Helm And Helm Charts

Author : MD TAREQ HASSAN | Updated : 2021/05/15

What Is Helm?

The package manager for Kubernetes
- Similar to Nuget for .NET world or yum for CentOS or apt-get for Ubuntu
- A way to bundle Kubernetes objects into a single unit that you can publish, deploy, version, and update
Helm is tool used to create Pod from “Helm chart” and container images
Helm is also a template engine (generates helm charts from templates)
Helm is the best way to find, share, and use software built for Kubernetes

Helm = Package Manager + Template Engine + Other

Links

Installing Helm

What Is Helm Chart?

Packages in Helm are called Helm charts
Bunch of files (i.e. .yaml) used by Helm to create kubernetes resource (object)
A packaging format used to quickly manage and deploy applications for Kubernetes

Structure of an Helm chart

A folder with same name of the chart i.e myapp (containes yaml files and sub-folders)
Chart.yaml : describes basic information about your Chart, e.g. the name, description or version of your chart
values.yaml: defines the default values that are used for parsing the templates defined in templates/ (default values can be overridden during the deployment of an Helm chart)
templates/ : contains all templates for a chart (the directory where Kubernetes resources are defined as templates)
requirements.yaml : defines the dependencies of your Helm chart
charts/: an optional directory that may contain sub-charts

helm create hello-world

hello-world /
  Chart.yaml
  values.yaml
  templates /
  charts /
  .helmignore

Chart.yaml

name: my-app
version: v0.0.1
description: A Kubernetes-Native Application

values.yaml

replicas: 3
containers:
- name: container-1
  image: my-registry.tld/my-image:tag
  env:
  - name: MY_ENV
    value: "some env var value"
  resources:
    limits:
      cpu: "200m"
      memory: "300Mi"

templates/

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: {{ .Values.replicas | default 1 }}
  selector: ...
  template:
    metadata: ...
    spec:
      containers:
        {{- range $containerIndex, $container := Values.containers }}
        - name: {{ $container.name | default "container" | quote }}
          image: {{ $container.image | quote }}
          env:
{{ toYaml $container.env | indent 12 }}
          {{- if $container.resources }}
          resources:
            {{- with $container.resources.limits }}
            limits:
              cpu: {{ .cpu | quote }}
              memory: {{ .memory | quote }}
            {{- end }}
          {{- end }}
        {{- end }}

charts/

requirements.yaml:

dependencies:
- name: mysql
  version: 3.2.1

Install Helm

Install/Upgrade Helm using chocolatey
Install upgrade Azure CLI (required to push helm charts to ACR)

Basic Helm commands

helm create hello-world
helm lint ./hello-world

helm template ./hello-world

helm install --name hello-world ./hello-world

helm ls --all

helm upgrade hello-world ./hello-world

helm rollback hello-world 1

helm uninstall hello-world

helm package ./hello-world

helm install my-repo/hello-world --name=hello-world

Install Bridge to Kubernetes Extension

As of January 2022, this extension is not available for VS 2022 (use Visual Studio 2019)
Install
- Visual Studio > Extensions > Manage Extensions
- Search: “Bridge to Kubernetes” > Install (close VS then installation will start)
- Or Downlaod & install: https://marketplace.visualstudio.com/items?itemName=ms-azuretools.mindaro

Project setup

New Visual Studio project
- Search “Kubenetes”
- Select ‘Container Application for Kubenetes’ template (make sure ‘Bridge to Kubernetes’ extension is installed)
- Create API project
- Chart will be created (‘charts’ folder)
Existing Visual Studio project
- Right click on the project
- Add > Container Orchestrator Support… > Kubernetes/Helm (make sure ‘Bridge to Kubernetes’ extension is installed)
- Chart will be created (‘charts’ folder)
For a project with Dockerfile: helm create mychart

