Matthew Farina, profile picture
Uploaded byMatthew Farina
PPTX, PDF634 views

Helm @ Orchestructure

Helm v3 introduces several changes from Helm v2, including removing Tiller, storing state in Kubernetes secrets and custom resources instead of etcd, using an event-driven architecture, adding extensions like library charts and schemas for values files, and introducing a Helm controller model. It also improves plugins with cross-platform support in Lua and easier installation, and changes how repositories work through pushing charts instead of using helm serve.

Embed presentation

Downloaded 17 times
Copyright © 2018 Samsung SDS America, Inc. All rights reserved October, 2018 Signing Helm Charts and Helm v3 Matt Farina
$ helm create mychart $ helm package --sign --key 'key' --keyring path/to/keyring.secret mychart $ helm verify mychart-0.1.0.tgz $ helm install --verify mychart-0.1.0.tgz
-----BEGIN PGP SIGNED MESSAGE----- name: nginx description: The nginx web server as a replication controller and service pair. version: 0.5.1 keywords: - https - http - web server - proxy source: - https://github.com/foo/bar home: http://nginx.com ... files: nginx-0.5.1.tgz: “sha256:9f5270f50fc842cfcb717f817e95178f” -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjilUEACgQkB01zfu119ZnHuQCdGCcg2YxF3XFscJLS4lzHlvte WkQAmQGHuuoLEJuKhRNo+Wy7mhE7u1YG =eifq -----END PGP SIGNATURE-----
$ helm verify topchart-0.1.0.tgz Error: sha256 sum does not match for topchart-0.1.0.tgz: "sha256:1939fbf7c10 23d2f6b865d137bbb600e0c42061c3235528b1e8c82f4450c12a7" != "sha256:5a391a90de 56778dd3274e47d789a2c84e0e106e1a37ef8cfa51fd60ac9e623a"
https://gnupg.org/faq/whats-new-in-2.1.html
$ gpg --export-secret-keys >~/.gnupg/secring.gpg $ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart $ gpg --export >~/.gnupg/pubring.pgp $ helm verify mychart-0.1.0.tgz --keyring ~/.gnupg/pubring.pgp
$ gpg --export-secret-keys >~/.gnupg/secring.gpg $ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart Successfully packaged chart and saved it to: /path/to/mychart-0.1.0.tgz Error: openpgp: unsupported feature: hash for S2K function: 0
Sorry, no windows as it requires shell
$ helm create mychart $ helm package mychart $ helm gpg sign mychart-0.1.0.tgz $ helm gpg verify mychart-0.1.0.tgz $ helm install --verify mychart-0.1.0.tgz CI NOT using smart card for key can still use previous methods
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: mychart version: 0.1.0 ... files: mychart-0.1.0.tgz: sha256:352c6fa9f974983a5c1455059c82913c4da2b8de7e7c9211e3bd38330cf8fb0f -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcR8o1RDh4Ly9X2v+lDboC/ukaQkFAlvOGJ4ACgkQlDboC/uk aQmcDA/+InIc/ybA472MxhY7pOU5AILyjFJnTC6Ky7YKMdWP9Ig+GFk/THKd5VJo bCwpUgtrXs1+nnNuiRN/53wd/ocYXQry/mAN7yZJDaKhqTX2Y2nRz7JHJKwDIwt3 i/herOby+l0h54kYaUyyCGpZidCJhTe79YvvFP9nLbfa5UGhL+rbAMSCV0D3fIwG FU01VPUsoOaiHvdE7snFLX2gdyvkgsFXhj4I6fT66EBaxL4zGS/1IidyfGZZ1N2Z 5MfXWBWfdJ2xcamR/6f32HckXq9yRGZHvT7VYobiwVptRvpkS3CTMMr9cwXAbj53 1L6INbQ+xlh121elzEBC1f91pf8BCgTnWXarfuMek0U/T0L1GBSUUL9aau1B7Cic 9Ql10EGZEm9erT/w4vRcVSGWdIqj1ks66mOv4Nz1CvC+AaMPUNxFlfwYT5B1iiB2 +8rzq0h3ZIER7/GNevG/G1r9O9DBBcEkx5MMFL4asutUk+VWsOKkPOT8d5QaoGiW MnV+1l3nOW2k8BOi4SkMQYBKLnznrC+WqKqLIruzSulM132GW7UbjKnP/2LiOVMh FMCUbo7DGVis39xHicm4PUT0As9m/zO2UezDbEKm9Vw7kw6pPBl2hfokMPyXWjGO 6glgCAIoEarVH8jqsjALAWKVyybjslVctVH172/m4LoTMrw4yJk= =+L4T -----END PGP SIGNATURE-----
If you’re into that…
2.11.0 Semantic Versioning Example: Increment for new features Increment for bug fixesIncrement when API changes
Kubernetes TillerHelm v2 Kubernetes Helm v3
Local Computer Kubernetes Tiller Helm v2 Tiller still stores data in cluster
Kubernetes Helm v2 Kubernetes Helm v3 State stored in ConfigMaps. Optionally setup to use Secrets. State stored in Secrets and Custom Resources.
Access to data including: - Chart data - Values - Capabilities - Files - Templates - Dependencies Many Events These depend on the command being run and include: pre-create, post-create, pre-delete, pre-dependency-build, post-dependency-build, pre-render, post-render, pre-install, pre-lint, pre-rollback, post-template… … and many others
function init(events) { -- Initialize subcharts subchart.init(events) -- Do other stuff events.on("pre-load", function () { print("pre-load event") }) } A simple made up example: The Lua API is still under development
Permission Scheme The ext/permissions.yaml file: lua: - network - io The Helm CLI will ask for permission to use these libraries. Only permissible libs will be imported. Easy To Embed Requirements: - Interpreter embedded in Helm (Do not rely extra system software) - Cross platform Helm binaries (Windows, macOS, Linux) Lua is a lightweight language designed primarily for embedded use in applications. Lua was designed for this!
requirements: - name: apache version: 1.2.3 repository: http://example.com/charts - name: mysql version: 3.2.1 repository: http://another.example.com/charts libraries: - name: common version: "^2.1.0" repository: http://another.example.com/charts Library charts are noted in the library: directive in the requirements.yaml:
title: Values type: object properties: name: description: Service name type: string protocol: type: string port: description: Port type: integer minimum: 0 image: description: Container Image type: object properties: repo: type: string tag: type: string required: - protocol - port Example schema stored in a values.schema.yaml file
apiVersion: v1 kind: Secret metadata: name: {{ template "tensorflow-notebook.fullname" . }} labels: app: {{ template "tensorflow-notebook.name" . }} chart: {{ template "tensorflow-notebook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": pre-install,pre-upgrade type: Opaque data: password: {{ .Values.jupyter.password | b64enc | quote }} The pre-install and pre-upgrade hook are set
Computer outside Kubernetes Kubernetes Helm v3 Normal Helm CLI model is a push Helm Controller Model (idea still in development) Kubernetes Helm v3 Controller Helm Repository
name: "last" version: "0.1.0" usage: "get the last release name" description: "get the last release name" command: "$HELM_BIN --host $TILLER_HOST list --short --max 1 --date -r" # New part: platformCommand: - os: linux arch: i386 command: "$HELM_BIN list --short --max 1 --date -r" - os: windows arch: amd64 command: "$HELM_BIN list --short --max 1 --date -r"
plugins: - name: helm-template url: https://github.com/technosophos/helm-template - name: helm-value-store url: https://github.com/skuid/helm-value-store - name: helm-diff url: https://github.com/databus23/helm-diff helm init --plugins <file.yaml> An Example Plugins file:
$ helm serve Regenerating index. This may take a moment. Now serving you on 127.0.0.1:8879 Run a local Helm repository
$ helm login https://repo.example.com $ helm push mychart-0.1.0.tgz https://repo.example.com The exact commands are still being worked out
{ "apiVersion": "v2", "entries": { "artifactory": { "ref": "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory.json", "stable": { "created": "2017-07-06T01:33:50.952Z", "description": "Universal Repository Manager supporting all major packaging formats,nbuild tools and CI servers.", "digest": "249e27501dbfe1bd93d4039b04440f0ff19c707ba720540f391b5aefa3571455", "home": "https://www.jfrog.com/artifactory/", "icon": "https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png", "keywords": [ "artifactory", "jfrog" ], "maintainers": [ { "email": "[redacted]", "name": "[redacted]" } ], "name": "artifactory", "sources": [ "https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view", "https://github.com/JFrogDev" ], "urls": [ "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory-5.2.0.tgz" ], "version": "5.2.0" } } } } An example index.json file
 No More Tiller  State Storage  Event Driven Architecture  Charts: • Extensions • Library Charts • Schemas for values files  Hook Annotations  Helm controller model Changes from v2:  Plugins: • Handling Cross Platforms (like Windows) • Plugins in Lua • Easier installation  Repositories: • No more helm serve • Push to repositories • Performance improvements
Helm @ Orchestructure

