Helmfile: Supercharge your deployment pipeline

Transcript

1. Helmfile
   Supercharge your deployment pipeline
   Yusuke Kuoka / @mumoshu, Z Lab Corporation
   

   View Slide

2. “Deploying to K8s is unnecessarily hard”
   

   View Slide

3. “Deploying to K8s is unnecessarily hard”
   • ʮKubernetes΁ͷσϓϩΠͳΜ΋Θ͔ΒΜʯ
   • kubectl apply -f dir/ Ұ୒Ͱ͸?
   • ͍͍͑͑
   

   View Slide

4. Α͋͘Δύϥϝʔλ
   • ϚχϑΣετॻ͖͍ͨ vs Ͱ͖Δ͚ͩॻ͖ͨ͘ͳ͍
   • DRYʹ͍ͨ͠ vs ͨ͘͠ͳ͍
   • ࣗ෼ͰCI/CD૊Έ͍ͨ vs ೚͍ͤͨ
   • (ηΩϡϦςΟ|ύϑΥʔϚϯε|etc) ʹͩ͜ΘΔ vs ͩ͜ΘΒͳ͍
   • KubernetesͷॊೈੑΏ͑બ୒ࢶ͕ଟ͍
   

   View Slide

5. Α͋͘Δ՝୊
   • ૿͑ଓ͚Δπʔϧ
   • kubectl, kustomize, helm, kpt, go(client-go + whatever), etc.
   • ཚཱ͢ΔWrapper
   • make, bash, ruby, go, js, yaml(CircleCI config.yml, GitHub Actions Workflow, …)
   • ߏ੒؅ཧ
   • WrapperͲ͜ (ΞϓϦέʔγϣϯϨϙδτϦ?ConfigRepo?
   • OSSͷެࣜϚχϑΣετ/Chart౳Λͦͷ··࢖ͬͯΔͷ͔ɺforkͯ͠Δͷ͔
   • forkͯ͠ΔͳΒࠩ෼͸Ͳ͔͜
   • πʔϧͷظ଴͢Δόʔδϣϯ͸?
   

   View Slide

6. Α͋͘Δରࡦ
   • ૿͑ଓ͚Δπʔϧ ← ϕετϓϥΫςΟεͷυΩϡϝϯτԽ
   • ཚཱ͢ΔWrapper ← ڞ௨Խɾࣾ಺πʔϧԽ
   • ߏ੒؅ཧ ← ن໿Λͭ͘Δ
   

   View Slide

7. ΊͰͨ͠ΊͰͨ͠?
   

   View Slide

8. Α͋͘Δ՝୊ - Phase 2
   • ૿͑ଓ͚ΔυΩϡϝϯτ΍πʔϧͷϝϯςφϯε޻਺
   • े෼ʹςετ͞Εͳ͍ࣾ಺πʔϧ
   • ૿͑ଓ͚Δن໿
   

   View Slide

9. “Deployment on K8s is unnecessarily hard”
   •
   • େ఍ίετ͔͚ͨ΄͏͕πʔϧͱͯ͠͸࢖͍΍͘͢ͳΔ(ܦݧଇ
   • ͏·͍͘͘·ͰίετΛ͔͚ଓ͚Δ͔ʁˠجຊతʹ͸Yes
   • ʢͰ͖Ε͹ʣ࠷খݶͷίετͰ໰୊Λղܾ͍ͨ͠
   • ୭͔͕طʹૺ۰ͨ͠໰୊͸ճආ͍ͨ͠
   • େ͖ͳϛεΛճආ͍ͨ͠
   • طଘπʔϧ͸ͳ͍ͷ͔ʁ
   

