The Helm provider is used to deploy software packages in Kubernetes. The provider needs to be configured with the proper credentials before it can be used.
resource "helm_release" "my_database" {
name = "my_datasase"
chart = "stable/mariadb"
set {
name = "mariadbUser"
value = "foo"
}
set {
name = "mariadbPassword"
value = "qux"
}
}- You must have Kubernetes installed. We recommend version 1.4.1 or later.
- You should also have a local configured copy of kubectl.
There are generally two ways to configure the Helm provider.
The provider always first tries to load a config file (usually $HOME/.kube/config), for access kubenetes and reads all the Helm files from home (usually $HOME/.helm).
The other way is statically define all the credentials:
provider "helm" {
kubernetes {
host = "https://104.196.242.174"
username = "ClusterMaster"
password = "MindTheGap"
client_certificate = "${file("~/.kube/client-cert.pem")}"
client_key = "${file("~/.kube/client-key.pem")}"
cluster_ca_certificate = "${file("~/.kube/cluster-ca-cert.pem")}"
}
}If you have both valid configuration in a config file and static configuration, the static one is used as override. i.e. any static field will override its counterpart loaded from the config.
The following arguments are supported:
host- (Required) Set an alternative Tiller host. The format is host:port. Can be sourced fromHELM_HOST.home- (Required) Set an alternative location for Helm files. By default, these are stored in '$HOME/.helm'. Can be sourced fromHELM_HOME.namespace- (Optional) Set an alternative Tiller namespace.install_tiller- (Optional) Install Tiller if it is not already installed.tiller_image- (Optional) Tiller image to install.service_account- (Optional) Service account to install Tiller with.debug- (Optional)plugins_disable- (Optional) Disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.enable_tls- (Optional) Enables TLS communications with the Tiller.insecure- (Optional) Whether server should be accessed without verifying the TLS certificate. Can be sourced fromHELM_HOME.client_key- (Optional) PEM-encoded client certificate key for TLS authentication. By default read from$HELM_HOME/key.pem.client_certificate- (Optional) PEM-encoded client certificate for TLS authentication. By default read from$HELM_HOME/cert.pem.ca_certificate- (Optional) PEM-encoded root certificates bundle for TLS authentication. CBy default read from$HELM_HOME/ca.pem.kubernetes- Kubernetes configuration.
The kubernetes block supports:
config_path- (Optional) Path to the kube config file, defaults to~/.kube/config. Can be sourced fromKUBE_CONFIG.host- (Optional) The hostname (in form of URI) of Kubernetes master. Can be sourced fromKUBE_HOST.username- (Optional) The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. Can be sourced fromKUBE_USER.password- (Optional) The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint. Can be sourced fromKUBE_PASSWORD.token- (Optional) The bearer token to use for authentication when accessing the Kubernetes master endpoint. Can be sourced fromKUBE_BEARER_TOKEN.insecure- (Optional) Whether server should be accessed without verifying the TLS certificate. Can be sourced fromKUBE_INSECURE.client_certificate- (Optional) PEM-encoded client certificate for TLS authentication. Can be sourced fromKUBE_CLIENT_CERT_DATA.client_key- (Optional) PEM-encoded client certificate key for TLS authentication. Can be sourced fromKUBE_CLIENT_KEY_DATA.cluster_ca_certificate- (Optional) PEM-encoded root certificates bundle for TLS authentication. Can be sourced fromKUBE_CLUSTER_CA_CERT_DATA.config_context- (Optional) Context to choose from the config file. Can be sourced fromKUBE_CTX.