Publishing and Deploying Helm Charts using GitLab#
Helm charts provide a powerful ability to template manifests, making it easy to deploy multiple instances of an application (e.g., to support feature-branch deployments).
This guide isn't going to talk about how to actually write a Helm chart, as there are several other guides available to do this.
Publishing your Chart in GitLab#
To publish a chart in GitLab, you can leverage a CI template that we've built. In your repo, create a .gitlab-ci.yml file with the following contents:
include:
project: it-common-platform/tenant-support/ci-templates
file: building-blocks/helm.yml
stages:
- deploy
Deploy chart:
extends: .helm-publish
rules:
- if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes:
- Chart.yaml
This will extend one of our "building blocks" and deploy the chart anytime the Chart.yaml file is updated.
Deploying a chart not at the root of your repo#
If you need to deploy a chart that's nested in your repo, you can set the HELM_CHART_LOCATION. This value defaults to the root of your repo.
Deploying your Chart on the Platform#
Once you have a chart published, you can deploy it using Flux's Helm Release support. With Flux, we need to define a source (the HelmRepository) and a reconciler (the HelmRelease which actually defines how and where the chart should be deployed).
-
If your chart is part of a private or internal project in GitLab, you will need to provide Flux with credentials to fetch the chart.
-
Go to Settings -> Repository -> Deploy tokens and generate a new deploy token. You can give it any name, but it must have the read_package_registry permission.
-
Open the directions for Creating Sealed Secrets.
-
Create a secret named
helm-chart-credential. Specify one key/value pair with a key of username and a value of the deploy token username. Create another with a key of password and value of the deploy token secret. -
Copy the generated manifest into your tenant repo.
-
-
Now, in your manifest repo, you can define your
HelmRepository. You will need your GitLab project ID, which is accessible on the project's home page. Swap that into the URL below -
When you add that, you can use Headlamp or query using kubectl to see the object.
And you'll see output similar to the following:
-
From there, you can define a
HelmReleasethat will deploy the chart into your tenant namespace!apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: tenant-app spec: chart: spec: interval: 5m0s # The rate at which the source (HelmRepository) will be checked for updates sourceRef: kind: HelmRepository name: tenant-app chart: tenant-app version: 0.20.0 interval: 5m0s # The rate at which the controllers attempts to reconcile the release releaseName: tenant-app # values: # key: any custom values you want to override from the chart -
Once defined, you can query the
HelmReleaseusing Headlamp or kubectl. Currently, we have two versions of HelmReleases defined, so we have to be a little more explicit in which version we want to fetch.And you'll see output like the following:
Flux Service Accounts#
.spec.serviceAccountName, the variable which sets which Service Account flux uses to deploy assets, is an optional field for tenants. A default privileged service account for your namespace named flux is provided and will automatically be added when undeclared.
Additional Resources#
The Flux docs have quite a few guides on using Helm charts. Links are available below: