Cloud Kube | Helm Initialization and Chart Publishing

Cloud Kube | Helm Initialization and Chart Publishing

Software Development

Kubernetes Application Hosted in the Cloud

full course
  1. Kubernetes Application Hosted in the Cloud

    written by Bullyrook on January 2, 2022

  2. Cloud Kube | Create Github Repo

    written by Bullyrook on January 2, 2022

  3. Cloud Kube | Simple REST Endpoint and Test

    written by Bullyrook on January 2, 2022

  4. Cloud Kube | Build Pipeline Initialization

    written by Bullyrook on January 2, 2022

  5. Cloud Kube | Docker Build and Registry

    written by Bullyrook on January 4, 2022

  6. Cloud Kube | Helm Initialization and Chart Publishing

    written by Bullyrook on January 4, 2022

  7. Cloud Kube | Setup Cloud Hosting

    written by Bullyrook on January 4, 2022

  8. Kube Cloud | Automate Kube Deploy

    written by Bullyrook on January 4, 2022

Now that we’re producing versioned docker images into our registry lets get helm setup and publish versioned charts. This will allow us to deploy fully configured services into kubernetes.

Helm Init

I’m assuming that helm is already installed in your development environment, so I’m not going to cover installing it. You will need it locally to initialize a helm chart.

Create a new directory in the root of your application called helm. From that directory type the following command

$ helm create cloud-application
Creating cloud-application

Note, I’m using a hyphen instead of underscore so that I can have names that match helm conventions.. That should give you a bunch of directories and template yaml files

make the following updates

image:
  repository: cloud.canister.io:5000/bullyrooks/cloud_application
  pullPolicy: Always
...
imagePullSecrets:
  - name: regcred
...
serviceAccount:
  # Specifies whether a service account should be created
  create: false
...
service:
  type: NodePort
  port: 8080
  targetPort: 8080

port:
  containerPort: 8080

Here’s what we’re doing:

  • Telling the helm chart where to find our docker image. Always pull the image.
  • imagePullSecrets tells helm where to find the credentials to log into the docker registry. We’ll create this secret later.
  • serviceAccount create false means don’t create a service account. Where we’re deploying we’ll have limited access.
  • service configuration will be overwritten by our hosting platform using an ingress, so we’ll leave it as nodeport for now.
  • we’re going to need to tell the container which port our app is running on so we define it here

In deployment.yaml make the following changes. Essentially, comment out liveness and readiness probes. Although these are useful, we’ll come back to them once we have actuator setup.

          ports:
            - name: http
              containerPort: {{ .Values.port.containerPort }}
              protocol: TCP
{{/*          livenessProbe:*/}}
{{/*            httpGet:*/}}
{{/*              path: /*/}}
{{/*              port: http*/}}
{{/*          readinessProbe:*/}}
{{/*            httpGet:*/}}
{{/*              path: /*/}}
{{/*              port: http*/}}

create a role.yaml in templates with this content

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ include "cloud-application.fullname" . }}-reader-role
rules:
  - apiGroups: [""]
    resources: ["configmaps", "pods", "services", "endpoints", "secrets"]
    verbs: ["get", "list", "watch"]

Give access to our service to access all of the components it will need access to.

Create a rolebinding.yaml in templates with this content

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ include "cloud-application.fullname" . }}-reader-role-binding
subjects:
  - kind: ServiceAccount
    name: {{ include "cloud-application.serviceAccountName" . }}
    apiGroup: ""
roleRef:
  kind: Role
  name: {{ include "cloud-application.fullname" . }}-reader-role
  apiGroup: ""

Setup Chart Repo in Github

We’re going to mostly follow the directions here. However, this one has a bit more detail.

Create a new github repo: helm-charts

Create a new branch called gh-charts

Go to Settings/Pages change the branch to gh-charts and hit save

Configure Helm Publish Plugin

I use a different github action plugin though because I want to publish app and chart versions that I’m generating. His medium article is here.

But essentially, we’re going to add this code to the end of the main.yaml github action workflow.

      - name: Publish Helm chart
        uses: stefanprodan/helm-gh-pages@master
        with:
          token: ${{ secrets.CHART_TOKEN }}
          charts_dir: helm
          charts_url: https://opportunitygopher.github.io/og-charts/
          repository: og-charts
          branch: gh-pages
          app_version: ${{ env.VERSION }}
          chart_version: ${{ env.VERSION }}

Setup Access Token

You’ll need to create an api key (CHART_TOKEN) which will allow github actions to act on your behalf. Go into your user settings

Then Developer Settings, then Personal access tokens. Click Generate new token

I change to no expiration and full repo access.

When you hit generate, copy the token that is displayed. Save it somewhere.

Go to your cloud_application settings/secrets page. Create a New repository secret called CHART_TOKEN with the value of your token

Publish the Chart Repo

All we have to do now is push these changes up into main

$ git add . 

$ git commit -m "helm chart"
[main b20f32e] helm chart
 14 files changed, 437 insertions(+), 1 deletion(-)
 create mode 100644 helm/cloud-application/.helmignore
 create mode 100644 helm/cloud-application/Chart.yaml
 create mode 100644 helm/cloud-application/templates/NOTES.txt
 create mode 100644 helm/cloud-application/templates/_helpers.tpl
 create mode 100644 helm/cloud-application/templates/deployment.yaml
 create mode 100644 helm/cloud-application/templates/hpa.yaml
 create mode 100644 helm/cloud-application/templates/ingress.yaml
 create mode 100644 helm/cloud-application/templates/role.yaml
 create mode 100644 helm/cloud-application/templates/rolebinding.yaml
 create mode 100644 helm/cloud-application/templates/service.yaml
 create mode 100644 helm/cloud-application/templates/serviceaccount.yaml
 create mode 100644 helm/cloud-application/templates/tests/test-connection.yaml
 create mode 100644 helm/cloud-application/values.yaml

$ git push
Enumerating objects: 26, done.
Counting objects: 100% (26/26), done.
Delta compression using up to 4 threads
Compressing objects: 100% (19/19), done.
Writing objects: 100% (22/22), 6.49 KiB | 1.62 MiB/s, done.
Total 22 (delta 2), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
To github.com-bullyrook:bullyrooks/cloud_application.git
   a060e27..b20f32e  main -> main

We should see our new task getting executed from the github actions screen

Found chart directory helm/cloud-application
==> Linting helm/cloud-application
[INFO] Chart.yaml: icon is recommended

1 chart(s) linted, 0 chart(s) failed
Successfully packaged chart and saved it to: /tmp/tmp.Mnhdph/cloud-application-1.0.3.tgz
Cloning into 'helm-charts'...
Branch 'gh-charts' set up to track remote branch 'gh-charts' from 'origin'.
Switched to a new branch 'gh-charts'
No index found, generating a new one
[gh-charts cfeabb6] Publish cloud-application-1.0.3.tgz
 2 files changed, 14 insertions(+)
 create mode 100644 cloud-application-1.0.3.tgz
 create mode 100644 index.yaml
To https://github.com/***/helm-charts
   e267136..cfeabb6  gh-charts -> gh-charts

and we should see the tarball and index updated in the chart github repo

Most importantly, the service chart version will match the image tag version and both will be available in our helm chart.

0 comments on “Cloud Kube | Helm Initialization and Chart PublishingAdd yours →

Leave a Reply

Your email address will not be published. Required fields are marked *