Helm
FleetingA tool to template k8s installations, like kustomize.
chart
list available charts
If using oci
crane ls registry-1.docker.io/bitnamicharts 2>&1
Error: reading tags for registry-1.docker.io/bitnamicharts: GET https://registry-1.docker.io/v2/bitnamicharts/tags/list?n=1000: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:bitnamicharts Type:repository]]
unfortunately, this is a bad example because we don’t have the right to list them. I don’t know if this is doable.
If using standard https interface
repo="https://blockscout.github.io/helm-charts"
curl -s https://blockscout.github.io/helm-charts/index.yaml|yq -r '.entries|keys[]'
autoscout
blockscout-admin
blockscout-ens
blockscout-points
blockscout-proxy-verifier
blockscout-stack
chainscout
cloudflare-tunnel
da-indexer
eth-rpc-exporter
eth-tx-summary-api
graph-node
metabase
pganalyzer
quicknode-marketplace-integration
redstone-mud
remix-project
rpc-node
scoutcloud
smart-contract-verification
smart-guessr
sql-exporter
swapscout
verification-app
visualizer
yopass
list available versions
If using oci
repo="oci://registry-1.docker.io/bitnamicharts"
chart="postgresql"
crane ls "${repo#oci://*}/${chart}"|grep --invert-match sha256|sort --reverse --version-sort|head
16.0.5
16.0.4
16.0.3
16.0.2
16.0.1
16.0.0
15.5.38
15.5.37
15.5.36
15.5.35
If using standard https interface
repo="https://blockscout.github.io/helm-charts"
chart="blockscout-stack"
curl -s "${repo}/index.yaml"|yq --raw-output ".entries[\"${chart}\"][].version"|sort --reverse --version-sort|head
1.6.8
1.6.7
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.1
download for inspection
TMP="$(mktemp -d)"
trap "rm -rf '${TMP}'" 0
pushd "${TMP}" > /dev/null
{
helm pull "oci://registry-1.docker.io/bitnamicharts/postgresql" --version 15.5.23 2>&1
ls
}
popd > /dev/null
Pulled: registry-1.docker.io/bitnamicharts/postgresql:15.5.23
Digest: sha256:9876f3f4c152acd448c6ec62d0915ff17a6b8f7c5e98e63ca296abfb92de8df0
postgresql-15.5.23.tgz
install using oci
make sure to have the appropriate tag in the Chart.yaml file and that the name is the one you want.
then
helm push /app/package.tgz oci://registry
Don’t specify neither the repository or the tag, helm will read the chart.yaml
So, if the chart contains name: something and version: 0.1.0, then the published image will be registry/repository:version
helm pull oci://registry/repository/name –version tag helm install oci://registry/repository/name –version tag
beware non deterministic package
running helm package twice result in two packages with different sha256sum
https://github.com/helm/helm/issues/3612
So far, I used this workaround to get a hash
tar xf package.tgz && sed -i '/^generated:/d' ${name}/Chart.lock && find ${name} -type f -exec sha256sum {} \;|sort | sha256sum | cut -c 1-60 > hash.txt
Hooks
-
External reference: https://helm.sh/docs/topics/charts_hooks/
hook mechanism to allow chart developers to intervene at certain points in a release’s life cycle
does not work with post-renderer
https://github.com/helm/helm/issues/7891
post-renderer
Notes linking here
- avionix
- bitnami ne se configure pas bien
- helm ne supprime pas les pvc des statefulset
- helm needs semver compatible versions
- helm vs vendor lock in
- Helm | Template Function List
- how to add auto initialization in the vault helm chart from hashicorp
- how to download a helm chart
- how to organise the inter subchart networkpolicies?
- how to set the component/part-of values of kubernetes?
- k8s deadlock if job helm.sh/hook postinstall using a pvc
- k8s templating solutions
- pvc gérés par un statefulset sont persistés par helm delete alors que supprimés si par deployment
- several flavors of testing one’s code
- storing app helm charts & docker images in one registry
- using helm
- using helm and kustomize to build more declarative kubernetes workloads