Managing Kubernetes Resources Using Helm: Simplifying how to build, package, and distribute applications for Kubernetes

BIRMINGHAM—MUMBAI

Managing Kubernetes Resources Using Helm 
Second Edition

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Rahul Nair

Publishing Product Manager: Niranjan Naikwadi

Senior Editor: Arun Nadar

Content Development Editor: Adrija Mitra

Technical Editor: Arjun Varma

Copy Editor: Safis Editing

Book Project Manager: Aishwarya Mohan

Proofreader: Safis Editing

Indexer: Tejal Daruwale Soni

Production Designer: Shankar Kalbhor

Marketing Coordinator: Nimisha Dua

First published: June 2020

Second Edition: September 2022

Production reference: 1070922

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

978-1-80324-289-7

www.packt.com

To the open source community for their ongoing support and collaboration.

– Andrew Block

To my wife, Lindsey, for her unwavering love and support.

– Austin Dewey

Foreword

This is an enjoyable and informative book about Helm, the Kubernetes Package Manager, from Andrew Block and Austin Block. I do not know the authors personally, but can tell that they have a wealth of knowledge and experience in the subject. Andrew Block recently became the core maintainer of the Helm project, so to him I say: nice to have to you there!

This book is for all levels, from basic to advanced, and everyone will find useful information and tips within it.

This book has three parts, starting with introduction to Kubernetes, and finishing with advanced deployment patterns for Helm.

Part 1 will explain Kubernetes at a high level, alongside the basics of Kubernetes app installation with kubectl. You will then learn what Helm is, and learn about its bases. This part of the book covers how to decompose monolithic apps into smaller applications. You will learn how to setup a local Kubernetes environment, install kubectl and Helm cli, and install, upgrade, and rollback your first application with Helm.

If you are an advanced user, you can skip this part and move straight to Part 2.

Part 2 will take you through Helm charts development, dependency management, and a thorough explanation of all chart templates. This part also covers Helm lifecycle hooks, which allow you to extend helm charts to another level of usefulness. You’ll also learn how to publish charts to the Helm repository and OCI registry. Finally, you’ll learn how to validate charts using helm lint locally and against a live cluster.

I really recommend learning to use the chart testing tool. Making it part of your local and CI process will save you a lot of time, as you won’t be looking for chart bugs at the end of your process.

Of course you aren’t going to write all the Helm charts you need during your normal working life, as there are many Helm charts that have been written by the community or by existing companies. However, understanding how to develop Helm charts will also allow you to use third party charts, modify their values, and even enhance them too. It will also aid you in learning how to provide PRs (pull requests) to the charts’ git repositories.

This section of the book is extremely valuable if you want to learn how to develop Helm charts, and therefore should not be skipped.

In Part 3, you will learn how to automate Helm releases with CD and GitOps. There is a very detailed explanation of how to do that with Argo CD (which happens to be my favourite GitOps Kubernetes operator as well)

You will also learn about the Operator Framework, which is an advanced topic. This section covers Kubernetes operator bases, how to create Helm operators, and how to manage them with Custom Resources Definitions (CRDs) and Custom Recourses (CRs).

This part of the book also covers Helm security best practices, which is a very important topic. You’ll also learn how to verify Helm binaries, how to sign and verify Helm charts, use secure images, and, of course, how to set up charts resources requests and limits. Finally, you’ll also learn how to handle secrets in Helm charts which is an important feature to know, as at the end Helm releases should be deployed in the most secure way.

Rimantas Mocevicius rimusz

Helm Co-Founder

Author of kubectl: Command-Line Kubernetes in a Nutshell Book

Senior DevOps Engineer at JFrog Ltd (Nasdaq: FROG)

Contributors

About the authors

Andrew Block is a core maintainer on the Helm project and a Distinguished Architect at Red Hat. He specializes in the use of continuous integration and continuous delivery methodologies to streamline the delivery process and incorporate security at each stage. He works with organizations to adopt and implement these technologies and concepts within their organization. As an open source enthusiast, Andrew not only has authored several publications, but he is also a contributor to several open source communities and a lead within the sigstore project, which aims at simplifying how software is signed and verified.

Austin Dewey is a DevOps engineer focused on delivering a streamlined developer experience on cloud and container technologies. Austin started his career with Red Hat’s consulting organization, where he helped drive success at Fortune 500 companies by automating deployments on Red Hat’s Kubernetes-based PaaS, OpenShift Container Platform. Currently, Austin works at fintech start-up Prime Trust, where he builds automation to scale financial infrastructure and supports developers on Kubernetes and AWS.

