Using Helm at Giant Swarm

We use Helm to deploy our App Platform. This page is for local setup and tips and tricks.
Confidentiality:

Aliases

  • All actions in Helm are scoped to a namespace.
  • You can check all namespaces with the -A flag e.g. helm ls -A.
  • But these aliases based on Vaclav’s awesome kubectl aliases may help.
alias helmg="helm -n giantswarm"
alias helmk="helm -n kube-system"
alias helmm="helm -n monitoring"

AppCatalogs

  • Our Giant Swarm App Platform is built on Helm chart repositories.
  • app-operator gets the repository URL from the catalog CR but you can also use it locally.
$ helm repo add control-plane-catalog https://giantswarm.github.io/control-plane-catalog/
  • Example installing app-operator in KIND.
helm install -n giantswarm app-operator control-plane-catalog/app-operator
  • :caution: Be careful when installing charts manually in test MCs and remove them after. Don’t do this in prod MCs unless there is no alternative.

Helm 3: Three Way Merge

  • This is one of the major changes in Helm 3. Now the current state of the cluster is included when the strategic merge patch is generated.
  • For example if a deployment is scaled down the merge will scale it back up.
  • This means manual changes are higher risk with Helm 3.
  • To prevent app-operator making changes you can cordon the app CR.
  • See the Helm docs for more detail on three way merge.

Templating

Coding Standards

Tips & Tricks

Help with common templating issues.

Is a chart deployed with Helm 2 or Helm 3?

  • You can use the Release.Service built-in object.
  • On Helm 3 it is always Helm.
  • On Helm 2 it is always Tiller.

Values

Tools, tips and tricks for working with Helm values.

helm-diff plugin

This plugin is useful for comparing values changes. It can also do other comparisions. See the docs.

helm plugin install https://github.com/databus23/helm-diff

helm -n giantswarm diff revision release-operator-unique 18 19

helm get values –all

By default helm get values only returns the overrides for the chart. In our case the config specified in the app CR.

The --all flag shows all the computed values including those in values.yaml in the chart.

Removed API versions

If an apiVersion has been removed then chart-operator will fail to update the helm release. e.g.

current release manifest contains removed kubernetes api(s) for this kubernetes version and it is therefore unable to build the kubernetes objects for performing the diff. error from kubernetes: [unable to recognize \"\": no matches for kind \"Role\" in version \"rbac.authorization.k8s.io/v1beta1\", unable to recognize \"\": no matches for kind \"RoleBinding\" in version \"rbac.authorization.k8s.io/v1beta1\

The apiVersion in the helm release secret needs to be updated to a supported value. This can be done with the https://github.com/helm/helm-mapkubeapis plugin.

It can remap both deprecated and removed API versions.

mapkubeapis plugin

Install the plugin.

helm plugin install https://github.com/helm/helm-mapkubeapis

Scale down chart-operator.

kubectl -n giantswarm scale deploy chart-operator --replicas 0

helm mapkubeapis -n efk-stack-app efk-stack-app

2022/04/12 13:03:39 Release 'efk-stack-app' will be checked for deprecated or removed Kubernetes APIs and will be updated if necessary to supported API versions.
2022/04/12 13:03:39 Get release 'efk-stack-app' latest version.
2022/04/12 13:03:39 Check release 'efk-stack-app' for deprecated or removed APIs...
2022/04/12 13:03:40 Found 3 instances of deprecated or removed Kubernetes API:
"apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
"
Supported API equivalent:
"apiVersion: rbac.authorization.k8s.io/v1
kind: Role
"
2022/04/12 13:03:40 Found 1 instances of deprecated or removed Kubernetes API:
"apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
"
Supported API equivalent:
"apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
"
2022/04/12 13:03:40 Finished checking release 'efk-stack-app' for deprecated or removed APIs.
2022/04/12 13:03:40 Deprecated or removed APIs exist, updating release: efk-stack-app.
2022/04/12 13:03:40 Set status of release version 'efk-stack-app.v76' to 'superseded'.
2022/04/12 13:03:40 Release version 'efk-stack-app.v76' updated successfully.
2022/04/12 13:03:40 Add release version 'efk-stack-app.v77' with updated supported APIs.
2022/04/12 13:03:40 Release version 'efk-stack-app.v77' added successfully.
2022/04/12 13:03:40 Release 'efk-stack-app' with deprecated or removed APIs updated successfully to new version.
2022/04/12 13:03:40 Map of release 'efk-stack-app' deprecated or removed APIs to supported versions, completed successfully.

Scale up chart-operator.

kubectl -n giantswarm scale deploy chart-operator --replicas 1
Last modified August 1, 2023: Add page about the developer portal (#101) (91c8feb)