Skip to content

Deploy Helm Charts

Helm is a package manager for Kubernetes that simplifies the process of deploying and managing applications. This guide will walk you through the best practices for deploying Helm charts in MetaKube Core.

Prerequisites

  • Access to a MetaKube Core cluster
  • Helm CLI installed on your local machine
  • kubectl configured to interact with your cluster

Best Practices for Deploying Helm Charts

1. Choose the Right Chart Repository

  • Use official or well-maintained chart repositories
  • Examples:
  • Artifact Hub (https://artifacthub.io/)
  • Bitnami (https://charts.bitnami.com/bitnami)
  • Helm Stable (https://charts.helm.sh/stable)
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

2. Verify Chart Integrity

  • Always verify the chart's signature if available
  • Check the chart's documentation and source code
helm verify path/to/chart.tgz

3. Use Version Pinning

  • Specify exact versions for charts to ensure reproducibility
  • Avoid using the latest tag in production environments
helm install my-release bitnami/wordpress --version 12.1.6

4. Customize Values Carefully

  • Create a separate values file for your customizations
  • Document any changes from default values
# custom-values.yaml
wordpressUsername: user
wordpressPassword: password
mariadb:
  auth:
    rootPassword: rootpassword

helm install my-release bitnami/wordpress -f custom-values.yaml

5. Use Namespaces for Isolation

  • Deploy charts in dedicated namespaces for better resource management
  • Create the namespace before installing the chart
kubectl create namespace my-app
helm install my-release bitnami/wordpress --namespace my-app

6. Implement RBAC

  • Use Role-Based Access Control (RBAC) to limit permissions
  • Create specific service accounts for Helm releases
# service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-release-sa
  namespace: my-app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: my-release-role
  namespace: my-app
rules:
  - apiGroups: [""]
    resources: ["pods", "services", "configmaps"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: my-release-rolebinding
  namespace: my-app
subjects:
- kind: ServiceAccount
  name: my-release-sa
  namespace: my-app
roleRef:
  kind: Role
  name: my-release-role
  apiGroup: rbac.authorization.k8s.io

kubectl apply -f service-account.yaml
helm install my-release bitnami/wordpress --namespace my-app --service-account my-release-sa

7. Use Helm Hooks for Complex Deployments

  • Leverage Helm hooks for pre/post-installation tasks
  • Example: database initialization, backup before upgrade
annotations:
  "helm.sh/hook": pre-install
  "helm.sh/hook-weight": "-5"
  "helm.sh/hook-delete-policy": hook-succeeded

8. Implement Health Checks

  • Define readiness and liveness probes in your chart values
  • Ensure your application exposes health check endpoints
livenessProbe:
  httpGet:
    path: /healthz
    port: http
  initialDelaySeconds: 120
readinessProbe:
  httpGet:
    path: /readyz
    port: http
  initialDelaySeconds: 30

9. Set Resource Limits

  • Always define CPU and memory limits for your deployments
  • Prevents resource contention and improves cluster stability
resources:
  limits:
    cpu: 1
    memory: 1Gi
  requests:
    cpu: 500m
    memory: 512Mi

10. Use Helm Tests

  • Implement Helm tests to verify your release's functionality
  • Run tests after installation to ensure everything is working correctly
# templates/tests/test-connection.yaml
apiVersion: v1
kind: Pod
metadata:
  name: "{{ include "mychart.fullname" . }}-test-connection"
  annotations:
    "helm.sh/hook": test
spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "mychart.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never

helm test my-release

11. Implement Proper Upgrade Strategies

  • Use helm upgrade with the --atomic flag for automatic rollback on failure
  • Test upgrades in a staging environment before applying to production
helm upgrade --install my-release bitnami/wordpress --atomic

12. Monitor and Log

  • Integrate with MetaKube Core's monitoring and logging solutions
  • Set up alerts for critical metrics

13. Regular Maintenance

  • Keep charts and dependencies up to date
  • Regularly review and apply security patches
helm repo update
helm upgrade my-release bitnami/wordpress --version <new-version>

Conclusion

By following these best practices, you can ensure reliable, secure, and maintainable Helm chart deployments in your MetaKube Core clusters. Remember to always test in a non-production environment first and to keep your charts and dependencies up to date.

For more information on Helm and its features, visit the official Helm documentation.

If you encounter any issues or need further assistance, please contact our support team.