Merge pull request #101 from hyder/91-admin-host

upgrade to helm v3 issue #100

Author: hyder

CHANGELOG.adoc

@@ -7,10 +7,15 @@ All notable changes to this project are documented in this file.
 
 The format is based on {uri-changelog}[Keep a Changelog].
 
+== v2.0.0-beta.2 (November 21, 2019)
+* Helm upgraded to version 3.0.0 #100
+* incubator and jetstack helm repos removed as they can now be searched from helm hub #100
+* tiller disabled and option to enable it is removed #100
+
 == v2.0.0-beta.1 (November 14, 2019)
 * Added admin host for operations instead of using the bastion server #91
 * Installed Python3, oci-cli #91
-* Switched from kubeconfig v1 to v2, generated by oci-cli instead of uploading #91
+* Switched from kubeconfig v1 to v2, generated by oci-cli instead of uploading #98
 * Switched all operations from bastion to admin host #91
 * Use compartment id instead of compartment name for policies #86
 * Updated available list of Kubernetes versions in Terraform options #90

docs/configuration.adoc

@@ -17,8 +17,6 @@
 :uri-contribute: {uri-rel-file-base}/CONTRIBUTING.adoc
 :uri-contributors: {uri-rel-file-base}/CONTRIBUTORS.adoc
 :uri-helm: https://helm.sh/
-:uri-helm-incubator: https://kubernetes-charts-incubator.storage.googleapis.com/
-:uri-helm-jetstack: https://charts.jetstack.io
 :uri-instructions: {uri-docs}/instructions.adoc
 :uri-license: {uri-rel-file-base}/LICENSE.txt
 :uri-kubernetes: https://kubernetes.io/
@@ -202,10 +200,7 @@ kubectl --namespace=kube-system get secret ocirsecret --export -o yaml | kubectl
 
 === Configure helm parameters
 
-The {uri-helm}[helm] parameters control the installation and the version of the helm client as well as optional helm repos to add and initialize on the bastion host. Additional helm repos include the following:
-
-. {uri-helm-incubator}[incubator]
-. {uri-helm-jetstack}[jetstack]
+The {uri-helm}[helm] parameters control the installation and the version of the helm client as well as optional helm repos to add and initialize on the bastion host.
 
 {uri-terraform-options}#helm[Reference]
 

docs/terraformoptions.adoc

@@ -12,8 +12,6 @@
 :uri-cert-manager: https://cert-manager.readthedocs.io/en/latest/
 :uri-docs: {uri-rel-file-base}/docs
 :uri-helm: https://helm.sh/
-:uri-helm-incubator: https://kubernetes-charts-incubator.storage.googleapis.com/
-:uri-helm-jetstack: https://charts.jetstack.io
 :uri-kubernetes-hpa: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
 :uri-metrics-server: https://github.com/kubernetes-incubator/metrics-server
 :uri-oci-images: https://docs.cloud.oracle.com/iaas/images/
@@ -442,11 +440,6 @@ node_pools = {
 |
 |10.96.0.0/16
 
-|tiller_enabled
-|Whether to install the server side of Helm in the OKE cluster.
-|true/false
-|true
-
 |worker_mode
 |Whether the worker nodes should be public or private. Private requires NAT gateway.
 |private/public
@@ -525,20 +518,10 @@ Refer to {uri-topology}[topology] for more thorough examples.
 |Values
 |Default
 
-|add_incubator_repo
-|Whether to add the {uri-helm-incubator}[incubator] repo to the bastion's local helm repo.
-|true/false
-|false
-
-|add_jetstack_repo
-|Whether to add the {uri-helm-jetstack}[jetstack] repo to the bastion's local helm repo. *Required* for {uri-cert-manager}[cert-manager].
-|true/false
-|false
-
 |helm_version
-|The version of the {uri-helm}[helm] client to install on the bastion. A subsequent upgrade of tiller (server-side helm) will then be automatically performed.
+|The version of the {uri-helm}[helm] client to install on the bastion.
 |
-|2.14.3
+|3.0.0
 
 |install_helm
 |Whether to install {uri-helm}[helm] on the bastion instance.

