Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 37

Exploring the Future of Helm

Dec. 18, 2019
0 likes 381 views

0

Share

Download to read offline

Internet

Helm, the defacto package manager for Kubernetes, is a powerful tool going through a period of breaking development. Join us as Matt Farina, a Helm Maintainer and co-chair of sig-apps will explore some advanced and often overlooked techniques; along with discussing the future direction of the project and the major changes in store for Helm v3.

Recommended

Related Books

Free with a 30 day trial from Scribd

See all
The Impulse Economy: Understanding Mobile Shoppers and What Makes Them Buy Gary Schwartz
(4.5/5)
Free
Emergence: The Connected Lives of Ants, Brains, Cities, and Software Steven Johnson
(4.5/5)
Free
Tubes: A Journey to the Center of the Internet Andrew Blum
(4/5)
Free
World Wide Mind: The Coming Integration of Humanity, Machines, and the Internet Michael Chorost
(4/5)
Free
An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths Glenn Reynolds
(4/5)
Free
In the Plex: How Google Thinks, Works, and Shapes Our Lives Steven Levy
(4.5/5)
Free
Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age William Powers
(4/5)
Free
The Thank You Economy Gary Vaynerchuk
(4/5)
Free
Talking Back to Facebook: The Common Sense Guide to Raising Kids in the Digital Age James P. Steyer
(4.5/5)
Free
Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live Jeff Jarvis
(3.5/5)
Free
The Nature of the Future: Dispatches from the Socialstructed World Marina Gorbis
(4/5)
Free
Socialnomics: How Social Media Transforms the Way We Live and Do Business Erik Qualman
(3/5)
Free
The End of Business As Usual: Rewire the Way You Work to Succeed in the Consumer Revolution Brian Solis
(5/5)
Free
Blog Schmog: The Truth About What Blogs Can (and Can't) Do for Your Business Robert W. Bly
(4/5)
Free
Digital Vertigo: How Today's Online Social Revolution Is Dividing, Diminishing, and Disorienting Us Andrew Keen
(3/5)
Free
Google's PageRank and Beyond: The Science of Search Engine Rankings Amy N. Langville
(3/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Ten Arguments for Deleting Your Social Media Accounts Right Now Jaron Lanier
(4/5)
Free
Stop Checking Your Likes: Shake Off the Need for Approval and Live an Incredible Life Susie Moore
(4/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community that Will Listen Kristen Meinzer
(4.5/5)
Free
The Dark Net: Inside the Digital Underworld Jamie Bartlett
(3.5/5)
Free
This Machine Kills Secrets: How Wikileakers, Cypherpunks, and Hacktivists Aim to Free the World's Information Andy Greenberg
(4/5)
Free
Kill All Normies: Online Culture Wars From 4Chan And Tumblr To Trump And The Alt-Right Angela Nagle
(4/5)
Free
The Art of Social Media: Power Tips for Power Users Guy Kawasaki
(4/5)
Free
Instagram for Business for Dummies: 2nd Edition Jenn Herman
(5/5)
Free
Who Owns the Future? Jaron Lanier
(4/5)
Free
Cyberwar: How Russian Hackers and Trolls Helped Elect a President—What We Don't, Can't, and Do Know Kathleen Hall Jamieson
(3/5)
Free
Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous Gabriella Coleman
(4/5)
Free
Internet Riches: The Simple Money-Making Secrets of Online Millionaires Scott Fox
(4/5)
Free
Exploding Data: Reclaiming Our Cyber Security in the Digital Age Michael Chertoff
(4/5)
Free
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World Don Tapscott
(4/5)
Free
The Secret Life: Three True Stories of the Digital Age Andrew O'Hagan
(4/5)
Free
Protecting Your Internet Identity: Are You Naked Online? Ted Claypoole
(0/5)
Free

