├── examples ├── example-chart │ ├── values.yaml │ ├── Chart.yaml │ ├── templates │ │ └── config.yaml │ └── .teller.yaml ├── clear.sh ├── run.sh └── README.md ├── media ├── helm-teller.gif └── helm-teller.svg ├── main.go ├── plugin.yaml ├── .github ├── workflows │ ├── spectral.yaml │ ├── release.yaml │ └── ci.yml └── ISSUE_TEMPLATE │ ├── pull_request.md │ ├── bug_report.md │ └── feature_request.md ├── pkg ├── exec.go ├── exec_test.go ├── visibility │ └── logging.go ├── deployment.go └── deployment_test.go ├── cmd ├── version.go ├── deploy.go └── root.go ├── .gitignore ├── Makefile ├── CONTRIBUTING.md ├── testutils └── teller.go ├── .goreleaser.yaml ├── scripts └── install.sh ├── README.md ├── CODE_OF_CONDUCT.md ├── go.mod └── LICENSE /examples/example-chart/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 -------------------------------------------------------------------------------- /media/helm-teller.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tellerops/helm-teller/HEAD/media/helm-teller.gif -------------------------------------------------------------------------------- /examples/clear.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/bin/sh 3 | 4 | echo "stop consul" 5 | docker stop consul-helm-teller 6 | echo "remove container name" 7 | docker container rm consul-helm-teller -------------------------------------------------------------------------------- /examples/example-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: example-chart 3 | description: Example helm chart form helm-teller plugin 4 | 5 | type: application 6 | version: 0.1.0 7 | appVersion: "1.16.0" 8 | -------------------------------------------------------------------------------- /examples/example-chart/templates/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: test-config-map 5 | data: 6 | redis-host: {{ .Values.teller.host }} 7 | redis-password: {{ .Values.teller.password }} 8 | loglevel: {{ .Values.teller.loglevel }} -------------------------------------------------------------------------------- /examples/example-chart/.teller.yaml: -------------------------------------------------------------------------------- 1 | 2 | project: teller 3 | 4 | # 5 | # Providers 6 | # 7 | providers: 8 | # Configure via environment: 9 | # CONSUL_HTTP_ADDR 10 | consul: 11 | env_sync: 12 | path: redis/config 13 | env: 14 | loglevel: 15 | path: log-level -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | 6 | "github.com/SpectralOps/helm-teller/cmd" 7 | 8 | log "github.com/sirupsen/logrus" 9 | ) 10 | 11 | func main() { 12 | if err := cmd.New().Execute(); err != nil { 13 | log.WithError(err) 14 | os.Exit(1) 15 | } 16 | os.Exit(0) 17 | } 18 | -------------------------------------------------------------------------------- /plugin.yaml: -------------------------------------------------------------------------------- 1 | name: "teller" 2 | 3 | version: "0.1.0" 4 | usage: "Helm Teller plugin" 5 | description: "Helm Teller plugin allows you to pull any values from the supported provider into your helm chart" 6 | 7 | command: "$HELM_PLUGIN_DIR/bin/teller" 8 | hooks: 9 | install: "cd $HELM_PLUGIN_DIR; scripts/install.sh" 10 | update: "cd $HELM_PLUGIN_DIR; scripts/install.sh" 11 | -------------------------------------------------------------------------------- /.github/workflows/spectral.yaml: -------------------------------------------------------------------------------- 1 | name: Spectral 2 | 3 | on: [push] 4 | 5 | env: 6 | SPECTRAL_DSN: ${{ secrets.SPECTRAL_DSN }} 7 | 8 | jobs: 9 | scan: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | - name: Install Spectral 14 | uses: spectralops/spectral-github-action@v1 15 | with: 16 | spectral-dsn: ${{ secrets.SPECTRAL_DSN }} 17 | - name: Spectral Scan 18 | run: spectral scan -------------------------------------------------------------------------------- /pkg/exec.go: -------------------------------------------------------------------------------- 1 | package pkg 2 | 3 | import ( 4 | "io" 5 | "os/exec" 6 | 7 | log "github.com/sirupsen/logrus" 8 | ) 9 | 10 | func ExecCommand(name string, args []string, stdout, stderr io.Writer) int { 11 | 12 | helmCmd := exec.Command(name, args...) 13 | helmCmd.Stdout = stdout 14 | helmCmd.Stderr = stderr 15 | if err := helmCmd.Run(); err != nil { 16 | log.WithError(err).Trace("could not execute command") 17 | if exitError, ok := err.