Helm install via yum (#224)

* Helm install via yum from olcne repo

Signed-off-by: Karthic Ravindran <[email protected]>

* doc changes for kubernetes version

Signed-off-by: Karthic Ravindran <[email protected]>

* Update variables.tf

Removed helm_version variable.

* base version changed to 1.3.3,helm variables removed

Signed-off-by: Karthic Ravindran <[email protected]>

Author: karthicgit

docs/configuration.adoc

@@ -16,7 +16,6 @@
 :uri-changelog: {uri-rel-file-base}/CHANGELOG.adoc
 :uri-contribute: {uri-rel-file-base}/CONTRIBUTING.adoc
 :uri-contributors: {uri-rel-file-base}/CONTRIBUTORS.adoc
-:uri-helm: https://helm.sh/
 :uri-instructions: {uri-docs}/instructions.adoc
 :uri-license: {uri-rel-file-base}/LICENSE.txt
 :uri-kubernetes: https://kubernetes.io/
@@ -56,7 +55,6 @@
 . link:#configure-oke-node-pool-parameters[Configure OKE Node Pool parameters]
 . link:#configure-oke-load-balancer-parameters[Configure OKE Load Balancer parameters]
 . link:#configure-ocir-parameters[Configure OCIR parameters]
-. link:#configure-helm-parameters[Configure helm parameters]
 . link:#configure-calico-parameters[Configure Calico parameters]
 . link:#configure-kubernetes-metrics-server-parameters[Configure Kubernetes Metrics Server parameters]
 . link:#configure-kms-integration-parameters[Configure KMS Integration parameters]
@@ -159,7 +157,7 @@ The OKE parameters concern mainly the following:
 
 * whether you want to deploy public or private worker nodes
 * whether you want to allow NodePort or ssh access to the worker nodes
-* Kubernetes options such as dashboard, networking and helm
+* Kubernetes options such as dashboard, networking
 * number of node pools and their respective size of the cluster
 * services and pods cidr blocks
 
@@ -215,12 +213,6 @@ kubectl --namespace=kube-system get secret ocirsecret --export -o yaml | kubectl
 
 {uri-terraform-options}#ocir[Reference]
 
-=== Configure helm parameters
-
-The {uri-helm}[helm] parameters control the installation and the version of the helm client as well as optional helm repos to add and initialize on the bastion host.
-
-{uri-terraform-options}#helm[Reference]
-
 === Configure Calico parameters
 
 The calico parameters control the installation of {uri-calico}[Calico] for {uri-calico-policy}[network policy].

docs/instructions.adoc

@@ -46,7 +46,6 @@
 :uri-terraform-oke-sample: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples/container_engine
 :uri-terraform-options: {uri-docs}/terraformoptions.adoc
 :uri-install-kubectl: https://kubernetes.io/docs/tasks/tools/install-kubectl/
-:uri-helm: https://helm.sh/
 :uri-metricserver: https://kubernetes.io/docs/tasks/debug-application-cluster/resource-metrics-pipeline/#metrics-server
 :uri-k8s-dashboard: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
 :uri-psp: https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengusingpspswithoke.htm#Using_Pod_Security_Polices_with_Container_Engine_for_Kubernetes
@@ -64,7 +63,6 @@
 .. link:#recommendations-for-using-instance_principal[Recommendations for using instance_principal]
 . link:#interacting-with-the-oke-cluster[Interacting with the OKE Cluster locally]
 . link:#creating-a-secret-for-ocir[Creating a Secret for OCIR]
-. link:#installing-helm[Installing helm]
 . link:#installing-calico[Installing Calico]
 . link:#installing-kubernetes-metrics-server[Installing Kubernetes Metrics Server]
 . link:#scaling-the-number-of-node-pools[Scaling the number of node pools]
@@ -168,7 +166,7 @@ You can then copy the ssh_to_operator command, paste and run it in a terminal.
 
 Any user who has access to the instance (who can SSH to the instance), automatically inherits the privileges granted to the instance. Before you enable this feature, ensure that you know who can access it, and that they should be authorized with the permissions you are granting to the instance.
 
-By default, this feature is *_disabled_*. However, it is *_required_* at the time of cluster creation *_if_* you wish to enable link:#kms-integration[KMS Integration], calico, metricserver, helm or creating the OCIR secret.
+By default, this feature is *_disabled_*. However, it is *_required_* at the time of cluster creation *_if_* you wish to enable link:#kms-integration[KMS Integration], calico, metricserver or creating the OCIR secret.
 
