SlideShare a Scribd company logo
1 of 37
Copyright © 2018 Samsung SDS America, Inc. All rights reserved
October, 2018
Signing
Helm Charts
and Helm
v3
Matt Farina
$ helm create mychart
$ helm package --sign --key 'key' --keyring path/to/keyring.secret mychart
$ helm verify mychart-0.1.0.tgz
$ helm install --verify mychart-0.1.0.tgz
-----BEGIN PGP SIGNED MESSAGE-----
name: nginx
description: The nginx web server as a replication controller and service pair.
version: 0.5.1
keywords:
- https
- http
- web server
- proxy
source:
- https://github.com/foo/bar
home: http://nginx.com
...
files:
nginx-0.5.1.tgz: “sha256:9f5270f50fc842cfcb717f817e95178f”
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjilUEACgQkB01zfu119ZnHuQCdGCcg2YxF3XFscJLS4lzHlvte
WkQAmQGHuuoLEJuKhRNo+Wy7mhE7u1YG
=eifq
-----END PGP SIGNATURE-----
$ helm verify topchart-0.1.0.tgz
Error: sha256 sum does not match for topchart-0.1.0.tgz: "sha256:1939fbf7c10
23d2f6b865d137bbb600e0c42061c3235528b1e8c82f4450c12a7" != "sha256:5a391a90de
56778dd3274e47d789a2c84e0e106e1a37ef8cfa51fd60ac9e623a"
https://gnupg.org/faq/whats-new-in-2.1.html
$ gpg --export-secret-keys >~/.gnupg/secring.gpg
$ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart
$ gpg --export >~/.gnupg/pubring.pgp
$ helm verify mychart-0.1.0.tgz --keyring ~/.gnupg/pubring.pgp
$ gpg --export-secret-keys >~/.gnupg/secring.gpg
$ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart
Successfully packaged chart and saved it to: /path/to/mychart-0.1.0.tgz
Error: openpgp: unsupported feature: hash for S2K function: 0
Sorry, no windows as it requires shell
$ helm create mychart
$ helm package mychart
$ helm gpg sign mychart-0.1.0.tgz
$ helm gpg verify mychart-0.1.0.tgz
$ helm install --verify mychart-0.1.0.tgz
CI NOT using smart card for key can still use previous methods
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: mychart
version: 0.1.0
...
files:
mychart-0.1.0.tgz: sha256:352c6fa9f974983a5c1455059c82913c4da2b8de7e7c9211e3bd38330cf8fb0f
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcR8o1RDh4Ly9X2v+lDboC/ukaQkFAlvOGJ4ACgkQlDboC/uk
aQmcDA/+InIc/ybA472MxhY7pOU5AILyjFJnTC6Ky7YKMdWP9Ig+GFk/THKd5VJo
bCwpUgtrXs1+nnNuiRN/53wd/ocYXQry/mAN7yZJDaKhqTX2Y2nRz7JHJKwDIwt3
i/herOby+l0h54kYaUyyCGpZidCJhTe79YvvFP9nLbfa5UGhL+rbAMSCV0D3fIwG
FU01VPUsoOaiHvdE7snFLX2gdyvkgsFXhj4I6fT66EBaxL4zGS/1IidyfGZZ1N2Z
5MfXWBWfdJ2xcamR/6f32HckXq9yRGZHvT7VYobiwVptRvpkS3CTMMr9cwXAbj53
1L6INbQ+xlh121elzEBC1f91pf8BCgTnWXarfuMek0U/T0L1GBSUUL9aau1B7Cic
9Ql10EGZEm9erT/w4vRcVSGWdIqj1ks66mOv4Nz1CvC+AaMPUNxFlfwYT5B1iiB2
+8rzq0h3ZIER7/GNevG/G1r9O9DBBcEkx5MMFL4asutUk+VWsOKkPOT8d5QaoGiW
MnV+1l3nOW2k8BOi4SkMQYBKLnznrC+WqKqLIruzSulM132GW7UbjKnP/2LiOVMh
FMCUbo7DGVis39xHicm4PUT0As9m/zO2UezDbEKm9Vw7kw6pPBl2hfokMPyXWjGO
6glgCAIoEarVH8jqsjALAWKVyybjslVctVH172/m4LoTMrw4yJk=
=+L4T
-----END PGP SIGNATURE-----
If you’re into that…
2.11.0
Semantic Versioning Example:
Increment for new features
Increment for bug fixesIncrement when API changes
Kubernetes
TillerHelm v2
Kubernetes
Helm v3
Local Computer
Kubernetes
Tiller
Helm v2
Tiller still stores data in cluster
Kubernetes
Helm v2
Kubernetes
Helm v3
State stored in ConfigMaps.
Optionally setup to use Secrets.
State stored in Secrets and
Custom Resources.
Access to data including:
- Chart data
- Values
- Capabilities
- Files
- Templates
- Dependencies
Many Events
These depend on the command being
run and include: pre-create, post-create,
pre-delete, pre-dependency-build,
post-dependency-build, pre-render,
post-render, pre-install, pre-lint,
pre-rollback, post-template…
… and many others
function init(events) {
-- Initialize subcharts
subchart.init(events)
-- Do other stuff
events.on("pre-load", function () {
print("pre-load event")
})
}
A simple made up example:
The Lua API is
still under
development
Permission Scheme
