{"id":20019143,"url":"https://github.com/ekgf/gcloud-helm","last_synced_at":"2026-06-08T08:31:51.956Z","repository":{"id":114511987,"uuid":"262554332","full_name":"EKGF/gcloud-helm","owner":"EKGF","description":"Google Cloud Builder image with helm","archived":false,"fork":false,"pushed_at":"2020-05-09T11:28:45.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":8,"default_branch":"master","last_synced_at":"2026-05-14T14:54:58.233Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EKGF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-09T11:18:09.000Z","updated_at":"2020-05-09T11:18:18.000Z","dependencies_parsed_at":"2023-05-17T14:31:12.880Z","dependency_job_id":null,"html_url":"https://github.com/EKGF/gcloud-helm","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/EKGF/gcloud-helm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-helm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-helm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-helm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-helm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EKGF","download_url":"https://codeload.github.com/EKGF/gcloud-helm/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-helm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34055247,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T08:26:06.413Z","updated_at":"2026-06-08T08:31:51.937Z","avatar_url":"https://github.com/EKGF.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [Helm](https://docs.helm.sh/) tool builder\n\n## Using this builder with Google Container Engine\n\nTo use this builder, your\n[Cloud Build Service Account](https://cloud.google.com/cloud-build/docs/securing-builds/set-service-account-permissions)\nwill need IAM permissions sufficient for the operations you want to perform. For\ntypical read-only usage, the \"Kubernetes Engine Viewer\" role is sufficient. To\ndeploy container images on a GKE cluster, the \"Kubernetes Engine Developer\" role\nis sufficient. Check the\n[GKE IAM page](https://cloud.google.com/kubernetes-engine/docs/concepts/access-control)\nfor details.\n\nFor most use, kubectl will need to be configured to point to a specific GKE\ncluster. You can configure the cluster by setting environment variables.\n\n    # Set region for regional GKE clusters or Zone for Zonal clusters\n    CLOUDSDK_COMPUTE_REGION=\u003cyour cluster's region\u003e\n    or\n    CLOUDSDK_COMPUTE_ZONE=\u003cyour cluster's zone\u003e\n\n    # Name of GKE cluster\n    CLOUDSDK_CONTAINER_CLUSTER=\u003cyour cluster's name\u003e\n\n    # (Optional) Project of GKE Cluster, only if you want helm to authenticate\n    # to a GKE cluster in another project (requires IAM Service Accounts are properly setup)\n    GCLOUD_PROJECT=\u003cdestination cluster's GCP project\u003e\n\nSetting the environment variables above will cause this step's `entrypoint` to\nfirst run a command to fetch cluster credentials as follows.\n\n    gcloud container clusters get-credentials --zone \"$CLOUDSDK_COMPUTE_ZONE\" \"$CLOUDSDK_CONTAINER_CLUSTER\"`\n\nThen, `kubectl` and consequently `helm` will have the configuration needed to talk to your GKE cluster.\n\n## Building this builder\n\nTo build this builder, run the following command in this directory.\n\n```\n./localbuild.sh\n```\n\n## Using Helm\n\nThis builder supports two install options of Helm:\n* The default one when the `tiller` gets installed into your GKE cluster.\n* Secure `Tillerless Helm` where `tiller` runs outside the GKE cluster.\n\nCheck the [examples](examples) folder for examples of using Helm in `Cloud Build` pipelines.\n\n**Note:** Do not forget to update `zone` and GKE `cluster` settings in the `cloudbuild.yaml` files.\n\n### Default Helm + Tiller setup\n\nThe default one when the `tiller` gets installed into your GKE cluster (oh all those `tiller` security issues).\n\nYou can test e.g. installing a chart via `Helm`, running the following command.\n\n    gcloud builds submit . --config=examples/chart-install/cloudbuild.yaml\n\nAnd to list Helm releases.\n\n    $ gcloud builds submit . --config=examples/releases-list/cloudbuild.yaml\n\n\n### Tillerless Helm setup\n\n`Tillerless Helm` solves many `tiller` [security issues](https://docs.helm.sh/using_helm/#securing-your-helm-installation), as `tiller` runs outside the GKE cluster, locally in the container, and stores configs as secrets using the [secrets storage backend](https://docs.helm.sh/using_helm/#storage-backends).\nIt is based on the [Tillerless](https://rimusz.net/tillerless-helm/) [plugin](https://github.com/rimusz/helm-tiller), and is available in the image.\n\n#### Enabling Tillerless Helm\n\nSet `TILLERLESS=true` and optionally `TILLER_NAMESPACE=\u003cnamespace\u003e`.\n\nYou can test e.g. installing a chart via `Tillerless Helm`, running the following command.\n\n    $ gcloud builds submit . --config=examples/chart-install-tillerless/cloudbuild.yaml\n\nAnd to list Helm releases.\n\n    $ gcloud builds submit . --config=examples/releases-list-tillerless/cloudbuild.yaml\n\n## RBAC Considerations\n\n**Note:** If your GKE cluster has `RBAC` enabled, you must grant Cloud Build Service Account the `cluster-admin` role (or make it more specific for your use case)\n\n    $ export PROJECT_ID=\"$(gcloud projects describe $(gcloud config get-value core/project -q) --format='get(projectNumber)')\"\n    $ export SERVICE_ACCOUNT=\"${PROJECT_ID}@cloudbuild.gserviceaccount.com\"\n\n    # Add IAM policy for cloudbuild cluster administration\n    $ gcloud projects add-iam-policy-binding ${PROJECT_ID} \\\n      --member=serviceAccount:${SERVICE_ACCOUNT} \\\n      --role=roles/container.admin\n\n    # and add a clusterrolebinding\n    $ kubectl create clusterrolebinding cluster-admin-${SERVICE_ACCOUNT} \\\n      --clusterrole cluster-admin --user ${SERVICE_ACCOUNT}\n\n## Configuration\n\nThe following options are configurable via environment variables passed to the build step in the `env` parameter:\n\n| Option        | Description   |\n| ------------- | ------------- |\n| DIFF_PLUGIN_VERSION | [Diff plugin](https://github.com/databus23/helm-diff) version to install, optional |\n| GCS_PLUGIN_VERSION | [GCS plugin](https://github.com/nouney/helm-gcs) version to install, optional |\n| HELM_REPO_NAME | External Helm repository name, optional |\n| HELM_REPO_URL | External Helm repo URL, optional |\n| HELMFILE_VERSION | [Helmfile](https://github.com/roboll/helmfile) version to install, optional (if using helm v3, please use the helmfile builder)\n| TILLERLESS | If true, Tillerless Helm is enabled, optional |\n| TILLER_NAMESPACE | Tiller namespace, optional |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fekgf%2Fgcloud-helm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fekgf%2Fgcloud-helm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fekgf%2Fgcloud-helm/lists"}