Helm V3 support

roles/download/defaults/main.yml

@@ -299,11 +299,9 @@ test_image_repo: "{{ docker_image_repo }}/library/busybox"
 test_image_tag: latest
 busybox_image_repo: "{{ docker_image_repo }}/library/busybox"
 busybox_image_tag: 1.29.2
-helm_version: "v2.16.0"
+helm_version: "v3.0.0"
 helm_image_repo: "{{ docker_image_repo }}/lachlanevenson/k8s-helm"
 helm_image_tag: "{{ helm_version }}"
-tiller_image_repo: "{{ gcr_image_repo }}/kubernetes-helm/tiller"
-tiller_image_tag: "{{ helm_version }}"
 
 registry_image_repo: "{{ docker_image_repo }}/library/registry"
 registry_image_tag: "2.6"
@@ -714,15 +712,6 @@ downloads:
     groups:
       - kube-node
 
-  tiller:
-    enabled: "{{ helm_enabled }}"
-    container: true
-    repo: "{{ tiller_image_repo }}"
-    tag: "{{ tiller_image_tag }}"
-    sha256: "{{ tiller_digest_checksum|default(None) }}"
-    groups:
-      - kube-node
-
   registry:
     enabled: "{{ registry_enabled }}"
     container: true

roles/kubernetes-apps/helm/defaults/main.yml

@@ -7,41 +7,5 @@ helm_home_dir: "/root/.helm"
 # Deployment mode: host or docker
 helm_deployment_type: host
 
-# Wait until Tiller is running and ready to receive requests
-tiller_wait: false
-
-# Do not download the local repository cache on helm init
-helm_skip_refresh: false
-
-# Secure Tiller installation with TLS
-tiller_enable_tls: false
-helm_config_dir: "{{ kube_config_dir }}/helm"
-helm_script_dir: "{{ bin_dir }}/helm-scripts"
-
-# Store tiller release information as Secret instead of a ConfigMap
-tiller_secure_release_info: false
-
-# Where private root key will be secured for TLS
-helm_tiller_cert_dir: "{{ helm_config_dir }}/ssl"
-tiller_tls_cert: "{{ helm_tiller_cert_dir }}/tiller.pem"
-tiller_tls_key: "{{ helm_tiller_cert_dir }}/tiller-key.pem"
-tiller_tls_ca_cert: "{{ helm_tiller_cert_dir }}/ca.pem"
-
-# Permission owner and group for helm client cert. Will be dependent on the helm_home_dir
-helm_cert_group: root
-helm_cert_owner: root
-
 # Set URL for stable repository
 # helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com"
-
-# Namespace for the Tiller Deployment.
-tiller_namespace: kube-system
-
-# Set node selector options for Tiller Deployment manifest.
-# tiller_node_selectors: "key1=val1,key2=val2"
-
-# Override values for the Tiller Deployment manifest.
-# tiller_override: "key1=val1,key2=val2"
-
-# Limit the maximum number of revisions saved per release. Use 0 for no limit.
-# tiller_max_history: 0

roles/kubernetes-apps/helm/tasks/main.yml

@@ -5,94 +5,12 @@
 - name: Helm | Set up helm launcher
   include_tasks: "install_{{ helm_deployment_type }}.yml"
 
-- name: Helm | Lay Down Helm Manifests (RBAC)
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-  with_items:
-    - {name: tiller, file: tiller-namespace.yml, type: namespace}
-    - {name: tiller, file: tiller-sa.yml, type: sa}
-    - {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
-  register: manifests
-  when:
-    - dns_mode != 'none'
-    - inventory_hostname == groups['kube-master'][0]
-
-- name: Helm | Apply Helm Manifests (RBAC)
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: "{{ tiller_namespace }}"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  with_items: "{{ manifests.results }}"
-  when:
-    - dns_mode != 'none'
-    - inventory_hostname == groups['kube-master'][0]
-
-# Generate necessary certs for securing Helm and Tiller connection with TLS
-- name: Helm | Set up TLS
-  include_tasks: "gen_helm_tiller_certs.yml"
-  when: tiller_enable_tls
-
-- name: Helm | Install client on all masters
+- name: Helm | Add helm stable repo
   command: >
-    {{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }}
-    {% if helm_skip_refresh %} --skip-refresh{% endif %}
-    {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
-    --client-only
-  environment: "{{ proxy_env }}"
+     {{ bin_dir }}/helm repo add stable {{ helm_stable_repo_url }}
+  when: helm_stable_repo_url is defined
   changed_when: false
 
-# FIXME: https://github.com/helm/helm/issues/6374
-- name: Helm | Install/upgrade helm
-  shell: >
-    {{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }}
-    {% if helm_skip_refresh %} --skip-refresh{% endif %}
-    {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
-    --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }}
-    {% if rbac_enabled %} --service-account=tiller{% endif %}
-    {% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %}
-    --override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}
-    {% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %}
-    {% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %}
-    {% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %}
-    {% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
-    --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm'
-    {% if tiller_wait %} --wait{% endif %}
-    --output yaml
-    | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@'
-    | {{ bin_dir }}/kubectl apply -f -
-  register: install_helm
-  when:
-    - inventory_hostname == groups['kube-master'][0]
-  changed_when: false
-  environment: "{{ proxy_env }}"
-
-# FIXME: https://github.com/helm/helm/issues/4063
-- name: Helm | Force apply tiller overrides if necessary
-  shell: >
-    {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }}
-    {% if helm_skip_refresh %} --skip-refresh{% endif %}
-    {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
-    {% if rbac_enabled %} --service-account=tiller{% endif %}
-    {% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %}
-    --override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}
-    {% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %}
-    {% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %}
-    {% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %}
-    {% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
-    --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm'
-    {% if tiller_wait %} --wait{% endif %}
-    --output yaml
-    | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@'
-    | {{ bin_dir }}/kubectl apply -f -
-  changed_when: false
-  when:
-    - inventory_hostname == groups['kube-master'][0]
-  environment: "{{ proxy_env }}"
-
 - name: Make sure bash_completion.d folder exists
   file:
     name: "/etc/bash_completion.d/"