logo

Helm Cheatsheet

Last Updated: 2023-09-03

Talking to an OCI registry

Image name in the registry: <domain>/<project>/<repository>:<tag>.

# login
$ helm registry login xx.xx.xx.xx

# push
helm chart save dummy-chart xx.xx.xx.xx/library/dummy-chart
helm chart push xx.xx.xx.xx/library/dummy-chart:version

# pull
helm chart pull xx.xx.xx.xx/library/dummy-chart:version

Talking to a K8s Cluster

Use --kubeconfig=KUBECONFIG when your kubeconfig is not at the default location.

# Install bar/baz from the repo and name it foo
$ helm install foo bar/baz

# Generate a name
$ helm install bar/baz --generate-name

# Install from an unpacked chart dir
$ helm install foo /path/to/baz

# Install from a full url
$ helm install foo https://example.com/charts/foo-1.2.3.tgz

# Install a local chart archive
$ helm install foo foo-0.1.1.tgz

# Uninstall
$ helm uninstall foo
$ helm uninstall foo --keep-history

Inspect

# List all deployed releases
$ helm list

# Include uninstalled releases
$ helm list --all

# List releases in all name spaces
$ helm list --all-namespaces

# If you have multiple clusters/kubeconfigs
$ helm list --kubeconfig=KUBECONFIG

# Check status
$ helm status foo
$ helm get values foo

Upgrade / Rollback / History

# Upgrade
$ helm upgrade foo bar/baz

# Check history of a chart
$ helm history $CHART -n $NAMESPACE --kubeconfig /path/to/kubeconfig

# If something goes wrong, rollback manually
$ helm rollback $CHART -n $NAMESPACE --kubeconfig /path/to/kubeconfig

Repo

# List repos
$ helm repo list

# Add repo
$ helm repo add dev https://example.com/dev-charts

# Update repo
$ helm repo update

Charts

# Create charts
$ helm create my-chart

# Validate and format
$ helm lint

# package the chart up for distribution
# creates a .tgz that is ready for `helm install`
$ helm package deis-workflow

List all resources managed by the helm

Use label selector with label app.kubernetes.io/managed-by=Helm:

$ kubectl get all --all-namespaces -l='app.kubernetes.io/managed-by=Helm'

Chart File Structure

my-chart/
  charts/       # dependent charts
  crds/         # Custom Resource Definitions
  templates/    # templates
  Chart.yaml    # info about the chart
  values.yaml   # default values

Template + values = a valid k8s manifest.

Harbor and Helm

Circular dependencies:

  • Helm charts can live in Harbor.
  • Harbor can be installed to k8s by Helm.

The chart to install Harbor is stored in https://helm.goharbor.io.

$ helm repo add harbor https://helm.goharbor.io
$ helm repo list # find harbor in the list
$ helm fetch harbor/harbor --untar # this downloads the chart to a local `harbor` folder

# modify harbor/values.yaml

# install the chart in `harbor` as `my-release`
$ helm install my-release harbor

What happens in helm install

helm install:

  • install CRDs in crds/ folder.
  • renders the templates.
  • pre-install hook.
  • creates/updates k8s resources.
  • post-install hook.

Create a hook

  • add the annotation to the yaml (e.g. a Job)
  • metadata.annotations."helm.sh/hook": pust-install

Where are the release info stored?

When we run helm list --kubeconfig KUBECONFIG, it pulls release info from that cluster. Where is that release info stored?

  • Helm 3 default: Secrets
  • Helm 2 default: ConfigMap
  • configurable by HELM_DRIVER env variable: [configmap, secret, sql]

Why Secret? The release information includes the contents of charts and values files, and therefore might contain sensitive data like passwords, private keys, and other credentials.

Why sql? Secret and ConfigMap are stored in etcd, 1mb limit

To use sql:

export HELM_DRIVER=sql
export HELM_DRIVER_SQL_CONNECTION_STRING=postgresql://helm-postgres:5432/helm?user=helm&password=changeme

RELEASE vs REVISION

  • RELEASE: a running instance of a chart in a K8s cluster.
  • REVISION: tracks the number of changes on a RELEASE.

Helm Client

Client works with OCI-compliant registries; Harbor is one of them. From go code:

vendor/helm.sh/helm/v3/pkg/registry/client.go

Helm ChartMuseum

ChartMuseum is deprecated; newer versions of helm can fetch and upload charts in any OCI compliant registry.