The ext/permissions.yaml file:
lua:
- network
- io
The Helm CLI will ask for permission to
use these libraries. Only permissible libs
will be imported.
Easy To Embed
Requirements:
- Interpreter embedded in Helm
(Do not rely extra system software)
- Cross platform Helm binaries
(Windows, macOS, Linux)
Lua is a lightweight language designed
primarily for embedded use in
applications. Lua was designed for this!
requirements:
- name: apache
version: 1.2.3
repository: http://example.com/charts
- name: mysql
version: 3.2.1
repository: http://another.example.com/charts
libraries:
- name: common
version: "^2.1.0"
repository: http://another.example.com/charts
Library charts are noted in the library: directive in the requirements.yaml:
title: Values
type: object
properties:
name:
description: Service name
type: string
protocol:
type: string
port:
description: Port
type: integer
minimum: 0
image:
description: Container Image
type: object
properties:
repo:
type: string
tag:
type: string
required:
- protocol
- port
Example schema stored in a
values.schema.yaml file
apiVersion: v1
kind: Secret
metadata:
name: {{ template "tensorflow-notebook.fullname" . }}
labels:
app: {{ template "tensorflow-notebook.name" . }}
chart: {{ template "tensorflow-notebook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
type: Opaque
data:
password: {{ .Values.jupyter.password | b64enc | quote }}
The pre-install and
pre-upgrade hook
are set
Computer outside Kubernetes
Kubernetes
Helm v3
Normal Helm CLI model is a push
Helm Controller Model (idea still in development)
Kubernetes
Helm v3
Controller
Helm
Repository
name: "last"
version: "0.1.0"
usage: "get the last release name"
description: "get the last release name"
command: "$HELM_BIN --host $TILLER_HOST list --short --max 1 --date -r"
# New part:
platformCommand:
- os: linux
arch: i386
command: "$HELM_BIN list --short --max 1 --date -r"
- os: windows
arch: amd64
command: "$HELM_BIN list --short --max 1 --date -r"
plugins:
- name: helm-template
url: https://github.com/technosophos/helm-template
- name: helm-value-store
url: https://github.com/skuid/helm-value-store
- name: helm-diff
url: https://github.com/databus23/helm-diff
helm init --plugins <file.yaml>
An Example Plugins file:
$ helm serve
Regenerating index. This may take a moment.
Now serving you on 127.0.0.1:8879
Run a local Helm
repository
$ helm login https://repo.example.com
$ helm push mychart-0.1.0.tgz https://repo.example.com
The exact commands are still being worked out
{
"apiVersion": "v2",
"entries": {
"artifactory": {
"ref": "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory.json",
"stable": {
"created": "2017-07-06T01:33:50.952Z",
"description": "Universal Repository Manager supporting all major packaging formats,nbuild tools and CI servers.",
"digest": "249e27501dbfe1bd93d4039b04440f0ff19c707ba720540f391b5aefa3571455",
"home": "https://www.jfrog.com/artifactory/",
"icon": "https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png",
"keywords": [
"artifactory",
"jfrog"
],
"maintainers": [
{
"email": "[redacted]",
"name": "[redacted]"
}
],
"name": "artifactory",
"sources": [
"https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view",
"https://github.com/JFrogDev"
],
"urls": [
"https://kubernetes-charts-incubator.storage.googleapis.com/artifactory-5.2.0.tgz"
],
"version": "5.2.0"
}
}
}
}
An example index.json file
 No More Tiller
 State Storage
 Event Driven Architecture
 Charts:
• Extensions
• Library Charts
• Schemas for values files
 Hook Annotations
 Helm controller model
Changes from v2:
 Plugins:
• Handling Cross Platforms (like Windows)
• Plugins in Lua
• Easier installation
 Repositories:
• No more helm serve
• Push to repositories
• Performance improvements
https://www.slideshare.net/mattfarina/helm-orchestructure

