.2.0
+ENV HELM_SECRETS_VERSION 1.2.9
+
+RUN helm plugin install https://github.com/app-registry/appr-helm-plugin --version v${HELM_APPR_VERSION} \
+    && helm plugin install https://github.com/mstrzele/helm-edit --version v${HELM_EDIT_VERSION} \
+    && helm plugin install https://github.com/databus23/helm-diff --version v${HELM_DIFF_VERSION} \
+    && helm plugin install https://github.com/futuresimple/helm-secrets --version ${HELM_SECRETS_VERSION} \
+    && helm plugin install https://github.com/sagansystems/helm-github --version ${HELM_GITHUB_VERSION}
+
+#
+# Install helmfile
+#
+ENV HELMFILE_VERSION 0.11
+RUN curl --fail -sSL -o /usr/local/bin/helmfile https://github.com/roboll/helmfile/releases/download/v${HELMFILE_VERSION}/helmfile_linux_amd64 \
+    && chmod +x /usr/local/bin/helmfile
+
+
 #
 # Install packer
 #

diff --git a/README.md b/README.md
@@ -29,8 +29,9 @@ At its core, Geodesic is a framework for provisioning cloud infrastructure and t
 * [`ansible`](http://docs.ansible.com/ansible/latest/index.html) Ansible is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks
 * [`aws-vault`](https://github.com/99designs/aws-vault) for securely storing and accessing AWS credentials in an encrypted vault for the purpose of assuming IAM roles
 * [`aws-cli`](https://github.com/aws/aws-cli/) for interacting directly with the AWS APIs
-* [`chamber`](https://github.com/segmentio/chamber) for managing secrets with AWS SSM+KMS
+* [`chamber`](https://github.com/segmentio/chamber) for managing secrets with AWS SSM+KMS and exposing them as environment variables
 * [`helm`](https://github.com/kubernetes/helm/) for installing packages like Varnish or Apache on the Kubernetes cluster
+* [`helmfile`](https://github.com/roboll/helmfile) for 12-factorizing chart values and installing chart collections
 * [`kops`](https://github.com/kubernetes/kops/) for Kubernetes cluster orchestration
 * [`kubectl`](https://kubernetes.io/docs/user-guide/kubectl-overview/) for controlling kubernetes resources like deployments or load balancers
 * [`gcloud`, `gsutil`](https://cloud.google.com/sdk/) for integration with Google Cloud (e.g. GKE, GCE, Google Storage)