Releases: gruntwork-io/terraform-kubernetes-helm
v0.6.2
This repo is now deprecated. Please upgrade to Helm v3 and migrate Namespace related modules to terraform-kubernetes-namespace.
Related links
v0.6.1
v0.6.0
Modules affected
k8s-tiller
[BACKWARDS INCOMPATIBLE when usingkubergrunt
mode]
Description
The local-exec
calls for k8s-tiller
have been updated to be compatible with Windows. Note that this requires Powershell.
Migration guide
The destroy provisioners for the TLS certificates have been updated when using kubergrunt
mode for TLS generation to resolve a bug where kubectl
did not accept certificate-authority-data
when there is an entry in the kubeconfig for the server. This has been updated to use kubergrunt
to pass the authentication parameters to kubectl
using a temporary kubeconfig that is generated by kubergrunt
. This fix requires kubergrunt
v0.5.8 or greater, so you will need to upgrade kubergrunt
if you wish to use the updated version.
Related links
v0.5.3
Modules affected
k8s-service-account
k8s-namespace
k8s-namespace-roles
Description
Fixes a regression bug introduced in k8s-namespace
and k8s-namespace-roles
with the behavior of create_resources
. Starting with terraform v0.12.11
, referencing resource index 0 of those that were not created with count = 0
is an error where as before it was null
. This means that we need to add a conditional for referencing those resources to only index into it when count > 0
.
This release also adds the create_resources
parameter to k8s-service-account
.
Related links
v0.5.2
v0.5.1
v0.5.0
Modules affected
k8s-tiller
[BACKWARDS INCOMPATIBLE]k8s-tiller-tls-certs
[BACKWARDS INCOMPATIBLE]k8s-service-account
[BACKWARDS INCOMPATIBLE]k8s-namespace
[BACKWARDS INCOMPATIBLE]k8s-namespace-roles
[BACKWARDS INCOMPATIBLE]k8s-helm-client-tls-certs
[BACKWARDS INCOMPATIBLE]
Description
All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.
All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.
Note that as part of this, we switched to using null
to indicate unset values when passing them through to resources. If you were previously using a 0 value (""
for strings and 0
for numbers), review the module variables.tf
file to double check if the 0 value has been converted to a null
.
Note: there is one major interface change due to the upgrade. For the TLS modules, we no longer cannot pass through the subject info of the TLS cert as an inline block due to type issues. The main issue here is with the street_address attribute, which is of type list(string)
. To support the types, the street_address
must be provided as newline delimited string
, which will be later converted to list(string)
.
Related links
v0.4.0
Modules affected
k8s-tiller
[BREAKING]k8s-tiller-tls-certs
[NEW]k8s-helm-client-tls-certs
[NEW]
Description
This brings in TLS generation into the k8s-tiller
module. In particular, k8s-tiller
has a new required variable tiller_tls_gen_method
which indicates how the module should generate the TLS certificates. Currently there are three options:
kubergrunt
: Use the kubergrunt utility to generate the TLS certificates and upload as a KubernetesSecret
resource.provider
: Use the tls Terraform provider to generate the TLS certs, and then use the kubernetes provider to upload them as a KubernetesSecret
resource.none
: Don't generate any TLS certs and look them up based on the input variabletiller_tls_secret_name
.
The characteristics of the three approaches are summarized in the table below. You can refer to the module README for more details.
Method | Amount of Control | Terraform Features | Secrets in Terraform State | External Dependencies |
---|---|---|---|---|
Direct | Full control | N/A | Only references | Yes (TLS certs must be generated externally) |
Provider | Limited control | Full support | All Secrets are stored in Terraform State | No |
Kubergrunt | Limited control | Limited support | Only references | Yes (kubergrunt binary) |
Additionally, this introduces the k8s-tiller-tls-certs and k8s-helm-client-tls-certs modules, which can be used to manually manage the TLS certificates for Tiller using the tls Terraform provider. Refer to the module READMEs for more details.
You can refer to the updated root example for example usage of the new modules.
Migration guide
To replicate the old behavior, pass in tiller_tls_gen_method = "none"
to the module block for k8s-tiller
.