More Related Content

What's hot

OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsEtsuji Nakai
 
[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with Prometheus
[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with Prometheus[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with Prometheus
[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with PrometheusOpenStack Korea Community
 
Cloning Running Servers with Docker and CRIU by Ross Boucher
Cloning Running Servers with Docker and CRIU by Ross BoucherCloning Running Servers with Docker and CRIU by Ross Boucher
Cloning Running Servers with Docker and CRIU by Ross BoucherDocker, Inc.
 
Monitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMonitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMartin Etmajer
 
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and BeyondTectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and BeyondCoreOS
 
Docker 1.9 Feature Overview
Docker 1.9 Feature OverviewDocker 1.9 Feature Overview
Docker 1.9 Feature OverviewSreenivas Makam
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup   kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup   kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Nati Shalom
 
Kube-AWS
Kube-AWSKube-AWS
Kube-AWSCoreOS
 
Continuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in CloudContinuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in CloudIdeato
 
Deploying Symfony2 app with Ansible
Deploying Symfony2 app with AnsibleDeploying Symfony2 app with Ansible
Deploying Symfony2 app with AnsibleRoman Rodomansky
 
Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila
 
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker, Inc.
 
Kubernetes Hands-On Guide
Kubernetes Hands-On GuideKubernetes Hands-On Guide
Kubernetes Hands-On GuideStratoscale
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesYevgeniy Brikman
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsSreenivas Makam
 
ContainerDayVietnam2016: Docker for JS Developer
ContainerDayVietnam2016: Docker for JS DeveloperContainerDayVietnam2016: Docker for JS Developer
ContainerDayVietnam2016: Docker for JS DeveloperDocker-Hanoi
 
Docker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise DockerDocker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise DockerArnaud MAZIN
 
Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Chris Tankersley
 
K8s security best practices
K8s security best practicesK8s security best practices
K8s security best practicesSharon Vendrov
 

What's hot (20)

OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking details
 
[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with Prometheus
[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with Prometheus[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with Prometheus
[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with Prometheus
 
Cloning Running Servers with Docker and CRIU by Ross Boucher
Cloning Running Servers with Docker and CRIU by Ross BoucherCloning Running Servers with Docker and CRIU by Ross Boucher
Cloning Running Servers with Docker and CRIU by Ross Boucher
 
Monitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMonitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on Kubernetes
 
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and BeyondTectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
 
Docker 1.9 Feature Overview
Docker 1.9 Feature OverviewDocker 1.9 Feature Overview
Docker 1.9 Feature Overview
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup   kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup   kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
 
Kube-AWS
Kube-AWSKube-AWS
Kube-AWS
 
Continuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in CloudContinuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in Cloud
 
Deploying Symfony2 app with Ansible
Deploying Symfony2 app with AnsibleDeploying Symfony2 app with Ansible
Deploying Symfony2 app with Ansible
 
Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)
 
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
Docker at Shopify: From This-Looks-Fun to Production by Simon Eskildsen (Shop...
 
Kubernetes Hands-On Guide
Kubernetes Hands-On GuideKubernetes Hands-On Guide
Kubernetes Hands-On Guide
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing options
 
ContainerDayVietnam2016: Docker for JS Developer
ContainerDayVietnam2016: Docker for JS DeveloperContainerDayVietnam2016: Docker for JS Developer
ContainerDayVietnam2016: Docker for JS Developer
 
Docker Support
Docker Support Docker Support
Docker Support
 
Docker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise DockerDocker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise Docker
 
Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016
 
K8s security best practices
K8s security best practicesK8s security best practices
K8s security best practices
 

