OverHelmed: Experience of a Helm chart publisher and consumer

Transcript

1. OverHelmed: Experience of a Helm chart publisher and consumer Tamal

   Saha AppsCode Inc., XGoogler Email: [email protected] Github: @tamalsaha Twitter: @tsaha Kubernetes Slack: @tamal

2. My intro to Helm @tsaha @tamal

3. Rewrite Tiller as a TPR controller (Nov 2016) - https://github.com/appscode/tillerc

   - This project is abandoned because Tiller's authorization requirements can't be implemented using a TPR controller. - https://github.com/kubernetes/helm/issues/1586#issuecomme nt-277666828 @tsaha @tamal

4. Add AuthN/Z to Tiller (Feb 2017) https://github.com/kubernetes/helm/issues/1918 https://github.com/kubernetes/helm/pull/1932 @tsaha @tamal

5. Currently - Swift - Ajax friendly Helm Tiller Proxy -

   Chartify - Generate Helm Charts from Kubernetes objects - Publish charts to stable repo - Voyager - https://hub.kubeapps.com/charts/stable/voyager - Kubed - https://hub.kubeapps.com/charts/stable/kubed - Searchlight - https://hub.kubeapps.com/charts/stable/searchlight - Stash - https://hub.kubeapps.com/charts/stable/stash - Swift - https://hub.kubeapps.com/charts/stable/swift - g2 - https://hub.kubeapps.com/charts/stable/g2 @tsaha @tamal

6. Where Helm falls short? @tsaha @tamal

7. 2 personas - Package consumer - Package author/publisher (sometimes both

   personas are held by same person) @tsaha @tamal

8. Chart Consumer - Great UX for trying new apps. -

   Needs lot of ceremony for internal apps. - Requires reinventing the developer workflow? - Multiple sources of truth? - `kube blame`: Can you tell who actually deployed that release? @tsaha @tamal

9. Chart Consumer - Ordering deployments - Are you backing up

   your release history? - YAML + GO template (thanks for `helm template`) @tsaha @tamal

10. Chart Publisher - Chart version is not same as your

    app version . - Slow / unpredictable review process for stable charts - Constantly changing style guides (`{{- define "chart.name" -}}` anyone?) @tsaha @tamal

11. Can we do something simpler? @tsaha @tamal

12. - Simple to get started (kubectl apply -f app.yaml) -

    Simple to learn (not another family of toolchains) - Simple to share (git repos) - Simple to branch/fork - Flexible enough to handle complex deployments - No new system of record, no new system to secure @tsaha @tamal

13. This is not simple Ref: https://speakerdeck.com/lachie83/helm-summit-pdx-2018-securing-helm @tsaha @tamal

14. We don’t need to reinvent Git $ git vs helm

    @tsaha @tamal

15. It has been done before - glide, dep - npm

    @tsaha @tamal

16. Package Author Manifest.yaml @tsaha @tamal

17. Package Consumer Manifest.yaml @tsaha @tamal

18. $ pack dep $ pack edit -s _vendor/github.com/kubepack/test-kubed/app.yaml $ pack

    up $ kubectl apply -R -f _outlook/ @tsaha @tamal

19. Kube blame - `pack up` can tag all the objects

    with git commit hash - Collect Kubernetes audit log - Now you know who deployed what change. @tsaha @tamal

20. Disaster recovery - Instead of bottom up recovery, do top

    down recovery @tsaha @tamal

21. https://kubepack.com #kubepack on Kubernetes Slack @tsaha @tamal

22. Additional Reading - Simple Kubernetes Templating - Declarative application management

    in Kubernetes - So you want to write a package manager @tsaha @tamal