Helm Cheatsheet
Talking to an OCI registry
Image name in the registry: <domain>/<project>/<repository>:<tag>
.
# login
$ helm registry login xx.xx.xx.xx
# push
helm chart save dummy-chart xx.xx.xx.xx/library/dummy-chart
helm chart push xx.xx.xx.xx/library/dummy-chart:version
# pull
helm chart pull xx.xx.xx.xx/library/dummy-chart:version
Talking to a K8s Cluster
Use --kubeconfig=KUBECONFIG
when your kubeconfig is not at the default location.
# Install bar/baz from the repo and name it foo
$ helm install foo bar/baz
# Generate a name
$ helm install bar/baz --generate-name
# Install from an unpacked chart dir
$ helm install foo /path/to/baz
# Install from a full url
$ helm install foo https://example.com/charts/foo-1.2.3.tgz
# Install a local chart archive
$ helm install foo foo-0.1.1.tgz
# Uninstall
$ helm uninstall foo
$ helm uninstall foo --keep-history
Inspect
# List all deployed releases
$ helm list
# Include uninstalled releases
$ helm list --all
# List releases in all name spaces
$ helm list --all-namespaces
# If you have multiple clusters/kubeconfigs
$ helm list --kubeconfig=KUBECONFIG
# Check status
$ helm status foo
$ helm get values foo
Upgrade / Rollback / History
# Upgrade
$ helm upgrade foo bar/baz
# Check history of a chart
$ helm history $CHART -n $NAMESPACE --kubeconfig /path/to/kubeconfig
# If something goes wrong, rollback manually
$ helm rollback $CHART -n $NAMESPACE --kubeconfig /path/to/kubeconfig
Repo
# List repos
$ helm repo list
# Add repo
$ helm repo add dev https://example.com/dev-charts
# Update repo
$ helm repo update
Charts
# Create charts
$ helm create my-chart
# Validate and format
$ helm lint
# package the chart up for distribution
# creates a .tgz that is ready for `helm install`
$ helm package deis-workflow
List all resources managed by the helm
Use label selector with label app.kubernetes.io/managed-by=Helm
:
$ kubectl get all --all-namespaces -l='app.kubernetes.io/managed-by=Helm'
Chart File Structure
my-chart/
charts/ # dependent charts
crds/ # Custom Resource Definitions
templates/ # templates
Chart.yaml # info about the chart
values.yaml # default values
Template + values = a valid k8s manifest.
Harbor and Helm
Circular dependencies:
- Helm charts can live in Harbor.
- Harbor can be installed to k8s by Helm.
The chart to install Harbor is stored in https://helm.goharbor.io
.
$ helm repo add harbor https://helm.goharbor.io
$ helm repo list # find harbor in the list
$ helm fetch harbor/harbor --untar # this downloads the chart to a local `harbor` folder
# modify harbor/values.yaml
# install the chart in `harbor` as `my-release`
$ helm install my-release harbor
What happens in helm install
helm install
:
- install CRDs in
crds/
folder. - renders the templates.
- pre-install hook.
- creates/updates k8s resources.
- post-install hook.
Create a hook
- add the annotation to the yaml (e.g. a
Job
) metadata.annotations."helm.sh/hook": pust-install
Where are the release info stored?
When we run helm list --kubeconfig KUBECONFIG
, it pulls release info from that cluster. Where is that release info stored?
- Helm 3 default:
Secrets
- Helm 2 default:
ConfigMap
- configurable by HELM_DRIVER env variable:
[configmap, secret, sql]
Why Secret
? The release information includes the contents of charts and values files, and therefore might contain sensitive data like passwords, private keys, and other credentials.
Why sql? Secret
and ConfigMap
are stored in etcd, 1mb limit
To use sql:
export HELM_DRIVER=sql
export HELM_DRIVER_SQL_CONNECTION_STRING=postgresql://helm-postgres:5432/helm?user=helm&password=changeme
RELEASE vs REVISION
RELEASE
: a running instance of a chart in a K8s cluster.REVISION
: tracks the number of changes on aRELEASE
.
Helm Client
Client works with OCI-compliant registries; Harbor is one of them. From go code:
vendor/helm.sh/helm/v3/pkg/registry/client.go
Helm ChartMuseum
ChartMuseum is deprecated; newer versions of helm can fetch and upload charts in any OCI compliant registry.