Merge pull request #9 from Schille/feature/helm-plugins

feat: add gnupg support for tooler
Getdeck · Apr 5, 2022 · 12f8e7d · 12f8e7d
2 parents 351a469 + edc6b06
commit 12f8e7d
Show file tree

Hide file tree

Showing 4 changed files with 114 additions and 33 deletions.
diff --git a/deck.example.yaml b/deck.example.yaml
@@ -4,7 +4,7 @@ version: "1"
 cluster:
   provider: k3d
   minVersion: 4.0.0
-  name: mumpiz
+  name: another-cluster
   nativeConfig: # content of the native config file (e.g. https://k3d.io/v5.0.0/usage/configfile/)
     apiVersion: k3d.io/v1alpha2
     kind: Simple
@@ -20,15 +20,54 @@ cluster:
           - agent[0]
 
 decks:
-  - name: mumpiz-platform
+  - name: buzzword-counter
+    namespace: buzzword
     sources:
       - type: helm
-        ref: [email protected]:Blueshoe/mumpiz-helm.git
-        path: mumpiz
-        releaseName: mumpiz
-        helmPlugins:
-          - secret
-        valueFiles: # Helm values (files) relative to 'path'
-          - helm_vars/development/values.development.yaml
-          - helm_vars/development/secrets.development.yaml
-          - helm_vars/development/values.shared.yaml
+        ref: https://kubernetes.github.io/dashboard/
+        chart: kubernetes-dashboard
+        releaseName: dashboard
+        parameters:
+          - name: ingress.enabled
+            value: true
+          - name: ingress.hosts
+            value: '{dashboard.127.0.0.1.nip.io}'
+          - name: protocolHttp
+            value: true
+          - name: service.externalPort
+            value: 8080
+          - name: serviceAccount.create
+            values: false
+
+      - type: helm
+        ref: https://charts.bitnami.com/bitnami
+        chart: solr
+        releaseName: solr
+        parameters:
+          - name: ingress.enabled
+            value: true
+          - name: ingress.hostname
+            value: solr.127.0.0.1.nip.io
+
+      - type: helm
+        ref: [email protected]:Blueshoe/buzzword-charts.git
+        targetRevision: HEAD # only relevant for git
+        path: buzzword-counter
+#        chart: chart-name  # Set this when pulling directly from a Helm repo. DO NOT set for git-hosted Helm charts.
+
+#        parameters: # extra values for --set (take precedence)
+#          - name: "ingress.domain"
+#            value: mydomain.example.com
+#          - name: "ingress.annotations.nginx-"
+#            value: "true"
+
+        releaseName: buzzword-counter # Release name override (defaults to application name)
+
+#        valueFiles: # Helm values (files) relative to 'path'
+#          - helm_vars/development/values.development.yaml
+#      - type: kustomize
+#      - type: directory
+#        ref: [email protected]:Blueshoe/buzzword-charts.git
+#        targetRevision: HEAD
+#        path: .
+#        recursive: true
diff --git a/getdeck/sources/helm.py b/getdeck/sources/helm.py
@@ -23,19 +23,22 @@ def fetch_sources_with_git(
 ) -> List[K8sSourceFile]:
     _k8s_version = get_k8s_api_version(config)
     k8s_workload_files = []
-    HELM_CMD = []
-    HELM_CMD.extend(["helm", "dep", "up", source.path, "&&"])
-    HELM_CMD.extend(["helm", "template", f"{source.releaseName}"])
-    HELM_CMD.extend([f"{source.path}/"])
-    HELM_CMD.extend(["--namespace", namespace])
+    helm_cmd = []
+    helm_cmd.extend(["helm", "dep", "up", source.path, "&&"])
+    helm_cmd.extend(["helm"])
+    if source.helmPlugins:
+        helm_cmd.extend(source.helmPlugins)
+    helm_cmd.extend(["template", f"{source.releaseName}"])
+    helm_cmd.extend([f"{source.path}/"])
+    helm_cmd.extend(["--namespace", namespace])
     if source.valueFiles:
         for _valuefile in source.valueFiles:
-            HELM_CMD.extend(["--values", os.path.join(source.path, _valuefile)])
+            helm_cmd.extend(["--values", os.path.join(source.path, _valuefile)])
     if source.parameters:
         for parameter in source.parameters:
-            HELM_CMD.extend(["--set", f"{parameter.name}={parameter.value}"])
-    HELM_CMD.extend(["--output-dir", "/output"])
-    HELM_CMD.extend(["--kube-version", _k8s_version, "--api-versions", _k8s_version])
+            helm_cmd.extend(["--set", f"{parameter.name}={parameter.value}"])
+    helm_cmd.extend(["--output-dir", "/output"])
+    helm_cmd.extend(["--kube-version", _k8s_version, "--api-versions", _k8s_version])
     tmp_source = tempfile.TemporaryDirectory()
     tmp_output = tempfile.TemporaryDirectory()
     try:
@@ -44,7 +47,7 @@ def fetch_sources_with_git(
         # run tooler
         tooler.run(
             config,
-            HELM_CMD,
+            helm_cmd,
             volume_mounts=[f"{tmp_source.name}:/sources", f"{tmp_output.name}:/output"],
         )
         tmp_source.cleanup()
@@ -75,11 +78,13 @@ def fetch_sources_from_helm_repo(
 ) -> List[K8sSourceFile]:
     _k8s_version = get_k8s_api_version(config)
     k8s_workload_files = []
-    HELM_CMD = []
-    HELM_CMD.extend(["helm", "repo", "add", "this", source.ref, "&&"])
-    HELM_CMD.extend(
+    helm_cmd = []
+    helm_cmd.extend(["helm", "repo", "add", "this", source.ref, "&&"])
+    helm_cmd.extend(["helm"])
+    if source.helmPlugins:
+        helm_cmd.extend(source.helmPlugins)
+    helm_cmd.extend(
         [
-            "helm",
             "template",
             f"{source.releaseName}",
             f"this/{source.chart}",
@@ -90,19 +95,19 @@ def fetch_sources_from_helm_repo(
     if source.parameters:
         for parameter in source.parameters:
             try:
-                HELM_CMD.extend(["--set", f"{parameter['name']}={parameter['value']}"])
+                helm_cmd.extend(["--set", f"{parameter['name']}={parameter['value']}"])
             except KeyError:
                 logger.error(
                     f"The parameters in Deck with ref {source.ref} are malformed"
                 )
 
