Jay Taylor's notes
back to listing indexkubernetes/helm
[web search]{{ tpl TEMPLATE_STRING VALUES }}
Examples:
# values
template: "{{ .Values.name }}"
name: "Tom"
# template
{{ tpl .Values.template . }}
# output
Tom
Rendering a external configuration file:
# external configuration file conf/app.conf
firstName={{ .Values.firstName }}
lastName={{ .Values.lastName }}
# values
firstName: Peter
lastName: Parker
# template
{{ tpl (.Files.Get "conf/app.conf") . }}
# output
firstName=Peter
lastName=Parker
Creating Image Pull Secrets
Image pull secrets are essentially a combination of registry, username, and password. You may need them in an application you are deploying, but to create them requires running base64 a couple of times. We can write a helper template to compose the Docker configuration file for use as the Secret's payload. Here is an example:
First, assume that the credentials are defined in the values.yaml
file like so:
imageCredentials:
registry: quay.io
username: someone
password: sillyness
We then define our helper template as follows:
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
{{- end }}
Finally, we use the helper template in a larger template to create the Secret manifest:
apiVersion: v1
kind: Secret
metadata:
name: myregistrykey
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
Automatically Roll Deployments When ConfigMaps or Secrets change
Often times configmaps or secrets are injected as configuration
files in containers.
Depending on the application a restart may be required should those
be updated with a subsequent helm upgrade
, but if the
deployment spec itself didn't change the application keeps running
with the old configuration resulting in an inconsistent deployment.
The sha256sum
function can be used to ensure a deployment's
annotation section is updated if another file changes:
kind: Deployment spec: template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} [...]
See also the helm upgrade --recreate-pods
flag for a slightly
different way of addressing this issue.
Tell Tiller Not To Delete a Resource
Sometimes there are resources that should not be deleted when Helm runs a
helm delete
. Chart developers can add an annotation to a resource to prevent
it from being deleted.
kind: Secret metadata: annotations: "helm.sh/resource-policy": keep [...]
(Quotation marks are required)
The annotation "helm.sh/resource-policy": keep
instructs Tiller to skip this
resource during a helm delete
operation. However, this resource becomes
orphaned. Helm will no longer manage it in any way. This can lead to problems
if using helm install --replace
on a release that has already been deleted, but
has kept resources.
Using "Partials" and Template Includes
Sometimes you want to create some reusable parts in your chart, whether they're blocks or template partials. And often, it's cleaner to keep these in their own files.
In the templates/
directory, any file that begins with an
underscore(_
) is not expected to output a Kubernetes manifest file. So
by convention, helper templates and partials are placed in a
_helpers.tpl
file.
Complex Charts with Many Dependencies
Many of the charts in the official charts repository are "building blocks" for creating more advanced applications. But charts may be used to create instances of large-scale applications. In such cases, a single umbrella chart may have multiple subcharts, each of which functions as a piece of the whole.
The current best practice for composing a complex application from discrete parts
is to create a top-level umbrella chart that
exposes the global configurations, and then use the charts/
subdirectory to
embed each of the components.
Two strong design patterns are illustrated by these projects:
SAP's OpenStack chart: This chart installs a full OpenStack IaaS on Kubernetes. All of the charts are collected together in one GitHub repository.
Deis's Workflow:
This chart exposes the entire Deis PaaS system with one chart. But it's different
from the SAP chart in that this umbrella chart is built from each component, and
each component is tracked in a different Git repository. Check out the
requirements.yaml
file to see how this chart is composed by their CI/CD
pipeline.
Both of these charts illustrate proven techniques for standing up complex environments using Helm.
YAML is a Superset of JSON
According to the YAML specification, YAML is a superset of JSON. That means that any valid JSON structure ought to be valid in YAML.
This has an advantage: Sometimes template developers may find it easier to express a datastructure with a JSON-like syntax rather than deal with YAML's whitespace sensitivity.
As a best practice, templates should follow a YAML-like syntax unless the JSON syntax substantially reduces the risk of a formatting issue.
Be Careful with Generating Random Values
There are functions in Helm that allow you to generate random data, cryptographic keys, and so on. These are fine to use. But be aware that during upgrades, templates are re-executed. When a template run generates data that differs from the last run, that will trigger an update of that resource.
Upgrade a release idempotently
In order to use the same command when installing and upgrading a release, use the following command:
helm upgrade --install <release name> --values <values file> <chart directory>