| title | layout | ||
|---|---|---|---|
Helm 201 |
|
A deep-dive into Helm (v3) and details like
helm versionexport wd_init="/Users/haddouti/Documents/Data/workspaces/repos/haf-tech/helm-201/work/helm-init3"Let's create a new Helm chart
echo $wd_initmkdir -p $wd_inithelm create $wd_init/demo-helm-201tree $wd_initChart.yamlcommon meta information- avoid using
appVersion- handle version in env-specific value-files or as field which will be overwritten during helm execution
- avoid using
cat $wd_init/demo-helm-201/Chart.yaml | grep -B2 -i 'version:'???+ tip "Goal" Templating * include output/result from namespaced functions * Whitespaces and new lines, indent
???+ tip "Action"
Action / Scripts #00
* Intro template and include
* modify service template
Render template and generate Kubernetes resource files
helm template demo-helm-201-common $wd_init/demo-helm-201 -f $wd_init/demo-helm-201/values.yaml --output-dir=work/out/common???+ tip "Goal"
Templates and Variables
* .Values.* holds all variables (from file and command line)
* values.yaml and any additional values-file will be merged
???+ tip "Action"
Action / Scripts #01
* image.version
* env-specific values file
Render template and generate Kubernetes resource files for TEST stage
helm template demo-helm-201-test $wd_init/demo-helm-201 -f $wd_init/demo-helm-201/values.test.yaml --output-dir=work/out/test???+ tip "Goal"
Templating, Functions
* _helpers.tpl holds set of helper functions used in template files
* common Go template functions are included (and, or, len, ...)
???+ tip "Action"
Action / Scripts
* go through _helpers.tpl
cat $wd_init/demo-helm-201/templates/_helpers.tpl???+ tip "Goal"
Templating, Functions
* with set the scope
* range iterate
???+ tip "Action"
Action / Scripts #02
* new sa.yaml
* values in values.test.yaml
Render template and generate Kubernetes resource files for TEST stage
helm template demo-helm-201-test $wd_init/demo-helm-201 -f $wd_init/demo-helm-201/values.test.yaml --output-dir=work/out/test???+ tip "Goal" Charts and Subcharts * Subchart is a standalone chart * only parent knows the subcharts / childrens * ...and only parent can override fields
???+ tip "Action"
Action
* checkout existing chart
* create a new chart in parent/chart directory
* configure dependency
Print out existing chart (without subchart)
tree $wd_initCreate new (sub)chart in the charts dir
helm create $wd_init/demo-helm-201/charts/demo-subchartrm -rf $wd_init/demo-helm-201/charts/demo-subchart/templates/*tree $wd_init???+ tip "Action"
Action / Scripts #03
* template for ConfigMap in subchart
* value file in subchart
* override options
Dry-Run subchart - with local value file
helm install --generate-name --dry-run --debug $wd_init/demo-helm-201/charts/demo-subchartRender entire chart - with pre value file, to override subchart fields
helm template demo-helm-201-pre $wd_init/demo-helm-201 -f $wd_init/demo-helm-201/values.pre.yaml --output-dir=work/out/preRender entire chart - with test value file, to NOT override subchart fields
helm template demo-helm-201-test $wd_init/demo-helm-201 -f $wd_init/demo-helm-201/values.test.yaml --output-dir=work/out/test??? tip "Be aware to consider that fields/values are not available/null in your template"
Hooks allows to execute specific resource definitions at defined points in the Helm life cycle. Available hooks
pre-installpost-installpre-deletepost-deletepre-upgradepost-upgradepre-rollbackpost-rollbacktest
Examples
- prepare the installation and create specific resources beforehand (ConfigMap, Job etc)
- clean up database before uninstalling application
- return a license or deregister/unsubscribe
Example for pre-install and post-delete hook. Hooks are usual Kubernetes resource definitions with special annotations.
