The module provisions the following resources:
helm_releasedescribes the desired status of a chart in a kubernetes cluster.- A Release is an instance of a chart running in a Kubernetes cluster. A Chart is a Helm package. It contains all of the resource definitions necessary to run an application, tool, or service inside of a Kubernetes cluster.
helm_repositorydescribes a helm repository.- A chart repository is a location where packaged charts can be stored and shared.
IMPORTANT:
- The module has many flags and arugments to pass as variables for the
helm_release, andhelm_repository. Please check thevariables.tfin this repository for more information.
A Terraform Module for using the Helm provider. This is used to deploy software packages in Kubernetes. The provider needs to be configured with the proper credentials before it can be used.
IMPORTANT: The main branch is used in source just as an example. In your code, do not pin to main because there may be breaking changes between releases.
Instead pin to one of our latest tags, in the format ?ref=tags/x.y.z.
The below values shown in the usage of this module are purely representative, please replace desired values as required.
module "tf-mod-helm" {
source = "git::https://github.com/Callumccr/tf-mod-helm.git?ref=master"
enabled = true
chart_repository_name = "stable"
chart_repository_url = "https://kubernetes-charts.storage.googleapis.com"
chart = "redis"
version = "6.0.1"
values = [
"${file("values.yaml")}"
]
set = [
{
name = "cluster.enabled"
value = "true"
},
{
name = "metrics.enabled"
value = "true"
}
]
set_string = [
{
name = "service.annotations.prometheus\\.io/port"
value = "9127"
}
]
set_sensitive = [
{
name = "username"
value = "password"
}
]
set_from_aws_secretmanager = {
values_key = {
secret_name = "humn/path/to/secret"
secret_key = "password"
}
}
}| Name | Version |
|---|---|
| helm | 2.7.1 |
| Name | Version |
|---|---|
| aws | n/a |
| helm | 2.7.1 |
| Name | Source | Version |
|---|---|---|
| label | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.25.0 |
| Name | Type |
|---|---|
| helm_release.default | resource |
| aws_secretsmanager_secret_version.helm_aws_secretsmanager | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_tag_map | Additional tags for appending to tags_as_list_of_maps. Not added to tags. |
map(string) |
{} |
no |
| atomic | (Optional) If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to false. | bool |
false |
no |
| attributes | Additional attributes (e.g. 1) |
list(string) |
[] |
no |
| aws_account_id | The AWS account id of the provider being deployed to (e.g. 12345678). Autoloaded from account.tfvars | string |
"" |
no |
| aws_assume_role_arn | ARN of the IAM role when optionally connecting to AWS via assumed role. Autoloaded from account.tfvars. | string |
"" |
no |
| aws_region | The AWS region (e.g. ap-southeast-2). Autoloaded from region.tfvars. | string |
"" |
no |
| ca_file | (Optional) Verify certificates of HTTPS-enabled servers using this CA bundle | string |
"" |
no |
| cert_file | (Optional) Identify HTTPS client using this SSL certificate file | string |
"" |
no |
| chart | (Required) Chart name to be installed | string |
n/a | yes |
| chart_version | (Optional) Specify the exact chart version to install. If this is not specified, the latest version is installed | string |
"" |
no |
| cluster_ca_cert | (Required) The certificate authority certificate for the EKS cluster. | string |
n/a | yes |
| cluster_endpoint | (Required) The endpoint of the EKS cluster. | string |
n/a | yes |
| cluster_name | (Required) The name of the EKS cluster. | string |
n/a | yes |
| context | Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value.Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. |
object({ |
{ |
no |
| create_namespace | (Optional) Create the namespace if it does not yet exist. Defaults to false. | bool |
false |
no |
| delimiter | Delimiter to be used between namespace, environment, stage, name and attributes.Defaults to - (hyphen). Set to "" to use no delimiter at all. |
string |
null |
no |
| dependency_update | (Optional) Runs helm dependency update before installing the chart. Defaults to false. | bool |
false |
no |
| devel | (Optional) Use chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored | bool |
false |
no |
| disable_openapi_validation | (Optional) If set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema. Defaults to false. | bool |
