#helm

Archive: https://archive.sweetops.com/helm/

2019-09-03

tricky question

but I’m sure you peeps have an answer already…

what if I have legacy k8s artifacts.. (deployments, services, cronjobs)

but I want to import them into helm state

use case: migrate old circle-ci workflow -> new ci/cd tool using helm/helmfile

(old circle-ci workflow would just update docker image in place for all the artifacts)

i’m trying not to create new deployments/services since that would create new ALBs/Route53

i mean.. if I have to, I will

.. but just trying to make a seamless transition

Erik Osterman

use raw chart?

Erik Osterman
  • helmfile
Erik Osterman

lemme see what raw does

Erik Osterman

We have a bunch of examples here

Erik Osterman
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Hmm, I mean, i’m less concerned about making the helm charts/helmfiles. I just kubectl get deployment blah -o yaml and created charts for everything

it’s just if I do a helmfile apply and the deployment name of blah is already taken, helm won’t deploy it.. and not keep track of it in helm state

raw chart is super interesting though

still looking at it

Erik Osterman

use yq or jq to strip the namespace from the kubectl get export

Erik Osterman

you’ll also want to strip a few other things when exporting the resources

Erik Osterman

i guess i’m struggling with seeing the part you’re concerned about

Erik Osterman
  1. exporting resources with kubectl get - easy
Erik Osterman
  1. stripping metadata like namespace - easy
Erik Osterman
  1. using the raw chart with helmfile - easy
Erik Osterman

ohhh

Erik Osterman

sounds like you want to do more than just import the existing state

Erik Osterman

sounds like you want to parameterize the Deployment name too

Erik Osterman

that’s a slippery slope. at that point, you’re not really “importing” the existing state which the raw chart would help you do.

Erik Osterman

hopefully deploying to multiple namespaces is sufficiently parametetrized

Erik Osterman

if you need to do more than that, i would either (a) write a helm chart (b) use the monochart

Erik Osterman

have you seen the monochart?

Yeah, monochart is awesome. But yeah, I’m totally not worried about creating helm charts or helmfiles.

It’s just when I run helmfile apply it fails because it says deployment hello-world-dev already exists

How to upgrade from a helm-less system to a helm controlled system · Issue #1999 · helm/helm

Hi Helm experts, We're running a system which is using Ansible to do Kubernetes resource deployment, and we want to run an upgrade to change the Kubernetes resources deployment to be under helm…

this is more a long the lines of my concern

Erik Osterman

Aha ya, guess that part may be messy

I see there are proposals for import like terraform import, but yeah

heh, no worries

curious if I can just rebuild the state and pop in the ConfigMap.. and register it somehow.. then have it detected by helm ls

ruan.arcega
ruan.arcega

i guess, running tiller in localhost not have issue with security any suggestions about it?

https://github.com/helm/helm/blob/master/_proto/hapi/release/status.proto#L31 hhmmmm

kubectl -n kube-system get cm hello-world.v1  -o yaml \| grep release \| cut -d' ' -f4 \| base64 -D \| gunzip

I think the first section is protobuf.. just gotta flip the right byte…

helm/helm

The Kubernetes Package Manager. Contribute to helm/helm development by creating an account on GitHub.

Helm: stuck in “pending_update” and how to fix it

There’s a known/fixed bug with helm. Sometimes it might get stuck in PENDING_UPDATE causing further helm upgrades to fail

https://gist.github.com/rms1000watt/3d76eb2f3c64a87b92acb97ebdbd9c66 helm dark arts.. helm ls now says DEPLOYED.. lets see if I can deploy again without failure

sweet.. helmfile apply works fine now

Erik Osterman

wow, you went deep down that rabbit hole

Erik Osterman

2
Erik Osterman

that’s a cool trick

2019-08-29

Robert
07:18:44 PM

@Robert has joined the channel

2019-08-06

Erik Osterman
Announcing the HashiCorp Vault Helm Chart

This week we’re releasing an official Helm Chart for Vault. Using the Helm Chart, you can start a Vault cluster running on Kubernetes in just minutes. This Helm chart will also be …