About the reviewers

Shashikant Bangera is a DevOps architect with 22 years of IT experience. His technical expertise spans across digital transformation, DevOps, the cloud, and containerization. He has helped a wide range of customers, from small, medium, and large businesses, with digital adoption for domains such as banking, e-commerce, and retail. He has architected and implemented enterprise DevOps at a large scale and also contributes to many open source platforms. He has authored and reviewed a number of books on DevOps with Packt. Shashikant has also contributed to lots of blogs on DevOps. He has designed an automated on-demand environment with a set of open source tools that is available on GitHub. You can reach him on Twitter @shzshi.

Suraj S. Pujari is an accomplished customer engineer working with Microsoft India Corp. Ltd and has more than 11 years of experience in the IT industry. He has extensive experience in working with Azure app and infrastructure technologies. From his work as a systems engineer with one of the largest Indian multi-national corporations, his career has evolved through constant learning and applying his inquisitive side.

I would like to express my gratitude to my mom, Vidya, and wife, Pooja, who had to look after my 20-month-old son, Likhit, while I was busy reviewing this book. A big shoutout to all my friends and colleagues who have encouraged me to review books.

Table of Contents

Preface

Part 1: Introduction and Setup

1

Understanding Kubernetes and Helm

From monoliths to modern microservices

What is Kubernetes?

Container orchestration

HA

Scalability

Active community

Deploying a Kubernetes application

Approaches to resource management

Imperative and declarative configurations

Resource configuration challenges

The many types of Kubernetes resources

Keeping live and local states in sync

Application life cycles are hard to manage

Resource files are static

Helm to the rescue!