More Related Content

PDF
Helm 3
byMatthew Farina
 
PDF
Helm intro
byHaggai Philip Zagury
 
PDF
Helm – The package manager for Kubernetes
byFabianRosenthal1
 
PDF
What Is Helm
byAMELIAOLIVIA2
 
PDF
Helm - Package Manager for Kubernetes
byKnoldus Inc.
 
PDF
Kubernetes & helm 활용
bySK Telecom
 
PDF
Kubernetes Helm (Boulder Kubernetes Meetup, June 2016)
byMatt Butcher
 
PPTX
Steering the Course with Helm
byDirk Jablonski
 
Helm 3
byMatthew Farina
 
Helm intro
byHaggai Philip Zagury
 
Helm – The package manager for Kubernetes
byFabianRosenthal1
 
What Is Helm
byAMELIAOLIVIA2
 
Helm - Package Manager for Kubernetes
byKnoldus Inc.
 
Kubernetes & helm 활용
bySK Telecom
 
Kubernetes Helm (Boulder Kubernetes Meetup, June 2016)
byMatt Butcher
 
Steering the Course with Helm
byDirk Jablonski
 

What's hot

PDF
Helm Charts Security 101
byDeep Datta
 
PDF
Kubernetes Application Deployment with Helm - A beginner Guide!
byKrishna-Kumar
 
PPTX
Helm.pptx
bySISTechnologies
 
PDF
Hands-on Helm
byDocker, Inc.
 
PDF
Helm - Application deployment management for Kubernetes
byAlexei Ledenev
 
PPTX
01. Kubernetes-PPT.pptx
byTamalBanerjee16
 
PDF
Kubernetes: A Short Introduction (2019)
byMegan O'Keefe
 
PPTX
Intro to Helm for Kubernetes
byCarlos E. Salazar
 
PDF
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
bySunnyvale
 
PPTX
Introduction to Kubernetes
byParis Apostolopoulos
 
PPTX
Kubernetes fundamentals
byVictor Morales
 
PPTX
Kubernetes presentation
byGauranG Bajpai
 
PPTX
Introduction to Helm
byHarshal Shah
 
PDF
Kubernetes Introduction
byPeng Xiao
 
PDF
Quick introduction to Kubernetes
byEduardo Garcia Moyano
 
PDF
CD using ArgoCD(KnolX).pdf
byKnoldus Inc.
 
PPTX
Helm - Package manager in K8S
byPiotr Perzyna
 
PPTX
Kubernetes for Beginners: An Introductory Guide
byBytemark
 
PPTX
Introduction to helm
byJeeva Chelladhurai
 
PPTX
Kubernetes Basics
byRishabh Kumar
 
Helm Charts Security 101
byDeep Datta
 
Kubernetes Application Deployment with Helm - A beginner Guide!
byKrishna-Kumar
 
Helm.pptx
bySISTechnologies
 
Hands-on Helm
byDocker, Inc.
 