 When you enable this feature, by default, the operator host will have privileges to all resources in the compartment. If you are enabling it for link:#kms-integration[KMS Integration], the operator host will also have rights to create policies in the root tenancy. 
 
@@ -205,7 +203,7 @@ terraform apply
 ==== Recommendations for using instance_principal
 
 . Do not enable instance_principal if you are not using link:#kms-integration[KMS Integration] or calico
-. Enable instance_principal *_if and only if_* you are using link:#kms-integration[KMS Integration], calico, metricserver, helm or creating the OCIR secret.
+. Enable instance_principal *_if and only if_* you are using link:#kms-integration[KMS Integration], calico, metricserver or creating the OCIR secret.
 . Disable instance_principal once the cluster is created
 
 === Interacting with the OKE Cluster
@@ -241,12 +239,6 @@ You must then {uri-oci-secret}[create a Secret in OCI Vault to store] the value
 
 Finally, assign the Secret OCID to *secret_id* in terraform.tfvars. Refer to {uri-terraform-options}#ocir[OCIR parameters] for other parameters to be set.
 
-=== Installing helm
-
-{uri-helm}[Helm] is a package manager for kubernetes. If you want to install helm on the operator host, set the parameter *helm_enabled = true* in terraform.tfvars. By default, it is set to false. 
-
-An alias "*h*" will be created for helm on the operator host. For other available parameters, refer to {uri-terraform-options}#helm[Helm parameters].
-
 === Installing Calico 
 
 Calico enables network policy in Kubernetes clusters. To install calico set the parameter *calico_enabled = true* in terraform.tfvars. By default its set to false. Refer to {uri-terraform-options}#calico[Calico parameters] for other available parameters.

docs/terraformoptions.adoc

@@ -11,7 +11,6 @@
 :uri-calico-policy: https://docs.projectcalico.org/v3.8/getting-started/kubernetes/installation/other
 :uri-cert-manager: https://cert-manager.readthedocs.io/en/latest/
 :uri-docs: {uri-rel-file-base}/docs
-:uri-helm: https://helm.sh/
 :uri-kubernetes-hpa: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
 :uri-metrics-server: https://github.com/kubernetes-incubator/metrics-server
 :uri-oci-images: https://docs.cloud.oracle.com/iaas/images/
@@ -34,7 +33,6 @@ Configuration Terraform Options:
 . link:#oke[OKE]
 . link:#oke-load-balancers[OKE Load Balancers]
 . link:#ocir[OCIR]
-. link:#helm[Helm]
 . link:#calico[Calico]
 . link:#kubernetes-metrics-server[Kubernetes Metrics Server]
 . link:#kms-integration[KMS integration]
@@ -452,8 +450,8 @@ admission_controller_options = {
 
 |`kubernetes_version`
 |The version of Kubernetes to provision. This is based on the available versions in OKE. By default, the latest version is selected. The use of 'LATEST' is no longer permitted in order to facilitate upgrades.
-|v1.14.8,v1.15.7, v1.16.8
-|v1.16.8
+|v1.15.7, v1.16.8 ,v1.17.9
+|v1.17.9
 
 |`node_pools`
 a|The number, shape of node pools and node_pool_size to create. Each key and tuple pair corresponds to 1 node pool.
@@ -612,27 +610,6 @@ Refer to {uri-topology}[topology] for more thorough examples.
 
 |===
 
-== Helm
-
-[stripes=odd,cols="1d,4d,3a,3a", options=header,width="100%"] 
-|===
-|Parameter
-|Description
-|Values
-|Default
-
-|`helm_version`
-|The version of the {uri-helm}[helm] client to install on the bastion.
-|
-|3.2.4
-
-|`helm_enabled`
-|Whether to install {uri-helm}[helm] on the bastion instance.
-|true/false
-|false
-
-|===
-
 == Calico
 
 [stripes=odd,cols="1d,4d,3a,3a", options=header,width="100%"] 

locals.tf

@@ -128,11 +128,6 @@ locals {
     secret_id     = var.secret_id
   }
 
-  helm = {
-    helm_enabled = var.helm_enabled
-    helm_version = var.helm_version
-  }
-
   calico = {
     calico_enabled = var.calico_enabled
     calico_version = var.calico_version

main.tf

@@ -7,7 +7,7 @@ terraform {
 
 module "base" {
   source  = "oracle-terraform-modules/base/oci"
-  version = "1.3.2"
+  version = "1.3.3"
 