Understanding package managers

The Kubernetes package manager

The benefits of Helm

Summary

Further reading

Questions

2

Preparing a Kubernetes and Helm Environment

Technical requirements

Preparing a local Kubernetes environment with minikube

Installing minikube

Installing VirtualBox

Configuring VirtualBox as the default driver

Configuring minikube resource allocation

Exploring the basic usage of minikube

Setting up kubectl

Installing kubectl

Setting up Helm

Installing Helm

Configuring Helm

Adding upstream repositories

Adding plugins

Environment variables

Tab completion

Authentication

Authorization/RBAC

Summary

Further reading

Questions

3

Installing Your First App with Helm

Technical requirements

Understanding the WordPress application

Finding a WordPress chart

Searching for WordPress charts from the command line

Viewing the WordPress chart in a browser

Bitnami repository chart retention policy

Adding the full Bitnami repository

Showing the WordPress chart information from the command line

Creating a Kubernetes environment

Installing a WordPress chart

Creating a values file for configuration

Running the installation

Inspecting your release

Choosing between --set and --values

Accessing the WordPress application

Upgrading the WordPress release

Modifying the Helm values

Running the upgrade

Reusing and resetting values during an upgrade

Rolling back the WordPress release

Inspecting the WordPress history

Running the rollback

Uninstalling the WordPress release

Shutting down your environment

Summary

Further reading

Questions

Part 2: Helm Chart Development

4

Scaffolding a New Helm Chart

Technical requirements

Understanding the Guestbook application

Understanding the YAML format

Defining key-value pairs

Value types

The JSON format

Scaffolding the Guestbook Helm chart

Deploying the scaffolded Guestbook chart

Understanding the Chart.yaml file

Updating the Guestbook Chart.yaml file

Summary

Further reading

Questions

5

Helm Dependency Management

Technical requirements

Declaring chart dependencies

The dependencies map

Downloading chart dependencies

Creating conditionals

Altering dependency names and values

Updating the guestbook Helm chart

Cleaning up

Summary

Further reading

Questions

6

Understanding Helm Templates

Technical requirements

Helm template basics

Template values

Built-in objects

The .Release object

The .Chart object

The .Template object

The .Capabilities object

The .Files object

Helm template functions

Helm template control structures

Generating release notes

Helm template variables

Helm template validation

The fail function

The required function

The values.schema.json file

Enabling code reuse with named templates and library charts

Creating CRDs

Post rendering

Updating and deploying the Guestbook chart

Updating Redis values

Updating Guestbook’s deployment template and values.yaml file

Deploying the Guestbook chart

Summary

Further reading

Questions

7

Helm Lifecycle Hooks

Technical requirements

The basics of a Helm hook

Helm hook life cycle

Helm hook cleanup

Writing hooks in the Guestbook Helm chart

Creating the pre-upgrade hook to take a data snapshot

Creating the pre-rollback hook to restore the database

Executing the life cycle hooks

Cleaning up

Summary

Further reading

Questions

8

Publishing to a Helm Chart Repository

Technical requirements

Understanding Helm chart repositories

Publishing to an HTTP repository

Creating a GitHub Pages repository

Publishing the Guestbook chart

Publishing to an OCI registry

Pulling the OCI Guestbook chart

Summary

Further reading

Questions

9

Testing Helm Charts

Technical requirements

Setting up your environment

Verifying Helm templating

Validating template generation locally with helm template

Adding server-side validation to chart rendering

Linting Helm charts and templates

Testing in a live cluster

Running the chart test

Improving chart tests with the Chart Testing tool

Introducing the Chart Testing project

Installing the Chart Testing tools

Running the lint-and-install command

Cleaning up

Summary

Further reading

Questions

Part 3: Advanced Deployment Patterns

10

Automating Helm with CD and GitOps

Technical requirements

Understanding CI/CD and GitOps

CI/CD

Taking CI/CD to the next level using GitOps

Setting up your environment

Installing Argo CD

Deploying a Helm chart from a Git repository

Deploying an application from a remote Helm chart repository

Deploying a Helm chart to multiple environments

Cleaning up

Summary

Questions

11

Using Helm with the Operator Framework

Technical requirements

Understanding Kubernetes operators

Understanding the Guestbook operator control loop

Preparing a local development environment

Scaffolding the operator file structure

Building the operator image

Deploying the Guestbook operator

Deploying the Guestbook application

Using Helm to manage operators, CRDs, and CRs

Cleaning up

Summary

Further reading

Questions

12

Helm Security Considerations

Technical requirements

Data provenance and integrity

Creating a GPG key pair

Verifying Helm downloads

Signing and verifying Helm charts

Developing secure and stable Helm charts

Using secure images

Setting resource requests and limits

Handling secrets in Helm charts

Configuring RBAC rules

Accessing secure chart repositories

Summary

Further reading

Questions

Index

Other Books You May Enjoy

Preface

Containerization is currently known to be one of the best ways to implement DevOps. While Docker introduced containers and changed the DevOps era, Google developed an extensive container orchestration system, Kubernetes, which is now considered the industry standard. With the help of this book, you’ll explore the efficiency of managing applications running on Kubernetes using Helm.

Starting with a brief introduction to Helm and its impact on users working with containers and Kubernetes, you’ll delve into the primitives of Helm charts and its overall architecture and use cases. From there, you’ll learn how to write Helm charts in order to automate application deployment on Kubernetes and work your way toward more advanced strategies. These enterprise-ready patterns are focused on concepts beyond the basics so that you can get the most out of Helm, including topics related to automation, application development, delivery, life cycle management, and security.

By the end of this book, you’ll have learned how to leverage Helm to build, deploy, and manage applications on Kubernetes.

Who this book is for

This book is for Kubernetes developers or administrators who are interested in learning Helm to provide automation for app development on Kubernetes. Although no prior knowledge of Helm is required, basic knowledge of Kubernetes application development will be useful.

What this book covers

Chapter 1, Understanding Kubernetes and Helm, is where you learn about the challenges involved in deploying Kubernetes applications and how Helm can be used to simplify the deployment process.

Chapter 2, Preparing a Kubernetes and Helm Environment, is where you learn how to configure a local development environment. In this chapter, you will download Minikube and Helm. You will also learn basic Helm configurations.

Chapter 3, Installing Your First App with Helm, teaches you the ins and outs of the main Helm commands by having you deploy your first Helm chart.

Chapter 4, Scaffolding a New Helm Chart, is about how Helm charts are structured and helps you scaffold your own Helm chart.

Chapter 5, Helm Dependency Management, is where you learn how to manage and use dependencies to build and manage complex application deployments.

Chapter 6, Understanding Helm Templates, explores Helm templates and how to dynamically generate Kubernetes resources.

Chapter 7, Helm Lifecycle Hooks, is about lifecycle hooks and how to deploy arbitrary resources at different Helm lifecycle phases.