Helm - Application deployment management for Kubernetes
byAlexei Ledenev
 
01. Kubernetes-PPT.pptx
byTamalBanerjee16
 
Kubernetes: A Short Introduction (2019)
byMegan O'Keefe
 
Intro to Helm for Kubernetes
byCarlos E. Salazar
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
bySunnyvale
 
Introduction to Kubernetes
byParis Apostolopoulos
 
Kubernetes fundamentals
byVictor Morales
 
Kubernetes presentation
byGauranG Bajpai
 
Introduction to Helm
byHarshal Shah
 
Kubernetes Introduction
byPeng Xiao
 
Quick introduction to Kubernetes
byEduardo Garcia Moyano
 
CD using ArgoCD(KnolX).pdf
byKnoldus Inc.
 
Helm - Package manager in K8S
byPiotr Perzyna
 
Kubernetes for Beginners: An Introductory Guide
byBytemark
 
Introduction to helm
byJeeva Chelladhurai
 
Kubernetes Basics
byRishabh Kumar
 

Similar to Helm @ Orchestructure

PPTX
Helm-1233333333333333333333_Masterclass-v3.pptx
bySureshMudireddy2
 
PDF
learn Helm 3 for kuberenetes
byShyam Mohan
 
PDF
Helm 3 - Navigating to distant shores
byLachlan Evenson
 
PDF
helm101.pdf
bySamyaBikashSantra1
 
PDF
Making the Most of Helm 3 with Codefresh
byCodefresh
 
PPTX
Helm and the zen of managing complex Kubernetes apps
byAbhishek Chanda
 
PDF
Continuous Delivery for Kubernetes Apps with Helm and ChartMuseum
byCodefresh
 
PDF
Simplify Your Code with Helmfile
byCodefresh
 
PPTX
DevOps: Kubernetes + Helm with Azure
byJessica Deen
 
PDF
Helm 3: Navigating to Distant Shores (KubeCon EU 2019)
bybridgetkromhout
 
PDF
Helm Security Webinar
byDeep Datta
 
PDF
How Helm, The Package Manager For Kubernetes, Works
byMatthew Farina
 
PDF
CD in kubernetes using helm and ksonnet. Stas Kolenkin
byDataArt
 
PPTX
Manage Kubernetes application complexity with Helm
byAnnie Talvasto
 
PDF
Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion...
byCodemotion
 
PPTX
Leveraging Helm to manage Deployments on Kubernetes
byManoj Bhagwat
 
PDF
Microservices are ‘easy’ dependencies are hard
byItiel Shwartz
 
PDF
Where the Helm are your binaries? as presented at Canada Kubernetes Meetups
byBaruch Sadogursky
 
PDF
An introduction to Helm - KubeCon EU 2020
bybridgetkromhout
 
PDF
What is Helm?
byBelleHenry
 
Helm-1233333333333333333333_Masterclass-v3.pptx
bySureshMudireddy2
 
learn Helm 3 for kuberenetes
byShyam Mohan
 
Helm 3 - Navigating to distant shores
byLachlan Evenson
 
helm101.pdf
bySamyaBikashSantra1
 
Making the Most of Helm 3 with Codefresh
byCodefresh
 
Helm and the zen of managing complex Kubernetes apps
byAbhishek Chanda
 
Continuous Delivery for Kubernetes Apps with Helm and ChartMuseum
byCodefresh
 
Simplify Your Code with Helmfile
byCodefresh
 
DevOps: Kubernetes + Helm with Azure
byJessica Deen
 
Helm 3: Navigating to Distant Shores (KubeCon EU 2019)
bybridgetkromhout
 
Helm Security Webinar
byDeep Datta
 
How Helm, The Package Manager For Kubernetes, Works
byMatthew Farina
 
CD in kubernetes using helm and ksonnet. Stas Kolenkin
byDataArt
 
Manage Kubernetes application complexity with Helm
byAnnie Talvasto
 
Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion...
byCodemotion
 
Leveraging Helm to manage Deployments on Kubernetes
byManoj Bhagwat
 
Microservices are ‘easy’ dependencies are hard
byItiel Shwartz
 
Where the Helm are your binaries? as presented at Canada Kubernetes Meetups
byBaruch Sadogursky
 
