The first beta of Helm 3 is now available! This is a particularly important milestone because it signals the finalization of the big helm rewrite. From now on, the Helm team’s focus will be in bug fixes and stability. Which means that we can start to build charts targeting Helm 3, right?
I really wanted to try Helm 3 around, but didn’t want to mess my local machine (the Helm and Helm 3 binaries are not compatible, so you need to keep separate installs,
$HELM_HOMEand whatnots), so instead of testing it in my machine, I decided to launch a development environment in Okteto Cloud and test everything from there.
If this is your first time using Okteto, start by installing the Okteto CLI. We’ll need it to launch the development environment into Okteto Cloud.
We’ll start by initializing our development environment, using the
okteto init command to create our manifest (this tells Okteto what kind of development environment to launch). Since we are working on an empty directory,
okteto will ask us to pick a runtime. Pick the first one.
Now that we have our development environment defined, we need to configure our local environment to work with Okteto Cloud.
First, run the
okteto login command to create your Okteto Cloud account and link it to your local computer (you only need to do this once per computer).
Second, run the
okteto namespace command to download the Kubernetes credentials for Okteto Cloud, and to set it as our current context.
Now we are ready to go! Run the
okteto up command to launch our development environment directly into Okteto Cloud:
okteto up command launches a development environment in Okteto Cloud, keeps your code synchronized between your development environment and your local machine and automatically opens a shell into the development environment for you. From now on we’ll be running all the commands directly in our remote development environment (note the
okteto> bash symbol in the code samples 😎).
Download the v3.0.0-beta.1 release from github, and install it in
wget https://get.helm.sh/helm-v3.0.0-beta.1-linux-amd64.tar.gz -O /tmp/helm-v3.0.0-beta.1-linux-amd64.tar.gz
helm version to make sure everything is OK (We are dealing with beta software, after all).
The biggest change introduced by Helm 3 (in my opinion) is that Tiller is gone. This makes Helm a lot simpler to use, since the Helm commands now run under the credentials you’re using instead of those of an intermediate service. This has huge implications, specially if you’re working on a shared or multi-tenant cluster. This is particularly exciting for us, since it allow us to fully support Helm as a 1st class citizen in Okteto Cloud.
Helm 3 will also bring a more powerfulcChart model, that’s going to leverage Open Container Images (OCI) and registries for distribution. I imagine it’s going to be something similar (or complementary?) to the work done in the CNAB project. Sadly, installing 3rd party charts is broken on this beta, so I didn’t get a chance to try that out.
What I did got a chance to try out was the full lifecycle of a local chart. As you can expect, it’s pretty much the same as Helm v2, but without the Tiller-related complexities.
To keep exploring Helm 3, we are going to create a simple chart by running
helm create. This command creates a chart with a deployment of an NGINX container and its corresponding service.
helm create hello-world
Deploy your chart by running the
helm install command:
helm install hello-world ./hello-world
You can then run
helm list to see all the installed releases:
When you launch a development environment in Okteto Cloud, a set of credentials is automatically created for you. The credentials are automatically mounted on your development environment, so you can start using tools like
kubectlwithout requiring extra configuration.
Another big change that’s being introduced with Helm 3 is that now every release has it’s own secret, clearly tagged with the name of the release and the version, and stored in the same namespace (no more searching across namespaces to find why a certain value was applied!). This makes rolling back versions easier, since Helm only needs to apply the contents of the secret, instead of having Tiller do complicated calculations.
You can see the content by running the
kubectl get secret command:
kubectl get secret hello-world.v1 -oyaml
I couldn’t figure out how to decode/decrypt the content of the secret, I’ll update blog post once I do.
Now that our application is installed and ready, let’s try it out. Instead of having to run a port-forward to our local machine, we will let Okteto Cloud automatically create a publicly accessible SSL endpoint for our application by annotating the service with
dev.okteto.com/auto-ingress=true. The chart created by
helm create doesn’t support annotations, so we’ll just use
kubectl annotate directly:
kubectl annotate service hello-world dev.okteto.com/auto-ingress=true
Let’s open our browser and head out to Okteto Cloud to see the application’s endpoint.
Go ahead and click on the URL to see our application up and running.
Let’s change the boring “Welcome to nginx page!” with something with more flair. We’ll upgrade our chart and change the container image from
ramiro/hello using the
helm upgrade command.
helm upgrade --set image.repository=ramiro/hello hello-world ./hello-world
helm list to see the state of the release. Notice how the value of
revision changed from
2 to indicate that a new version was deployed.
If you run the
kubectl get secret command you’ll also see that a new secret was created for our new release, along with the older one (for rollback purposes).
kubectl get secret
Go back to your browser, reload the page, and verify that it was correctly upgraded 🐶.
Now let’s simulate that we have a bad build. We’ll rollback to the previous stable version by using the
helm rollback command.
helm rollback hello-world 1
If we go back to our browser and reload the page, we should see NGINX’s welcome page once again. You can rollback to any specific revision, as long as the secret is still available.
helm uninstall command to uninstall the chart and remove all the related resources.
helm uninstall hello-world
Once you’re done playing with your development environment, exit the terminal and run the
okteto down command to shut it down. But don’t worry, all the files you created there (like the chart) were automatically synchronized back to your local machine.
I’m really excited about Helm 3. The team managed to keep all the good things about it (repeatable installations, manifest-driven approach, easy to share charts, same commands) while removing the need to have a central service to keep all the state (buh bye
Tiller!). I’m particularly curious to try the new chart model, as well as the
helm test command (In my experience testing charts on Helm 2 is pretty much impossible). Beta v2 is already in prerelease, so we should have more information on all of this pretty soon!
Ephemeral development environments are a great way to keep different tech stacks from messing with each other, or to quickly try out beta software without “polluting” our machine. Making them super easy to use for everyone is one of our main motivations with building Okteto.
I would ❤️ to hear what you think about this feature.