Helmfile: Supercharge your deployment pipeline

Transcript

1. Helmfile Supercharge your deployment pipeline Yusuke Kuoka / @mumoshu, Z

   Lab Corporation

2. “Deploying to K8s is unnecessarily hard”

3. “Deploying to K8s is unnecessarily hard” • ʮKubernetes΁ͷσϓϩΠͳΜ΋Θ͔ΒΜʯ • kubectl

   apply -f dir/ Ұ୒Ͱ͸? • ͍͍͑͑

4. Α͋͘Δύϥϝʔλ • ϚχϑΣετॻ͖͍ͨ vs Ͱ͖Δ͚ͩॻ͖ͨ͘ͳ͍ • DRYʹ͍ͨ͠ vs ͨ͘͠ͳ͍ •

   ࣗ෼ͰCI/CD૊Έ͍ͨ vs ೚͍ͤͨ • (ηΩϡϦςΟ|ύϑΥʔϚϯε|etc) ʹͩ͜ΘΔ vs ͩ͜ΘΒͳ͍ • KubernetesͷॊೈੑΏ͑બ୒ࢶ͕ଟ͍

5. Α͋͘Δ՝୊ • ૿͑ଓ͚Δπʔϧ • kubectl, kustomize, helm, kpt, go(client-go +

   whatever), etc. • ཚཱ͢ΔWrapper • make, bash, ruby, go, js, yaml(CircleCI config.yml, GitHub Actions Workflow, …) • ߏ੒؅ཧ • WrapperͲ͜ (ΞϓϦέʔγϣϯϨϙδτϦ?ConfigRepo? • OSSͷެࣜϚχϑΣετ/Chart౳Λͦͷ··࢖ͬͯΔͷ͔ɺforkͯ͠Δͷ͔ • forkͯ͠ΔͳΒࠩ෼͸Ͳ͔͜ • πʔϧͷظ଴͢Δόʔδϣϯ͸?

6. Α͋͘Δରࡦ • ૿͑ଓ͚Δπʔϧ ← ϕετϓϥΫςΟεͷυΩϡϝϯτԽ • ཚཱ͢ΔWrapper ← ڞ௨Խɾࣾ಺πʔϧԽ •

   ߏ੒؅ཧ ← ن໿Λͭ͘Δ

7. ΊͰͨ͠ΊͰͨ͠?

8. Α͋͘Δ՝୊ - Phase 2 • ૿͑ଓ͚ΔυΩϡϝϯτ΍πʔϧͷϝϯςφϯε޻਺ • े෼ʹςετ͞Εͳ͍ࣾ಺πʔϧ • ૿͑ଓ͚Δن໿

9. “Deployment on K8s is unnecessarily hard” • <—ίετେ— πʔϧઐ೚νʔϜ, WG,

   ਆ(K8s͓͡͞Μ), ϘϥϯςΟΞ —খ—> • େ఍ίετ͔͚ͨ΄͏͕πʔϧͱͯ͠͸࢖͍΍͘͢ͳΔ(ܦݧଇ • ͏·͍͘͘·ͰίετΛ͔͚ଓ͚Δ͔ʁˠجຊతʹ͸Yes • ʢͰ͖Ε͹ʣ࠷খݶͷίετͰ໰୊Λղܾ͍ͨ͠ • ୭͔͕طʹૺ۰ͨ͠໰୊͸ճආ͍ͨ͠ • େ͖ͳϛεΛճආ͍ͨ͠ • طଘπʔϧ͸ͳ͍ͷ͔ʁ

10. Helmfile

11. Helmfile: HISTORY & NUMBERS HelmϕʔεͷએݴతσϓϩΠπʔϧ https://github.com/roboll/helmfile/ - Nov. 2016: First

    Commit by @roboll (Datadog) - Feb. 2018: @mumoshu as maintainer - Apr. 2018: ϓϩμΫγϣϯͰ࢖ΘΕ࢝ΊΔ - 200ίϛοτɾ100ϦϦʔε/೥ - 2.1K GitHubελʔ @ 2020/05

12. Helmfile Benefits • πʔϧཚཱ ← ϚχϑΣετɾHelm Chartɾkustomizeαϙʔτ • ཚཱ͢ΔWrapper ←

    helmfile͕kubectl/kustomize/helmͷڞ௨ Wrapperʹ • ߏ੒؅ཧ ← ن໿Λͭ͘ΔͷͰ͸ͳ͘ɺhelmfileͷن໿Λར༻

13. Helm

14. Helmfile (helmfile.yaml)

15. Helmfile + Kustomize (./deploy/prod/kustomization.yamlΛHelmͰΠϯετʔϧ)

16. Helmfile as a “Wrapper” (ར༻πʔϧʹؔΘΒͣ౷ҰతͳίϚϯυͰෳ਺ΞϓϦΛҰׅ؅ཧ)

17. ߏ੒؅ཧ - ϓϩδΣΫτϧʔτʹ helmfile.yaml Λஔ͘ - ϓϩδΣΫτ໰ΘͣɺͨͩhelmfileΛ ࣮ߦ͢Δ͚ͩͰσϓϩΠՄೳ - ༨ྗ͕͋Ε͹ͦΕҎ֎ͷཁૉͷ໋໊ن

    ଇ΍ϑΝΠϧͷஔ͖৔ͷϧʔϧΛܾΊ Δ

18. ศརػೳ • Diff • όʔδϣϯϩοΫ • ϚχϑΣετੜ੒ • Secret؅ཧ •

    Values provider: AWS SecretsManager/Vault/SOPS/Terraform State • DAG • σόοάࢧԉ (helmfile build, helmfile —debug)
19. None
20. None
21. None
22. None

23. Alternatives • Terraform + Kubernetes/Helm provider • Pulumi + Kubernetes

    provider • AWS CDK / cdk8s • KPT (https://github.com/GoogleContainerTools/kpt) • Terraform + terraform-provider-helmfile

24. terraform-provider-helmfile
 https://github.com/mumoshu/terraform-provider-helmfile

25. Also see… • helmfile.yamlαϯϓϧू
 https://github.com/cloudposse/helmfiles • Helmfileͷsecret refػೳͰ࢖͑ΔόοΫΤϯυ
 https://github.com/variantdev/vals/

26. ·ͱΊ • Kubernetes ޲͚ͷσϓϩΠ͸ҙ֎ͱ໘౗ʢબ୒ࢶ͕ଟ͍͕ނʣ • kubectl/helm/kustomizeΛϥοϓ͢Δπʔϧ͕ಠࣗ։ൃ͞Ε͕ͪ • υΩϡϝϯτ΍πʔϧͷ࡞੒ɾϝϯςίετ͸࠷খݶʹ͍ͨ͠ • ಠࣗ։ൃ෦෼ΛݮΒ͢

    / ཁ݅ʹ͋͏طଘπʔϧ͕͋Ε͹ར༻ • Helmfile͕͓ͦΒ͘࠷΋ଟػೳ • ൺֱݕ౼ީิʹೖΕΔͱɺඞཁͳػೳͷߟྀ࿙Ε͕ݮΒͤΔ͔΋