Helm offers the option of listing dependencies for a chart when browsing through its files.
So if I am above the folder of my-chart, I can perform
▶ helm dependency list my-chart
NAME VERSION REPOSITORY STATUS
common 0.12.6 file://../common/ ok
How can I get the dependencies for the INSTALLED chart, i.e. by retrieving this info from the actualy deployed version? (i.e. the one running on my cluster)
No, you can retrieve this information only using documentation you provided. You should:
Download the chart with $ helm pull repo/name --untar (skip this if you already have it)
Go inside the chart directory
Invoke command: $ helm dependency list my-chart
Alternatively you can inspect requirements.yaml for helm2 or Chart.yaml for helm3, but you will find there only transitive dependencies :
All applications, maybe with the exception of the most trivial,
usually depend on other runtime components, such as web servers,
caches, databases, etc. Helm supports modularization via a dependency
mechanism, which allows to formally specify, manage and deploy
dependencies as part of a Helm release. A Helm chart may declare
dependencies, which are other Helm charts published in external
repositories, conveniently packaged by people who presumably know the
respective components well. The simples possible example is a chart A
-- the dependent - that declared its reliance on a chart B - the dependency - by specifying chart B's “coordinates” (name, version and
repository URL) as part of its own metadata. The exact way in which
the dependencies are declared has evolved across Helm releases. For
Helm 2 charts, the dependencies are declared in a dedicated
requirements.yaml file, while for Helm 3 chart, the dependencies are
declared as part of the chart manifest Chart.yaml. However, the way
the dependencies are processed during installation has remained the
same.
Good article: Helm Dependencies
Related
I have multiple subcharts under one helm chart. I install those using the command
helm install my-app . --values values.dev.yaml
It is working fine. All subcharts are part of a one release. Now I have requirements that other member will be starting working those individual subcharts and want to upgrade their subchart without deleting/upgrading the entire application's subchats and in the same release
so when for upgrading one one say frontend subchart from it. I tried
helm upgrade my-app ./charts/frontend --values values.dev.yaml.
It will terminate all the other pods and will keep only pod for this subchart frontend running. Is there any way to upgrade only subcharts of the application without touching the other subcharts?
Just run helm upgrade on the top-level chart normally
rm requirements.lock
helm dependency update
helm upgrade my-app . -f values.dev.yaml
This will "redeploy" the entire chart, including all of its subcharts, but Helm knows to not resubmit unchanged objects to Kubernetes, and Kubernetes knows to not take action when an unmodified object is submitted.
Helm subcharts have some limitations; in addition to what you describe here about not being able to separately manage subcharts' versions, they will also flatten recursive dependencies together (if A depends on B depends on Redis, and A depends on C depends on Redis, B and C will share a single Redis installation and could conflict). If you need to separately manage the versions, consider installing the charts as separate top-level releases.
If your sub-charts are 3rd party dependencies (i.e. you are combining some charts together in a single chart), you can update the external charts by updating Helm dependencies:
Once in the Helm chart dir, where Chart.yaml lives, run
$ helm dependency update
To make sure you get the latest dependency, update Helm repos first:
$ helm repo update && helm dependency update
This will download the latest dependent charts (or the latest allowed, depending on your Chart.yaml config.
Please Note that helm dependency update will download txz files. If no action is taken (i.e. ignore them in git), they could end up version-controlled in your git repo.
If I have a chart that depends on another chart, what's the best practices around when it should be included as a package in the charts/ directory vs requirements.yaml vs the dependencies property in Chart.yaml?
For example, if I have a shared dependency that multiple Helm charts will use, should I always put that in a Helm repo and then just refer to it in each chart's requirements.yaml? Or is there a benefit to including it in the charts/ directory?
Example
requirements.yaml
dependencies:
- name: mariadb
version: 7.x.x
repository: https://charts.bitnami.com/bitnami
condition: mariadb.enabled
tags:
- wordpress-database
Chart.yaml
dependencies:
- name: mariadb
version: 7.x.x
repository: https://charts.bitnami.com/bitnami
condition: mariadb.enabled
tags:
- wordpress-database
charts/ directory
my-package.tgz
/charts
mariadb-7.0.0.tgz
...elided...
(and there's technically a 4th where I put the actual exploded chart into the charts directory)
If you need both Helm 2 and Helm 3 compatibility, include it in a separate requirements.yaml file. Most charts will work fine with either version of Helm (if the CLIs are somewhat different) so if your environment still needs Helm 2 compatibility, this is your best choice.
If you don't need Helm 2 compatibility, listing it in the Chart.yaml file is one file fewer.