   # general oci parameters
   oci_base_general = local.oci_base_general
@@ -106,9 +106,6 @@ module "oke" {
   # ocir parameters
   oke_ocir = local.oke_ocir
 
-  # helm parameters
-  helm = local.helm
-
   # calico parameters
   calico = local.calico
 

modules/oke/helm.tf modules/oke/kubernetestools.tfmodules/oke/helm.tf renamed to modules/oke/kubernetestools.tf

@@ -1,14 +1,10 @@
 # Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-data "template_file" "helm_enabled" {
+data "template_file" "install_helm" {
   template = file("${path.module}/scripts/install_helm.template.sh")
 
-  vars = {
-    helm_version       = var.helm.helm_version
-  }
-
-  count = var.oke_operator.operator_enabled == true && var.helm.helm_enabled == true ? 1 : 0
+  count = var.oke_operator.operator_enabled == true ? 1 : 0
 }
 
 resource null_resource "install_helm_operator" {
@@ -24,20 +20,20 @@ resource null_resource "install_helm_operator" {
     bastion_private_key = file(var.oke_ssh_keys.ssh_private_key_path)
   }
 
-  depends_on = [null_resource.install_kubectl_operator, null_resource.write_kubeconfig_on_operator]
+  depends_on = [null_resource.install_kubectl_operator]
 
   provisioner "file" {
-    content     = data.template_file.helm_enabled[0].rendered
-    destination = "~/helm_enabled.sh"
+    content     = data.template_file.install_helm[0].rendered
+    destination = "~/install_helm.sh"
   }
 
   provisioner "remote-exec" {
     inline = [
-      "chmod +x $HOME/helm_enabled.sh",
-      "bash $HOME/helm_enabled.sh",
-      "rm -f $HOME/helm_enabled.sh"
+      "chmod +x $HOME/install_helm.sh",
+      "bash $HOME/install_helm.sh",
+      "rm -f $HOME/install_helm.sh"
     ]
   }
 
-  count = var.oke_operator.bastion_enabled == true && var.oke_operator.operator_enabled == true && var.helm.helm_enabled == true ? 1 : 0
+  count = var.oke_operator.bastion_enabled == true && var.oke_operator.operator_enabled == true ? 1 : 0
 }

modules/oke/scripts/install_helm.template.sh

@@ -2,15 +2,7 @@
 # Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-wget https://get.helm.sh/helm-v${helm_version}-linux-amd64.tar.gz
-
-tar zxvf helm-v${helm_version}-linux-amd64.tar.gz
-
-sudo mv linux-amd64/helm /usr/local/bin
-
-rm -f helm-v${helm_version}-linux-amd64.tar.gz
-
-rm -rf linux-amd64
+sudo yum install -y helm
 
 helm repo add stable https://kubernetes-charts.storage.googleapis.com
 helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com

modules/oke/variables.tf

@@ -81,15 +81,6 @@ variable "oke_ocir" {
   })
 }
 
-
-# helm
-variable "helm" {
-  type = object({
-    helm_enabled = bool
-    helm_version = string
-  })
-}
-
 # calico
 variable "calico" {
   type = object({

terraform.tfvars.example

@@ -130,7 +130,7 @@ check_node_active = "none"
 
 dashboard_enabled = false
 
-kubernetes_version = "v1.16.8"
+kubernetes_version = "v1.17.9"
 
 node_pools = {
   np1 = {shape="VM.Standard.E3.Flex",ocpus=2,node_pool_size=2,boot_volume_size=150}
@@ -176,11 +176,6 @@ tenancy_name = ""
 
 username = ""
 
-# helm
-helm_enabled = false
-
-helm_version = "3.1.0"
-
 # calico
 calico_enabled = false
 

variables.tf

@@ -426,19 +426,6 @@ variable "username" {
   type        = string
 }
 
-# helm
-variable "helm_enabled" {
-  description = "Whether to install helm client on the bastion."
-  default     = false
-  type        = bool
-}
-
-variable "helm_version" {
-  default     = "3.2.4"
-  description = "The version of helm to install."
-  type        = string
-}
-
 # calico
 variable "calico_enabled" {
   description = "whether to install calico for network pod security policy"