Helm Applications - Helm Charts
Overview: Deploying and updating applications from resource manifests packaged as Helm charts.
Helm:
- Open-source application for managing K8s app lifecycles
- Directory "chart" structure created with the helm create <chart-name> command
- Directory chart tree structure can be viewed with the tree <chart-name> command
Note:
- $ tree <chart-name> must be entered in the folder containing the chart or it returns an error: <chart-name> [error opening dir]
- Helm Chart:
- - A package that describes a set of K8s resources to be deployed
- - Defines values customizable during deployment
- - Contains hooks executed at different points during installation and updates.
- - - Automate tasks with more complex applications than purely manifest-based files
- Includes functions to distribute charts and updates
- Not as complex a model as K8s Operators
- Release: the deployment / app result of deploying/running the chart
- Versions: the chart can have multiple versions for upgrades and app fixes
- Minimum parameters for chart release/installation:
- - Deployment target namespace
- - Default values to override
- - Release name
- Helm charts distributed by/as:
- - Folders/files
- - Archives
- - Container images
- - Repository URLs
Notes:
- Typically, a Helm chart release does not create a namespace, and namespaced resources in the chart omit a namespace declaration.
- Helm uses the namespace passed (parameter) for the deployment, and Helm creates namespaced resources within "this" namespace.
- When installing a release, Helm creates a secret with the release details. If the secret is deleted or corrupted, Helm cannot operate with the former release anymore. (Secret is kind/type: helm.sh/release.v1)
Chart Structure:
chartexample/
├── chart.yaml
├── templates
| |── example.yaml
| |── deploymentexample.yaml
└── values.yaml
chart.yaml: Contains chart metadata, including name, version, maintainer, and the repository source of the chart.
- View this info with the command helm show chart <chartname> (e.g. example)
templates folder: Contains the resources/manifest files that make up the app / deployment
- can contain any K8s resources
- can include a namespace, or non-namespaced
- typically use the release name with the type of resource as a suffix releasename-deploy, releasename-sa, releasename-i
templates/NOTES.txt
- configures the text that Helm prints after you install the chart, including the deployed application URL, and how developers can interact with the application.
values.yaml: Contains the default values (like parameters) for the chart
- View these values with the command: helm show values <chartname> (e.g. example)
Helm Templates:
- Developers create apps by customizing Helm templates into their Helm chart tree in the /templates directory.
- Helm templates use the Golang templating language
Expression Templating Example:
Notes:
- The following generic Deployment YAML has been updated with Golang variables/parameters, e.g. {{ .Values.variableName }}.
- When the variable expression starts with a period and a first caps word, then a file is being represented; so for the variable .Values.variableName above, the variableName is a variable found in the file named values.yaml.
- The | quote indicates that YAML requires/desires the value to be wrapped in double quotes.
- The | default <value> indicates that if the variable .image.pullPolicy specified is not in values.yaml, or has no value, then default "this" one.
$ cat templates/deploymentexample.yaml
{{ with .Values }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .deployName }}
spec:
replicas: {{ .replicaCount }}
selector:
matchLabels:
deployment: {{ .deployName }}
strategy: {}
template:
metadata:
labels:
deployment: {{ .deployName }}
spec:
containers:
- image: {{ .image.repository | quote }}
imagePullPolicy: {{ .image.pullPolicy | default "Always" | quote }}
name: {{ .deployName }}
{{ if eq .Values.createSharedSecret "true" }}
env:
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database-name
name: {{ .secret.secretName }}
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: database-password
name: {{ .secret.secretName }}
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: database-user
name: {{ .secret.secretName }}
{{ end }}
{{ end }}
The templates/NOTES.txt file can also contain variables from values.yaml or other files.
$ cat templates/NOTES.txt
Installed {{ .Chart.Name }}
{{ .Release.Name }}
Namespace: {{ .Release.Namespace }}
Application URL: {{ .Values.appService.Host }}.{{ .Values.appService.domain }}/{{ .Values.appService.endPoint }}
Learn more:
$ helm status {{ .Release.Name }}
$ helm get all {{ .Release.Name }}
Template Verification:
- Verify by running helm template <chart-name>
- Without the -s / --show-only parameter, the command renders all the templates in the chart tree.
- Must be run w/in the top-left of the helm chart folder, or results in the error: Error: Chart.yaml file is missing
- The <chart-name> can be swapped out with just a period/dot for this chart when within the top-level folder of the chart.
$ helm template -s templates/deploymentexample.yaml chartexample
<view YAML output>
Test if/then rendering by dynamically setting values true or false:
$ helm template --set createSharedSecret=false -s templates/deploymentexample.yaml chartexample
<view YAML output and confirm the secret section is not there>
$ helm template --set createSharedSecret=true -s templates/deploymentexample.yaml chartexample
<view YAML output and confirm the secret section is there>
Viewing a remote chart to inspect the chart YAML files before downloading locally:
$ helm template <helm-chart-repository>/<chart-name>
<view YAML output>
Inspect and Display a Chart's Definition Synopsis:
- helm show chart <chart-name>
- Inspects a chart directory or URL and displays the contents of the chart.yaml file
[admin@rocp ~]$ helm show chart mwMySQL
apiVersion: v1
description: A Helm chart for MW MySQL
name: mwMySQL
version: 0.0.1
maintainers:
- email: devaccount@mindwatering.net
name: MW Developer
sources:
- https://git.mindwatering.net/mwmysql
Inspect and Display a Chart's Templating Expression Values:
- helm show values <chart-name>
- Inspects a chart directory or URL and displays the contents of the Values.yaml file
[admin@rocp ~]$ helm show values mwMySQL
...
image:
repository: "mwmysql"
tag: "1.1.10"
pullPolicy: IfNotPresent
...
route:
enabled: true
host: null
targetPort: http
...
resources: {}
...