Exploring the Future of Helm

  1. 1. Copyright © 2018 Samsung SDS America, Inc. All rights reserved October, 2018 Signing Helm Charts and Helm v3 Matt Farina
  2. 2. $ helm create mychart $ helm package --sign --key 'key' --keyring path/to/keyring.secret mychart $ helm verify mychart-0.1.0.tgz $ helm install --verify mychart-0.1.0.tgz
  3. 3. -----BEGIN PGP SIGNED MESSAGE----- name: nginx description: The nginx web server as a replication controller and service pair. version: 0.5.1 keywords: - https - http - web server - proxy source: - https://github.com/foo/bar home: http://nginx.com ... files: nginx-0.5.1.tgz: “sha256:9f5270f50fc842cfcb717f817e95178f” -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjilUEACgQkB01zfu119ZnHuQCdGCcg2YxF3XFscJLS4lzHlvte WkQAmQGHuuoLEJuKhRNo+Wy7mhE7u1YG =eifq -----END PGP SIGNATURE-----
  4. 4. $ helm verify topchart-0.1.0.tgz Error: sha256 sum does not match for topchart-0.1.0.tgz: "sha256:1939fbf7c10 23d2f6b865d137bbb600e0c42061c3235528b1e8c82f4450c12a7" != "sha256:5a391a90de 56778dd3274e47d789a2c84e0e106e1a37ef8cfa51fd60ac9e623a"
  5. 5. https://gnupg.org/faq/whats-new-in-2.1.html
  6. 6. $ gpg --export-secret-keys >~/.gnupg/secring.gpg $ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart $ gpg --export >~/.gnupg/pubring.pgp $ helm verify mychart-0.1.0.tgz --keyring ~/.gnupg/pubring.pgp
  7. 7. $ gpg --export-secret-keys >~/.gnupg/secring.gpg $ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart Successfully packaged chart and saved it to: /path/to/mychart-0.1.0.tgz Error: openpgp: unsupported feature: hash for S2K function: 0
  8. 8. Sorry, no windows as it requires shell
  9. 9. $ helm create mychart $ helm package mychart $ helm gpg sign mychart-0.1.0.tgz $ helm gpg verify mychart-0.1.0.tgz $ helm install --verify mychart-0.1.0.tgz CI NOT using smart card for key can still use previous methods
  10. 10. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: mychart version: 0.1.0 ... files: mychart-0.1.0.tgz: sha256:352c6fa9f974983a5c1455059c82913c4da2b8de7e7c9211e3bd38330cf8fb0f -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcR8o1RDh4Ly9X2v+lDboC/ukaQkFAlvOGJ4ACgkQlDboC/uk aQmcDA/+InIc/ybA472MxhY7pOU5AILyjFJnTC6Ky7YKMdWP9Ig+GFk/THKd5VJo bCwpUgtrXs1+nnNuiRN/53wd/ocYXQry/mAN7yZJDaKhqTX2Y2nRz7JHJKwDIwt3 i/herOby+l0h54kYaUyyCGpZidCJhTe79YvvFP9nLbfa5UGhL+rbAMSCV0D3fIwG FU01VPUsoOaiHvdE7snFLX2gdyvkgsFXhj4I6fT66EBaxL4zGS/1IidyfGZZ1N2Z 5MfXWBWfdJ2xcamR/6f32HckXq9yRGZHvT7VYobiwVptRvpkS3CTMMr9cwXAbj53 1L6INbQ+xlh121elzEBC1f91pf8BCgTnWXarfuMek0U/T0L1GBSUUL9aau1B7Cic 9Ql10EGZEm9erT/w4vRcVSGWdIqj1ks66mOv4Nz1CvC+AaMPUNxFlfwYT5B1iiB2 +8rzq0h3ZIER7/GNevG/G1r9O9DBBcEkx5MMFL4asutUk+VWsOKkPOT8d5QaoGiW MnV+1l3nOW2k8BOi4SkMQYBKLnznrC+WqKqLIruzSulM132GW7UbjKnP/2LiOVMh FMCUbo7DGVis39xHicm4PUT0As9m/zO2UezDbEKm9Vw7kw6pPBl2hfokMPyXWjGO 6glgCAIoEarVH8jqsjALAWKVyybjslVctVH172/m4LoTMrw4yJk= =+L4T -----END PGP SIGNATURE-----
  11. 11. If you’re into that…
  12. 12. 2.11.0 Semantic Versioning Example: Increment for new features Increment for bug fixesIncrement when API changes
  13. 13. Kubernetes TillerHelm v2 Kubernetes Helm v3
  14. 14. Local Computer Kubernetes Tiller Helm v2 Tiller still stores data in cluster
  15. 15. Kubernetes Helm v2 Kubernetes Helm v3 State stored in ConfigMaps. Optionally setup to use Secrets. State stored in Secrets and Custom Resources.
  16. 16. Access to data including: - Chart data - Values - Capabilities - Files - Templates - Dependencies Many Events These depend on the command being run and include: pre-create, post-create, pre-delete, pre-dependency-build, post-dependency-build, pre-render, post-render, pre-install, pre-lint, pre-rollback, post-template… … and many others
  17. 17. function init(events) { -- Initialize subcharts subchart.init(events) -- Do other stuff events.on("pre-load", function () { print("pre-load event") }) } A simple made up example: The Lua API is still under development