(*exec.ExitError); ok { 18 | return exitError.ExitCode() 19 | } 20 | } 21 | return 0 22 | } 23 | -------------------------------------------------------------------------------- /pkg/exec_test.go: -------------------------------------------------------------------------------- 1 | package pkg 2 | 3 | import ( 4 | "bytes" 5 | "testing" 6 | 7 | "github.com/stretchr/testify/assert" 8 | ) 9 | 10 | func TestCanExecCommand(t *testing.T) { 11 | 12 | var stdout bytes.Buffer 13 | var stderr bytes.Buffer 14 | exitCode := ExecCommand("echo", []string{"arg-1", "arg-2"}, &stdout, &stderr) 15 | assert.Equal(t, 0, exitCode, "invalid proccess exit code") 16 | assert.Equal(t, "", stderr.String(), "stderr should be empty") 17 | assert.Equal(t, "arg-1 arg-2\n", stdout.String(), "stderr should be empty") 18 | 19 | } 20 | -------------------------------------------------------------------------------- /cmd/version.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | 6 | "github.com/spf13/cobra" 7 | ) 8 | 9 | var ( 10 | // Version injected from CI/CD 11 | version = `{{.Version}}` 12 | 13 | // Commit hash injected from CI/CD 14 | commit = `{{.Commit}}` 15 | ) 16 | 17 | // newVersionCmd return helm-teller command 18 | func newVersionCmd() *cobra.Command { 19 | return &cobra.Command{ 20 | Use: "version", 21 | Short: "Show version of the helm teller plugin", 22 | Run: func(*cobra.Command, []string) { 23 | fmt.Printf("%s (%s)", version, commit) 24 | }, 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/pull_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Pull Request" 3 | about: Create pull request 4 | --- 5 | 6 | ## Description 7 | 8 | 9 | ## Motivation and Context 10 | 11 | 12 | 13 | ## How Has This Been Tested? 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | If you prefer the allow list template instead of the deny list, see community template: 2 | # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore 3 | # 4 | # Binaries for programs and plugins 5 | *.exe 6 | *.exe~ 7 | *.dll 8 | *.so 9 | *.dylib 10 | 11 | # Test binary, built with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Dependency directories (remove the comment below to include it) 18 | # vendor/ 19 | 20 | # Go workspace file 21 | go.work 22 | 23 | #custom 24 | .vscode 25 | cover.out 26 | dist/ 27 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release 2 | on: 3 | push: 4 | tags: 5 | - 'v*.*.*' 6 | - 'v*.*.*-rc*' 7 | jobs: 8 | goreleaser: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout 12 | uses: actions/checkout@v2 13 | 14 | - name: Set up Go 15 | uses: actions/setup-go@v2 16 | with: 17 | go-version: 1.17 18 | 19 | - name: GoReleaser 20 | uses: goreleaser/goreleaser-action@v2 21 | with: 22 | version: v1.5.0 23 | args: release --rm-dist 24 | env: 25 | GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }} 26 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug Report 3 | about: Report a bug encountered 4 | labels: kind/bug 5 | --- 6 | 7 | ## Expected Behavior 8 | 9 | 10 | ## Current Behavior 11 | 12 | 13 | ## Possible Solution 14 | 15 | 16 | ## Steps to Reproduce 17 | 18 | 1. 19 | 2. 20 | 3. 21 | 4. 22 | 23 | ## Context 24 | 25 | 26 | 27 | ## Specifications 28 | - Version: 29 | - Platform: 30 | - Helm version: -------------------------------------------------------------------------------- /pkg/visibility/logging.go: -------------------------------------------------------------------------------- 1 | package visibility 2 | 3 | import ( 4 | "strings" 5 | 6 | log "github.com/sirupsen/logrus" 7 | ) 8 | 9 | func SetLoggingLevel(level string) { 10 | level = strings.ToLower(level) 11 | log.WithFields(log.Fields{"level": level}).Trace("setting logging level") 12 | switch level { 13 | case "debug": 14 | log.SetLevel(log.DebugLevel) 15 | case "info": 16 | log.SetLevel(log.InfoLevel) 17 | case "warn", "warning": 18 | log.SetLevel(log.WarnLevel) 19 | case "error": 20 | log.SetLevel(log.ErrorLevel) 21 | case "fatal": 22 | log.SetLevel(log.FatalLevel) 23 | case "panic": 24 | log.SetLevel(log.PanicLevel) 25 | default: 26 | log.WithFields(log.Fields{"level": level}).Warn("Invalid log level, not setting") 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: "\U0001F680 Feature Request" 3 | about: Suggest a new feature 4 | labels: "type/enhancement" 5 | --- 6 | 7 | ## Feature Request 8 | 9 | **Is your feature request related to a problem? Please describe.