Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Helm

 Helm

What is Helm, how it can help you deploy containers in Kubernetes.
Changes in Helm 3.

Christophe Vanlancker

September 27, 2019
Tweet

More Decks by Christophe Vanlancker

Other Decks in Technology

Transcript

  1. Helm

  2. What is Helm? Package manager for Kubernetes – Manage Complexity

    – Easy updates – Simple Sharing – Rollbacks
  3. A bit of history... • Deis Hackathon OCT 2015 •

    Helm 1.x NOV 2015 • Helm 2.x = Helm 1.x + Google Deployment Manager, NOV 2016 • Helm 3.x ~ NOV 2019 (?)
  4. Helm 2 • Client – Server: Helm + Tiller •

    Templated YAML + Metadata • Charts
  5. Charts ➜ crowd git:(master) tree ├── Chart.yaml ├── templates │

    ├── deployment.yaml │ ├── _helpers.tpl │ ├── NOTES.txt │ ├── service.yaml │ └── tests │ └── test-connection.yaml └── values.yaml
  6. Charts ➜ crowd git:(master) cat Chart.yaml apiVersion: v1 appVersion: "1.0"

    description: A Helm chart for Kubernetes name: crowd version: 0.1.0
  7. Charts ➜ crowd git:(master) cat values.yaml replicaCount: 1 image: repository:

    crowd tag: latest pullPolicy: IfNotPresent # Hostname of the mysql server crowd will connect to mysql_server: localhost # Port of the mysql server, standard 3306 mysql_port: 3306
  8. Charts ➜ ipa git:(master) cat templates/deployment.yaml apiVersion: apps/v1 kind: Deployment

    metadata: name: {{ include "ipa.fullname" . }} labels: {{ include "ipa.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "ipa.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ipa.name" . }} app.kubernetes.io/instance: {{ .Release.Name }}
  9. Charts initContainers: - name: wait-for-mysql image: "{{ .Values.validationCheck.image.repository }}:{{ .Values.validationCheck.image.tag

    }}" imagePullPolicy: {{ .Values.validationCheck.image.pullPolicy }} dnsPolicy: "ClusterFirst" command: ['sh', '-c', 'until nc -zv "{{ .Values.mysql_server }}" "{{ .Values.mysql_port }}"; do echo waiting for {{ .Values.mysql_server }}; sleep 2; done;'] containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} dnsPolicy: "ClusterFirst" ports: - name: http containerPort: 8095 protocol: TCP env: - name: MYSQL_SERVER value: "{{ .Values.mysql_server }}" - name: MYSQL_PORT value: "{{ .Values.mysql_port }}"
  10. SubCharts ➜ cms git:(master) tree -L 2 ├── charts │

    ├── ipa │ ├── ipa-mysql │ ├── webapp │ ├── backend │ ├── doc │ ├── mysql │ ├── webapp2 │ └── proxy ├── Chart.yaml ├── templates └── values.yaml
  11. SubCharts ➜ cms git:(master) cat values.yaml ipa: image: repository: localhost:5000/ipa

    pullPolicy: Always mysql_server: "cms-ipa-mysql.default.svc.cluster.local" mysql_port: 3306
  12. To Repo or Not To Repo? • ~ helm repo

    list NAME URL stable https:// kubernetescharts.storage.googleapis.com local http://127.0.0.1:8879/charts • Chartmuseum • Git + GitSubmodules
  13. Workflow $ helm init --history-max 200 $ helm repo update

    $ helm install stable/mysql NAME: wintering-rodent LAST DEPLOYED: Thu Sep 25 19:20:18 2019 NAMESPACE: default STATUS: DEPLOYED $ helm upgrade --set pwd=3jk$o2,z=f\30.e wintering-rodent stable/mysql $ helm delete wintering-rodent
  14. Workflow ➜ CMS-Release helm list NAME REVISION UPDATED STATUS CHART

    APP VERSION NAMESPACE cms 1 Thu Sep 26 19:48:52 2019 DEPLOYED cms-0.1.0 1.0 default
  15. Testing • Syntax ➜ helm template ipa --- # Source:

    ipa/templates/service.yaml apiVersion: v1 kind: Service metadata: name: release-name-ipa – helm plugin install https://github.com/instrumenta/helm-kubeval • Test config against Kube schemas
  16. Testing • Unit testing – helm test <chart> • hooks:

    test-success, test-failure • Container definition which must exit 0 – Conftest: Open Policy Agent • More broader than kubeval • Rego Policy Language
  17. Helmfile Declarative spec for deploying helm charts. • Keep a

    directory of chart value files and maintain changes in version control. • Apply CI/CD to configuration changes. • Periodically sync to avoid skew in environments.
  18. Helm v3 • Re-architecture – Based on community best practices

    – Dramatic simplification – Security • Bye bye Tiller * and the crowd goes nuts * • Talks directly to Kube API • Security Security Security – Helm capabilities limited to user context/permissions
  19. Helm v3 • Command-line changes – helm delete → helm

    uninstall – helm inspect → helm show – helm fetch → helm pull – --purge default (override: helm uninstall –-keep history) • Default to single namespace for single release • Chart dependency management • Required to specify release name (unless –generate-name) • Pluggable auth • Optional Lua templating • Validation if Release will be successful before applying • Library Charts • Personal Repos instead of stable upstream repo
  20. None