  18. 18. Permission Scheme The ext/permissions.yaml file: lua: - network - io The Helm CLI will ask for permission to use these libraries. Only permissible libs will be imported. Easy To Embed Requirements: - Interpreter embedded in Helm (Do not rely extra system software) - Cross platform Helm binaries (Windows, macOS, Linux) Lua is a lightweight language designed primarily for embedded use in applications. Lua was designed for this!
  19. 19. requirements: - name: apache version: 1.2.3 repository: http://example.com/charts - name: mysql version: 3.2.1 repository: http://another.example.com/charts libraries: - name: common version: "^2.1.0" repository: http://another.example.com/charts Library charts are noted in the library: directive in the requirements.yaml:
  20. 20. title: Values type: object properties: name: description: Service name type: string protocol: type: string port: description: Port type: integer minimum: 0 image: description: Container Image type: object properties: repo: type: string tag: type: string required: - protocol - port Example schema stored in a values.schema.yaml file
  21. 21. apiVersion: v1 kind: Secret metadata: name: {{ template "tensorflow-notebook.fullname" . }} labels: app: {{ template "tensorflow-notebook.name" . }} chart: {{ template "tensorflow-notebook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": pre-install,pre-upgrade type: Opaque data: password: {{ .Values.jupyter.password | b64enc | quote }} The pre-install and pre-upgrade hook are set
  22. 22. Computer outside Kubernetes Kubernetes Helm v3 Normal Helm CLI model is a push Helm Controller Model (idea still in development) Kubernetes Helm v3 Controller Helm Repository
  23. 23. name: "last" version: "0.1.0" usage: "get the last release name" description: "get the last release name" command: "$HELM_BIN --host $TILLER_HOST list --short --max 1 --date -r" # New part: platformCommand: - os: linux arch: i386 command: "$HELM_BIN list --short --max 1 --date -r" - os: windows arch: amd64 command: "$HELM_BIN list --short --max 1 --date -r"
  24. 24. plugins: - name: helm-template url: https://github.com/technosophos/helm-template - name: helm-value-store url: https://github.com/skuid/helm-value-store - name: helm-diff url: https://github.com/databus23/helm-diff helm init --plugins <file.yaml> An Example Plugins file:
  25. 25. $ helm serve Regenerating index. This may take a moment. Now serving you on 127.0.0.1:8879 Run a local Helm repository
  26. 26. $ helm login https://repo.example.com $ helm push mychart-0.1.0.tgz https://repo.example.com The exact commands are still being worked out
  27. 27. { "apiVersion": "v2", "entries": { "artifactory": { "ref": "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory.json", "stable": { "created": "2017-07-06T01:33:50.952Z", "description": "Universal Repository Manager supporting all major packaging formats,nbuild tools and CI servers.", "digest": "249e27501dbfe1bd93d4039b04440f0ff19c707ba720540f391b5aefa3571455", "home": "https://www.jfrog.com/artifactory/", "icon": "https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png", "keywords": [ "artifactory", "jfrog" ], "maintainers": [ { "email": "[redacted]", "name": "[redacted]" } ], "name": "artifactory", "sources": [ "https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view", "https://github.com/JFrogDev" ], "urls": [ "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory-5.2.0.tgz" ], "version": "5.2.0" } } } } An example index.json file
  28. 28.  No More Tiller  State Storage  Event Driven Architecture  Charts: • Extensions • Library Charts • Schemas for values files  Hook Annotations  Helm controller model Changes from v2:  Plugins: • Handling Cross Platforms (like Windows) • Plugins in Lua • Easier installation  Repositories: • No more helm serve • Push to repositories • Performance improvements
  29. 29. https://www.slideshare.net/mattfarina/helm-orchestructure

×