Enable OCI support

Azure Container Registry for Helm Charts
- Azure Container Registry (ACR) can host repositories for Helm charts. ACR supports images that meet the Open Container Initiative (OCI) Image Format Specification
- ACR supports the OCI Distribution Specification, a vendor-neutral, cloud-agnostic spec to store, share, secure, and deploy container images and other content types (artifacts)
OCI support for Helm 3 client is currently is experimental (as of January 2022) and subject to change
Set environment variable: HELM_EXPERIMENTAL_OCI=1

Set HELM_EXPERIMENTAL_OCI (Open cmd/PowerShell as Administrator)

# 
# Permanently set an environment variable
# For current user only: setx VAR_NAME "VALUE"
# For all users: setx /M VAR_NAME "VALUE"
#
# Git bash: export HELM_EXPERIMENTAL_OCI=1
#
setx HELM_EXPERIMENTAL_OCI 1     # For current user only
setx /M HELM_EXPERIMENTAL_OCI 1  # For all users

Check HELM_EXPERIMENTAL_OCI is set

$env:HELM_EXPERIMENTAL_OCI     # PowerShell
echo %HELM_EXPERIMENTAL_OCI%   # cmd

Links:

Pushing Helm Chart To ACR

Package chart
Gather ACR information
- Azure portal > ACR
- Settings: Access keys > Admin user: enabled
- Copy: Admin Password
Authenticate with the registry
Push chart to ACR

Set ACR_NAME environment variable:

setx ACR_NAME xxx
Restart VS, otherwise VS developer console would not recognize environemnt variable
Open developer console and test: $env:ACR_NAME

Package chart

Visual Studio project > Expand ‘charts’ folder
Right click on chart (i.e. “demoapp”) > Open in terminal
Developer console will open (make sure developer console is PowerShell)
- Check helm is recognized by developer console: helm version
- Check ACR_NAME is set: $env:ACR_NAME
- Check HELM_EXPERIMENTAL_OCI is set to 1: $env:HELM_EXPERIMENTAL_OCI
- execute helm command

helm package .

Authenticate to ACR

echo xxxAcrAdminPassword | helm registry login "$($env:ACR_NAME).azurecr.io" --username $env:ACR_NAME --password-stdin
# Should return 'Login Succeeded'

Push chart to ACR

#
# "<ChartName-tag>.tgz" --> generated by helm package command
# helm push <ChartName-tag>.tgz oci://xxx.azurecr.io/helm ('/helm' is not mandatory here, you can use for example '/helm-charts')
#
helm push demoapp-0.1.0.tgz oci://"$($env:ACR_NAME).azurecr.io/helm"

Check that chart was pushed to ACR Azure portal

Resource group > ACR
Services: Repositories > helm/demoapp

Azure CLI

az login
az acr repository show --name $env:ACR_NAME --repository helm/demoapp

Install ACR Helm chart to AKS

Prerequisites

AKS cluster
Make sure helm chart is pushed to ACR

# AKS credential
az login --use-device-code
az account set --subscription "xxx"
az aks get-credentials --resource-group=xxx_rg --name=xxx_aks --overwrite-existing

# Enable OCI support
$env:HELM_EXPERIMENTAL_OCI=1

# Login and update repo
echo xxxAcrAdminPassword | helm registry login "xxxacr.azurecr.io" --username xxxacr --password-stdin
helm repo update

# Pull
helm pull oci://xxxacr.azurecr.io/helm/microservicedemo --version 0.1.0

# Install
# Create K8s namespace 'demo' first
helm install microservice-demo oci://xxxacr.azurecr.io/helm/microservicedemo --version 0.1.0 --namespace demo

Uninstall

helm uninstall microservice-demo --namespace demo

Issues:

‘ImagePullBackOff’ might occur because of chart yaml
Fix chart yaml (provide ACR url appropriately): https://github.com/MicrosoftDocs/azure-docs/issues/33430#issuecomment-502981347
Integrate ACR to AKS:
- Attach ACR to AKS (create role assignment behind the scene): https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
- In case of IaC i.e. Pulumi: assign ‘AcrPull’ role to kubelet managed identity
- do not use image pull secret