Helmfile: Supercharge your deployment pipeline

by KUOKA Yusuke

Slide 1

Slide 1 text

Helmﬁle Supercharge your deployment pipeline Yusuke Kuoka / @mumoshu, Z Lab Corporation

Slide 2

Slide 2 text

“Deploying to K8s is unnecessarily hard”

Slide 3

Slide 3 text

“Deploying to K8s is unnecessarily hard” • ʮKubernetes΁ͷσϓϩΠͳΜ΋Θ͔ΒΜʯ • kubectl apply -f dir/ Ұ୒Ͱ͸? • ͍͍͑͑

Slide 4

Slide 4 text

Α͋͘Δύϥϝʔλ • ϚχϑΣετॻ͖͍ͨ vs Ͱ͖Δ͚ͩॻ͖ͨ͘ͳ͍ • DRYʹ͍ͨ͠ vs ͨ͘͠ͳ͍ • ࣗ෼ͰCI/CD૊Έ͍ͨ vs ೚͍ͤͨ • (ηΩϡϦςΟ|ύϑΥʔϚϯε|etc) ʹͩ͜ΘΔ vs ͩ͜ΘΒͳ͍ • KubernetesͷॊೈੑΏ͑બ୒ࢶ͕ଟ͍

Slide 5

Slide 5 text

Α͋͘Δ՝୊ • ૿͑ଓ͚Δπʔϧ • kubectl, kustomize, helm, kpt, go(client-go + whatever), etc. • ཚཱ͢ΔWrapper • make, bash, ruby, go, js, yaml(CircleCI config.yml, GitHub Actions Workflow, …) • ߏ੒؅ཧ • WrapperͲ͜ (ΞϓϦέʔγϣϯϨϙδτϦ?ConfigRepo? • OSSͷެࣜϚχϑΣετ/Chart౳Λͦͷ··࢖ͬͯΔͷ͔ɺforkͯ͠Δͷ͔ • forkͯ͠ΔͳΒࠩ෼͸Ͳ͔͜ • πʔϧͷظ଴͢Δόʔδϣϯ͸?

Slide 6

Slide 6 text

Α͋͘Δରࡦ • ૿͑ଓ͚Δπʔϧ ← ϕετϓϥΫςΟεͷυΩϡϝϯτԽ • ཚཱ͢ΔWrapper ← ڞ௨Խɾࣾ಺πʔϧԽ • ߏ੒؅ཧ ← ن໿Λͭ͘Δ

Slide 7

Slide 7 text

ΊͰͨ͠ΊͰͨ͠?

Slide 8

Slide 8 text

Α͋͘Δ՝୊ - Phase 2 • ૿͑ଓ͚ΔυΩϡϝϯτ΍πʔϧͷϝϯςφϯε޻਺ • े෼ʹςετ͞Εͳ͍ࣾ಺πʔϧ • ૿͑ଓ͚Δن໿

Slide 9

Slide 9 text

“Deployment on K8s is unnecessarily hard” • <—ίετେ— πʔϧઐ೚νʔϜ, WG, ਆ(K8s͓͡͞Μ), ϘϥϯςΟΞ —খ—> • େ఍ίετ͔͚ͨ΄͏͕πʔϧͱͯ͠͸࢖͍΍͘͢ͳΔ(ܦݧଇ • ͏·͍͘͘·ͰίετΛ͔͚ଓ͚Δ͔ʁˠجຊతʹ͸Yes • ʢͰ͖Ε͹ʣ࠷খݶͷίετͰ໰୊Λղܾ͍ͨ͠ • ୭͔͕طʹૺ۰ͨ͠໰୊͸ճආ͍ͨ͠ • େ͖ͳϛεΛճආ͍ͨ͠ • طଘπʔϧ͸ͳ͍ͷ͔ʁ