** 10 | 11 | 12 | **Describe the solution you'd like** 13 | 14 | 15 | **Describe alternatives you've considered** 16 | 17 | 18 | **Teachability, Documentation, Adoption, Migration Strategy** 19 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Go parameters 2 | GOCMD=go 3 | GOBUILD=$(GOCMD) build 4 | GOTOOL=$(GOCMD) tool 5 | GOTEST=$(GOCMD) test 6 | GOFMT=$(GOCMD)fmt 7 | 8 | BINARY_NAME=helm-teller 9 | 10 | TEST_EXEC_CMD=$(GOTEST) -coverprofile=cover.out -short -cover -failfast ./... 11 | 12 | build: build 13 | $(GOBUILD) -o $(BINARY_NAME) -v 14 | 15 | test: 16 | $(TEST_EXEC_CMD) 17 | 18 | test-html: 19 | $(TEST_EXEC_CMD) 20 | $(GOTOOL) cover -html=cover.out 21 | 22 | checks: test lint fmt 23 | 24 | lint: 25 | golangci-lint run 26 | 27 | fmt: 28 | @res=$$($(GOFMT) -d -e -s $$(find . -type d \( -path ./src/vendor \) -prune -o -name '*.go' -print)); \ 29 | if [ -n "$${res}" ]; then \ 30 | echo checking gofmt fail... ; \ 31 | echo "$${res}"; \ 32 | exit 1; \ 33 | fi 34 | 35 | build: 36 | goreleaser release --snapshot --rm-dist -------------------------------------------------------------------------------- /examples/run.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/bin/sh 3 | 4 | HERE=$(cd $(dirname $BASH_SOURCE) && pwd) 5 | 6 | sh ${HERE}/clear.sh 7 | docker run \ 8 | --name="consul-helm-teller" \ 9 | -d \ 10 | -p 8500:8500 \ 11 | -p 8600:8600/udp \ 12 | consul agent -server -ui -node=server-1 -bootstrap-expect=1 -client=0.0.0.0 13 | 14 | 15 | until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:8500); do 16 | echo 'Waiting for consul service to be ready' 17 | sleep 5 18 | done 19 | 20 | 21 | echo "adding redis config" 22 | docker exec consul-helm-teller sh -c "consul kv put redis/config/host localhost" 23 | docker exec consul-helm-teller sh -c "consul kv put redis/config/password 1234" 24 | echo "adding log level config" 25 | docker exec consul-helm-teller sh -c "consul kv put log-level debug" 26 | 27 | echo "You can run clear.sh for cleanup" -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | pull_request: 8 | 9 | jobs: 10 | build: 11 | name: Build 12 | runs-on: ${{ matrix.os }} 13 | strategy: 14 | matrix: 15 | os: [ubuntu-latest, macos-latest] 16 | go: ['1.17'] 17 | env: 18 | VERBOSE: 1 19 | 20 | steps: 21 | - name: Set up Go 22 | uses: actions/setup-go@v2 23 | with: 24 | go-version: ${{ matrix.go }} 25 | 26 | - name: Checkout code 27 | uses: actions/checkout@v2 28 | 29 | - name: golangci-lint 30 | uses: golangci/golangci-lint-action@v2 31 | with: 32 | version: v1.45.2 33 | args: --timeout 5m0s 34 | 35 | - name: Formatting 36 | run: | 37 | make fmt 38 | 39 | - name: Test 40 | run: | 41 | make test 42 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | 4 | ## Developing 5 | 1. Make sure you have configured running Kubernetes cluster. 6 | ```sh 7 | $ kubectl cluster-info 8 | ``` 9 | 2. configure [.teller.yaml](./examples/example-chart/.teller.yaml) to pull variables from your various cloud providers. you can also run [run.sh](./examples/run.sh) to work via local Consul. 10 | 3. Run local helm-teller via [example-chart](./examples/example-chart/). 11 | ```sh 12 | $ go run main.go install --teller-config "examples/example-chart/.teller.yaml" -- --debug --dry-run test ./examples/example-chart 13 | ``` 14 | 15 | ## Testing 16 | To run unit tests: 17 | ```sh 18 | $ make test 19 | ``` 20 | 21 | ### Linting 22 | Linting is treated as a form of testing (using `golangci`), to run: 23 | ```sh 24 | $ make lint 25 | ``` 26 | 27 | ### Formatting 28 | Run go fmt check: 29 | ```sh 30 | $ make fmt 31 | ``` 32 | 33 | ### Run all checks: 34 | ```sh 35 | $ make checks 36 | ``` -------------------------------------------------------------------------------- /testutils/teller.go: -------------------------------------------------------------------------------- 1 | package testutils 2 | 3 | import ( 4 | "bytes" 5 | "errors" 6 | "fmt" 7 | ) 8 | 9 | type MockTellerPkg struct { 10 | tellerEntries map[string]string 11 | } 12 | 13 | func GetTellerPkg(tellerEntries map[string]string) *MockTellerPkg { 14 | 15 | return &MockTellerPkg{ 16 | tellerEntries: tellerEntries, 17 | } 18 | } 19 | 20 | func (mt *MockTellerPkg) Collect() error { 21 | 22 | if len(mt.tellerEntries) == 0 { 23 | return errors.New("empty entries") 24 | } 25 | return nil 26 | } 27 | 28 | func (mt *MockTellerPkg) ExportYAML() (out string, err error) { 29 | 30 | var b bytes.Buffer 31 | 32 | for k, v := range mt.tellerEntries { 33 | if k == "error" { 34 | return "", errors.New("ExportYAML error") 35 | } 36 | if k == "invalid-yaml" { 37 | b.WriteString(fmt.Sprintf("%s - %s", k, v)) 38 | continue 39 | } 40 | b.WriteString(fmt.Sprintf("%s: %s\n", k, v)) 41 | } 42 | return b.String(), nil 43 | } 44 | 45 | func (mt *MockTellerPkg) PrintEnvKeys() { 46 | 47 | } 48 | -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- 1 | #before: 2 | builds: 3 | - env: 4 | - CGO_ENABLED=0 5 | goos: 6 | - darwin 7 | - linux 8 | - windows 9 | goarch: 10 | - amd64 11 | - arm 12 | - arm64 13 | goarm: 14 | - "6" 15 | - "7" 16 | ldflags: 17 | - -s -w -X github.com/SpectralOps/helm-teller/cmd.version={{.Version}} -X github.com/SpectralOps/helm-teller/cmd.commit={{.Commit}} 18 | archives: 19 | - id: helm-teller 20 | format: tar.gz 21 | files: 22 | - LICENSE 23 | - plugin.yaml 24 | 25 | checksum: 26 | name_template: 'checksums.txt' 27 | 28 | # brews: 29 | # - name: helm-teller 30 | # tap: 31 | # owner: spectralops 32 | # name: homebrew-tap 33 | # token: "{{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}" 34 | # description: Helm plugin for pull secrets and configuration time when you deploy a helm chart. 35 | # homepage: https://github.com/spectralops/helm-teller 36 | # license: "MIT" 37 | 38 | changelog: 39 | sort: asc 40 | filters: 41 | exclude: 42 | - '^docs:' 43 | - '^test:' 44 | -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | # Example 2 | 3 | ## Pre-requirements 4 | * helm-teller installed 5 | * running Kubernetes cluster 6 | 7 | Run [run.sh](./run.sh) file of do the following steps. run [clear.sh](./clear.sh) to delete `docker` container after your test. 8 | 9 | ## You can create testing environment by follow the steps: 10 | 11 | ### Run consul provider 12 | ```sh 13 | $ docker run \ 14 | --name="consul-helm-teller" \ 15 | -d \ 16 | -p 8500:8500 \ 17 | -p 8600:8600/udp \ 18 | consul agent -server -ui -node=server-1 -bootstrap-expect=1 -client=0.0.0.0 19 | ``` 20 | 21 | ### Set keys 22 | ```sh 23 | $ docker exec consul-helm-teller sh -c "consul kv put redis/config/host localhost" 24 | $ docker exec consul-helm-teller sh -c "consul kv put redis/config/password 1234" 25 | $ docker exec consul-helm-teller sh -c "consul kv put log-level debug" 26 | ``` 27 | 28 | ## Install the chart 29 | ```sh 30 | $ cd examples/example-chart 31 | $ helm teller install -- --debug --dry-run test . 32 | ``` 33 | 34 | Delete consul container 35 | ```sh 36 | $ docker stop consul-helm-teller 37 | $ docker container rm consul-helm-teller 38 | ``` -------------------------------------------------------------------------------- /scripts/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | if [ -n "${HELM_LINTER_PLUGIN_NO_INSTALL_HOOK}" ]; then 4 | echo "Development mode: not downloading versioned release." 5 | exit 0 6 | fi 7 | 8 | version="$(cat plugin.yaml | grep "version" | cut -d '"' -f 2)" 9 | echo "Downloading and installing helm-teller v${version} ..." 10 | 11 | arch="" 12 | case $(uname -m) in 13 | x86_64) 14 | arch="amd64" 15 | ;; 16 | armv6*) 17 | arch="armv6" 18 | ;; 19 | armv7*) 20 | arch="armv7" 21 | ;; 22 | aarch64 | arm64) 23 | arch="arm64" 24 | ;; 25 | *) 26 | echo "Failed to detect target architecture" 27 | exit 1 28 | ;; 29 | esac 30 | 31 | if [ "$(uname)" = "Darwin" ]; then 32 | url="https://github.com/spectralops/helm-teller/releases/download/v${version}/helm-teller_${version}_darwin_${arch}.tar.gz" 33 | elif [ "$(uname)" = "Linux" ] ; then 34 | url="https://github.com/spectralops/helm-teller/releases/download/v${version}/helm-teller_${version}_linux_${arch}.tar.gz" 35 | else 36 | url="https://github.com/spectralops/helm-teller/releases/download/v${version}/helm-teller_${version}_windows_${arch}.tar.gz" 37 | fi 38 | 39 | echo "Downloding helm-teller from: $url" 40 | 41 | mkdir -p "bin" 42 | mkdir -p "releases/v${version}" 43 | 44 | curl -sSL "${url}" -o "releases/v${version}.tar.gz" 45 | tar xzf "releases/v${version}.tar.gz" -C "releases/v${version}" 46 | mv "releases/v${version}/helm-teller" "bin/teller" || \ 47 | mv "releases/v${version}/helm-teller.exe" "bin/teller" -------------------------------------------------------------------------------- /cmd/deploy.