An introduction to Helm - KubeCon EU 2020
bybridgetkromhout
 
What is Helm?
byBelleHenry
 

More from Matthew Farina

PPTX
Exploring the Future of Helm
byMatthew Farina
 
PPTX
A Dive Into Containers and Docker
byMatthew Farina
 
PDF
Front end performance improvements
byMatthew Farina
 
PPTX
Helm project update at cncf 2019
byMatthew Farina
 
PDF
Secure your site
byMatthew Farina
 
PDF
Kubecon SIG Apps December 2017 Update
byMatthew Farina
 
PDF
Dipping Your Toes Into Cloud Native Application Development
byMatthew Farina
 
PPTX
HP Helion OpenStack and Professional Services
byMatthew Farina
 
KEY
Intro To jQuery In Drupal
byMatthew Farina
 
KEY
Building Faster Websites
byMatthew Farina
 
PPTX
Why OpenStack matters and how you can get involved
byMatthew Farina
 
PPT
Drupal Calendaring, A Technological Solution
byMatthew Farina
 
PDF
Faster front end performance
byMatthew Farina
 
PDF
Faster mobile sites
byMatthew Farina
 
KEY
Make Drupal Better
byMatthew Farina
 
PDF
Measuring How Helm Is Used
byMatthew Farina
 
PDF
Testing Lessons Learned From The Community Charts
byMatthew Farina
 
Exploring the Future of Helm
byMatthew Farina
 
A Dive Into Containers and Docker
byMatthew Farina
 
Front end performance improvements
byMatthew Farina
 
Helm project update at cncf 2019
byMatthew Farina
 
Secure your site
byMatthew Farina
 
Kubecon SIG Apps December 2017 Update
byMatthew Farina
 
Dipping Your Toes Into Cloud Native Application Development
byMatthew Farina
 
HP Helion OpenStack and Professional Services
byMatthew Farina
 
Intro To jQuery In Drupal
byMatthew Farina
 
Building Faster Websites
byMatthew Farina
 
Why OpenStack matters and how you can get involved
byMatthew Farina
 
Drupal Calendaring, A Technological Solution
byMatthew Farina
 
Faster front end performance
byMatthew Farina
 
Faster mobile sites
byMatthew Farina
 
Make Drupal Better
byMatthew Farina
 
Measuring How Helm Is Used
byMatthew Farina
 
Testing Lessons Learned From The Community Charts
byMatthew Farina
 

Recently uploaded

PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
The year in review - MarvelClient in 2025
bypanagenda
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
API-First Architecture in Financial Systems
bycyy111112
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 