Slide 10

Slide 10 text

Helmﬁle

Slide 11

Slide 11 text

Helmﬁle: HISTORY & NUMBERS HelmϕʔεͷએݴతσϓϩΠπʔϧ https://github.com/roboll/helmﬁle/ - Nov. 2016: First Commit by @roboll (Datadog) - Feb. 2018: @mumoshu as maintainer - Apr. 2018: ϓϩμΫγϣϯͰ࢖ΘΕ࢝ΊΔ - 200ίϛοτɾ100ϦϦʔε/೥ - 2.1K GitHubελʔ @ 2020/05

Slide 12

Slide 12 text

Helmfile Benefits • πʔϧཚཱ ← ϚχϑΣετɾHelm Chartɾkustomizeαϙʔτ • ཚཱ͢ΔWrapper ← helmfile͕kubectl/kustomize/helmͷڞ௨ Wrapperʹ • ߏ੒؅ཧ ← ن໿Λͭ͘ΔͷͰ͸ͳ͘ɺhelmfileͷن໿Λར༻

Slide 13

Slide 13 text

Helm

Slide 14

Slide 14 text

Helmﬁle (helmﬁle.yaml)

Slide 15

Slide 15 text

Helmﬁle + Kustomize (./deploy/prod/kustomization.yamlΛHelmͰΠϯετʔϧ)

Slide 16

Slide 16 text

Helmﬁle as a “Wrapper” (ར༻πʔϧʹؔΘΒͣ౷ҰతͳίϚϯυͰෳ਺ΞϓϦΛҰׅ؅ཧ)

Slide 17

Slide 17 text

ߏ੒؅ཧ - ϓϩδΣΫτϧʔτʹ helmﬁle.yaml Λஔ͘ - ϓϩδΣΫτ໰ΘͣɺͨͩhelmﬁleΛ ࣮ߦ͢Δ͚ͩͰσϓϩΠՄೳ - ༨ྗ͕͋Ε͹ͦΕҎ֎ͷཁૉͷ໋໊ن ଇ΍ϑΝΠϧͷஔ͖৔ͷϧʔϧΛܾΊ Δ

Slide 18

Slide 18 text

ศརػೳ • Diff • όʔδϣϯϩοΫ • ϚχϑΣετੜ੒ • Secret؅ཧ • Values provider: AWS SecretsManager/Vault/SOPS/Terraform State • DAG • σόοάࢧԉ (helmﬁle build, helmﬁle —debug)

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

Alternatives • Terraform + Kubernetes/Helm provider • Pulumi + Kubernetes provider • AWS CDK / cdk8s • KPT (https://github.com/GoogleContainerTools/kpt) • Terraform + terraform-provider-helmﬁle

Slide 24

Slide 24 text

terraform-provider-helmﬁle  https://github.com/mumoshu/terraform-provider-helmﬁle

Slide 25

Slide 25 text

Also see… • helmfile.yamlαϯϓϧू  https://github.com/cloudposse/helmfiles • Helmfileͷsecret refػೳͰ࢖͑ΔόοΫΤϯυ  https://github.com/variantdev/vals/

Slide 26

Slide 26 text

·ͱΊ • Kubernetes ޲͚ͷσϓϩΠ͸ҙ֎ͱ໘౗ʢબ୒ࢶ͕ଟ͍͕ނʣ • kubectl/helm/kustomizeΛϥοϓ͢Δπʔϧ͕ಠࣗ։ൃ͞Ε͕ͪ • υΩϡϝϯτ΍πʔϧͷ࡞੒ɾϝϯςίετ͸࠷খݶʹ͍ͨ͠ • ಠࣗ։ൃ෦෼ΛݮΒ͢ / ཁ݅ʹ͋͏طଘπʔϧ͕͋Ε͹ར༻ • Helmﬁle͕͓ͦΒ͘࠷΋ଟػೳ • ൺֱݕ౼ީิʹೖΕΔͱɺඞཁͳػೳͷߟྀ࿙Ε͕ݮΒͤΔ͔΋