false |
no |
| disable_webhooks | (Optional) Prevent hooks from running | bool |
false |
no |
| enabled | Set to false to prevent the module from creating any resources | bool |
null |
no |
| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | string |
null |
no |
| force_update | (Optional) Force resource update through delete/recreate if needed | bool |
true |
no |
| id_length_limit | Limit id to this many characters.Set to 0 for unlimited length.Set to null for default, which is 0.Does not affect id_full. |
number |
null |
no |
| k8s_namespace | (Optional) The namespace to install the release into. Defaults to default. | string |
"default" |
no |
| key_file | (Optional) Identify HTTPS client using this SSL key file | string |
"" |
no |
| keyring | (Optional) Location of public keys used for verification. Used only if verify is true. Defaults to /.gnupg/pubring.gpg in the location set by home | string |
"/.gnupg/pubring.gpg" |
no |
| kube_exec_auth_role_arn | The role ARN for aws eks get-token to use |
string |
"" |
no |
| label_order | The naming order of the id output and Name tag. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 5 elements, but at least one must be present. |
list(string) |
null |
no |
| lint | (Optional) Run the helm chart linter during the plan. Defaults to false. | bool |
false |
no |
| max_history | (Optional) Maximum number of release versions stored per release. | number |
20 |
no |
| name | Solution name, e.g. 'app' or 'jenkins' | string |
null |
no |
| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string |
null |
no |
| postrender | (Optional) Configure a command to run after helm renders the manifest which can alter the manifest contents. | string |
"" |
no |
| recreate_pods | (Optional) On update performs pods restart for the resource if applicable | bool |
false |
no |
| regex_replace_chars | Regex to replace chars with empty string in namespace, environment, stage and name.If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits. |
string |
null |
no |
| release_name | (Required) Release name | string |
"" |
no |
| render_subchart_notes | (Optional) If set, render subchart notes along with the parent. Defaults to true. | bool |
true |
no |
| replace | (Optional) Re-use the given name, even if that name is already used. This is unsafe in production. Defaults to false. | bool |
false |
no |
| repository | (Optional) Repository URL where to locate the requested chart. | string |
"" |
no |
| repository_password | (Optional) Password for HTTP basic authentication | string |
"" |
no |
| repository_username | (Optional) Username for HTTP basic authentication | string |
"" |
no |
| reuse_values | (Optional) Reuse values from previous revision when upgrading a release. Same as --reuse-values flag in Helm CLI. Default is false | bool |
false |
no |
| set | (Optional) Value block with custom values to be merged with the values yaml | list(object({ |
[ |
no |
| set_from_aws_secretmanager | (Optional) Value block imported from AWS secret manager to be merged with the values yaml | map(object({ |
{} |
no |
| set_sensitive | (Optional) Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff | list(object({ |
[ |
no |
| skip_crds | (Optional) If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to false. | bool |
false |
no |
| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string |
null |
no |
| tags | Additional tags (e.g. map('BusinessUnit','XYZ') |
map(string) |
{} |
no |
| timeout | (Optional) Time in seconds to wait for any individual kubernetes operation | number |
30 |
no |
| values | (Optional) List of values in raw yaml to pass to helm. Values will be merged, in order, as Helm does with multiple -f options | list(any) |
[] |
no |
| verify | (Optional) Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. For more information see the Helm Documentation. Defaults to false. | bool |
false |
no |
| wait | (Optional) Will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment are in a ready state before marking the release as successful. It will wait for as long as timeout. Default is true | bool |
false |
no |
No outputs.
You can find more Terraform Modules by vising the links below:
- Helm Provider For Terraform - The Helm provider is used to deploy software packages in Kubernetes
Got a question? File a Github issue, or message the DevOps team on Slack.
Callum Robertson |
Lawrence "Loz" Warren |
Desmond Ho |
pow-devops2020 |