Using Helm at Giant Swarm

We use Helm to deploy our App Platform. This page is for local setup and tips and tricks.
Classification:

Aliases

  • All actions in Helm are scoped to a namespace.
  • You can check all namespaces with the -A flag e.g. helm ls -A.
  • But these aliases based on Vaclav’s awesome kubectl aliases may help.
alias helmg="helm -n giantswarm"
alias helmk="helm -n kube-system"
alias helmm="helm -n monitoring"

AppCatalogs

  • Our Giant Swarm App Platform is built on Helm chart repositories.
  • app-operator gets the repository URL from the catalog CR but you can also use it locally.
$ helm repo add control-plane-catalog https://giantswarm.github.io/control-plane-catalog/
  • Example installing app-operator in KIND.
$$helm install -n giantswarm app-operator control-plane-catalog/app-operator$$
  • :caution: Be careful when installing charts manually in test MCs and remove them after. Don’t do this in prod MCs unless there is no alternative.

Helm 3: Three Way Merge

  • This is one of the major changes in Helm 3. Now the current state of the cluster is included when the strategic merge patch is generated.
  • For example if a deployment is scaled down the merge will scale it back up.
  • This means manual changes are higher risk with Helm 3.
  • To prevent app-operator making changes you can cordon the app CR.
  • See the Helm docs for more detail on three way merge.

Templating

Coding Standards

Tips & Tricks

Help with common templating issues.

Is a chart deployed with Helm 2 or Helm 3?

  • You can use the Release.Service built-in object.
  • On Helm 3 it is always Helm.
  • On Helm 2 it is always Tiller.

Values

Tools, tips and tricks for working with Helm values.

helm-diff plugin

This plugin is useful for comparing values changes. It can also do other comparisions. See the docs.

helm plugin install https://github.com/databus23/helm-diff

helm -n giantswarm diff revision release-operator-unique 18 19

helm get values –all

By default helm get values only returns the overrides for the chart. In our case the config specified in the app CR.

The --all flag shows all the computed values including those in values.yaml in the chart.

Removed API versions

If an apiVersion has been removed then chart-operator will fail to update the helm release. e.g.

$$current release manifest contains removed kubernetes api(s) for this kubernetes version and it is therefore unable to build the kubernetes objects for performing the diff. error from kubernetes: [unable to recognize \"\": no matches for kind \"Role\" in version \"rbac.authorization.k8s.io/v1beta1\", unable to recognize \"\": no matches for kind \"RoleBinding\" in version \"rbac.authorization.k8s.io/v1beta1\$$

The apiVersion in the helm release secret needs to be updated to a supported value. This can be done with the https://github.com/helm/helm-mapkubeapis plugin.

It can remap both deprecated and removed API versions.

mapkubeapis plugin

Install the plugin.

helm plugin install https://github.com/helm/helm-mapkubeapis

Scale down chart-operator.

kubectl -n giantswarm scale deploy chart-operator --replicas 0

helm mapkubeapis -n efk-stack-app efk-stack-app

2022/04/12 13:03:39 Release 'efk-stack-app' will be checked for deprecated or removed Kubernetes APIs and will be updated if necessary to supported API versions.
2022/04/12 13:03:39 Get release 'efk-stack-app' latest version.
2022/04/12 13:03:39 Check release 'efk-stack-app' for deprecated or removed APIs...
2022/04/12 13:03:40 Found 3 instances of deprecated or removed Kubernetes API:
"apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
"
Supported API equivalent:
"apiVersion: rbac.authorization.k8s.io/v1
kind: Role
"
2022/04/12 13:03:40 Found 1 instances of deprecated or removed Kubernetes API:
"apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
"
Supported API equivalent:
"apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
"
2022/04/12 13:03:40 Finished checking release 'efk-stack-app' for deprecated or removed APIs.
2022/04/12 13:03:40 Deprecated or removed APIs exist, updating release: efk-stack-app.
2022/04/12 13:03:40 Set status of release version 'efk-stack-app.v76' to 'superseded'.
2022/04/12 13:03:40 Release version 'efk-stack-app.v76' updated successfully.
2022/04/12 13:03:40 Add release version 'efk-stack-app.v77' with updated supported APIs.
2022/04/12 13:03:40 Release version 'efk-stack-app.v77' added successfully.
2022/04/12 13:03:40 Release 'efk-stack-app' with deprecated or removed APIs updated successfully to new version.
2022/04/12 13:03:40 Map of release 'efk-stack-app' deprecated or removed APIs to supported versions, completed successfully.

Scale up chart-operator.

kubectl -n giantswarm scale deploy chart-operator --replicas 1
Last modified June 4, 2024: ISMS: align labeling with principles for info classification (#257) (76f76a5)