-    HELM_CMD.extend(["--output-dir", "/output"])
-    HELM_CMD.extend(["--kube-version", _k8s_version, "--api-versions", _k8s_version])
+    helm_cmd.extend(["--output-dir", "/output"])
+    helm_cmd.extend(["--kube-version", _k8s_version, "--api-versions", _k8s_version])
     if source.helmArgs:
-        HELM_CMD.extend(source.helmArgs)
+        helm_cmd.extend(source.helmArgs)
     tmp_output = tempfile.TemporaryDirectory()
     try:
-        tooler.run(config, HELM_CMD, volume_mounts=[f"{tmp_output.name}:/output"])
+        tooler.run(config, helm_cmd, volume_mounts=[f"{tmp_output.name}:/output"])
 
         for root, _dirs, files in os.walk(tmp_output.name):
             for _file in files:

diff --git a/getdeck/sources/tooler.py b/getdeck/sources/tooler.py
@@ -1,14 +1,17 @@
 import io
 import logging
 import os
+import subprocess
 from typing import List, Union
 
 from getdeck.configuration import ClientConfiguration
 
 logger = logging.getLogger("deck")
 
 
-def run(config: ClientConfiguration, cmd: Union[str, List], volume_mounts=None) -> str:
+def run(
+    config: ClientConfiguration, cmd: Union[str, List], volume_mounts: List[str] = None
+) -> str:
     import docker
 
     # check if this image is already present on this machine
@@ -18,6 +21,15 @@ def run(config: ClientConfiguration, cmd: Union[str, List], volume_mounts=None)
         build_user_container(config)
     if type(cmd) == list:
         cmd = " ".join(cmd)
+
+    if gnupg_socket := gnupg_agent_socket_path():
+        volume_mounts.extend(
+            [
+                f"{gnupg_socket}:{gnupg_socket}",
+                f"{gnupg_home_path()}:/home/tooler/.gnupg",
+            ]
+        )
+
     exec_cmd = f'bash -c "{cmd}"'
     logger.debug("Tooler running with: " + str(exec_cmd))
     logger.debug("Tooler mounted: " + str(volume_mounts))
@@ -31,6 +43,28 @@ def run(config: ClientConfiguration, cmd: Union[str, List], volume_mounts=None)
     return content
 
 
+def gnupg_home_path() -> str:
+    result = subprocess.run("echo $GNUPGHOME", shell=True, stdout=subprocess.PIPE)
+    if result.stdout.decode("utf-8").strip():
+        return result.stdout.decode("utf-8").strip()
+    else:
+        return os.path.expanduser("~/.gnupg")
+
+
+def gnupg_agent_socket_path() -> str:
+    """
+    :return: the agent socket to mount
+    """
+    try:
+        result = subprocess.run(
+            ["gpgconf", "--list-dir", "agent-extra-socket"], stdout=subprocess.PIPE
+        )
+        return result.stdout.decode("utf-8").strip()
+    except FileNotFoundError:
+        # gnupg is not installed
+        return ""
+
+
 def build_user_container(config: ClientConfiguration):
     uid = os.geteuid()
     gid = os.getgid()
@@ -46,7 +80,8 @@ def build_user_container(config: ClientConfiguration):
     RUN chown ${USER_ID}:${GROUP_ID} /output
 
     WORKDIR /sources
-    USER tooler"""
+    USER tooler
+    ENV HELM_DATA_HOME=/usr/local/share/helm"""
         ).encode("utf-8")
     )
     build_args = {"USER_ID": str(uid), "GROUP_ID": str(gid)}

diff --git a/tooler/Dockerfile b/tooler/Dockerfile
@@ -10,12 +10,14 @@ ARG KUBESEAL_VERSION=v0.15.0
 # ENV BASE_URL="https://storage.googleapis.com/kubernetes-helm"
 ENV BASE_URL="https://get.helm.sh"
 ENV TAR_FILE="helm-v${HELM_VERSION}-linux-amd64.tar.gz"
-RUN apk add --update --no-cache curl ca-certificates bash git && \
+RUN apk add --update --no-cache curl ca-certificates bash git gnupg && \
     curl -sL ${BASE_URL}/${TAR_FILE} | tar -xvz && \
     mv linux-amd64/helm /usr/bin/helm && \
     chmod +x /usr/bin/helm && \
     rm -rf linux-amd64
 
+ENV HELM_DATA_HOME=/usr/local/share/helm
+
 
 RUN helm repo add stable https://charts.helm.sh/stable \
     && helm repo add bitnami https://charts.bitnami.com/bitnami \