Wednesday, November 13, 2019

Helm 3 Arrives to Boost the Way to Deploy Applications on Kubernetes

It's been three years since Helm's first release and it is, undoubtedly, the de-facto way of deploying applications in Kubernetes. This is thanks to its simplicity and ease of use and its ability to manage upgrades and rollbacks with ease.

Helm 3 is further evidence the community is continuing to advance and mature. Its new features and improvements make Helm charts even easier to manage, and offers the most secure way to move applications to production. Read on for the details.

Say goodbye to Tiller

Helm is comprised of two parts: Helm (the client) and Tiller (the server). In previous versions, when you initialized Helm running “helm init”, Tiller was installed automatically. 

Tiller had an important role in clusters that were shared across different teams as it allowed multiple operators to interact with the same set of releases at the same time.

When role-based access controls (RBAC rules) came along with the release of Kubernetes v.1.6, the use of Tiller in a production scenario became more difficult due to the multiple security policies that you can set for your cluster. Take a look at the numerous pre-configurations you should do in order to install and configure Helm and Tiller to realize how RBAC rules complicated the management in a multi-tenant cluster.

Based on user feedback, the Helm team removed Tiller in the latest release. They found that fetching the information from the Kubernetes API server, rendering the charts client-side, and storing the record of the installation in Kubernetes was the best way to collect Helm release information (instead of using Tiller as a central hub). 

With Tiller gone, Helm’s security relies on your kubeconfig file where cluster administrators define user’s roles and permissions.

Open Container Initiative: Removing Chart Repository Limitations for Production Environments 

Helm 3 also provides new ways of managing chart repositories. For a long time, Docker Registry has been the de-facto toolset to store and deliver Docker images. Many cloud vendors also offered different versions of the Docker Registry that implemented security features to try and mitigate some of the more common chart repository limitations:

Chart repositories usually take a long time to abstract the security implementations needed for a production environment.

Not every chart repository includes tools for signing and verifying the origin and integrity of a chart.

Using a unique index file for metadata information makes searching and fetching charts hard, and makes it more difficult to manage security in multi-tenant scenarios.

Although it is still experimental, the Open Container Initiative may solve these limitations by adding login support and other features that will be essential for managing charts with Helm 3.

Try Bitnami charts with Helm 3

The Bitnami catalog has already been tested and validated to work with Helm 2 and Helm 3 across the major Kubernetes platforms.

Bitnami runs daily tests on its entire application catalog to make sure that all solutions can be deployed successfully without issues in any platform.

As one of the largest maintainers of Helm charts (currently 60), we have focused our efforts on delivering maintained, secure, and production-ready charts.

Why don’t give it a try? Install Helm 3 in your cluster now and select any of Bitnami charts from our GitHub repository to test its new features!

For more information about Helm 3 new features and changes, read the official announcement or refer to Helm FAQ.