Chapter 8, Publishing to a Helm Chart Repository, teaches you about Helm chart repositories and how they can be used to publish Helm charts.

Chapter 9, Testing Helm Charts, is about different strategies for testing Helm charts during Helm chart development.

Chapter 10, Automating Helm with CD and GitOps, looks at how to automate Helm deployments using continuous delivery and GitOps methodologies.

Chapter 11, Using Helm with the Operator Framework, covers how to create a Helm operator using the operator-sdk toolkit.

Chapter 12, Helm Security Considerations, is about different security topics as they relate to Helm releases, charts, and repositories.

To get the most out of this book

To get the most out of this book, you should install the technologies in the following table to follow along with the examples. While these are the versions that were used during writing, the latest versions should work as well.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Managing-Kubernetes-Resources-using-Helm. If there’s an update to the code, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/zeDY0.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: Notice that a space is missing between the colon and the LearnHelm string.

A block of code is set as follows:

configuration: |

  server.port=8443

  logging.file.path=/var/log

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

$ cd ~ $ git clone

Any command-line input or output is written as follows:

$ helm dependency update chapter8/guestbook

$ helm package guestbook chapter8/guestbook

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: Click the Generate Token button to create the token.

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Managing Kubernetes Resources using Helm, Second Edition, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Part 1: Introduction and Setup

Kubernetes is a robust system with complex configurations. In Part 1, you will learn how Helm addresses such complexities by providing a package manager interface. By the end of this part, you will have gained hands-on experience by deploying your first Helm chart.

In this part, we will cover the following topics:

Chapter 1, Understanding Kubernetes and Helm

Chapter 2, Preparing a Kubernetes and Helm Environment

Chapter 3, Installing Your First App with Helm

1

Understanding Kubernetes and Helm

Thank you for choosing this book, Learn Helm. If you are interested in this book, you are probably aware of the challenges that modern applications bring. Teams face tremendous pressure to ensure that applications are lightweight and scalable. Applications must also be highly available and able to withstand varying loads. Historically, applications have most commonly been deployed as monoliths or large, single-tiered applications served on a single system. As time has progressed, the industry has shifted toward a microservice approach or small, multi-tiered applications served on multiple systems. Often deployed using container technology, the industry has started leveraging tools such as Kubernetes to orchestrate and scale their containerized microservices.

Kubernetes, however, comes with its own set of challenges. While it is an effective container orchestration tool, it presents a steep learning curve that can be difficult for teams to overcome. One tool that helps simplify the challenges of running workloads on Kubernetes is Helm. Helm allows users to more simply deploy and manage the life cycle of Kubernetes applications. It abstracts many of the complexities behind configuring Kubernetes applications and allows teams to be more productive on the platform.

In this book, you will explore each of the benefits offered by Helm and discover how Helm makes application deployment much simpler on Kubernetes. You will first assume the role of an end user, consuming Helm charts written by the community and learning the best practices behind leveraging Helm as a package manager. As this book progresses, you will assume the role of a chart developer and learn how to package Kubernetes applications in ways that are easily consumable and efficient. Toward the end of this book, you’ll learn about advanced patterns around application management and security with Helm.

In this chapter, we will cover the following main topics:

From monoliths to modern microservices

What is Kubernetes?

Deploying a Kubernetes application

Approaches to resource management

Resource configuration challenges

Helm to the rescue!

From monoliths to modern microservices

Software applications are a fundamental component of most modern technology. Whether they take the form of a word processor, web browser, or streaming service, they enable user interaction to complete one or more tasks. Applications have a long and storied history, from the days of Electronic Numerical Integrator and Computer (ENIAC)—the first general-purpose computer—to taking man to the moon in the Apollo space missions, to the rise of the World Wide Web (WWW), social media, and online retail.

These applications can operate on a wide range of platforms and systems, leveraging either physical or virtual computing resources. Depending on their purpose and resource requirements, entire machines may be dedicated to serving the compute and/or storage needs of an application. Fortunately, thanks in part to the realization of Moore’s law, the power and performance of microprocessors initially increased with each passing year, along with the overall cost associated with the physical resources used. This trend has subsided in recent years, but the advent of this trend and its persistence for the first 30 years of the existence of processors was instrumental to the advances in technology.

Software developers took full advantage of this opportunity and bundled more features and components into their applications. As a result, a single application could consist of several smaller components, each of which, on its own, could be written as