Closed digitalrayne closed 2 years ago
Thanks for the contribution @devec0 ! As someone who doesn't use it at all, I'm hoping looking forward to using your PR to learn more about Helm.
I'll try to review this ASAP, but please be patient. If you don't hear back from me in a couple of weeks, please feel free to ping me with a reminder.
Thanks again!
thanks for this contribution @devec0 ! this is so much needed!
I was about to add the same thing today, @xavidop -
The templates are dangerous without the explicit .Release.Namespace
Have a look at mine. Thank you BOTH for YOUR hard work!
I've pushed some updates including -
Thanks @PawelLipski and @xavidop for the helpful review and kind words.
Additionally, if anyone has changes they would like to make, and would like push access to the forked version I have attached to this PR, either open a PR on my repo and I'll merge and push it - or just please let me know, I will grant push access if needed.
I did start learning Helm yesterday finally :-). Hopefully in the next week or two I'll be in a position to review and merge this.
Please take your time @nabsul - helm takes some time to get used to, but it is worth it, and thanks for considering this PR π
Hey there... any updates here? ;)
My update from the last three months:
I make no promises, but I really do want to get this done, and I think I'll have the energy (and need the distraction from baby-work) as I adjust to baby life. π€ π€ π
My update from the last three months:
* [x] Prepare for arrival of baby (never completely finished, but as much as possible) * [x] Prepare for parental leave by wrapping up / handing over work projects * [x] Baby arrives * [ ] Get used to new life with baby * [ ] Catch up on open source projects (this PR is the first priority) * [ ] Go back to work (mid-september)
I make no promises, but I really do want to get this done, and I think I'll have the energy (and need the distraction from baby-work) as I adjust to baby life. π€ π€ π
Congratulations @nabsul π π It looks to me like your priorities are correct ππ»
Wow congrats indeed! No rush, take a good care of the baby πΆπ» Girl or boy btw? ;)
@nabsul - Congratulations on the birth of your child! I think everyone on this thread/PR agrees that your priorities and your heart are in the right place. <3
Boy :-) And thank you all for all the kind words β€οΈ
So many decisions to make with this new child, like: Do I teach him Go or C# first? π
I suggest not creating the secret via values to preserve confidentiality. A note could be added to the readme explaining how to create the secret
# secrets.nocommit.yaml apiVersion: v1 kind: Secret metadata: name: aws-secrets namespace: xxx type: Opaque data: aws-acces-key-id: xxx= aws-secret-access-key: xxx= # kubectl apply -f ./secrets.nocommit.yaml
What do you think ?
Thank you for your fantastic improvements and suggestions @Startouf - I've reviewed them and merged them into this PR.
Note for @nabsul in the incoming PR that was merged, I have added configuration to serve the helm chart via github pages. See my commit there with information so it should behave like https://itzmanish.github.io/ecr-token-renew
I suggest not creating the secret via values to preserve confidentiality. A note could be added to the readme explaining how to create the secret
# secrets.nocommit.yaml apiVersion: v1 kind: Secret metadata: name: aws-secrets namespace: xxx type: Opaque data: aws-acces-key-id: xxx= aws-secret-access-key: xxx= # kubectl apply -f ./secrets.nocommit.yaml
What do you think ?
I agree with this by the way. The secret should be a prerequisite, not a configuration parameter.
@devec0 can you handle nabsul's review requested changes ?
I suggest not creating the secret via values to preserve confidentiality. A note could be added to the readme explaining how to create the secret
# secrets.nocommit.yaml apiVersion: v1 kind: Secret metadata: name: aws-secrets namespace: xxx type: Opaque data: aws-acces-key-id: xxx= aws-secret-access-key: xxx= # kubectl apply -f ./secrets.nocommit.yaml
What do you think ?
I agree with this by the way. The secret should be a prerequisite, not a configuration parameter.
Also, I wanted to add to this specifically - the values support is important when working with other tools and things like the helm-secrets plugin to do proper secrets management. I think having both is the right call if you want to be able to supply the secret as a pre-existing definition configured by some other tool (like terraform). Additionally, helm3 stores the values as secrets so there is no downside from a security perspective either.
Heyo! I'm going to take this into a local branch on this repo to make it easier to continue the work.
Thanks again for your contributions here! I believe I have https://github.com/nabsul/k8s-ecr-login-renew/pull/38 working the way I want it to work. This PR was a great base to start from, but I decided to deviate a bit in the following ways:
index.yaml
file should NOT live in this repo. I have moved it to nabsul/helmindex.yaml
file would be nice, but for now I'll manually edit it whenever there's a new release.kubectl apply
, but I'll have that code auto-generated from Helm's --debug
and dry-run commands. This will eliminate the need to maintain two separate ways to install the tool.@nabsul - I'll close this one out in favour of #38
Hello,
Thank you for writing k8s-ecr-login-renew, and sharing it! It definitely saved me some heartache today.
Noticing #23 - and having decent experience with writing helm charts - and needing to deploy this via Helm myself, I thought I'd write and contribute a chart to this project. As noted in #23 - people who are maintaining complex Kubernetes deployments are quite commonly using Helm due to the templating and secret-handling utility is has, as well as companion tools such as
helmfile
to help keep multi-environment deployments as DRY as possible. This was my use case, so I hope this chart will help others.I've tested this chart myself and it is working well.
I've tried to keep it as minimal and secure as possible following the good example in the
examples
folder. I have not added the ability to specify multiple repositories to the chart, but that would be quite easy to add later if someone needed it in a non-breaking way.Let me know if any questions or if you have any changes you'd like to see.