Puppet Class: helm

Defined in:
modules/helm/manifests/init.pp

Summary

configure helm

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • helm_home (Stdlib::Unixpath) (defaults to: '/etc/helm')

    helm home directory

  • helm_data (Stdlib::Unixpath) (defaults to: '/usr/share/helm')

    helm data directory

  • helm_cache (Stdlib::Unixpath) (defaults to: '/var/cache/helm')

    helm cache directory

  • helm_user_group (String[1]) (defaults to: 'wikidev')

    the group used by helm users, will be used for helm_cache

  • repositories (Hash[String[1], Stdlib::Httpurl]) (defaults to: { 'stable' => 'https://helm-charts.wikimedia.org/stable/', 'wmf-stable' => 'https://helm-charts.wikimedia.org/stable', })

    repo config



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'modules/helm/manifests/init.pp', line 8

class helm(
    Stdlib::Unixpath $helm_home       = '/etc/helm',
    Stdlib::Unixpath $helm_data       = '/usr/share/helm',
    Stdlib::Unixpath $helm_cache      = '/var/cache/helm',
    String[1]        $helm_user_group = 'wikidev',
    Hash[String[1], Stdlib::Httpurl] $repositories = {
        'stable' => 'https://helm-charts.wikimedia.org/stable/',
        'wmf-stable' => 'https://helm-charts.wikimedia.org/stable',
    },
) {
    package { [ 'helm3' ]:
        ensure => installed,
    }

    package { [ 'helm' ]:
        ensure => absent,
    }

    # Note that this user is not going to be really used anywhere, it will just own the helm home files
    group { 'helm':
        ensure => present,
        name   => 'helm',
        system => true,
    }

    user { 'helm':
        shell      => '/bin/false',
        home       => '/nonexistent',
        managehome => false,
        gid        => 'helm',
        system     => true,
    }

    file { $helm_home:
        ensure  => directory,
        owner   => 'helm',
        group   => 'helm',
        mode    => '0755',
        recurse => true,
    }
    # HELM_DATA_HOME for helm 3
    file { $helm_data:
        ensure  => directory,
        owner   => 'helm',
        group   => 'helm',
        mode    => '0755',
        recurse => true,
    }
    # HELM_CACHE_HOME for helm 3
    # This needs to be writeable by users of helm
    file { $helm_cache:
        ensure  => directory,
        owner   => 'helm',
        group   => $helm_user_group,
        mode    => '0775',
        recurse => true,
    }

    $repositories.each |$name, $url| {
        # "helm repo add" will change the URL if a repository with ${name} already exists.
        exec { "helm3-repo-add-${name}":
            command     => "/usr/bin/helm3 repo add ${name} ${url}",
            environment => [
                "HELM_CONFIG_HOME=${helm_home}",
                "HELM_DATA_HOME=${helm_data}",
                "HELM_CACHE_HOME=${helm_cache}",
            ],
            unless      => "/usr/bin/helm3 repo list | /bin/grep -E -q '^${name}\\s+${url}'",
            user        => 'helm',
            require     => [
                User['helm'],
                File[$helm_home, $helm_cache],
            ],
        }
    }

    # run helm3 repo updates
    systemd::timer::job { 'helm3-repo-update':
        ensure          => present,
        description     => 'Update helm repositories indices',
        command         => '/usr/bin/helm3 repo update',
        environment     => {
            'HELM_CONFIG_HOME' => $helm_home,
            'HELM_DATA_HOME'   => $helm_data,
            'HELM_CACHE_HOME'  => $helm_cache,
        },
        user            => 'helm',
        logging_enabled => false,
        interval        => {
            # We don't care about when this runs, as long as it runs every minute.
            'start'    => 'OnUnitInactiveSec',
            'interval' => '60s',
        },
    }
}