Meeting Notes August 10, 2021
7 views
Skip to first unread message
Alexander Maidak
Aug 11, 2021, 9:52:07 AM8/11/21
to qclug...@googlegroups.com
QCLUG notes 8/10/2021
Aaron is presenting on Helm and Kubernetes
About Helm
- Helm claims to be a package manager for kubernetes
- Helm is really a template for kubernetes YAMLs and submits the completed yaml to the k8s API
- Helm gives users the ability to reuse kubernetes yaml manifests for their deployments in a more efficient way then without helm
- To use Helm
- You need kubernetes
- You do longer need tiller
- Tiller was a service that communicated with k8s api to manage helm packages
- The removal of the tiller was to reduce cluster attack surface.
- Without tiller in helm v3 it simply fetches information from the K8S API renders the chards client side and stores a record of the installation k8s native resources
- To use helm you just need a single binary
- Aaron has prepared a demo using k3d (which requires docker)
- K3s is a stripped down rancher distro for k8s
- Aaron chose to use k3d because that’s what he used.
- Aaron shared his k3d deployment which was very exciting
- All k8s apis are secured via tls
- When you are debug HEML the --debug --dry-run args are a great help.
- Aaron walked throught deploying ingress-inginx on k3d to make the demo more useful
- ingress-nginx dynamically generates nginx configuration and backends. It adds lua scripting to re-import then backends
- Aaron provides a nice secure setup for nginx tls, He claims if you select ecdh-curve X25519 you can hide from the NSA.
- Aaron shared how to test your ingress by deploying Grafana.
- Aaron suggests you use --set to provide variables to the helm chart.
- Helm charts can be shared via network registry.
- Aaron hosts his own helm chart repo for his personal site. Which is weird, but theres at least 1.4K other people interested in this so its not actually that weird I guess.
Writing Helm charts
- Helm charts are a lot like ERB or Jinja2 templates. They are actually Go templates.
- The wrinkle is that Go is typed so sometimes that makes things weird.
Example:
apiVersion: v1
Kind: ConfigMap
Metadata:
Name: {{ .Release.Name }}-configmap
Data:
My-value: helloworld
T- here is a standard layout for helm charts, Aaron shared a wordpress example
charts/ - references dependant charts
Chart.yaml
templates/ - all the magic goes here
requirements.yaml
values.yaml - default configuration
- There was much ranting _helpers.tpl was singled out as being particularly stupid.
- helm create can be used to generate a starter template
- The problem with this is that it doesn’t actually work
- You are probably better off getting started writing the k8s yaml files first
- Aaron finds its easier to get started with a working k8s yaml rather then starting from helm create
- The helm output can be hard to read when it fails. Template paritials are particularly bad.
- Aaron recommends you commit the starter template and then edit it.
- Writing Helm charts is Go Templates which wrap yaml
- Aaron recommends you read the official helm documentation to learn how to learn helm.
- The official doc has instructions are variable namespacing, but often stack exchange gives you some bad instructions.
- Once you are inside a for loop your variable scoping changes. The $. Brings you back to the root scope. Read the documentation, it will help you a lot.
- If you want official charts you need to go to artifathub.io
- Aaron recommends you level up by using library charts.
Aaron then did some helm defense vs the trolls, he did well.
Thanks Aaron for a great presentation!
Aaron is presenting on Helm and Kubernetes
About Helm
- Helm claims to be a package manager for kubernetes
- Helm is really a template for kubernetes YAMLs and submits the completed yaml to the k8s API
- Helm gives users the ability to reuse kubernetes yaml manifests for their deployments in a more efficient way then without helm
- To use Helm
- You need kubernetes
- You do longer need tiller
- Tiller was a service that communicated with k8s api to manage helm packages
- The removal of the tiller was to reduce cluster attack surface.
- Without tiller in helm v3 it simply fetches information from the K8S API renders the chards client side and stores a record of the installation k8s native resources
- To use helm you just need a single binary
- Aaron has prepared a demo using k3d (which requires docker)
- K3s is a stripped down rancher distro for k8s
- Aaron chose to use k3d because that’s what he used.
- Aaron shared his k3d deployment which was very exciting
- All k8s apis are secured via tls
- When you are debug HEML the --debug --dry-run args are a great help.
- Aaron walked throught deploying ingress-inginx on k3d to make the demo more useful
- ingress-nginx dynamically generates nginx configuration and backends. It adds lua scripting to re-import then backends
- Aaron provides a nice secure setup for nginx tls, He claims if you select ecdh-curve X25519 you can hide from the NSA.
- Aaron shared how to test your ingress by deploying Grafana.
- Aaron suggests you use --set to provide variables to the helm chart.
- Helm charts can be shared via network registry.
- Aaron hosts his own helm chart repo for his personal site. Which is weird, but theres at least 1.4K other people interested in this so its not actually that weird I guess.
Writing Helm charts
- Helm charts are a lot like ERB or Jinja2 templates. They are actually Go templates.
- The wrinkle is that Go is typed so sometimes that makes things weird.
Example:
apiVersion: v1
Kind: ConfigMap
Metadata:
Name: {{ .Release.Name }}-configmap
Data:
My-value: helloworld
T- here is a standard layout for helm charts, Aaron shared a wordpress example
charts/ - references dependant charts
Chart.yaml
templates/ - all the magic goes here
requirements.yaml
values.yaml - default configuration
- There was much ranting _helpers.tpl was singled out as being particularly stupid.
- helm create can be used to generate a starter template
- The problem with this is that it doesn’t actually work
- You are probably better off getting started writing the k8s yaml files first
- Aaron finds its easier to get started with a working k8s yaml rather then starting from helm create
- The helm output can be hard to read when it fails. Template paritials are particularly bad.
- Aaron recommends you commit the starter template and then edit it.
- Writing Helm charts is Go Templates which wrap yaml
- Aaron recommends you read the official helm documentation to learn how to learn helm.
- The official doc has instructions are variable namespacing, but often stack exchange gives you some bad instructions.
- Once you are inside a for loop your variable scoping changes. The $. Brings you back to the root scope. Read the documentation, it will help you a lot.
- If you want official charts you need to go to artifathub.io
- Aaron recommends you level up by using library charts.
Aaron then did some helm defense vs the trolls, he did well.
Thanks Aaron for a great presentation!
acjo...@pcdomain.com
Aug 11, 2021, 3:24:11 PM8/11/21
to qclug...@googlegroups.com, Alexander Maidak
Reply all
Reply to author
Forward
0 new messages