1
1

2019-08-05

Erik Osterman

so the downside of helm-diff is that you cant use it to detect “skews” due to manual changes

2019-07-31

Erik Osterman

Hi. I am relying on helm test in my ci/cd pipeline. It feels very random since I sometimes get a bad address host:port response from wget. I have no idea why this is happening every 20th time. Any advices? every 20th was of course an example. It is very random. Is there a reliable way of testing services that I’m not aware of? I have readiness and liveness probes setup on the deployment. Message Input

Message #helm-dev

2019-07-22

anyone else ever run into issues where you deploy a helm chart with a new image, but because of an application error, you redeploy the previous stable image, but the new image version persists? i.e running basically these two commands:

$ helm upgrade blah --set "imageTag=1.2.4"
## application error on version 1.2.4
$ helm upgrade blah --set "imageTag=1.2.3"

on paper, i’d think the image at this point should be 1.2.3, but i’ve run into the case where it continues to persist 1.2.4. i feel like helm shouldn’t care about your image tags and their semver versions and whether youre incrementing or decrementing the image version, and this shouldnt be happening?

Erik Osterman

I don’t quite follow. helm doesn’t know what imageTag means. it doesn’t know what any “value” means.

Erik Osterman

most likely some subtle logical bug.

Erik Osterman

does the helm status flip to FAILED

Erik Osterman

?

@Erik Osterman exactly! which is why it’s so weird to me. but this never happens when we deploy forward (i.e. v1.2.3 -> v1.2.4) and we run hundreds of deployments a day but i’ve noticed it happen on rare occasions when we deploy backwards. (v1.2.4 -> v1.2.3)

helm deploys successfully so no FAILED status

2019-07-18

Erik Osterman

theres a beta out

2019-07-16

James D. Bohrman

What’s this I hear about Helm 3 not needing Tiller?

Steven

That’s been the plan for a long time

2019-07-09

how are you guys handling the Error: "blah" has no deployed releases when a helm install gets in a failed state? I Know you can run delete --purge but thats not very ideal

To answer my own question theres a new --atomic flag in helm 2.13 that will clean up a failed release.

2019-06-13

Erik Osterman

hopefully they add some helpers the way terraform did for 0.12

Erik Osterman

e.g. helm 3.0-upgrade

Erik Osterman

since the tiller already uses configmaps, hopefully not too big a deal

2019-05-30

Pablo Costa

I’m wondering on how would be a migration process to helm3 ?

2019-05-29

Erik Osterman
helm/helm

The Kubernetes Package Manager. Contribute to helm/helm development by creating an account on GitHub.

2019-05-28

Erik Osterman

@ have you seen our monochart?

Erik Osterman

we have archived the helm-chart-scaffolding and instead moved development to monochart

Erik Osterman
cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

Erik Osterman

You can use the monochart as-is for 99% of webapps

Erik Osterman

or fork it and customize to your needs

Erik Osterman

the idea is to provide a common interface for deploying the most common kinds of apps

Erik Osterman

this works really well with #helmfile

Hello @Erik Osterman. I’ll check this repo, it seems worthy to first sight thanks

2019-05-27

Hugo Lesta

Hello there, anybody knows an helm skaffolding with good practices applied?

Hugo Lesta

I’m getting started with helm and I need a little bit of help to achieve that.

It seems great place to get started

Do you have any recommendations?

2019-05-15

dustinvb

Has anyone come across an Istio Helm plugin? I was thinking this would be part of Helm 3 discussion but haven’t seen anything of the sort.

Erik Osterman

what would the helm plugin do?

dustinvb

In my mind it would allow me to use the Istio config like a template and it would supply Values to the config just like a Kubernetes manifest so I could treat this like an ingress resource.

dustinvb

How is Cloud Posse working with Istio any examples maybe I am thinking about this all wrong.

Erik Osterman

so, once you have istio installed, you have all the CRDs necessary to work with it

Erik Osterman

then in your helm charts, you add the resources

Erik Osterman

we use helmfile with helm

Erik Osterman

have you kicked the tires yet on #helmfile?

