tool: download helm CLIirbekrm/chartandcli

Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
author: Irbe Krumina <irbe@tailscale.com> 2023-10-26 15:55:19 +0100
committer: Irbe Krumina <irbe@tailscale.com> 2023-10-30 13:59:46 +0000
commit: 715ccc72b89c9bab4e22d220ba57d1c213e4e5fa (patch)
tree: 78a08e998e2c208da34b98cbc987b106518811ee
parent: ced02933b7a9ce237983b2de822f661d240daa99 (diff)
download: tailscale-irbekrm/chartandcli.tar.xz
tailscale-irbekrm/chartandcli.zip
5 files changed, 97 insertions, 18 deletions
diff --git a/cmd/k8s-operator/deploy/chart/Chart.yaml b/cmd/k8s-operator/deploy/chart/Chart.yaml
index de54e4275..278e8f871 100644
--- a/cmd/k8s-operator/deploy/chart/Chart.yaml
+++ b/cmd/k8s-operator/deploy/chart/Chart.yaml
@@ -4,24 +4,26 @@
 apiVersion: v1
 name: tailscale-operator
 description: A Helm chart for Tailscale Kubernetes operator
+home: https://github.com/tailscale/tailscale
+
+keywords:
+  - "tailscale"
+  - "vpn"
+  - "ingress"
+  - "egress"
+  - "wireguard"
+
+sources:
+- https://github.com/tailscale/tailscale
 
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
+maintainers:
+  - name: tailscale-maintainers
+    url: https://tailscale.com/
+
+# version will be set to Tailscale repo tag (without 'v') at release time.
 version: 0.1.0
 