Notes:
- All chart values can be overridden / configured using a yaml file. (e.g. --values valuesoverride.yaml )
- If you want to customize the route, create a route.host key file.
Creating a chart structure:
$ helm create <chart-name>
<view message saying creating>
View the chart tree created:
$ tree <chart-name>
<view tree structure>
Use a Helm Repo and Stage to Your Corporate Repo:
- Chart developers adhere to OpenShift security standards, especially not using privilege root user by the deployed application.
- Popular Helm repositories:
- - IBM repositories
- - Helm Stable repositories
- - Bitnami repositories
- - Hashicorp repositories
Add a repository to OpenShift:
$ helm repo add openshift-helm-charts https://charts.openshift.io/
"openshift-helm-charts" has been added to your repositories
Search the contents of repo just added:
$ helm search repo openshift-helm-charts
<view listing of charts available>
Use --untar to unpack the chart tar file so it can be inspected before deployment:
$ helm pull openshift-helm-charts/redhat-quarkus --untar --destination redhat-quarkus
Push the chart to your corporate repository:
$ helm package my-chart-directory
<success message includes the local location/folder of the new tgz archive file>
$ helm push example-chart-0.1.0.tgz example.repository.org
<view success message>
Dry run a release, and install a Helm chart release:
a. Login:
[admin@rocp ~]$ oc login -u myadminid -p <mypassword> https://api.ropc.mindwatering.net:6443
Login successful ...
b, Create new OC project:
[admin@rocp ~]$ oc new-project mysql-chartsdeployment
Now using project "mysql-deployment" on server ...
c. Create values override file:
[admin@rocp ~]$ $ vi valuesoverride.yaml
image:
repository: registry.ocp4.mindwatering.net:8443/mysql:test2
name: etherpad
tag: 1.8.18
route:
host: mysql-test2.apps.mindwatering.net
<esc>:wq (to save)
d. Perform dry-run:
[admin@rocp ~]$ cd mwmysql
[admin@rocp ~]$ helm install mwmysql . --namespace mwsql --dry-run --values valuesoverride.yaml
The release preview includes 3 sections:
- The Metadata: name, last deployed date/time, namespace, status, revision, hooks, manifest, etc.
- The K8s resources: Deployment, ConfigMaps, ReplicaSets, Service, ServiceAccount, Ingress, etc.
- Notes : Instructions from the developer/owner for deployment processes for release, upgrades, management ports, etc.
Note:
- The install, and the upgrade command below, install the latest chart version unless overridden with the --version option
- The helm install syntax supports --values valuesoverride.yaml or -f valuesoverride.yaml
e. If the dry-run looks correct, install w/o the dry-run parameter:
[admin@rocp ~]$ helm install release-name mwmysql --namespace mwsql --values valuesoverride.yaml
f. View the new Helm deployment along with previous ones in the mwmysql namespace:
[admin@rocp ~]$ helm list --namespace mwsql
NAME NAMESPACE REVISION ... STATUS CHART APP VERSION
mwmysql mwsql 1 ... deployed example-4.12.1 1.8.10
g. Confirm all pods running:
[admin@rocp ~]$ oc get pods -n mwsql
<confirm status column shows RUNNING>
h. View route:
[admin@rocp ~]$ oc get route --namespace mwsql
NAME HOST/PORT
mwMySQL ...
Note:
- Use -n or --namespace to limit
- Use -A or --all-namespaces to view all, but oc get pods and get route will show all namespaces by default
Bring up the app in a browser and verify working.
Upgrade a Helm Release:
- Upgrade using the <release-name> used above
- Upgrade defaults to the latest version if not overwritten
- Always use the dry-run as conflicts or issues upgrading may occur
[admin@rocp ~]$ helm upgrade mwmysql --dry-run --values valuesoverride.yaml
<confirm output is desired, then re-run w/o the --dry-run again>
View Helm Release History:
- View releases by the <release-name> used above
[admin@rocp ~]$ helm history mwmysql
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 <date/time> superceded ...
2 <date/time> deployed ...
Revert to previous Helm release (number):
- Revert using a <release-name> and a <revision-number>
- Use after a history view so you have the revision number needed
Warning:
- Use warily - Rollbacks can be very very bad when the new version of the app is not compatible with the previous application version (e.g. db schema changes, app login changes, etc.)
[admin@rocp ~]$ helm rollback mwmysql 1
Rollback was a success! Happy Helming!
Helm Repositories:
- Use the helm repo command to set-up a Helm Chart repository
- Repo commands:
- - helm repo add: add a new repository
- - helm repo list: list repositories
- - helm repo update: update repository(s)
- - helm repo remove: remove a repository
- - helm search repo: searches all configured repos and lists all available charts (by default, the command only displays the latest version of each chart if the chart contains multiple, use --versions to override and list all versions)
Note:
- The helm repo command updates the local configuration and does not affect any running cluster resources
- The helm add and the helm remove commands update the following config file : ~/.config/helm/repositories.yaml on the administrative workstation
Use the following syntax:
helm repo add <repo-name> <repo-url>
[admin@rocp ~]$ helm repo add mwmysql-charts https://mysqlcharts.mindwatering.net
previous page
|