2019-05-01

Erik Osterman
Failure when ref is an annotated tag · Issue #9 · aslafy-z/helm-git

The plugin fails when ref refers to an annotated tag, which is the usual case for GitHub release tags. For example: helm repo add istio git+https://github.com/istio/[email protected]/kubernetes/helm?re

Erik Osterman

@Jeremy Grodberg share a bit of info on what is going on

2019-04-30

Erik Osterman

@ i’m trying to use your helm-git plugin

Erik Osterman
helm repo add t1 "git+<https://github.com/stakater/[email protected]/kubernetes/chart/forecastle?ref=master>"
Erik Osterman

this works fine

Erik Osterman

however, if I use a tag, it doesn’t work

Erik Osterman

if i use a git ref, it works

Erik Osterman

i think it’s related to the sparse checkout strategy

Erik Osterman
helm repo add t1 "git+<https://github.com/stakater/[email protected]/kubernetes/chart?ref=8d6e5cd2dba3ad6c265ae94138c40276425b7634>"

works

2019-02-14

Erik Osterman
05:19:46 AM

@Erik Osterman set the channel purpose: Archive: https://archive.sweetops.com/helm/

2019-01-31

Erik Osterman
cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

2019-01-30

Hi, i want to use build-harness for my build stuff. Is there any way to decouple helm from docker builds? For my use case i want to build a helm chart without a image dependency. Correct me if i am wrong, but as far as i understand the image version of a docker should be the same as the version of a chart? https://github.com/cloudposse/build-harness/blob/master/modules/helm/Makefile.build#L80 . Would it make sense to get the option to skip this part?

cloudposse/build-harness

Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more - cloudposse/build-harness

Erik Osterman

I think we would be okay with that

cloudposse/build-harness

Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more - cloudposse/build-harness

Erik Osterman

@Igor Rodionov is the subject matter expert

Igor Rodionov

@ you got it. Currently we use the same version. Currently there is no way to separate it. But if you will provide PR were IMAGE_VERSION would be defined with default value from TARGET_VERSION then we can merge it.

Erik Osterman

One thing: we barely build helm charts any more

Erik Osterman

we use monochart for 99% of apps we deploy

nice, no i have not seen that. good generic approach. i will give it a try, but one question, when i use monochart for app, it makes no sense to declare a dependency to other non-monochart right? So each monchart is it’s own helm release?

Erik Osterman

Soooo we haven’t need to do this yet, but we have considered creating umbrella charts that include N or more monocharts

Erik Osterman

Since we use helmfile, we basically never need to mess with umbrella charts and requirements

Erik Osterman
Erik Osterman
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

nice, i will check it out. thx for the quick response btw.! great support

Erik Osterman

at your service!

Erik Osterman

have you seen that yet?

Erik Osterman

(just say’n… since it might reduce the need to build charts at all)

2019-01-28

05:06:49 PM

@ has joined the channel

2019-01-27

08:40:09 AM

@ has joined the channel

2019-01-24

04:15:06 AM

@ has joined the channel

2019-01-21

Erik Osterman
ContainerSolutions/helm-monitor

Monitor K8S Helm release, rollback on metrics behavior (Prometheus, ElasticSearch, Sentry) - ContainerSolutions/helm-monitor

1
mumoshu
01:40:52 AM

@mumoshu has joined the channel

Erik Osterman
01:40:55 AM
Erik Osterman

this is amazing!