metadata:
annotations:
"helm.sh/hook": pre-install, post-delete
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded
Create new (sub)chart in the charts dir
helm create $wd_init/demo-helm-201/charts/demo-hookrm -rf $wd_init/demo-helm-201/charts/demo-hook/templates/ingress.yaml && \
rm -rf $wd_init/demo-helm-201/charts/demo-hook/templates/service.yaml && \
rm -rf $wd_init/demo-helm-201/charts/demo-hook/templates/tests && \
tree $wd_init???+ tip "Action" Action / Scripts #04 * create 2 jobs for different hooks * install and upgrade
Install subchart for hook testing ...some OCP permissions adjustments (for nginx)...
oc adm policy add-scc-to-user anyuid -z demo-hook-devhelm upgrade --install demo-hook-dev $wd_init/demo-helm-201/charts/demo-hook -n demo-helmUpdate subchart for hook testing now with job definitions
helm upgrade --install demo-hook-dev $wd_init/demo-helm-201/charts/demo-hook -n demo-helm???+ tip "Action"
Action
* current pods and jobs
* events
* clean-up and check out the job with post-delete
Delete subchart which triggers hook
helm delete demo-hook-dev -n demo-helmHelm 3 provides the option to store helm charts not only on a HTTP server, but also in a OCI Registry. This allows the option to hold the artifacts (container image and helm charts) in the same registry.
???+ tip "Action" Action * use a local registry * push a local helm chart * install from OCI registry
Run a local registry
docker run -dp 5000:5000 --restart=always --name registry registryCreate helm package from the hook subchart ...helm package...
helm package $wd_init/demo-helm-201/charts/demo-hook --version 1.0.3 --destination $wd_init && \
helm package $wd_init/demo-helm-201/charts/demo-hook --version 1.0.4 --destination $wd_initPush helm package to registry ...helm registry login...
helm registry login -u testuser -p testpassword localhost:5000...helm package push...
helm push $wd_init/demo-hook-1.0.3.tgz oci://localhost:5000/helm-charts && \
helm push $wd_init/demo-hook-1.0.4.tgz oci://localhost:5000/helm-chartsVerify helm package in OCI registry ...show chart details...
helm show chart oci://localhost:5000/helm-charts/demo-hookInstall (render) helm package directly from OCI registry ...render existing chart from registry...
helm template release-demo-hook-oci oci://localhost:5000/helm-charts/demo-hook --version 1.0.3 --output-dir=work/out/oci...try to render non-existing chart from registry...
helm template release-demo-hook-oci oci://localhost:5000/helm-charts/demo-hook --version 2.2.2 --output-dir=work/out/ociSome additional details
With Helm3 not Tiller exists anymore. All configuration and release state, including value files, is now stored in a Secret instead of a ConfigMap.
Install subchart
helm upgrade --install release-demo-hook-state $wd_init/demo-helm-201/charts/demo-hook -n demo-helmList all existing helm releases
helm listPrint out release information from Helm Release Secret
oc get secret sh.helm.release.v1.release-demo-hook-state.v1 -o jsonpath='{.data.release}' -n demo-helm | base64 --decode | base64 --decode | gunzip -c | jqHelm determines the relevant changes and updates only the necessary resources. In case the content of a ConfigMap changed, but not the image version, a redeployment or restart of the deployment will be not triggered.
To trigger a redeployment a relation between ConfigMap content and Deployment is needed
kind: Deployment
spec:
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
The idea is, that the Deployment contains an annotation with a checksum of the related ConfigMap. Any changes in the content, results in an other sha256sum, results in an other annotation, which results in modified Deployment definition.
The IBM Cloud Container Registry is OCI compliant and could also be used for Helm packages
Push chart to IBM CR
ibmcloud login --sso
ibmcloud cr login
helm registry login -u iamapikey
helm push $wd_init/demo-hook-1.0.1.tgz oci://de.icr.io/demo-helmyamlkubernetesunderstands also the helm template syntax
This was a walkthrough for Helm 201 with covering topics like
- templating
- charts and subcharts
- OCI Registry