Skip to main content
Version: 5.17.1

Helm

Helm is a tool for managing Kubernetes packages, referred to as charts. Helm is an executable, while a HelmRelease is an object provided with Flux, which we will discuss later.

The Helm client is the command-line client for end users; we often use this when debugging charts in our active cluster. We may use the utility to view the values available to a chart, check a chart's release, etc.

Working with Helm

Downloading the Helm client:

# view https://github.com/helm/helm/releases and determine the helm release desired
curl -LO https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz
tar -xzvf helm-v3.6.3-linux-amd64.tar.gz
mv linux-amd64/helm .
./helm version

You will need to specify the kubeconfig to communicate with a Kubernetes cluster. We suggest creating an alias depending on the situation.

alias helm='sudo ~/helm --kubeconfig=/etc/rancher/rke2/rke2.yaml'

# listing helm releases
helm list -A

# history of a single hr
helm history argocd -n bigbang

# get values associated with a hr
helm get all argocd -n bigbang

Scenario: We need application X, find a Helm chart

Before we source charts externally, we should check Repo1 and determine if there is a chart available. Recent examples, such as Jira and Confluence, have Helm charts available in Repo1.

When using any chart, it is important to understand and determine if the chart is maintained and available through a reputable provider. Ideally, we would use a vendor-provided chart that is forked into Repo1. In the other use case, we sourced charts from Sonatype and the Kubernetes project.

If we need to install Nexus Repository Manager, we can search with the Helm executable.

Helm Search Hub Nexus searches the Artifact Hub; Helm uses a fuzzy string matching algorithm:

[] ~ helm search hub nexus
URL CHART VERSION APP VERSION DESCRIPTION
https://artifacthub.io/packages/helm/curie-df-h... 1.2.3 3.38.0 Sonatype Nexus is an open source repository man...
https://artifacthub.io/packages/helm/jenkins-x/... 0.1.37 A Helm chart for Kubernetes
https://artifacthub.io/packages/helm/startx/clu... 10.12.72 3.32.0{{ $root.Values.kraken.cerberusUrl | quot... Helm chart used to configure Nexus at the clust...
https://artifacthub.io/packages/helm/epmdedp-de... 2.12.0-SNAPSHOT.9 2.12.0-SNAPSHOT.9 A Helm chart for EDP Nexus Operator
https://artifacthub.io/packages/helm/epmdedp/ne... 2.11.0 2.11.0 A Helm chart for EDP Nexus Operator
https://artifacthub.io/packages/helm/cloudnativ... 1.18.2 3.15.2-01 Sonatype Nexus is an open source repository man...
https://artifacthub.io/packages/helm/choerodon/... 3.4.0 3.4.0 Sonatype Nexus is an open source repository man...
https://artifacthub.io/packages/helm/redhat-cop... 1.1.6 3.38.1 Sonatype Nexus is an open source repository man...
https://artifacthub.io/packages/helm/sonatype/n... 141.0.1 1.141.0 Sonatype Nexus IQ Server continuously monitors ...
https://artifacthub.io/packages/helm/sonatype/n... 40.1.0 3.40.1 Sonatype Nexus Repository Manager - Universal B...
https://artifacthub.io/packages/helm/cloud-nati... 0.5.0 1.17.0 A Helm chart for Kubernetes
https://artifacthub.io/packages/helm/curie-df-h... 1.10.0 1.3.3 Helm Chart for Job Orchestrator, Help Manages j...
https://artifacthub.io/packages/helm/stevehipwe... 4.13.1 3.40.1 Helm chart for Sonatype Nexus 3 OSS.
https://artifacthub.io/packages/helm/lifecycle-... 1.0.0 1.0.0 A Helm chart installing a Nodejs app that liste...
https://artifacthub.io/packages/helm/choerodon/... 0.2.0 0.2.0 Sonatype Nexus Repository Manager 3

We want to look at the retrieved URLs and determine which may be vendor provided. The above command cuts out the full URL, which is inconvenient, but we can view the entirety of the output with the following:

helm search hub nexus -o json | jq .
...
{
"url": "https://artifacthub.io/packages/helm/sonatype/nexus-repository-manager",
"version": "40.1.0",
"app_version": "3.40.1",
"description": "Sonatype Nexus Repository Manager - Universal Binary repository"
},
...

For further information regarding the chart, you can access the provided URL in a browser to determine the chart's source.

This chart is coming together nicely...now add the repo locally and pull it:

helm repo add sonatype https://sonatype.github.io/helm3-charts/
helm pull sonatype/nexus-repository-manager --version 38.0.0
tar -xzvf nexus-repository-manager-38.0.0.tgz
cd nexus-repository-manager

The chart is now pulled locally, so you can manipulate the values.yaml and experiment with templating:

vim values.yaml
# change something
helm template .

To deploy the above into Structsure, place the chart directly under a named application folder, as shown with Confluence apps/confluence or Jira apps/confluence, located under the main Structsure folder. Based on the above example, it would be: <structsure-bootstrap-dir>/apps/nxrm.

Scenario: We need application X, find and use a Repo1 Chart

Let's do something practical; our customer wants Fortify for additional security. Let's add it to our baseline (demo only).

Logical steps and considerations:

  • Is Fortify a part of Big Bang already? Go check.
    • Search for Fortify. It is not present, so we will need to integrate it as a third party addon.
    • Search for the relevant chart, Fortify.

To add Fortify to the Structsure baseline as a third party addon:

# the easiest path forward is to cp a relatively simple existing application, like nexus iq
cd <structsure-bootstrap-dir>/apps && cp -r nexus-iq-server fortify && cd fortify

# listing the contents will show a base dir along with env-specific directories. these will be used for our kustomization overlays
cd base
# remove nexus iq files
rm structsure-cas.yaml

vim gitrepository.yaml
# update the GitRepository manifest with the relevant values (url and tag)
# you may need to specify a path

# the configmap.yaml includes values to override in the chart's values.yaml. if placed in the base/configmap.yaml, all
# environments will receive the value. we can set env-specific values in its respective dir
vim configmap.yaml

vim helmrelease.yaml
%s/nexus-iq-server/fortify/g
# ensure dependsOn is set, if required

# let's prepare the dev dir
cd <structsure-bootstrap-dir>/apps/fortify/dev
# remove nexus iq files

# configure bigbang's kustomizations
cd <structsure-bootstrap-dir>/bigbang
cp base/resources/nexus-iq-server-kustomization.yaml base/resources/fortify-kustomization.yaml
vim and update

vim {{TARGET}}/kustomization.yaml
# add a line for the new app