Erik Osterman

@dustinvb @Dan Garfield have you seen this?

dustinvb
01:41:19 AM

@dustinvb has joined the channel

Dan Garfield
01:41:19 AM

@Dan Garfield has joined the channel

2019-01-19

Daren

I just came across this today https://github.com/helm/hub/blob/master/README.md. Instead of contributing charts directly to helm/stable and blocking on maintainer approval, you can get your public repo added to the official list

helm/hub

For the distributed charts search at hub.helm.sh (under development) - helm/hub

1
Erik Osterman

Whoot! Will check this out on Monday

Daren

Tuesday

Erik Osterman

Looks interesting

2019-01-16

Erik Osterman
aslafy-z/helm-git

Helm plugin to get charts from Git, even if non-packaged. - aslafy-z/helm-git

1
07:36:45 AM

@ has joined the channel

2019-01-12

05:36:16 PM

@ has joined the channel

2019-01-10

03:23:55 PM

@ has joined the channel

whatever happened to your guys openvpn helm chart? looks like the dockerhub image is missing and the github-pam authentication module does not exist

aknysh

@Igor Rodionov ^ do you have more info on that?

i was just messing around trying to take some inspiration from it for a OIDC enabled openvpn authentication helm repo

Igor Rodionov

Good question. We did not install it for quit long time

Igor Rodionov

I can try to install it on weekend

makes sense

no worries

Igor Rodionov

Ok

what do you guys use now to login to an internal subnet? something else?

aknysh

for k8s or EC2?

well for my own project i wanted to deploy something to k8s that would allow me to connect to both internal k8s services and ec2 subnets from routes

aknysh
cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

cloudposse/terraform-aws-kops-vpc-peering

Terraform module to create a peering connection between a backing services VPC and a VPC created by Kops - cloudposse/terraform-aws-kops-vpc-peering

aknysh
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

from routes as in onsite in your office?

or k8s internal to vpc internal

as in anywhere. if it was my office i could just do a site-to-site. portal is interesting and ive seen similar things with zerotrust / trusted proxies but I am looking to connect to more than just web services

aknysh
cloudposse/bastion

Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support - cloudposse/bastion

aknysh
cloudposse/terraform-aws-ec2-bastion-server

Terraform Module to define a generic Bastion host with parameterized user_data - cloudposse/terraform-aws-ec2-bastion-server

interesting i guess it could be solved with just forwarding from a bastion host

maybe i am trying to solve too many things at once

aknysh

yes, you can deploy bastion and then ssh to any of the nodes

aknysh

that’s what kops does as well (it installs a bastion)

yeah i was hoping to solve it with openvpn and not ssh but i suppose i can just develop my own solution and see if it works well enough for me

otherwise I have a aws customer gateway vpn I built for use with geodessic that peers with a network device/router

1

need to clean that up and contribute it

aknysh

please @Jan

I will mate

aknysh

we need that module too

just under time pressure currently

Erik Osterman

@Yoann just a few comments here: https://github.com/cloudposse/charts/pull/183

Add istio gateway template by yciabaud · Pull Request #183 · cloudposse/charts

Hi there I made a little addition to your project, I made a PR from it it you are interested in it too. This adds the ability to create a istio gateway crd to expose istio services in an ingress ga…

Erik Osterman

And we’re good to merge

Yoann

Yes will have a look

Erik Osterman

ping @Igor Rodionov to get it reviewed

2019-01-07

Erik Osterman
09:04:00 PM

@Erik Osterman has joined the channel

Erik Osterman
Add istio gateway template by yciabaud · Pull Request #183 · cloudposse/charts

Hi there I made a little addition to your project, I made a PR from it it you are interested in it too. This adds the ability to create a istio gateway crd to expose istio services in an ingress ga…

Yoann
09:04:17 PM

@Yoann has joined the channel

Erik Osterman

We’ve added some comments. We can merge as soon as it’s updated.

loren
09:05:22 PM

@loren has joined the channel

Igor Rodionov
09:05:22 PM

@Igor Rodionov has joined the channel

Jan
09:05:22 PM

@Jan has joined the channel

jdolitsky
09:05:22 PM

@jdolitsky has joined the channel

Daren
09:05:22 PM

@Daren has joined the channel

09:05:22 PM

@ has joined the channel

aknysh
09:07:44 PM

@aknysh has joined the channel

conrad
09:24:51 PM

@conrad has joined the channel

davidvasandani
03:02:02 AM

@davidvasandani has joined the channel

    keyboard_arrow_up