locals.tf

@@ -117,7 +117,7 @@ locals {
     cluster_kubernetes_version                              = var.kubernetes_version
     cluster_name                                            = var.cluster_name
     cluster_options_add_ons_is_kubernetes_dashboard_enabled = var.dashboard_enabled
-    cluster_options_add_ons_is_tiller_enabled               = var.tiller_enabled
+    # cluster_options_add_ons_is_tiller_enabled               = var.tiller_enabled
     cluster_options_kubernetes_network_config_pods_cidr     = var.pods_cidr
     cluster_options_kubernetes_network_config_services_cidr = var.services_cidr
     cluster_subnets                                         = module.network.subnet_ids
@@ -149,8 +149,6 @@ locals {
   }
 
   helm = {
-    add_incubator_repo = var.add_incubator_repo
-    add_jetstack_repo  = var.add_incubator_repo
     helm_version       = var.helm_version
     install_helm       = var.install_helm
   }

modules/oke/cluster.tf

@@ -10,7 +10,7 @@ resource "oci_containerengine_cluster" "k8s_cluster" {
   options {
     add_ons {
       is_kubernetes_dashboard_enabled = var.oke_cluster.cluster_options_add_ons_is_kubernetes_dashboard_enabled
-      is_tiller_enabled               = var.oke_cluster.cluster_options_add_ons_is_tiller_enabled
+      is_tiller_enabled               = false
     }
 
     kubernetes_network_config {

modules/oke/helm.tf

@@ -5,15 +5,13 @@ data "template_file" "install_helm" {
   template = file("${path.module}/scripts/install_helm.template.sh")
 
   vars = {
-    add_incubator_repo = var.helm.add_incubator_repo
-    add_jetstack_repo  = var.helm.add_jetstack_repo
     helm_version       = var.helm.helm_version
   }
 
   count = var.oke_admin.admin_enabled == true && var.helm.install_helm == true ? 1 : 0
 }
 
-resource null_resource "install_helm_bastion" {
+resource null_resource "install_helm_admin" {
   connection {
     host        = var.oke_admin.admin_private_ip
     private_key = file(var.oke_ssh_keys.ssh_private_key_path)

modules/oke/ocir.tf

@@ -9,7 +9,7 @@ data "template_file" "create_ocir_script" {
     region_registry = var.oke_ocir.ocir_urls[var.oke_general.region]
     tenancy_name    = var.oke_ocir.tenancy_name
     username        = var.oke_ocir.username
-    tiller_enabled  = var.oke_cluster.cluster_options_add_ons_is_tiller_enabled
+    # tiller_enabled  = var.oke_cluster.cluster_options_add_ons_is_tiller_enabled
   }
 
   count = var.oke_ocir.create_auth_token == true ? 1 : 0

modules/oke/scripts/create_ocir_secret.template.sh

@@ -2,11 +2,5 @@
 # Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-if [ ${tiller_enabled} ]; then
-  kubectl -n kube-system delete secret ocirsecret
-  kubectl create secret docker-registry ocirsecret -n kube-system --docker-server=${region_registry} --docker-username=${tenancy_name}/${username} --docker-email=${email_address} --docker-password='${authtoken}'
-  kubectl -n kube-system patch serviceaccount tiller -p '{"imagePullSecrets": [{"name": "ocirsecret"}]}'
-else
-  kubectl -n default delete secret ocirsecret
-  kubectl create secret docker-registry ocirsecret -n default --docker-server=${region_registry} --docker-username=${tenancy_name}/${username} --docker-email=${email_address} --docker-password='${authtoken}'
-fi  
+kubectl -n default delete secret ocirsecret
+kubectl create secret docker-registry ocirsecret -n default --docker-server=${region_registry} --docker-username=${tenancy_name}/${username} --docker-email=${email_address} --docker-password='${authtoken}'

modules/oke/scripts/install_helm.template.sh

@@ -2,7 +2,7 @@
 # Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
-wget https://storage.googleapis.com/kubernetes-helm/helm-v${helm_version}-linux-amd64.tar.gz
+wget https://get.helm.sh/helm-v${helm_version}-linux-amd64.tar.gz
 
 tar zxvf helm-v${helm_version}-linux-amd64.tar.gz
 
@@ -12,16 +12,6 @@ rm -f helm-v${helm_version}-linux-amd64.tar.gz
 
 rm -rf linux-amd64
 
-helm init --upgrade
-
-if [ ${add_incubator_repo} ]; then
-  helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
-fi  
-
-if [ ${add_jetstack_repo} ]; then
-  helm repo add jetstack https://charts.jetstack.io
-fi
-
 helm repo update
 
 echo "source <(helm completion bash)" >> ~/.bashrc

modules/oke/variables.tf

@@ -48,7 +48,6 @@ variable "oke_cluster" {
     cluster_kubernetes_version                              = string
     cluster_name                                            = string
     cluster_options_add_ons_is_kubernetes_dashboard_enabled = bool
-    cluster_options_add_ons_is_tiller_enabled               = bool
     cluster_options_kubernetes_network_config_pods_cidr     = string
     cluster_options_kubernetes_network_config_services_cidr = string
     cluster_subnets                                         = map(string)
@@ -100,8 +99,6 @@ variable "oke_ocir" {
 # helm
 variable "helm" {
   type = object({
-    add_incubator_repo = bool
-    add_jetstack_repo  = bool
     helm_version       = string
     install_helm       = bool
   })