🛡️
CTHFM: Kubernetes
  • Welcome
  • Kubernetes Fundamentals
    • Kubernetes Components
      • Kubernetes Master Node
      • Worker Nodes
      • Pods
      • Service
      • ConfigMaps and Secrets
      • Namespaces
      • Deployments
      • ReplicaSets
      • Jobs and CronJobs
      • Horizontal Pod Autoscaler (HPA)
      • Kubernetes Ports and Protocols
    • Kubectl
      • Installation and Setup
      • Basic Kubectl
      • Working With Pods
      • Deployments and ReplicaSets
      • Services and Networking
      • ConfigMaps and Secrets
      • YAML Manifest Management
      • Debugging and Troubleshooting
      • Kubectl Scripting: Security
      • Customizing Kubectl
      • Security Best Practices
      • Common Issues
      • Reading YAML Files
    • MiniKube
      • Intro
      • Prerequisites
      • Installation MiniKube
      • Starting MiniKube
      • Deploy a Sample Application
      • Managing Kubernetes Resources
      • Configuring MiniKube
      • Persistent Storage in Minikube
      • Using Minikube for Local Development
      • Common Pitfalls
      • Best Practices
  • Kubernetes Logging
    • Kubernetes Logging Overview
    • Audit Logs
    • Node Logs
    • Pod Logs
    • Application Logs
    • Importance of Logging
    • Types of Logs
    • Collecting and Aggregating Logs
    • Monitoring and Alerting
    • Log Parsing and Enrichment
    • Security Considerations in Logging
    • Best Practices
    • Kubernetes Logging Architecture
  • Threat Hunting
    • Threat Hunting Introduction
    • What Makes Kubernetes Threat Hunting Unique
    • Threat Hunting Process
      • Hypothesis Generation
      • Investigation
      • Identification
      • Resolution & Follow Up
    • Pyramid of Pain
    • Threat Frameworks
      • MITRE Containers Matrix
        • MITRE Att&ck Concepts
        • MITRE Att&ck Data Sources
        • MITRE ATT&CK Mitigations
        • MITRE Att&ck Containers Matrix
      • Microsoft Threat for Kubernetes
    • Kubernetes Behavioral Analysis and Anomaly Detection
    • Threat Hunting Ideas
    • Threat Hunting Labs
  • Security Tools
    • Falco
      • Falco Overview
      • Falco's Architecture
      • Runtime Security Explained
      • Installation and Setup
      • Falco Rules
      • Tuning Falco Rules
      • Integrating Falco with Kubernetes
      • Detecting Common Threats with Falco
      • Integrating Falco with Other Security Tools
      • Automating Incident Response with Falco
      • Managing Falco Performance and Scalability
      • Updating and Maintaining Falco
      • Real-World Case Studies and Lessons Learned
      • Labs
        • Deploying Falco on a Kubernetes Cluster
        • Writing and Testing Custom Falco Rules
        • Integrating Falco with a SIEM System
        • Automating Responses to Falco Alerts
    • Open Policy Agent (OPA)
      • Introduction to Open Policy Agent (OPA)
      • Getting Started with OPA
      • Rego
      • Advanced Rego Concepts
      • Integrating OPA with Kubernetes
      • OPA Gatekeeper
      • Policy Enforcement in Microservices
      • OPA API Gateways
      • Introduction to CI/CD Pipelines and Policy Enforcement
      • External Data in OPA
      • Introduction to Decision Logging
      • OPA Performance Monitoring
      • OPA Implementation Best Practices
      • OPA Case Studies
      • OPA Ecosystem
    • Kube-Bench
    • Kube-Hunter
    • Trivy
    • Security Best Practices and Documentation
      • RBAC Good Practices
      • Official CVE Feed
      • Kubernetes Security Checklist
      • Securing a Cluster
      • OWASP
  • Open Source Tools
    • Cloud Native Computing Foundation (CNCF)
      • Security Projects
  • Infrastructure as Code
    • Kubernetes and Terraform
      • Key Focus Areas for Threat Hunters
      • Infastructure As Code: Kubernetes
      • Infrastructure as Code (IaC) Basics
      • Infastructure As Code Essential Commands
      • Terraform for Container Orchestration
      • Network and Load Balancing
      • Secrets Management
      • State Management
      • CI/CD
      • Security Considerations
      • Monitoring and Logging
      • Scaling and High Availability
      • Backup and Disaster Recovery
    • Helm
      • What is Helm?
      • Helm Architecture
      • Write Helm Charts
      • Using Helm Charts
      • Customizing Helm Charts
      • Customizing Helm Charts
      • Building Your Own Helm Chart
      • Advanced Helm Chart Customization
      • Helm Repositories
      • Helm Best Practices
      • Helmfile and Continuous Integration
      • Managing Secrets with Helm and Helm Secrets
      • Troubleshooting and Debugging Helm
      • Production Deployments
      • Helm Case Studies
Powered by GitBook
On this page
  • Using Helm Charts
  • Finding and Downloading Helm Charts
  • Popular Helm Repositories
  • Commands to interact with repositories:
  • Downloading a Chart
  • Installing a Helm Chart
  • Basic Installation
  • Customizing Installation with Values
  • Verifying the Installation
  • Managing Helm Releases
  • Hands-on Example: Deploying Nginx with Helm
  • Summary
  1. Infrastructure as Code
  2. Helm

Using Helm Charts

Using Helm Charts

Now that you have a solid understanding of what Helm charts are and how they are structured, it's time to put that knowledge into practice. In this lesson, we will explore how to use Helm charts to deploy applications to a Kubernetes cluster. You’ll learn how to find and download Helm charts from public repositories, install charts on your Kubernetes cluster, and manage Helm releases. By the end of this lesson, you’ll be equipped to deploy applications quickly and efficiently using Helm.

