Distribute Your App and Engage Your Community with a Helm Repository

Confidential │ ©2020 VMware, Inc.
Distribute Your App and
Engage Your
Community with a Helm
Repository
Tomas Pizarro Moreno
SpringOne, 2020

Confidential │ ©2020 VMware, Inc. 2
Telecommunications Engineer, University of Seville
6 years at Bitnami, now part of VMWare
Previously focused on creating production ready assets for several
platforms (Single VMs, Multi Tier apps, containers, Helm charts, …)
Now, part of the Tanzu Application Catalog team
Where you can find me:
• https://github.com/tompizmor
• https://www.linkedin.com/in/tompizmor/
• @tompizmor in Kubernetes slack
Who am I?

3Confidential │ ©2020 VMware, Inc.
Distributed repositories

Distributed repositories
• Repositories in Helm were designed to be distributed.
• The stable repository was created to kick start charts. This made people think
on it as “THE” repository to discover charts.
• Helm v3 removed the stable repository by default. It was the first step to move
to distributed repositories.
• The stable repository did not accept new charts since 13th Nov, 2019 and it will
be marked obsolete at 13th Nov, 2020.
• It seems useful to share our experience maintaining a repository with more
than 70 charts.

Chart repository maintenance process
Store
You need a place to
store your charts
Test
Pass tests to
guarantee the
quality
Maintain
Feedback loop and
update components
Publish
Make the charts
available to
everyone

Store your charts

Store your charts
Requirements to store and serve charts are cheap.
Just a web server with ability to serve a yaml file
and gzipped tarballs.
Some of the most common options are AWS S3
bucket, GitHub Pages, Google Cloud Storage, Jfrog
Artifactory and also ordinary web servers like
Apache or Nginx.
If you want to self-host your charts you can also use
ChartMuseum or Harbor.

Harbor
Serve your charts
Other great features:
• Is also a docker image registry
• It can scan your images for security vulnerabilities
with different engines (clair and trivy)
• It supports signed docker images via notary
• First OCI-compliant open source registry.

Test your charts

Running helm template path/to/local/chart can be useful to identify syntax errors without
having to install the chart.
Another option is to run helm install with the --dry-run option.
Helm template
Test your charts

A step further would be to run a linter. For example, the chart-testing tool is a great way
to lint and test your chart locally using a Kind cluster.
https://github.com/helm/chart-testing
Some of the things checked by the linter:
• Version checking
• YAML schema validation in Chart.yaml
• YAML linting on Chart.yaml and values.yaml
Helm lint
Test your charts

But rendering the template, installing with --dry-run or running a linter does not
guarantee that the Kubernetes manifests will be properly deployed into the cluster.
It seems that if we want to ensure our chart works properly we will need to install it.
Helm install
Test your charts

Some charts requires previous configuration or specify certain properties from the values
to be properly deployed.
Even if it can be deployed by default, it might be interesting to test a specific configuration
of the chart.
Examples:
• MongoDB Standalone vs MongoDB Replica set
• WordPress chart with different kinds of services (LoadBalancer, Ingress, …)
• Deploy a chart with or without persistent volumes
Helm install with custom values
Test your charts

Test your charts
Verification and functional tests
Apart from checking that pods are running, it is important to verify that the application is
properly configured.
To verify the application is properly configured we run two different kind of tests:
Verification: Important files and binaries exists, permissions properly configured,
binaries basic functionality works, etc
Functional: Automatic navigation through the web page to verify it properly
works.

Verification tests
Test your charts

Test your charts
Functional tests

Functional tests
Test your charts

It is important to guarantee upgradability
between chart releases for minor and patch
new versions.
It is expected that a major change in the
chart will require manual steps before or
after run the helm upgrade command.
Test your charts
Helm upgrades

Test your charts
Helm upgrade
Install base
chart
Install WordPress chart
version 7.0.0
Populate some
data
Create a post, upload
an image, add a user, …
Upgrade to
latest version
Run helm upgrade to
the latest version.
Check previous
data
Verify previous post,
image, user still exists and
regular tests keeps passing
1 2 3 4

Deploy to several clusters
Different Kubernetes clusters, different
environments…

Different services
Test your charts
• TMC (VMWare Tanzu Mission Control)
• GKE (Google Kubernetes Engine)
• AKS (Azure Kubernetes Service)
• EKS (Amazon Elastic Container Service for Kubernetes)
• IKS (IBM Cloud Kubernetes Service)

Test your charts
Different services, different requirements
- Changing permissions on default AKS persistent volumes was slow for some
applications.
- IKS does not support Kubernetes securityContext
- Some Kubernetes platforms run containers as non-root by default

Maintain your charts

It is important to maintain the docker images used in your charts up-to-date.
Not only to get the new features and bugs fixed, but for security.
Bitnami also test all the images used by the Helm charts before they are released.
Keep your charts up-to-date

Apply user feedback
Listen to your users.
Keep the feedback loop and short as
possible.
Increase the quality of the helm charts. Bug
fixing, new features, new best practices in
the industry, helm identify and testing
corner cases in different scenarios,…
Do
Adjust
Learn

Other tips

• Avoid using mutable or rolling tags. Otherwise your helm chart won’t be immutable and
an update of the underlying docker image can break your deployment.
• Document every major change in the README
• Document how to access the chart using each type of Kubernetes service
• Validate user inputs as much as you can
• Create a checklist for new helm charts development
Other tips

Make your charts
available to everyone

Make them available to everyone
Helm Hub

Helm Hub
Adding your repository to the Helm Hub is super easy. You just need to send a pull request
to the https://github.com/helm/hub/ repository with the following information:
1. Add your repository name and base URL to the file config/repo-values.yaml
2. Add your contact information to the file repos.yaml
Additionally, the charts from your repository should fulfill the next expectations:
1. Should have a maintainer
2. Should pass the Helm lint and be installable and upgradable in all community
supported version of Kubernetes
3. Should have a NOTES.txt template with useful information
4. Charts versions should be immutable

If you don’t want to make your charts available to everyone but to the users of your
Kubernetes cluster you can do it with Kubeapps, a web-based UI for deploying and
managing applications in your own Kubernetes cluster.
Evolution of the Helm Hub
Kubeapps
There is also a public hub from Kubeapps where you can
submit your charts so they are available.
https://hub.kubeapps.com/

Kubeapps

Artifact Hub

Artifact Hub
Hub for finding, installing and publishing packages and configurations for CNCF projects.
Currently in alpha state with support for Helm charts, Falco configurations, OPA policies
and OLM operators in development.
As Kubeapps, it can be installed in cluster.

jFrog ChartCenter

jFrog ChartCenter
Another Web UI to discover Helm packages from different Helm chart repositories.
It shows chart dependencies and vulnerability information.
It is also possible to publish your chart repository if charts meets these requirements

Cloud Providers Marketplaces

Conclusions
• Store:
• Be aware of the features of each option to make a choice
• Test:
• Test as much as you can
• Maintain:
• Invest time updating the images and listen to the community
• Publish:
• Add your repo to Helm Hub

Thanks

Distribute Your App and Engage Your Community with a Helm Repository

More Related Content

What's hot (20)

Similar to Distribute Your App and Engage Your Community with a Helm Repository (20)

More from VMware Tanzu (20)

Recently uploaded (20)

Distribute Your App and Engage Your Community with a Helm Repository