I'd only manually download the chart (or unpack it) if I had a specific requirement to, probably because my product is uncomfortable downloading software from the public Internet without specifically verifying or approving it. Even then, it's common to have an internal repository of approved artifacts, and it'd be better to point the requirements.yaml/Chart.yaml at that repository than to keep an extra copy. (How do you handle open-source library dependencies in general?)
Even if you have a local dependency chart or support chart library, it's better to properly version it and publish it to a chart repository than to replicate its tarball in charts/ directories. The only benefit to putting a dependency in charts/ is not needing to have it in a repository, but you'll usually want a repository for ease of management.
I've been developing a prototype chart that depends on some custom resource definitions that are defined in one of the child charts.
To be more specific, I'm trying to create the resources defined in the strimzi-kafka-operator within my helm chart and would like the dependency to be explicitly installed first. I followed the helm documentation and added the following to my Chart.yaml
dependencies:
- name: strimzi-kafka-operator
version: 0.16.2
repository: https://strimzi.io/charts/
I ran:
$ helm dep up ./prototype-chart
$ helm install ./prototype-chart
> Error: unable to build Kubernetes objects from release manifest: unable to recognize "": no matches for kind "KafkaTopic" in version "kafka.strimzi.io/v1beta1"
which shows that it's trying to deploy my chart before my dependency. What is the correct way to install dependencies first and then my parent chart?
(For reference, here is the question I opened on GitHub directly with Strimzi where they informed me they aren't sure how to use their helm as a dependency:
https://github.com/strimzi/strimzi-kafka-operator/issues/2552
)
Regarding CRD's: the fact that Helm by default won't manage those1 is a feature, not a bug. It will still install them if not present; but it won't modify or delete existing CRD's. The previous version of Helm (v2) does, but (speaking from experience) that can get you into all sorts of trouble if you're not careful. Quoting from the link you referenced:
There is not support at this time for upgrading or deleting CRDs using Helm. This was an explicit decision after much community discussion due to the danger for unintentional data loss. [...] One of the distinct disadvantages of the crd-install method used in Helm 2 was the inability to properly validate charts due to changing API availability (a CRD is actually adding another available API to your Kubernetes cluster). If a chart installed a CRD, helm no longer had a valid set of API versions to work against. [...] With the new crds method of CRD installation, we now ensure that Helm has completely valid information about the current state of the cluster.
The idea here is that Helm should operate only at the level of release data (adding/removing deployments, storage, etc.); but with CRD's, you're actually modifying an extension to the Kubernetes API itself, potentially inadvertently breaking other releases that use the same definitions. Consider if you're on a team that has a "library" of CRDs shared between several charts, and you want to uninstall one — formerly, With v2, Helm would happily let you modify or even delete those at will, with no checks on if/how they were used in other releases. Changes to CRDs are changes to your control plane / core API, and should be treated as such — you're modifying global resources.
In short: with v3, Helm positions itself more as a "developer" tool to define, template, and manage releases; CRDs, however, are meant to be managed independently e.g. by a "cluster administrator". At the end of the day, it's a win for all sides, since developers can setup/teardown deployments at will, with confidence that it's not going to break functionality elsewhere... and whoever's on call won't have to deal with alerts if/when you accidentally delete/modify a CRD and break things in production :)
See also the extensive discussion here for more context behind this decision.
Hope this helps!
I am trying to understand the usage of Requirements.lock file . For using a dependent chart , we can make use of Requirements.yaml . Based on documentation
Requirements.lock : rebuild the charts/ directory based on the requirements.lock file
Requirements.yaml : update charts/ based on the contents of
requirements.yaml
Can someone explain the difference and usage of lock file and do we need to checking requirements.lock file in the repo too ?
This article says it well:
Much like a runtime language dependency file (such as Python’s requirements.txt), the requirements.yaml file allows you to manage your chart’s dependencies and their versions. When updating dependencies, a lockfile is generated so that subsequent fetching of dependencies use a known, working version.
The requirements.yaml file lists only the immediate dependencies that your chart needs. This makes it easier for you to focus on your chart.
The requirements.lock file lists the exact versions of immediate dependencies and their dependencies and their dependencies and so forth. This allows helm to precisely track the entire dependency tree and recreate it exactly as it last worked--even if some of the dependencies (or their dependencies) are updated later.
Here's roughly how it works:
You create the initial requirements.yaml file. You run helm install and helm creates the requirements.lock file as it builds the dependency tree.
On the next helm install, helm will ensure that it uses the same versions identified in the requirements.lock file.
At some later date, you update the requirements.yaml file. You run helm install (or helm upgrade) and helm will notice your changes and update the requirements.lock file to reflect them.
My helm depends on another helm from public repository. I've installed it manually and put the command to documentation. But I'd like to do it automatically.
Is there some way to set such dependencies?
You may take a look on helm chart dependencies with requirements.yaml
And as an example - Kafka helm chart with zookeeper dependency.