Finding and Downloading Helm Charts

The first step in using Helm charts is to find the chart that suits your needs. Helm charts are typically stored in repositories, which are collections of charts that can be publicly or privately hosted. There are many public Helm repositories available where you can find charts for a wide range of applications.

Popular Helm Repositories

  • Artifact Hub: A central hub for finding and sharing Kubernetes packages, including Helm charts. It aggregates charts from various repositories and is a great place to start your search.

  • Bitnami: A popular Helm repository known for its well-maintained and widely used charts for applications like Nginx, WordPress, and MySQL.

  • Stable Repository: Once the official Helm repository, now deprecated but still widely used through mirrors or forks.

Commands to interact with repositories:

  • Adding a Repository: Before you can use a chart, you need to add the repository to Helm.

    helm repo add bitnami https://charts.bitnami.com/bitnami

  • Listing Repositories: You can list all added repositories to see what’s available.

    helm repo list

  • Searching for Charts: Once the repository is added, you can search for specific charts.

    helm search repo nginx

Downloading a Chart

While you can directly install charts from a repository, you might want to download a chart first to inspect or modify it.

Command to Download a Chart:

  • Download a Chart: This command fetches the chart files from the repository.

    bashCopy codehelm pull bitnami/nginx --untar

    The --untar flag extracts the chart into a directory, so you can explore its contents.

Installing a Helm Chart

Once you’ve identified the chart you want to use, installing it on your Kubernetes cluster is straightforward. Helm makes it easy to deploy an application with a single command.

Basic Installation

To install a chart, you use the helm install command. This command requires at least two arguments: a release name (a unique name for your deployment) and the chart to install.

Command to Install a Chart:

  • Installing a Chart:

    helm install my-nginx bitnami/nginx

    • my-nginx: This is the name of the release.

    • bitnami/nginx: This specifies the chart from the Bitnami repository.

After running this command, Helm will:

  • Render the chart’s templates using the default or provided values.

  • Interact with the Kubernetes API to create the necessary resources.

  • Record the release in Helm’s history, allowing you to manage it later.

Customizing Installation with Values

One of the strengths of Helm is its ability to customize deployments using the values.yaml file. You can override these values at the time of installation using the --set flag or by providing a custom values file.

Customizing with --set Flag:

  • Command to Set a Custom Value:

    helm install my-nginx bitnami/nginx --set service.type=NodePort

    This command overrides the default service type, setting it to NodePort.

Customizing with a Custom Values File:

  • Using a Custom Values File:

    helm install my-nginx bitnami/nginx -f custom-values.yaml

    Here, custom-values.yaml contains your custom configuration.

Verifying the Installation

After installation, it’s essential to verify that everything was set up correctly.

Commands for Verifying Installation:

  • List Releases: Shows all the current releases in your cluster.

    helm list

  • Get Release Status: Provides detailed information about a specific release.

    helm status my-nginx

  • Check Kubernetes Resources: Use kubectl to see the created resources.

    kubectl get all -l app.kubernetes.io/name=nginx

Managing Helm Releases

Helm doesn’t just stop at installing applications. It also provides powerful tools for managing your releases over time, including upgrading, rolling back, and uninstalling them.

Upgrading a Release

As your application evolves, you may need to upgrade your Helm release. This could involve updating to a new chart version or simply changing some configuration values.

Command to Upgrade a Release:

  • Upgrade Release:

    helm upgrade my-nginx bitnami/nginx --set image.tag=1.17.0

    This command upgrades the my-nginx release to use a different image tag.

Rolling Back a Release

If something goes wrong with an upgrade, Helm allows you to roll back to a previous release version.

Command to Roll Back a Release:

  • Rollback Release:

    helm rollback my-nginx 1

    This command rolls back the my-nginx release to version 1.

Uninstalling a Release

When you no longer need an application, you can uninstall the release. This command deletes all Kubernetes resources associated with the release.

Command to Uninstall a Release:

  • Uninstall Release:

    helm uninstall my-nginx

Helm will clean up all the resources and remove the release from its history.

Hands-on Example: Deploying Nginx with Helm

To solidify your understanding, let’s walk through a hands-on example of deploying Nginx using a Helm chart.

Steps:

  1. Add the Bitnami Repository:

    helm repo add bitnami https://charts.bitnami.com/bitnami

  2. Install the Nginx Chart:

    helm install my-nginx bitnami/nginx

  3. Verify the Installation:

    helm list
helm status my-nginx
kubectl get all -l app.kubernetes.io/name=nginx

  4. Upgrade the Nginx Release:

    helm upgrade my-nginx bitnami/nginx --set image.tag=1.19.0

  5. Rollback the Release if Needed:

    helm rollback my-nginx 1

  6. Uninstall the Release:

    helm uninstall my-nginx

This example walks you through the complete lifecycle of a Helm release, from installation to uninstallation, giving you hands-on experience with the Helm CLI.

Summary

Using Helm charts to deploy applications on Kubernetes is a powerful and efficient way to manage your infrastructure. Helm simplifies the process of installing, upgrading, and managing applications, allowing you to focus on building and running your services rather than dealing with the complexities of Kubernetes resource management. By mastering the basics of using Helm charts, you’re well on your way to becoming proficient in Kubernetes application management.

PreviousWrite Helm ChartsNextCustomizing Helm Charts

Last updated 7 months ago