helm-manifest-parser

command

v0.0.0-...-e8bc681 Latest Latest Go to latest Published: May 3, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sapcc/gatekeeper-addons

Links

Open Source Insights

README ¶

helm-manifest-parser

Gatekeeper's Rego implementation does not have enough library functions to parse Helm manifests: A GZip decompression function would be required to parse Helm 3 manifests, and Helm 2 manifests use a custom binary format where we're even more out of luck. To add this missing parsing function, this helper program provides an HTTP endpoint that Rego expressions can call via the http.send built-in.

Usage

The helper itself is completely stateless. The only configuration is the listen address for the HTTP server, which must be supplied as the only command-line argument:

helm-manifest-parser 0.0.0.0:8080

Even though Helm manifests often contain secrets, there aren't really any security considerations for this component: It only gets Helm manifests by the API. It doesn't read the Kubernetes database itself.

API

The HTTP endpoint for manifest parsing is POST /v3 for Helm 3 manifests. (There used to be POST /v2 for Helm 2 manifests, but it has since been removed.) The request body must be the data.release field of the respective ConfigMap (for Helm 2 manifests) or Secret (for Helm 3 manifests). In both cases, the response body is a JSON document like this:

{
  "items": [
    {
      "apiVersion": "v1",
      "kind": "Pod",
      "spec": {
        ...
      },
      "status": {
        ...
      }
    },
    ...
  ],
  "values": {
    "global": {
      "region": "lab1"
    },
    ...
  },
  "owner_info": {}
}

The main parts of the response object are the objects in the manifest (in the .items array) and the values that were used to render the chart templates (in the .values object). Additionally, if the release manifest contains a ConfigMap called owner-of-${RELEASE_NAME}, then its data section will be repeated in the .owner_info object. This ConfigMap is usually generated by the owner-info subchart.

Besides the POST /v3 endpoint, a health check endpoint is provided at GET /healthcheck, which always returns the plain text string "OK".

Logging

HTTP requests are logged, but by default, only failed requests (HTTP status code != 200) are logged. To enable full logging, set the environment variable LOG_ALL_REQUESTS=true.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL