Helm Guide

Posted March 4, 2022 by olblak ‐ 5 min read

Let's automate Helm chart update

Helm is a very popular package manager for deploying applications on Kubernetes. But those packages can also get outdated pretty quickly. We’ll see in this guide how we can automatically update our Helm charts based on third dependencies.

Requirement

To use this guide, we need the following elements:

  1. The Updatecli binary

  2. A Helm chart to update

  3. A GitHub Personal Access Token

Updatecli Binary

Updatecli is a command-line available for Linux/macOS/Windows.

Check out installation instructions on www.updatecli.io/docs/prologue/installation to know how to install it on your machine.

Helm chart to update

Within this example, we’ll use a Helm chart from the Jenkins infrastructure project located on github.com/jenkins-infra/helm-charts. We want to ensure that the Helm chart is always using the latest chart application which in this case is the jenkins-wiki-exporter.

GitHub Personal Access Token

As we are going to interact with resources on Github such as github repository and GitHub packages, we need a personal access token. More information on the GitHub documentation creating-a-personal-access-token

Update Pipeline

Manifest

Updatecli expects one or multiple pipeline manifests to know what to do. Then we can use the command updatecli diff --config manifest.yaml The diff allows us to run updatecli in dry-mode so we identify what updatecli would change. Then we need to execute updatecli apply --config manifest.yaml to run our updatecli pipeline

As you’ll see in our updatecli manifest, we define:

  1. One "source" resource of a kind "githubRelease" which describes, where to retrieve the latest version of our application, jenkins-wiki-exporter, published on GitHub Release.

  2. Two "condition" "resources which need to succeed before updating our Helm chart. In the first condition, we want to ensure that our Helm chart uses the right container name "jenkinsciinfra/jenkins-wiki-exporter". The second condition of a kind "dockerImage", ensures that a Docker image "jenkinsciinfra/jenkins-wiki-exporter" exists on DockerHub where the tag is the same than the source output aka the latest jenkins-wiki-exporter version.

  3. A "target" resource of kind "helmChart", has a chart name "charts/jenkins-wiki-exporter" with a file "values.yaml" where the key "image.tag" is set to the latest jenkins-wiki-exporter version. If it’s not the case then bump the path version of the chart.

  4. A "scms" resource of kind "github", that describes which GitHub repository store the Helm chart "code".

  5. A "pullrequest" resource of kind "github", that describes pull-request parameters such as label assigned to the pull request created by Updatecli, and the auto-merge flag.

# updatecli.yaml
title: "Bump `jenkins-wiki-exporter` docker image and helm chart versions"

sources:
  jenkins-wiki-exporter:
    kind: "githubRelease"
    name: "Get jenkins-infra/jenkins-wiki-exporter latest version"
    spec:
      owner: "jenkins-infra"
      repository: "jenkins-wiki-exporter"
      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
      # Added to take care of "v" prefix in version until the chart is updated to use the semver versioning (which doesn't have the "v" prefix)
      versionFilter:
        kind: "latest"

conditions:
  DockerImagePublished:
    name: "Test jenkinsciinfra/jenkins-wiki-exporter:<latest_version> docker image tag"
    kind: "dockerImage"
    sourceID: "jenkins-wiki-exporter"
    spec:
      image: "jenkinsciinfra/jenkins-wiki-exporter"
      architecture: "amd64"
      # tag retrieved from source output "jenkinswikiexporter"
  DockerContainerUsed:
    name: "Test jenkinsciinfra/jenkins-wiki-exporter:<latest_version> docker image tag"
    kind: "yaml"
    disablesourceinput: true
    scmID: "helm-charts"
    spec:
      file: "charts/jenkins-wiki-exporter/values.yaml"
      value: "jenkinsciinfra/jenkins-wiki-exporter"
      key: "image.repository"
targets:
  jenkins-wiki-exporter:
    name: "Update jenkins-wiki-exporter helm chart"
    kind: "helmChart"
    spec:
      name: "charts/jenkins-wiki-exporter"
      file: "values.yaml"
      key: "image.tag"
      versionincrement: "patch"
    scmID: "helm-charts"
    sourceID: "jenkins-wiki-exporter"

scms:
  helm-charts:
    kind: "github"
    spec:
      branch: "main"
      user: "updatecli-robot"
      email: "bot@updatecli.io"
      owner: "jenkins-infra"
      repository: "helm-charts"
      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
      username: '{{ requiredEnv "GITHUB_ACTOR" }}'

pullrequests:
  default:
    kind: "github"
    scmID: "helm-charts"
    targets:
      - "jenkins-wiki-exporter"
    spec:
      automerge: true
      labels:
        - "dependencies"
        - "jenkins-wiki-exporter"

Now we can run our updatecli pipeline using the following commands:

export GITHUB_TOKEN=xxx
export GITHUB_ACTOR=yyy
updatecli diff --config updatecli.yaml
Warning
Using environment variables to store credentials is convenient for running updatecli from a CI environment. Another option is to use sops but in anyway, you should let your credentials unprotected.

Spoiler Alert: Command output

# data.yaml
+++++++++++
+ PREPARE +
+++++++++++

Loading Pipeline "assets/code_example/doc/guides/helm-chart/updatecli.yaml"
Repository retrieved: 1


++++++++++++
+ PIPELINE +
++++++++++++



#####################################################################
# BUMP `JENKINS-WIKI-EXPORTER` DOCKER IMAGE AND HELM CHART VERSIONS #
#####################################################################


SOURCES
=======

jenkins-wiki-exporter
---------------------
Searching for version matching pattern "latest"
✔ Github Release version "v1.12.1" found matching pattern "latest"


CHANGELOG:
----------

Release published on the 2021-10-02 18:36:27 +0000 UTC at the url https://github.com/jenkins-infra/jenkins-wiki-exporter/releases/tag/v1.12.1

<!-- Optional: add a release summary here -->
* Dont allow non pull requests in the project from breaking the report (#303) @halkeye

## 📦 Dependency updates

* Bump node from 16.7.0 to 16.8.0 (#288) @dependabot
* Bump jest from 27.0.6 to 27.1.0 (#287) @dependabot



CONDITIONS:
===========

DockerContainerUsed
-------------------
✔ Key "image.repository", in YAML file "/tmp/updatecli/jenkins-infra/helm-charts/charts/jenkins-wiki-exporter/values.yaml", is correctly set to "jenkinsciinfra/jenkins-wiki-exporter"

DockerImagePublished
--------------------
^[[B✔ The Docker image registry-1.docker.io/jenkinsciinfra/jenkins-wiki-exporter:v1.12.1 exists and is available.


TARGETS
========

jenkins-wiki-exporter
---------------------

**Dry Run enabled**

✔ Key 'image.tag', from file '/tmp/updatecli/jenkins-infra/helm-charts/charts/jenkins-wiki-exporter/values.yaml', already set to v1.12.1, nothing else need to be done


PULL REQUESTS
=============


=============================

REPORTS:


✔ UPDATECLI.YAML:
	Sources:
		✔ [jenkins-wiki-exporter] Get jenkins-infra/jenkins-wiki-exporter latest version (kind: githubRelease)
	Condition:
		✔ [DockerContainerUsed] Test jenkinsciinfra/jenkins-wiki-exporter:<latest_version> docker image tag (kind: yaml)
		✔ [DockerImagePublished] Test jenkinsciinfra/jenkins-wiki-exporter:<latest_version> docker image tag (kind: dockerImage)
	Target:
		✔ [jenkins-wiki-exporter] Update jenkins-wiki-exporter helm chart (kind: helmChart)



Run Summary
===========
Pipeline(s) run:
  * Changed:	0
  * Failed:	0
  * Skipped:	0
  * Succeeded:	1
  * Total:	1

Go Further

I hope you liked this guide. Updatecli is used in more scenarios and many more to come. Feel free to reach out if you have questions. Meanwhile, here are additional resources that you can use to go further.

Resource

To extend this pipeline, you can find more customization on Updatecli documentation website.

In this pipeline we used the following resources:

Additional Workflows

Updatecli shines and saves us time in many other situations such as:

  • Automatically updating any YAML

  • Automatically updating Dockerfile

  • Automatically updating raw File

Contributing

As a community-oriented project, all contributions are greatly appreciated!

Here is a non-exhaustive list of possible contributions:

  • ⭐️ this updatecli/updatecli repository.

  • Propose a new feature request.

  • Highlight an existing feature request with 👍.

  • Contribute to any repository in the updatecli organization

  • Share the love

More information is available at CONTRIBUTING

Top