Similar to Exploring the Future of Helm

Automating Container Deployments on Virtualization with Ansible: OpenShift on...
Automating Container Deployments on Virtualization with Ansible: OpenShift on...Automating Container Deployments on Virtualization with Ansible: OpenShift on...
Automating Container Deployments on Virtualization with Ansible: OpenShift on...Laurent Domb
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guideRoberto Boccadoro
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDropsolid
 
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Amazon Web Services
 
Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Bo-Yi Wu
 
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmetHow Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmetDevOpsDaysJKT
 
Istio Playground
Istio PlaygroundIstio Playground
Istio PlaygroundQAware GmbH
 
Preparation study of_docker - (MOSG)
Preparation study of_docker  - (MOSG)Preparation study of_docker  - (MOSG)
Preparation study of_docker - (MOSG)Soshi Nemoto
 
Kubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesKubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesJeffrey Holden
 
Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...
Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...
Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...Evgeny Antyshev
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetesLiran Cohen
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Michael Man
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
Postgres the hardway
Postgres the hardwayPostgres the hardway
Postgres the hardwayDave Pitts
 
Docker container management
Docker container managementDocker container management
Docker container managementKarol Kreft
 
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2Alfonso Martino
 
Monitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialMonitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialTim Vaillancourt
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever buildingEdmond Yu
 

Similar to Exploring the Future of Helm (20)

Automating Container Deployments on Virtualization with Ansible: OpenShift on...
Automating Container Deployments on Virtualization with Ansible: OpenShift on...Automating Container Deployments on Virtualization with Ansible: OpenShift on...
Automating Container Deployments on Virtualization with Ansible: OpenShift on...
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guide
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
 
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
 
Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署
 
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmetHow Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
 
kubernetes practice
kubernetes practicekubernetes practice
kubernetes practice
 
Istio Playground
Istio PlaygroundIstio Playground
Istio Playground
 
Preparation study of_docker - (MOSG)
Preparation study of_docker  - (MOSG)Preparation study of_docker  - (MOSG)
Preparation study of_docker - (MOSG)
 
Kubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesKubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on Kubernetes
 
Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...
Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...
Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
Postgres the hardway
Postgres the hardwayPostgres the hardway
Postgres the hardway
 
Docker container management
Docker container managementDocker container management
Docker container management
 
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
 
Monitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialMonitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_Tutorial
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever building
 

More from Matthew Farina

Helm project update at cncf 2019
Helm project update at cncf 2019Helm project update at cncf 2019
Helm project update at cncf 2019Matthew Farina
 
Measuring How Helm Is Used
Measuring How Helm Is UsedMeasuring How Helm Is Used
Measuring How Helm Is UsedMatthew Farina
 
Testing Lessons Learned From The Community Charts
Testing Lessons Learned From The Community ChartsTesting Lessons Learned From The Community Charts
Testing Lessons Learned From The Community ChartsMatthew Farina
 
Kubecon SIG Apps December 2017 Update
Kubecon SIG Apps December 2017 UpdateKubecon SIG Apps December 2017 Update
Kubecon SIG Apps December 2017 UpdateMatthew Farina
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
 
A Dive Into Containers and Docker
A Dive Into Containers and DockerA Dive Into Containers and Docker
A Dive Into Containers and DockerMatthew Farina
 
HP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional ServicesHP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional ServicesMatthew Farina
 
Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedMatthew Farina
 
Faster front end performance
Faster front end performanceFaster front end performance
Faster front end performanceMatthew Farina
 
Front end performance improvements
Front end performance improvementsFront end performance improvements
Front end performance improvementsMatthew Farina
 
Building Faster Websites
Building Faster WebsitesBuilding Faster Websites
Building Faster WebsitesMatthew Farina
 
Drupal Calendaring, A Technological Solution
Drupal Calendaring, A Technological SolutionDrupal Calendaring, A Technological Solution
Drupal Calendaring, A Technological SolutionMatthew Farina
 
Intro To jQuery In Drupal
Intro To jQuery In DrupalIntro To jQuery In Drupal
Intro To jQuery In DrupalMatthew Farina
 

More from Matthew Farina (16)

Helm project update at cncf 2019
Helm project update at cncf 2019Helm project update at cncf 2019
Helm project update at cncf 2019
 
Measuring How Helm Is Used
Measuring How Helm Is UsedMeasuring How Helm Is Used
Measuring How Helm Is Used
 
Testing Lessons Learned From The Community Charts
Testing Lessons Learned From The Community ChartsTesting Lessons Learned From The Community Charts
Testing Lessons Learned From The Community Charts
 