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "bytes" 5 | "fmt" 6 | "os" 7 | 8 | "github.com/SpectralOps/helm-teller/pkg" 9 | 10 | "github.com/spf13/cobra" 11 | ) 12 | 13 | type deployCmd struct { 14 | show bool 15 | disableMasking bool 16 | } 17 | 18 | // newDeploymentCommand creates a helm wrapper deployment command 19 | func newDeploymentCommand(deployType string) *cobra.Command { 20 | 21 | deployCmd := deployCmd{} 22 | 23 | cmd := &cobra.Command{ 24 | Use: deployType, 25 | Short: fmt.Sprintf("wrapper for %s helm command", deployType), 26 | PreRunE: loadTellerFile, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | 29 | helmCustomFlags, entries, err := pkg.ParseToSetFlags(teller, deployType) 30 | if err != nil { 31 | os.Exit(1) 32 | } 33 | 34 | if deployCmd.show { 35 | teller.PrintEnvKeys() 36 | } 37 | 38 | helmCustomFlags = append(helmCustomFlags, args...) 39 | 40 | var stdout bytes.Buffer 41 | var stderr bytes.Buffer 42 | exitCode := pkg.ExecCommand(helmBinary, helmCustomFlags, &stdout, &stderr) 43 | 44 | if exitCode != 0 { 45 | fmt.Println(stderr.String()) 46 | } 47 | if deployCmd.disableMasking { 48 | fmt.Println(stdout.String()) 49 | } else { 50 | fmt.Println(pkg.MaskHelmOutput(stdout.String(), entries)) 51 | } 52 | 53 | os.Exit(exitCode) 54 | }, 55 | } 56 | 57 | f := cmd.Flags() 58 | f.BoolVar(&deployCmd.show, "show", false, "Print in a human friendly, secure format.") 59 | f.BoolVar(&deployCmd.disableMasking, "disable-masking", false, "Disable configuration masking.") 60 | 61 | return cmd 62 | 63 | } 64 | -------------------------------------------------------------------------------- /pkg/deployment.go: -------------------------------------------------------------------------------- 1 | package pkg 2 | 3 | import ( 4 | "fmt" 5 | "math" 6 | "strings" 7 | 8 | log "github.com/sirupsen/logrus" 9 | "gopkg.in/yaml.v2" 10 | ) 11 | 12 | type TellerPkgDescriber interface { 13 | Collect() error 14 | ExportYAML() (out string, err error) 15 | PrintEnvKeys() 16 | } 17 | 18 | // ParseToSetFlags will collect teller configuration and return a list of --set flag for each path 19 | func ParseToSetFlags(teller TellerPkgDescriber, helmCommand string) ([]string, map[string]string, error) { 20 | 21 | err := teller.Collect() 22 | if err != nil { 23 | log.WithError(err).Error("could not collect teller secrets") 24 | return nil, nil, err 25 | } 26 | 27 | out, err := teller.ExportYAML() 28 | if err != nil { 29 | log.WithError(err).Error("error while export teller config to yaml") 30 | return nil, nil, err 31 | } 32 | 33 | entries := map[string]string{} 34 | err = yaml.Unmarshal([]byte(out), &entries) 35 | if err != nil { 36 | log.WithError(err).Error("could not parse teller entries") 37 | return nil, nil, err 38 | } 39 | 40 | tellerSets := []string{} 41 | 42 | for key, val := range entries { 43 | tellerSets = append(tellerSets, parseSetEntry(key, val)...) 44 | } 45 | 46 | command := []string{helmCommand} 47 | command = append(command, tellerSets...) 48 | 49 | return command, entries, nil 50 | } 51 | 52 | // MaskHelmOutput replace given entries string to mask chars in the given str 53 | func MaskHelmOutput(str string, entries map[string]string) string { 54 | 55 | for _, value := range entries { 56 | str = strings.Replace(str, value, fmt.Sprintf("%s*****", value[:int(math.Min(float64(len(value)), 2))]), -1) 57 | } 58 | return str 59 | } 60 | 61 | // parseSetEntry return --set flag for the given key value 62 | func parseSetEntry(key, value string) []string { 63 | 64 | return []string{"--set", fmt.Sprintf(`teller.%s="%s"`, key, value)} 65 | } 66 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 |
3 |
4 |
5 | 6 |
7 |
8 |

9 | 10 |

11 | :computer: Never leave your terminal for secrets 12 |
13 | :pager: Same workflows for all your environments 14 |


15 |

16 |

17 |

18 | 19 | 20 |

21 | 22 | # Helm-teller 23 | 24 | Helm [Teller](https://github.com/SpectralOps/teller) 25 | Allows you to inject configuration and secrets from multiple providers into your chart while masking the secrets at the deployment. 26 | 27 | 28 | ## Why should i use it? 29 | * More secure while using `--debug` or `--dry-run` the secrets will not show in the STDOUT 30 | * Simple to integrate 31 | * Rich of supported plugins 32 | * Pull configuration and secret from multiple providers in one place 33 | * Manage configuration from development to production in the same way 34 | 35 | 36 | ![](media/helm-teller.gif) 37 | 38 | ## Installation 39 | ```sh 40 | $ helm plugin install https://github.com/SpectralOps/helm-teller 41 | ``` 42 | 43 | ## Quick Start with helm teller 44 | * Create [.teller.yaml](https://github.com/SpectralOps/teller#quick-start-with-teller-or-tlr) file in your helm chart. 