Helm @ Orchestructure

  • 1.
    Copyright © 2018Samsung SDS America, Inc. All rights reserved October, 2018 Signing Helm Charts and Helm v3 Matt Farina
  • 4.
    $ helm createmychart $ helm package --sign --key 'key' --keyring path/to/keyring.secret mychart $ helm verify mychart-0.1.0.tgz $ helm install --verify mychart-0.1.0.tgz
  • 5.
    -----BEGIN PGP SIGNEDMESSAGE----- name: nginx description: The nginx web server as a replication controller and service pair. version: 0.5.1 keywords: - https - http - web server - proxy source: - https://github.com/foo/bar home: http://nginx.com ... files: nginx-0.5.1.tgz: “sha256:9f5270f50fc842cfcb717f817e95178f” -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjilUEACgQkB01zfu119ZnHuQCdGCcg2YxF3XFscJLS4lzHlvte WkQAmQGHuuoLEJuKhRNo+Wy7mhE7u1YG =eifq -----END PGP SIGNATURE-----
  • 6.
    $ helm verifytopchart-0.1.0.tgz Error: sha256 sum does not match for topchart-0.1.0.tgz: "sha256:1939fbf7c10 23d2f6b865d137bbb600e0c42061c3235528b1e8c82f4450c12a7" != "sha256:5a391a90de 56778dd3274e47d789a2c84e0e106e1a37ef8cfa51fd60ac9e623a"
  • 8.
  • 9.
    $ gpg --export-secret-keys>~/.gnupg/secring.gpg $ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart $ gpg --export >~/.gnupg/pubring.pgp $ helm verify mychart-0.1.0.tgz --keyring ~/.gnupg/pubring.pgp
  • 10.
    $ gpg --export-secret-keys>~/.gnupg/secring.gpg $ helm package --sign --key 'key' --keyring ~/.gnupg/secring.gpg mychart Successfully packaged chart and saved it to: /path/to/mychart-0.1.0.tgz Error: openpgp: unsupported feature: hash for S2K function: 0
  • 12.
    Sorry, no windowsas it requires shell
  • 13.
    $ helm createmychart $ helm package mychart $ helm gpg sign mychart-0.1.0.tgz $ helm gpg verify mychart-0.1.0.tgz $ helm install --verify mychart-0.1.0.tgz CI NOT using smart card for key can still use previous methods
  • 14.
    -----BEGIN PGP SIGNEDMESSAGE----- Hash: SHA512 apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: mychart version: 0.1.0 ... files: mychart-0.1.0.tgz: sha256:352c6fa9f974983a5c1455059c82913c4da2b8de7e7c9211e3bd38330cf8fb0f -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcR8o1RDh4Ly9X2v+lDboC/ukaQkFAlvOGJ4ACgkQlDboC/uk aQmcDA/+InIc/ybA472MxhY7pOU5AILyjFJnTC6Ky7YKMdWP9Ig+GFk/THKd5VJo bCwpUgtrXs1+nnNuiRN/53wd/ocYXQry/mAN7yZJDaKhqTX2Y2nRz7JHJKwDIwt3 i/herOby+l0h54kYaUyyCGpZidCJhTe79YvvFP9nLbfa5UGhL+rbAMSCV0D3fIwG FU01VPUsoOaiHvdE7snFLX2gdyvkgsFXhj4I6fT66EBaxL4zGS/1IidyfGZZ1N2Z 5MfXWBWfdJ2xcamR/6f32HckXq9yRGZHvT7VYobiwVptRvpkS3CTMMr9cwXAbj53 1L6INbQ+xlh121elzEBC1f91pf8BCgTnWXarfuMek0U/T0L1GBSUUL9aau1B7Cic 9Ql10EGZEm9erT/w4vRcVSGWdIqj1ks66mOv4Nz1CvC+AaMPUNxFlfwYT5B1iiB2 +8rzq0h3ZIER7/GNevG/G1r9O9DBBcEkx5MMFL4asutUk+VWsOKkPOT8d5QaoGiW MnV+1l3nOW2k8BOi4SkMQYBKLnznrC+WqKqLIruzSulM132GW7UbjKnP/2LiOVMh FMCUbo7DGVis39xHicm4PUT0As9m/zO2UezDbEKm9Vw7kw6pPBl2hfokMPyXWjGO 6glgCAIoEarVH8jqsjALAWKVyybjslVctVH172/m4LoTMrw4yJk= =+L4T -----END PGP SIGNATURE-----
  • 15.
  • 18.
    2.11.0 Semantic Versioning Example: Incrementfor new features Increment for bug fixesIncrement when API changes
  • 19.
  • 20.
  • 22.
    Kubernetes Helm v2 Kubernetes Helm v3 Statestored in ConfigMaps. Optionally setup to use Secrets. State stored in Secrets and Custom Resources.
  • 23.
    Access to dataincluding: - Chart data - Values - Capabilities - Files - Templates - Dependencies Many Events These depend on the command being run and include: pre-create, post-create, pre-delete, pre-dependency-build, post-dependency-build, pre-render, post-render, pre-install, pre-lint, pre-rollback, post-template… … and many others
  • 24.
    function init(events) { --Initialize subcharts subchart.init(events) -- Do other stuff events.on("pre-load", function () { print("pre-load event") }) } A simple made up example: The Lua API is still under development
  • 25.