Kubecon SIG Apps December 2017 Update
Kubecon SIG Apps December 2017 UpdateKubecon SIG Apps December 2017 Update
Kubecon SIG Apps December 2017 Update
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
 
A Dive Into Containers and Docker
A Dive Into Containers and DockerA Dive Into Containers and Docker
A Dive Into Containers and Docker
 
HP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional ServicesHP Helion OpenStack and Professional Services
HP Helion OpenStack and Professional Services
 
Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involved
 
Faster front end performance
Faster front end performanceFaster front end performance
Faster front end performance
 
Secure your site
Secure your siteSecure your site
Secure your site
 
Faster mobile sites
Faster mobile sitesFaster mobile sites
Faster mobile sites
 
Front end performance improvements
Front end performance improvementsFront end performance improvements
Front end performance improvements
 
Building Faster Websites
Building Faster WebsitesBuilding Faster Websites
Building Faster Websites
 
Drupal Calendaring, A Technological Solution
Drupal Calendaring, A Technological SolutionDrupal Calendaring, A Technological Solution
Drupal Calendaring, A Technological Solution
 
Make Drupal Better
Make Drupal BetterMake Drupal Better
Make Drupal Better
 
Intro To jQuery In Drupal
Intro To jQuery In DrupalIntro To jQuery In Drupal
Intro To jQuery In Drupal
 

Recently uploaded

Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理AS
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理F
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样AS
 
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...mikehavy0
 
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic ManagementBeyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Managementseank14
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
@OBAT ABORSI 3 BULAN@ OBAT PENGGUGUR KANDUNGAN 3 BULAN (087776558899)
@OBAT ABORSI 3 BULAN@ OBAT PENGGUGUR KANDUNGAN 3 BULAN (087776558899)@OBAT ABORSI 3 BULAN@ OBAT PENGGUGUR KANDUNGAN 3 BULAN (087776558899)
@OBAT ABORSI 3 BULAN@ OBAT PENGGUGUR KANDUNGAN 3 BULAN (087776558899)Obat Cytotec
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样AS
 
Washington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers ShirtWashington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers Shirtrahman018755
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Dewi Agency
 
Jual obat aborsi Bekasi ( 085657271886 ) Cytote pil telat bulan penggugur kan...
Jual obat aborsi Bekasi ( 085657271886 ) Cytote pil telat bulan penggugur kan...Jual obat aborsi Bekasi ( 085657271886 ) Cytote pil telat bulan penggugur kan...
Jual obat aborsi Bekasi ( 085657271886 ) Cytote pil telat bulan penggugur kan...ZurliaSoop
 
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsrahman018755
 
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样AS
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理AS
 
一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证学位证书
一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证学位证书一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证学位证书
一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证学位证书AS
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书c6eb683559b3
 

Recently uploaded (20)

Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
 
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
Abortion Clinic in Germiston +27791653574 WhatsApp Abortion Clinic Services i...
 
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic ManagementBeyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
@OBAT ABORSI 3 BULAN@ OBAT PENGGUGUR KANDUNGAN 3 BULAN (087776558899)
@OBAT ABORSI 3 BULAN@ OBAT PENGGUGUR KANDUNGAN 3 BULAN (087776558899)@OBAT ABORSI 3 BULAN@ OBAT PENGGUGUR KANDUNGAN 3 BULAN (087776558899)
@OBAT ABORSI 3 BULAN@ OBAT PENGGUGUR KANDUNGAN 3 BULAN (087776558899)
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
 
Washington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers ShirtWashington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers Shirt
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303
 
Jual obat aborsi Bekasi ( 085657271886 ) Cytote pil telat bulan penggugur kan...
Jual obat aborsi Bekasi ( 085657271886 ) Cytote pil telat bulan penggugur kan...Jual obat aborsi Bekasi ( 085657271886 ) Cytote pil telat bulan penggugur kan...
Jual obat aborsi Bekasi ( 085657271886 ) Cytote pil telat bulan penggugur kan...
 