45 | ```yaml 46 | providers: 47 | # vault provider 48 | vault: 49 | env_sync: 50 | path: redis/config 51 | # Consul provider 52 | consul: 53 | env: 54 | loglevel: 55 | path: log-level 56 | 57 | ``` 58 | * Set teller fields in your helm chart 59 | ```yaml 60 | apiVersion: v1 61 | kind: ConfigMap 62 | metadata: 63 | name: test-config-map 64 | data: 65 | redis-host: {{ .Values.teller.host }} 66 | redis-password: {{ .Values.teller.password }} 67 | loglevel: {{ .Values.teller.loglevel }} 68 | ``` 69 | * Run helm teller deploy `helm teller [install/upgrade] {PLUGIN_FLAGS} -- {NATIVE_HELM_FLAGS}`. 70 | 71 | 72 | See working example [here](./examples) 73 | 74 | 75 | ## Contributing 76 | 77 | See the [contributing](./CONTRIBUTING.md) directory for more developer documentation 78 | -------------------------------------------------------------------------------- /pkg/deployment_test.go: -------------------------------------------------------------------------------- 1 | package pkg 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/SpectralOps/helm-teller/testutils" 7 | 8 | "github.com/stretchr/testify/assert" 9 | ) 10 | 11 | func TestParseToSetFlags(t *testing.T) { 12 | 13 | entries := map[string]string{ 14 | "key-1": "val-1", 15 | "key-2": "val-2", 16 | } 17 | teller := testutils.GetTellerPkg(entries) 18 | args, returnEntries, err := ParseToSetFlags(teller, "install") 19 | assert.Nil(t, err) 20 | assert.ElementsMatch(t, []string{"install", "--set", "teller.key-1=\"val-1\"", "--set", "teller.key-2=\"val-2\""}, args) 21 | assert.Equal(t, entries, returnEntries) 22 | 23 | } 24 | 25 | func TestParseToSetFlagsWithCollectErr(t *testing.T) { 26 | 27 | entries := map[string]string{} 28 | teller := testutils.GetTellerPkg(entries) 29 | args, returnEntries, err := ParseToSetFlags(teller, "install") 30 | assert.NotNil(t, err) 31 | assert.Nil(t, args) 32 | assert.Nil(t, returnEntries) 33 | 34 | } 35 | 36 | func TestParseToSetFlagsWithExportYAMLErr(t *testing.T) { 37 | 38 | entries := map[string]string{"error": "error"} 39 | teller := testutils.GetTellerPkg(entries) 40 | args, returnEntries, err := ParseToSetFlags(teller, "install") 41 | assert.NotNil(t, err) 42 | assert.Nil(t, args) 43 | assert.Nil(t, returnEntries) 44 | 45 | } 46 | 47 | func TestParseToSetFlagsWithParsingYamlErr(t *testing.T) { 48 | 49 | entries := map[string]string{ 50 | "invalid-yaml": "val-1", 51 | } 52 | teller := testutils.GetTellerPkg(entries) 53 | args, returnEntries, err := ParseToSetFlags(teller, "install") 54 | assert.NotNil(t, err) 55 | assert.Nil(t, args) 56 | assert.Nil(t, returnEntries) 57 | 58 | } 59 | 60 | func TestMaskHelmOutput(t *testing.T) { 61 | str := ` 62 | apiVersion: v1 63 | kind: ConfigMap 64 | metadata: 65 | name: test-config-map 66 | data: 67 | redis-host: localhost 68 | redis-password: 1234 69 | loglevel: debug 70 | ` 71 | expectedStr := "\napiVersion: v1\nkind: ConfigMap\nmetadata:\n\tname: test-config-map\ndata:\n\tredis-host: lo*****\n\tredis-password: 12*****\n\tloglevel: debug\t\n" 72 | entries := map[string]string{ 73 | "key-1": "localhost", 74 | "key-2": "1234", 75 | } 76 | out := MaskHelmOutput(str, entries) 77 | assert.Equal(t, expectedStr, out) 78 | } 79 | 80 | func TestParseSetEntry(t *testing.T) { 81 | 82 | args := parseSetEntry("key", "value") 83 | assert.ElementsMatch(t, []string{"--set", "teller.key=\"value\""}, args) 84 | } 85 | -------------------------------------------------------------------------------- /cmd/root.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | log "github.com/sirupsen/logrus" 5 | tellerPkg "github.com/spectralops/teller/pkg" 6 | "github.com/spf13/cobra" 7 | 8 | "github.com/SpectralOps/helm-teller/pkg" 9 | "github.com/SpectralOps/helm-teller/pkg/visibility" 10 | ) 11 | 12 | var ( 13 | // logLevel define the application log level 14 | logLevel string 15 | 16 | // helmBinary define the binary helm path 17 | helmBinary string 18 | 19 | // tellerConfig point to Teller configuration file 20 | tellerConfig string 21 | 22 | // teller descrive Teller package 23 | teller pkg.TellerPkgDescriber 24 | ) 25 | 26 | const rootCmdLongUsage = ` 27 | Helm Teller Allows you to inject configuration and secrets from multiple providers into your chart while masking the secrets at the deployment. 28 | 29 | * More secure while using --debug or --dry-run the secrets will not show in the STDOUT. 30 | * Simple to integrate. 31 | * Rich of supported plugins. 32 | * Pull configuration and secret from multiple providers in one place. 