Use our own docker image for helm install pods

This will reduce dependencies and failure points during installation. It
will also reduce security risks from untrusted dependencies being able
to effect all our users

lib/gitlab/kubernetes/helm.rb

@@ -2,6 +2,7 @@ module Gitlab
   module Kubernetes
     module Helm
       HELM_VERSION = '2.7.2'.freeze
+      KUBECTL_VERSION = '1.11.0'.freeze
       NAMESPACE = 'gitlab-managed-apps'.freeze
       SERVICE_ACCOUNT = 'tiller'.freeze
       CLUSTER_ROLE_BINDING = 'tiller-admin'.freeze

lib/gitlab/kubernetes/helm/base_command.rb

@@ -11,12 +11,6 @@ module Gitlab
         def generate_script
           <<~HEREDOC
             set -eo pipefail
-            ALPINE_VERSION=$(cat /etc/alpine-release | cut -d '.' -f 1,2)
-            echo http://mirror.clarkson.edu/alpine/v$ALPINE_VERSION/main >> /etc/apk/repositories
-            echo http://mirror1.hs-esslingen.de/pub/Mirrors/alpine/v$ALPINE_VERSION/main >> /etc/apk/repositories
-            apk add -U wget ca-certificates openssl >/dev/null
-            wget -q -O - https://kubernetes-helm.storage.googleapis.com/helm-v#{Gitlab::Kubernetes::Helm::HELM_VERSION}-linux-amd64.tar.gz | tar zxC /tmp >/dev/null
-            mv /tmp/linux-amd64/helm /usr/bin/
           HEREDOC
         end
 

lib/gitlab/kubernetes/helm/pod.rb

@@ -25,7 +25,7 @@ module Gitlab
         def container_specification
           {
             name: 'helm',
-            image: 'alpine:3.6',
+            image: "registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/#{Gitlab::Kubernetes::Helm::HELM_VERSION}-kube-#{Gitlab::Kubernetes::Helm::KUBECTL_VERSION}",
             env: generate_pod_env(command),
             command: %w(/bin/sh),
             args: %w(-c $(COMMAND_SCRIPT))

spec/lib/gitlab/kubernetes/helm/pod_spec.rb

@@ -30,7 +30,7 @@ describe Gitlab::Kubernetes::Helm::Pod do
       it 'should generate the appropriate specifications for the container' do
         container = subject.generate.spec.containers.first
         expect(container.name).to eq('helm')
-        expect(container.image).to eq('alpine:3.6')
+        expect(container.image).to eq('registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/2.7.2-kube-1.11.0')
         expect(container.env.count).to eq(3)
         expect(container.env.map(&:name)).to match_array([:HELM_VERSION, :TILLER_NAMESPACE, :COMMAND_SCRIPT])
         expect(container.command).to match_array(["/bin/sh"])

spec/support/shared_examples/helm_generated_script.rb

@@ -3,12 +3,6 @@ shared_examples 'helm commands' do
     let(:helm_setup) do
       <<~EOS
          set -eo pipefail
-         ALPINE_VERSION=$(cat /etc/alpine-release | cut -d '.' -f 1,2)
-         echo http://mirror.clarkson.edu/alpine/v$ALPINE_VERSION/main >> /etc/apk/repositories
-         echo http://mirror1.hs-esslingen.de/pub/Mirrors/alpine/v$ALPINE_VERSION/main >> /etc/apk/repositories
-         apk add -U wget ca-certificates openssl >/dev/null
-         wget -q -O - https://kubernetes-helm.storage.googleapis.com/helm-v2.7.2-linux-amd64.tar.gz | tar zxC /tmp >/dev/null
-         mv /tmp/linux-amd64/helm /usr/bin/
       EOS
     end