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
 
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
 
一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证学位证书
一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证学位证书一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证学位证书
一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证学位证书
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
 

Exploring the Future of Helm

  • 1. Copyright © 2018 Samsung SDS America, Inc. All rights reserved October, 2018 Signing Helm Charts and Helm v3 Matt Farina
  • 2.
  • 3.
  • 4. $ helm create mychart $ helm package --sign --key 'key' --keyring path/to/keyring.secret mychart $ helm verify mychart-0.1.0.tgz $ helm install --verify mychart-0.1.0.tgz
  • 5. -----BEGIN PGP SIGNED MESSAGE----- name: nginx description: The nginx web server as a replication controller and service pair. version: 0.5.1 keywords: - https - http - web server - proxy source: - https://github.com/foo/bar home: http://nginx.com ... files: nginx-0.5.1.tgz: “sha256:9f5270f50fc842cfcb717f817e95178f” -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjilUEACgQkB01zfu119ZnHuQCdGCcg2YxF3XFscJLS4lzHlvte WkQAmQGHuuoLEJuKhRNo+Wy7mhE7u1YG =eifq -----END PGP SIGNATURE-----
  • 6. $ helm verify topchart-0.1.0.tgz Error: sha256 sum does not match for topchart-0.1.0.tgz: "sha256:1939fbf7c10 23d2f6b865d137bbb600e0c42061c3235528b1e8c82f4450c12a7" != "sha256:5a391a90de 56778dd3274e47d789a2c84e0e106e1a37ef8cfa51fd60ac9e623a"
  • 7.
  • 9. $ gpg --export-secret-keys >~/.gnupg/secring.gpg $ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart $ gpg --export >~/.gnupg/pubring.pgp $ helm verify mychart-0.1.0.tgz --keyring ~/.gnupg/pubring.pgp
  • 10. $ gpg --export-secret-keys >~/.gnupg/secring.gpg $ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart Successfully packaged chart and saved it to: /path/to/mychart-0.1.0.tgz Error: openpgp: unsupported feature: hash for S2K function: 0
  • 11.
  • 12. Sorry, no windows as it requires shell
  • 13. $ helm create mychart $ helm package mychart $ helm gpg sign mychart-0.1.0.tgz $ helm gpg verify mychart-0.1.0.tgz $ helm install --verify mychart-0.1.0.tgz CI NOT using smart card for key can still use previous methods
  • 14. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: mychart version: 0.1.0 ... files: mychart-0.1.0.tgz: sha256:352c6fa9f974983a5c1455059c82913c4da2b8de7e7c9211e3bd38330cf8fb0f -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcR8o1RDh4Ly9X2v+lDboC/ukaQkFAlvOGJ4ACgkQlDboC/uk aQmcDA/+InIc/ybA472MxhY7pOU5AILyjFJnTC6Ky7YKMdWP9Ig+GFk/THKd5VJo bCwpUgtrXs1+nnNuiRN/53wd/ocYXQry/mAN7yZJDaKhqTX2Y2nRz7JHJKwDIwt3 i/herOby+l0h54kYaUyyCGpZidCJhTe79YvvFP9nLbfa5UGhL+rbAMSCV0D3fIwG FU01VPUsoOaiHvdE7snFLX2gdyvkgsFXhj4I6fT66EBaxL4zGS/1IidyfGZZ1N2Z 5MfXWBWfdJ2xcamR/6f32HckXq9yRGZHvT7VYobiwVptRvpkS3CTMMr9cwXAbj53 1L6INbQ+xlh121elzEBC1f91pf8BCgTnWXarfuMek0U/T0L1GBSUUL9aau1B7Cic 9Ql10EGZEm9erT/w4vRcVSGWdIqj1ks66mOv4Nz1CvC+AaMPUNxFlfwYT5B1iiB2 +8rzq0h3ZIER7/GNevG/G1r9O9DBBcEkx5MMFL4asutUk+VWsOKkPOT8d5QaoGiW MnV+1l3nOW2k8BOi4SkMQYBKLnznrC+WqKqLIruzSulM132GW7UbjKnP/2LiOVMh FMCUbo7DGVis39xHicm4PUT0As9m/zO2UezDbEKm9Vw7kw6pPBl2hfokMPyXWjGO 6glgCAIoEarVH8jqsjALAWKVyybjslVctVH172/m4LoTMrw4yJk= =+L4T -----END PGP SIGNATURE-----
  • 15. If you’re into that…
  • 16.
  • 17.
  • 18. 2.11.0 Semantic Versioning Example: Increment for new features Increment for bug fixesIncrement when API changes
  • 20. Local Computer Kubernetes Tiller Helm v2 Tiller still stores data in cluster
  • 21.
  • 22. Kubernetes Helm v2 Kubernetes Helm v3 State stored in ConfigMaps. Optionally setup to use Secrets. State stored in Secrets and Custom Resources.
  • 23. Access to data including: - Chart data - Values - Capabilities - Files - Templates - Dependencies Many Events These depend on the command being run and include: pre-create, post-create, pre-delete, pre-dependency-build, post-dependency-build, pre-render, post-render, pre-install, pre-lint, pre-rollback, post-template… … and many others
  • 24. function init(events) { -- Initialize subcharts subchart.init(events) -- Do other stuff events.on("pre-load", function () { print("pre-load event") }) } A simple made up example: The Lua API is still under development
  • 25. Permission Scheme The ext/permissions.yaml file: lua: - network - io The Helm CLI will ask for permission to use these libraries. Only permissible libs will be imported. Easy To Embed Requirements: - Interpreter embedded in Helm (Do not rely extra system software) - Cross platform Helm binaries (Windows, macOS, Linux) Lua is a lightweight language designed primarily for embedded use in applications. Lua was designed for this!
  • 26. requirements: - name: apache version: 1.2.3 repository: http://example.com/charts - name: mysql version: 3.2.1 repository: http://another.example.com/charts libraries: - name: common version: "^2.1.0" repository: http://another.example.com/charts Library charts are noted in the library: directive in the requirements.yaml:
  • 27. title: Values type: object properties: name: description: Service name type: string protocol: type: string port: description: Port type: integer minimum: 0 image: description: Container Image type: object properties: repo: type: string tag: type: string required: - protocol - port Example schema stored in a values.schema.yaml file
  • 28. apiVersion: v1 kind: Secret metadata: name: {{ template "tensorflow-notebook.fullname" . }} labels: app: {{ template "tensorflow-notebook.name" . }} chart: {{ template "tensorflow-notebook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": pre-install,pre-upgrade type: Opaque data: password: {{ .Values.jupyter.password | b64enc | quote }} The pre-install and pre-upgrade hook are set
  • 29. Computer outside Kubernetes Kubernetes Helm v3 Normal Helm CLI model is a push Helm Controller Model (idea still in development) Kubernetes Helm v3 Controller Helm Repository
  • 30. name: "last" version: "0.1.0" usage: "get the last release name" description: "get the last release name" command: "$HELM_BIN --host $TILLER_HOST list --short --max 1 --date -r" # New part: platformCommand: - os: linux arch: i386 command: "$HELM_BIN list --short --max 1 --date -r" - os: windows arch: amd64 command: "$HELM_BIN list --short --max 1 --date -r"
  • 31.
  • 32. plugins: - name: helm-template url: https://github.com/technosophos/helm-template - name: helm-value-store url: https://github.com/skuid/helm-value-store - name: helm-diff url: https://github.com/databus23/helm-diff helm init --plugins <file.yaml> An Example Plugins file:
  • 33. $ helm serve Regenerating index. This may take a moment. Now serving you on 127.0.0.1:8879 Run a local Helm repository
  • 34. $ helm login https://repo.example.com $ helm push mychart-0.1.0.tgz https://repo.example.com The exact commands are still being worked out
  • 35. { "apiVersion": "v2", "entries": { "artifactory": { "ref": "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory.json", "stable": { "created": "2017-07-06T01:33:50.952Z", "description": "Universal Repository Manager supporting all major packaging formats,nbuild tools and CI servers.", "digest": "249e27501dbfe1bd93d4039b04440f0ff19c707ba720540f391b5aefa3571455", "home": "https://www.jfrog.com/artifactory/", "icon": "https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png", "keywords": [ "artifactory", "jfrog" ], "maintainers": [ { "email": "[redacted]", "name": "[redacted]" } ], "name": "artifactory", "sources": [ "https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view", "https://github.com/JFrogDev" ], "urls": [ "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory-5.2.0.tgz" ], "version": "5.2.0" } } } } An example index.json file
  • 36.  No More Tiller  State Storage  Event Driven Architecture  Charts: • Extensions • Library Charts • Schemas for values files  Hook Annotations  Helm controller model Changes from v2:  Plugins: • Handling Cross Platforms (like Windows) • Plugins in Lua • Easier installation  Repositories: • No more helm serve • Push to repositories • Performance improvements