33 | * Manage configuration from development to production in the same way. 34 | ` 35 | 36 | func New() *cobra.Command { 37 | 38 | cobra.OnInitialize(initialize) 39 | 40 | rootCmd := &cobra.Command{ 41 | Use: "helm-teller", 42 | Short: "Collect configuration from multiple provider", 43 | Long: rootCmdLongUsage, 44 | } 45 | 46 | rootCmd.PersistentFlags().StringVarP(&logLevel, "log-level", "l", "info", "Application log level") 47 | rootCmd.PersistentFlags().StringVar(&helmBinary, "helm-binary", "helm", "Helm binary path") 48 | rootCmd.PersistentFlags().StringVar(&tellerConfig, "teller-config", ".teller.yaml", "Path to teller.yml config") 49 | 50 | rootCmd.AddCommand(newVersionCmd()) // add version command 51 | rootCmd.AddCommand(newDeploymentCommand("upgrade")) // add upgrade command 52 | rootCmd.AddCommand(newDeploymentCommand("install")) // add install command 53 | 54 | return rootCmd 55 | } 56 | 57 | // initialize app on each command's 58 | func initialize() { 59 | // init logger 60 | visibility.SetLoggingLevel(logLevel) 61 | 62 | } 63 | 64 | func loadTellerFile(cmd *cobra.Command, args []string) error { 65 | // init teller package from config file. 66 | tlrfile, err := tellerPkg.NewTellerFile(tellerConfig) 67 | if err != nil { 68 | log.WithError(err).Fatal("could not load teller file") 69 | return err 70 | } 71 | 72 | teller = tellerPkg.NewTeller(tlrfile, []string{}, false) 73 | return nil 74 | } 75 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | hello@spectralops.io. 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series 86 | of actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or 93 | permanent ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within 113 | the community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.0, available at 119 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. 120 | 121 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 122 | enforcement ladder](https://github.com/mozilla/diversity). 123 | 124 | [homepage]: https://www.contributor-covenant.org 125 | 126 | For answers to common questions about this code of conduct, see the FAQ at 127 | https://www.contributor-covenant.org/faq. Translations are available at 128 | https://www.contributor-covenant.org/translations. 129 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/SpectralOps/helm-teller 2 | 3 | go 1.17 4 | 5 | require ( 6 | github.com/sirupsen/logrus v1.8.1 7 | github.com/spectralops/teller v1.4.0 8 | github.com/spf13/cobra v1.3.0 9 | github.com/stretchr/testify v1.7.0 10 | gopkg.in/yaml.v2 v2.4.0 11 | ) 12 | 13 | require ( 14 | cloud.google.com/go v0.100.2 // indirect 15 | cloud.google.com/go/compute v0.1.0 // indirect 16 | cloud.google.com/go/iam v0.1.0 // indirect 17 | cloud.google.com/go/secretmanager v1.2.0 // indirect 18 | github.com/AlecAivazis/survey/v2 v2.2.8 // indirect 19 | github.com/Azure/azure-sdk-for-go v52.5.0+incompatible // indirect 20 | github.com/Azure/go-autorest v14.2.0+incompatible // indirect 21 | github.com/Azure/go-autorest/autorest v0.11.18 // indirect 22 | github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect 23 | github.com/Azure/go-autorest/autorest/azure/auth v0.5.7 // indirect 24 | github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 // indirect 25 | github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect 26 | github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect 27 | github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect 28 | github.com/Azure/go-autorest/logger v0.2.1 // indirect 29 | github.com/Azure/go-autorest/tracing v0.6.0 // indirect 30 | github.com/DopplerHQ/cli v0.0.0-20210309042056-414bede8a50e // indirect 31 | github.com/armon/go-metrics v0.3.10 // indirect 32 | github.com/atotto/clipboard v0.1.2 // indirect 33 | github.com/aws/aws-sdk-go-v2 v1.2.0 // indirect 34 | github.com/aws/aws-sdk-go-v2/config v1.1.1 // indirect 35 | github.com/aws/aws-sdk-go-v2/credentials v1.1.1 // indirect 36 | github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.2 // indirect 37 | github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.2 // indirect 38 | github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.1.1 // indirect 39 | github.com/aws/aws-sdk-go-v2/service/ssm v1.1.1 // indirect 40 | github.com/aws/aws-sdk-go-v2/service/sso v1.1.1 // indirect 41 | github.com/aws/aws-sdk-go-v2/service/sts v1.1.1 // indirect 42 | github.com/aws/smithy-go v1.1.0 // indirect 43 | github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect 44 | github.com/cenkalti/backoff v2.2.1+incompatible // indirect 45 | github.com/cloudflare/cloudflare-go v0.25.0 // indirect 46 | github.com/coreos/go-semver v0.3.0 // indirect 47 | github.com/coreos/go-systemd/v22 v22.3.2 // indirect 48 | github.com/cyberark/conjur-api-go v0.7.1 // indirect 49 | github.com/danieljoos/wincred v1.1.0 // indirect 50 | github.com/davecgh/go-spew v1.1.1 // indirect 51 | github.com/dghubble/sling v1.3.0 // indirect 52 | github.com/dimchansky/utfbom v1.1.1 // indirect 53 | github.com/fatih/color v1.13.0 // indirect 54 | github.com/form3tech-oss/jwt-go v3.2.2+incompatible // indirect 55 | github.com/godbus/dbus/v5 v5.0.4 // indirect 56 | github.com/gogo/protobuf v1.3.2 // indirect 57 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect 58 | github.com/golang/protobuf v1.5.2 // indirect 59 | github.com/golang/snappy v0.0.3 // indirect 60 | github.com/google/go-cmp v0.5.7 // indirect 61 | github.com/google/go-querystring v1.0.0 // indirect 62 | github.com/google/uuid v1.2.0 // indirect 63 | github.com/googleapis/gax-go/v2 v2.1.1 // indirect 64 | github.com/hashicorp/consul/api v1.11.0 // indirect 65 | github.com/hashicorp/errwrap v1.0.0 // indirect 66 | github.com/hashicorp/go-cleanhttp v0.5.2 // indirect 67 | github.com/hashicorp/go-hclog v1.0.0 // indirect 68 | github.com/hashicorp/go-immutable-radix v1.3.1 // indirect 69 | github.com/hashicorp/go-multierror v1.1.0 // indirect 70 | github.com/hashicorp/go-retryablehttp v0.5.4 // indirect 71 | github.com/hashicorp/go-rootcerts v1.0.2 // indirect 72 | github.com/hashicorp/go-sockaddr v1.0.2 // indirect 73 | github.com/hashicorp/golang-lru v0.5.4 // indirect 74 | github.com/hashicorp/hcl v1.0.0 // indirect 75 | github.com/hashicorp/serf v0.9.6 // indirect 76 | github.com/hashicorp/vault/api v1.0.4 // indirect 77 | github.com/hashicorp/vault/sdk v0.1.13 // indirect 78 | github.com/heroku/heroku-go/v5 v5.2.1 // indirect 79 | github.com/inconshreveable/mousetrap v1.0.0 // indirect 80 | github.com/jftuga/ellipsis v1.0.0 // indirect 81 | github.com/jmespath/go-jmespath v0.4.0 // indirect 82 | github.com/joho/godotenv v1.3.0 // indirect 83 | github.com/karrick/godirwalk v1.16.1 // indirect 84 | github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect 85 | github.com/mattn/go-colorable v0.1.12 // indirect 86 | github.com/mattn/go-isatty v0.0.14 // indirect 87 | github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect 88 | github.com/mitchellh/go-homedir v1.1.0 // indirect 89 | github.com/mitchellh/mapstructure v1.4.3 // indirect 90 | github.com/pborman/uuid v1.2.0 // indirect 91 | github.com/pierrec/lz4 v2.0.5+incompatible // indirect 92 | github.com/pkg/errors v0.9.1 // indirect 93 | github.com/pmezard/go-difflib v1.0.0 // indirect 94 | github.com/ryanuber/go-glob v1.0.0 // indirect 95 | github.com/spf13/pflag v1.0.5 // indirect 96 | github.com/thoas/go-funk v0.7.0 // indirect 97 | github.com/zalando/go-keyring v0.1.1-0.20210112083600-4d37811583ad // indirect 98 | go.etcd.io/etcd/api/v3 v3.5.1 // indirect 99 | go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 // indirect 100 | go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0 // indirect 101 | go.opencensus.io v0.23.0 // indirect 102 | go.uber.org/atomic v1.7.0 // indirect 103 | go.uber.org/multierr v1.6.0 // indirect 104 | go.uber.org/zap v1.17.0 // indirect 105 | golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect 106 | golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect 107 | golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect 108 | golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 // indirect 109 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect 110 | golang.org/x/text v0.3.7 // indirect 111 | golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect 112 | google.golang.org/api v0.67.0 // indirect 113 | google.golang.org/appengine v1.6.7 // indirect 114 | google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00 // indirect 115 | google.golang.org/grpc v1.44.0 // indirect 116 | google.golang.org/protobuf v1.27.1 // indirect 117 | gopkg.in/gookit/color.v1 v1.1.6 // indirect 118 | gopkg.in/square/go-jose.v2 v2.3.1 // indirect 119 | gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect 120 | ) 121 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2021- Dotan Nahum 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /media/helm-teller.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | --------------------------------------------------------------------------------