Helm provider
The Helm provider is a community provider. As the name suggests, it lets you manage Helm chart installations with Crossplane.
Install¶
You can install the provider via the up CLI or a Kubernetes manifest.
up controlplane provider install \
xpkg.upbound.io/crossplane-contrib/provider-helm:v0.12.0
cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-helm
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.12.0
EOF
Once created, you can wait for the provider to become healthy.
kubectl wait --for=condition="Healthy" providers.pkg.crossplane.io crossplane-contrib-provider-helm
Configure¶
The Helm provider needs Kubernetes credentials to install Helm charts. The following is required if installing in the same cluster as the provider.
cat <<EOF | kubectl apply -f -
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: InjectedIdentity
EOF
For options, look at the documentation and the examples.
Give Service Account permissions¶
The Helm provider needs several RBAC permissions. It does so via a generated Service Account, which you can find like this:
SA=$(kubectl -n upbound-system get sa -o name | grep provider-helm | sed -e 's|serviceaccount\/|upbound-system:|g')
You can give it the specific RBAC configuration you want or the cluster-admin cluster role, as in the example below.
Danger
Do not do this in production environments.
In production environments, ensure the Service Accounts have only the permissions you need.
kubectl create clusterrolebinding provider-helm-admin-binding --clusterrole cluster-admin --serviceaccount="${SA}" || true