    Permission Scheme The ext/permissions.yamlfile: lua: - network - io The Helm CLI will ask for permission to use these libraries. Only permissible libs will be imported. Easy To Embed Requirements: - Interpreter embedded in Helm (Do not rely extra system software) - Cross platform Helm binaries (Windows, macOS, Linux) Lua is a lightweight language designed primarily for embedded use in applications. Lua was designed for this!
  • 26.
    requirements: - name: apache version:1.2.3 repository: http://example.com/charts - name: mysql version: 3.2.1 repository: http://another.example.com/charts libraries: - name: common version: "^2.1.0" repository: http://another.example.com/charts Library charts are noted in the library: directive in the requirements.yaml:
  • 27.
    title: Values type: object properties: name: description:Service name type: string protocol: type: string port: description: Port type: integer minimum: 0 image: description: Container Image type: object properties: repo: type: string tag: type: string required: - protocol - port Example schema stored in a values.schema.yaml file
  • 28.
    apiVersion: v1 kind: Secret metadata: name:{{ template "tensorflow-notebook.fullname" . }} labels: app: {{ template "tensorflow-notebook.name" . }} chart: {{ template "tensorflow-notebook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": pre-install,pre-upgrade type: Opaque data: password: {{ .Values.jupyter.password | b64enc | quote }} The pre-install and pre-upgrade hook are set
  • 29.
    Computer outside Kubernetes Kubernetes Helmv3 Normal Helm CLI model is a push Helm Controller Model (idea still in development) Kubernetes Helm v3 Controller Helm Repository
  • 30.
    name: "last" version: "0.1.0" usage:"get the last release name" description: "get the last release name" command: "$HELM_BIN --host $TILLER_HOST list --short --max 1 --date -r" # New part: platformCommand: - os: linux arch: i386 command: "$HELM_BIN list --short --max 1 --date -r" - os: windows arch: amd64 command: "$HELM_BIN list --short --max 1 --date -r"
  • 32.
    plugins: - name: helm-template url:https://github.com/technosophos/helm-template - name: helm-value-store url: https://github.com/skuid/helm-value-store - name: helm-diff url: https://github.com/databus23/helm-diff helm init --plugins <file.yaml> An Example Plugins file:
  • 33.
    $ helm serve Regeneratingindex. This may take a moment. Now serving you on 127.0.0.1:8879 Run a local Helm repository
  • 34.
    $ helm loginhttps://repo.example.com $ helm push mychart-0.1.0.tgz https://repo.example.com The exact commands are still being worked out
  • 35.
    { "apiVersion": "v2", "entries": { "artifactory":{ "ref": "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory.json", "stable": { "created": "2017-07-06T01:33:50.952Z", "description": "Universal Repository Manager supporting all major packaging formats,nbuild tools and CI servers.", "digest": "249e27501dbfe1bd93d4039b04440f0ff19c707ba720540f391b5aefa3571455", "home": "https://www.jfrog.com/artifactory/", "icon": "https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png", "keywords": [ "artifactory", "jfrog" ], "maintainers": [ { "email": "[redacted]", "name": "[redacted]" } ], "name": "artifactory", "sources": [ "https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view", "https://github.com/JFrogDev" ], "urls": [ "https://kubernetes-charts-incubator.storage.googleapis.com/artifactory-5.2.0.tgz" ], "version": "5.2.0" } } } } An example index.json file
  • 36.
     No MoreTiller  State Storage  Event Driven Architecture  Charts: • Extensions • Library Charts • Schemas for values files  Hook Annotations  Helm controller model Changes from v2:  Plugins: • Handling Cross Platforms (like Windows) • Plugins in Lua • Easier installation  Repositories: • No more helm serve • Push to repositories • Performance improvements