Merge pull request #619 from wyardley/wyardley/drop-helm-v2

feat(helm)!: drop helm v2 support
GoogleCloudPlatform · May 15, 2023 · 9f2a755 · 9f2a755
2 parents 4b1f90c + f0ef98b
commit 9f2a755
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 94 deletions.
diff --git a/helm/README.md b/helm/README.md
@@ -45,18 +45,9 @@ You can also build this builder setting `Helm` version via in `cloudbuild.yaml`,
 
 ## Using Helm
 
-This builder supports three install options of Helm:
-* The default one when where Helm v3 is used and thus tiller is no longer present
-* Helm v2 where `tiller` gets installed into your GKE cluster.
-* Secure v2 `Tillerless Helm` where `tiller` runs outside the GKE cluster.
-
-Check the [examples](examples) folder for examples of using Helm in `Cloud Build` pipelines.
-
-**Note:** Do not forget to update `zone` and GKE `cluster` settings in the `cloudbuild.yaml` files.
-
 ### Helm v3
 
-The default one.
+Helm v2 (with or without Tiller) is no longer supported.
 
 You can test e.g. installing a chart via `Helm`, running the following command.
 
@@ -66,28 +57,6 @@ And to list Helm releases.
 
     $ gcloud builds submit . --config=examples/releases-list/cloudbuild.yaml
 
-
-### Helm v2 + Tiller setup
-
-The v2 choice when `Tillerless` is not toggled on. `tiller` will be installed into your GKE cluster (consider the security implications, `tiller` has historically had some issues).
-
-### Helm v2 + Tillerless Helm setup
-
-`Tillerless Helm` solves many `tiller` [security issues](https://docs.helm.sh/using_helm/#securing-your-helm-installation), as `tiller` runs outside the GKE cluster, locally in the container, and stores configs as secrets using the [secrets storage backend](https://docs.helm.sh/using_helm/#storage-backends).
-It is based on the [Tillerless](https://rimusz.net/tillerless-helm/) [plugin](https://github.com/rimusz/helm-tiller), and is available in the image.
-
-#### Enabling Tillerless Helm
-
-Set `TILLERLESS=true` and optionally `TILLER_NAMESPACE=<namespace>`.
-
-You can test e.g. installing a chart via `Tillerless Helm`, running the following command.
-
-    $ gcloud builds submit . --config=examples/chart-install-tillerless/cloudbuild.yaml
-
-And to list Helm releases.
-
-    $ gcloud builds submit . --config=examples/releases-list-tillerless/cloudbuild.yaml
-
 ## RBAC Considerations
 
 **Note:** If your GKE cluster has `RBAC` enabled, you must grant Cloud Build Service Account the `cluster-admin` role (or make it more specific for your use case)
@@ -115,6 +84,4 @@ The following options are configurable via environment variables passed to the b
 | HELM_REPO_NAME | External Helm repository name, optional |
 | HELM_REPO_URL | External Helm repo URL, optional |
 | HELMFILE_VERSION | [Helmfile](https://github.com/roboll/helmfile) version to install, optional (if using helm v3, please use the helmfile builder)
-| TILLERLESS | If true, Tillerless Helm is enabled, optional |
-| TILLER_NAMESPACE | Tiller namespace, optional |
 | SKIP_CLUSTER_CONFIG | If true, doesn't check or fetch GKE cluster config/creds, optional |
diff --git a/helm/examples/chart-install-tillerless/cloudbuild.yaml b/helm/examples/chart-install-tillerless/cloudbuild.yaml
diff --git a/helm/examples/releases-list-tillerless/cloudbuild.yaml b/helm/examples/releases-list-tillerless/cloudbuild.yaml
diff --git a/helm/helm.bash b/helm/helm.bash
@@ -30,14 +30,6 @@ EOF
     fi
 fi
 
-# if HELM_VERSION starts with v2, initialize Helm
-if [[ $HELM_VERSION =~ ^v2 ]]; then
-  echo "Running: helm init --client-only"
-  helm init --client-only
-else
-  echo "Skipped 'helm init --client-only' because not v2"
-fi
-
 # if GCS_PLUGIN_VERSION is set, install the plugin
 if [[ -n $GCS_PLUGIN_VERSION ]]; then
   echo "Installing helm GCS plugin version $GCS_PLUGIN_VERSION "
@@ -53,7 +45,7 @@ fi
 # if HELMFILE_VERSION is set, install Helmfile
 if [[ -n $HELMFILE_VERSION ]]; then
   echo "Installing Helmfile version $HELMFILE_VERSION "
-  curl -SsL https://github.com/roboll/helmfile/releases/download/$HELMFILE_VERSION/helmfile_linux_amd64 > helmfile
+  curl -SsL https://github.com/helmfile/helmfile/releases/download/$HELMFILE_VERSION/helmfile_linux_amd64 > helmfile
   chmod 700 helmfile
 fi
 
@@ -66,37 +58,7 @@ fi
 echo "Running: helm repo update"
 helm repo list && helm repo update || true
 
-
-# if 'TILLERLESS=true' is set, run a local tiller server with the secret backend
-# see also https://github.com/helm/helm/blob/master/docs/securing_installation.md#running-tiller-locally
-if [ "$TILLERLESS" = true ]; then
-  if [[ $HELM_VERSION =~ ^v2 ]]; then
-
-    # create tiller-namespace if it doesn't exist (helm --init would usually do this with server-side tiller'
-    if [[ -n $TILLER_NAMESPACE ]]; then
-      echo "Creating tiller namespace $TILLER_NAMESPACE"
-      kubectl get namespace $TILLER_NAMESPACE || kubectl create namespace $TILLER_NAMESPACE
-    fi
-
-    echo "Starting local tiller server"
-    #default inherits --listen localhost:44134 and TILLER_NAMESPACE
-    #use the secret driver by default
-    tiller --storage=secret &
-    export HELM_HOST=localhost:44134
-    if [ "$DEBUG" = true ]; then
-        echo "Running: helm $@"
-    fi
-    helm "$@" && exitCode=$? || exitCode=$?
-    echo "Stopping local tiller server"
-    pkill tiller
-    exit $exitCode
-  else
-    helm "$@" && exitCode=$? || exitCode=$?
-    exit $exitCode
-  fi
-else
-  if [ "$DEBUG" = true ]; then
-      echo "Running: helm $@"
-  fi
-  helm "$@"
+if [ "$DEBUG" = true ]; then
+  echo "Running: helm $@"
 fi
+helm "$@"