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
+# appVersion will be set to Tailscale repo tag at release time.
 appVersion: "unstable"
diff --git a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
index f43690570..fc39baff1 100644
--- a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
+++ b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
@@ -45,7 +45,8 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-          image: {{ .Values.operatorConfig.image.repo }}:{{ .Values.operatorConfig.image.tag | default .Chart.AppVersion }}
+          {{- $operatorTag:= printf ":%s" ( .Values.operatorConfig.image.tag | default .Chart.AppVersion )}}
+          image: {{ .Values.operatorConfig.image.repo }}{{- if .Values.operatorConfig.image.digest -}}{{ printf "@%s" .Values.operatorConfig.image.digest}}{{- else -}}{{ printf "%s" $operatorTag }}{{- end }}
           imagePullPolicy: {{ .Values.operatorConfig.image.pullPolicy }}
           env:
             - name: OPERATOR_HOSTNAME
@@ -62,8 +63,9 @@ spec:
               value: /oauth/client_id
             - name: CLIENT_SECRET_FILE
               value: /oauth/client_secret
+            {{- $proxyTag := printf ":%s" ( .Values.proxyConfig.image.tag | default .Chart.AppVersion )}}
             - name: PROXY_IMAGE
-              value: {{ .Values.proxyConfig.image.repo }}:{{ .Values.proxyConfig.image.tag | default .Chart.AppVersion }}
+              value: {{ .Values.proxyConfig.image.repo }}{{- if .Values.proxyConfig.image.digest -}}{{ printf "@%s" .Values.proxyConfig.image.digest}}{{- else -}}{{ printf "%s" $proxyTag }}{{- end }}
             - name: PROXY_TAGS
               value: {{ .Values.proxyConfig.defaultTags }}
             - name: APISERVER_PROXY
diff --git a/cmd/k8s-operator/deploy/chart/values.yaml b/cmd/k8s-operator/deploy/chart/values.yaml
index 85ee36edc..893e6c395 100644
--- a/cmd/k8s-operator/deploy/chart/values.yaml
+++ b/cmd/k8s-operator/deploy/chart/values.yaml
@@ -11,8 +11,10 @@
 operatorConfig:
   image:
     repo: tailscale/k8s-operator
-    # Overrides the image tag whose default is the chart appVersion.
+    # Digest will be prioritized over tag. If neither are set appVersion will be
+    # used.
     tag: ""
+    digest: ""
   logging: "info"
   hostname: "tailscale-operator"
   nodeSelector:
@@ -26,7 +28,10 @@ operatorConfig:
 proxyConfig:
   image:
     repo: tailscale/tailscale
+    # Digest will be prioritized over tag. If neither are set appVersion will be
+    # used.
     tag: ""
+    digest: ""
   # ACL tag that operator will tag proxies with. Operator must be made owner of
   # these tags
   # https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
diff --git a/tool/helm b/tool/helm
new file mode 100755
index 000000000..3f9a9dfd5
--- /dev/null
+++ b/tool/helm
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+# installs $(cat ./helm.rev) version of helm as $HOME/.cache/tailscale-helm
+
+set -euo pipefail
+
+if [[ "${CI:-}" == "true" ]]; then
+    set -x
+fi
+
+(
+    if [[ "${CI:-}" == "true" ]]; then
+        set -x
+    fi
+
+    repo_root="${BASH_SOURCE%/*}/../"
+    cd "$repo_root"
+
+    cachedir="$HOME/.cache/tailscale-helm"
+    tarball="${cachedir}.tar.gz"
+
+    read -r want_rev < "$(dirname "$0")/helm.rev"
+
+    got_rev=""
+    if [[ -x "${cachedir}/helm" ]]; then
+        got_rev=$("${cachedir}/helm" version --short)
+        got_rev="${got_rev#v}" # trim the leading 'v'
+        got_rev="${got_rev%+*}" # trim the trailing '+" followed by a commit SHA'
+
+
+    fi
+
+    if [[ "$want_rev" != "$got_rev" ]]; then
+        rm -rf "$cachedir" "$tarball"
+        if [[ -n "${IN_NIX_SHELL:-}" ]]; then
+            nix_helm="$(which -a helm | grep /nix/store | head -1)"
+            nix_helm="${nix_helm%/helm}"
+            nix_helm_rev="${nix_helm##*-}"
+            if [[ "$nix_helm_rev" != "$want_rev" ]]; then
+                echo "Wrong helm version in Nix, got $nix_helm_rev want $want_rev" >&2
+		        exit 1
+            fi
+            ln -sf "$nix_helm" "$cachedir"
+        else
+            # works for linux and darwin
+            # https://github.com/helm/helm/releases
+            OS=$(uname -s | tr A-Z a-z)
+            ARCH=$(uname -m)
+            if [ "$ARCH" = "x86_64" ]; then
+                ARCH="amd64"
+            fi
+            if [ "$ARCH" = "aarch64" ]; then
+                ARCH="arm64"
+            fi
+            mkdir -p "$cachedir"
+            # When running on GitHub in CI, the below curl sometimes fails with
+            # INTERNAL_ERROR after finishing the download. The most common cause
+            # of INTERNAL_ERROR is glitches in intermediate hosts handling of
+            # HTTP/2 forwarding, so forcing HTTP 1.1 often fixes the issue. See
+            # https://github.com/tailscale/tailscale/issues/8988
+	        curl -f -L --http1.1 -o "$tarball" -sSL "https://get.helm.sh/helm-v${want_rev}-${OS}-${ARCH}.tar.gz"
+            (cd "$cachedir" && tar --strip-components=1 -xf "$tarball")
+            rm -f "$tarball"
+        fi
+    fi
+)
+
+export PATH="$HOME/.cache/tailscale-helm:$PATH"
+exec "$HOME/.cache/tailscale-helm/helm" "$@"
diff --git a/tool/helm.rev b/tool/helm.rev
new file mode 100644
index 000000000..c10780c62
--- /dev/null
+++ b/tool/helm.rev
@@ -0,0 +1 @@
+3.13.1
author	Irbe Krumina <irbe@tailscale.com>	2023-10-26 15:55:19 +0100
committer	Irbe Krumina <irbe@tailscale.com>	2023-10-30 13:59:46 +0000
commit	715ccc72b89c9bab4e22d220ba57d1c213e4e5fa (patch)
tree	78a08e998e2c208da34b98cbc987b106518811ee
parent	ced02933b7a9ce237983b2de822f661d240daa99 (diff)
download	tailscale-irbekrm/chartandcli.tar.xz tailscale-irbekrm/chartandcli.zip