Advanced Helm Features

idsulik

Suleiman Dibirov

Posted on September 7, 2024

Advanced Helm Features

Once you're comfortable with the basics of Helm, you can start exploring its advanced features to unlock even more power and flexibility for managing Kubernetes applications. These advanced features help automate complex operations, manage dependencies, and further customize your deployments.

1. Helm Dependencies

Helm supports Chart dependencies, which allow you to include other Charts within your own. This is especially useful when your application relies on external components like databases, message brokers, or caching layers.

a. Declaring Dependencies

To declare dependencies for your Chart, add them to the Chart.yaml file in the dependencies section. For example, if your application requires a Redis database, you can add the Redis Chart as a dependency:

dependencies:
  - name: redis
    version: 14.0.0
    repository: https://charts.bitnami.com/bitnami
Enter fullscreen mode Exit fullscreen mode
b. Managing Dependencies

Once you've declared dependencies, use the following command to fetch them:

helm dependency update
Enter fullscreen mode Exit fullscreen mode

This will download the dependency Charts and place them in the charts/ directory. These dependencies will be installed automatically when you install your main Chart.

c. Updating Dependencies

If any of your dependencies are updated, you can update them by running:

helm dependency update
Enter fullscreen mode Exit fullscreen mode

This will fetch the latest versions of your dependencies based on the constraints defined in your Chart.yaml.

2. Helm Hooks

Helm Hooks allow you to trigger actions at different points in the release lifecycle, such as before or after an upgrade, installation, or deletion. Hooks are useful for tasks like database migrations, creating backup resources, or running custom scripts.

a. Example: Pre-install Hook

You can define a hook in your template by adding an annotation. For instance, a Pod that runs a database migration before the main application is deployed could be configured like this:

apiVersion: batch/v1
kind: Job
metadata:
  name: db-migration
  annotations:
    "helm.sh/hook": pre-install
spec:
  template:
    spec:
      containers:
        - name: migration
          image: myapp/db-migration:latest
          command: ["./migrate"]
      restartPolicy: OnFailure
Enter fullscreen mode Exit fullscreen mode

In this example, the db-migration Job will run before the rest of the application is installed.

b. Available Hook Points

Helm offers several hook points, including:

  • pre-install
  • post-install
  • pre-upgrade
  • post-upgrade
  • pre-delete
  • post-delete
  • pre-rollback
  • post-rollback

Using hooks can automate complex tasks during the deployment lifecycle and ensure your application is ready before moving on to the next step.

3. Helm Secrets

While Helm natively supports Kubernetes Secrets, there are times when you want to securely store and manage sensitive data within your Helm Charts. A popular solution for this is the Helm Secrets plugin, which uses encryption to manage secrets in a secure way.

a. Installing Helm Secrets Plugin

First, install the Helm Secrets plugin:

helm plugin install https://github.com/jkroepke/helm-secrets
Enter fullscreen mode Exit fullscreen mode
b. Encrypting Secrets

With Helm Secrets, you can encrypt sensitive values in your values.yaml file using tools like Sops (an encryption tool from Mozilla). For example, to encrypt a secret, use:

sops -e secrets.yaml > secrets.enc.yaml
Enter fullscreen mode Exit fullscreen mode

When you install the Chart, Helm will decrypt the values for you:

helm secrets install my-app ./my-chart -f secrets.enc.yaml
Enter fullscreen mode Exit fullscreen mode

This approach allows you to store encrypted secrets in version control while ensuring they remain secure.

4. Helmfile

If you're managing multiple Helm releases across different environments, Helmfile can help streamline the process. Helmfile is a declarative way to manage Helm Charts and values across multiple Kubernetes clusters.

a. Installing Helmfile

You can install Helmfile by following the instructions on the Helmfile GitHub repository.

b. Helmfile Example

Here’s a simple example of a helmfile.yaml that manages two releases:

releases:
  - name: my-app
    namespace: production
    chart: ./my-app
    values:
      - production-values.yaml

  - name: my-app-staging
    namespace: staging
    chart: ./my-app
    values:
      - staging-values.yaml
Enter fullscreen mode Exit fullscreen mode

With Helmfile, you can easily apply the configuration to your cluster:

helmfile sync
Enter fullscreen mode Exit fullscreen mode

Helmfile makes it easier to manage complex deployments and maintain consistency across environments.

5. Managing Multiple Environments

In many Kubernetes projects, you’ll have different environments like development, staging, and production. Helm provides several ways to manage these environments using different value files and overrides.

a. Using Environment-specific values.yaml

You can maintain separate values.yaml files for each environment:

  • values-dev.yaml
  • values-staging.yaml
  • values-prod.yaml

When deploying to a specific environment, simply reference the corresponding file:

helm install my-app ./my-chart -f values-prod.yaml
Enter fullscreen mode Exit fullscreen mode
b. Using Helmfile for Environment Management

Helmfile allows you to define different environments directly within the helmfile.yaml file, making it easy to manage multiple environments in a single place.

6. Helm Rollbacks and History

Helm keeps a history of every release and its revisions, allowing you to track changes over time and easily revert to previous states if something goes wrong.

a. Viewing History

To view the history of a specific release, use:

helm history <release-name>
Enter fullscreen mode Exit fullscreen mode

This command shows you a list of all revisions along with their statuses.

b. Rolling Back a Release

To rollback to a previous release, use:

helm rollback <release-name> <revision-number>
Enter fullscreen mode Exit fullscreen mode

This is especially useful if an upgrade introduces issues, allowing you to revert to a known stable version.

7. Custom Resource Definitions (CRDs)

Helm can also be used to manage Custom Resource Definitions (CRDs), which extend Kubernetes functionality by allowing you to define and manage custom objects.

a. Installing CRDs

You can include CRD definitions in your Helm Chart, and they will be installed as part of the Helm release. CRDs can be placed in the crds/ directory of your Helm Chart.

b. Example CRD

Here’s an example of a CRD template in your Helm Chart:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: mycustomresource.myapp.com
spec:
  group: myapp.com
  versions:
    - name: v1
      served: true
      storage: true
  scope: Namespaced
  names:
    plural: mycustomresources
    singular: mycustomresource
    kind: MyCustomResource
Enter fullscreen mode Exit fullscreen mode

Helm can install and manage the lifecycle of your CRDs along with the rest of your application.


Conclusion

Helm is a powerful tool that streamlines the deployment and management of Kubernetes applications. From basic deployments to advanced features like dependencies, hooks, and rollbacks, Helm simplifies many of the challenges associated with managing complex Kubernetes environments.

By leveraging advanced Helm features like secrets management, hooks, and Helmfile, you can automate more of your deployment pipeline and ensure that your Kubernetes applications are secure, consistent, and easy to manage.

As you continue to work with Helm, you’ll find that it significantly improves the maintainability and scalability of your Kubernetes applications, whether you're deploying in a single environment or managing multiple clusters across various stages of development.

💖 💪 🙅 🚩
idsulik
Suleiman Dibirov

Posted on September 7, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related