   View Slide

10. Helmfile
    

    View Slide

11. Helmfile:
    HISTORY & NUMBERS
    HelmϕʔεͷએݴతσϓϩΠπʔϧ
    https://github.com/roboll/helmfile/
    - Nov. 2016: First Commit by @roboll (Datadog)
    - Feb. 2018: @mumoshu as maintainer
    - Apr. 2018: ϓϩμΫγϣϯͰ࢖ΘΕ࢝ΊΔ
    - 200ίϛοτɾ100ϦϦʔε/೥
    - 2.1K GitHubελʔ @ 2020/05
    

    View Slide

12. Helmfile Benefits
    • πʔϧཚཱ ← ϚχϑΣετɾHelm Chartɾkustomizeαϙʔτ
    • ཚཱ͢ΔWrapper ← helmfile͕kubectl/kustomize/helmͷڞ௨
    Wrapperʹ
    • ߏ੒؅ཧ ← ن໿Λͭ͘ΔͷͰ͸ͳ͘ɺhelmfileͷن໿Λར༻
    

    View Slide

13. Helm
    

    View Slide

14. Helmfile (helmfile.yaml)
    

    View Slide

15. Helmfile + Kustomize
    (./deploy/prod/kustomization.yamlΛHelmͰΠϯετʔϧ)
    

    View Slide

16. Helmfile as a “Wrapper”
    (ར༻πʔϧʹؔΘΒͣ౷ҰతͳίϚϯυͰෳ਺ΞϓϦΛҰׅ؅ཧ)
    

    View Slide

17. ߏ੒؅ཧ
    - ϓϩδΣΫτϧʔτʹ helmfile.yaml
    Λஔ͘
    - ϓϩδΣΫτ໰ΘͣɺͨͩhelmfileΛ
    ࣮ߦ͢Δ͚ͩͰσϓϩΠՄೳ
    - ༨ྗ͕͋Ε͹ͦΕҎ֎ͷཁૉͷ໋໊ن
    ଇ΍ϑΝΠϧͷஔ͖৔ͷϧʔϧΛܾΊ
    Δ
    

    View Slide

18. ศརػೳ
    • Diff
    • όʔδϣϯϩοΫ
    • ϚχϑΣετੜ੒
    • Secret؅ཧ
    • Values provider: AWS SecretsManager/Vault/SOPS/Terraform State
    • DAG
    • σόοάࢧԉ (helmfile build, helmfile —debug)
    

    View Slide

19. View Slide

20. View Slide

21. View Slide

22. View Slide

23. Alternatives
    • Terraform + Kubernetes/Helm provider
    • Pulumi + Kubernetes provider
    • AWS CDK / cdk8s
    • KPT (https://github.com/GoogleContainerTools/kpt)
    • Terraform + terraform-provider-helmfile
    

    View Slide

24. terraform-provider-helmfile

    https://github.com/mumoshu/terraform-provider-helmfile
    

    View Slide

25. Also see…
    • helmfile.yamlαϯϓϧू

    https://github.com/cloudposse/helmfiles
    • Helmfileͷsecret refػೳͰ࢖͑ΔόοΫΤϯυ

    https://github.com/variantdev/vals/
    

    View Slide

26. ·ͱΊ
    • Kubernetes ޲͚ͷσϓϩΠ͸ҙ֎ͱ໘౗ʢબ୒ࢶ͕ଟ͍͕ނʣ
    • kubectl/helm/kustomizeΛϥοϓ͢Δπʔϧ͕ಠࣗ։ൃ͞Ε͕ͪ
    • υΩϡϝϯτ΍πʔϧͷ࡞੒ɾϝϯςίετ͸࠷খݶʹ͍ͨ͠
    • ಠࣗ։ൃ෦෼ΛݮΒ͢ / ཁ݅ʹ͋͏طଘπʔϧ͕͋Ε͹ར༻
    • Helmfile͕͓ͦΒ͘࠷΋ଟػೳ
    • ൺֱݕ౼ީิʹೖΕΔͱɺඞཁͳػೳͷߟྀ࿙Ε͕ݮΒͤΔ͔΋
    

    View Slide