A bit of history... ● Deis Hackathon OCT 2015 ● Helm 1.x NOV 2015 ● Helm 2.x = Helm 1.x + Google Deployment Manager, NOV 2016 ● Helm 3.x ~ NOV 2019 (?)
Charts ➜ crowd git:(master) cat values.yaml replicaCount: 1 image: repository: crowd tag: latest pullPolicy: IfNotPresent # Hostname of the mysql server crowd will connect to mysql_server: localhost # Port of the mysql server, standard 3306 mysql_port: 3306
To Repo or Not To Repo? ● ~ helm repo list NAME URL stable https:// kubernetescharts.storage.googleapis.com local http://127.0.0.1:8879/charts ● Chartmuseum ● Git + GitSubmodules
Testing ● Unit testing – helm test ● hooks: test-success, test-failure ● Container definition which must exit 0 – Conftest: Open Policy Agent ● More broader than kubeval ● Rego Policy Language
Helmfile Declarative spec for deploying helm charts. ● Keep a directory of chart value files and maintain changes in version control. ● Apply CI/CD to configuration changes. ● Periodically sync to avoid skew in environments.
Helm v3 ● Re-architecture – Based on community best practices – Dramatic simplification – Security ● Bye bye Tiller * and the crowd goes nuts * ● Talks directly to Kube API ● Security Security Security – Helm capabilities limited to user context/permissions