Jessica Deen, Microsoft -
Helm 3 is here; let's go hands-on! In this demo-fueled session, I'll walk you through the differences between Helm 2 and Helm 3. I'll offer tips for a successful rollout or upgrade, go over how to easily use charts created for Helm 2 with Helm 3 (without changing your syntax), and review opportunities where you can participate in the project's future.
6. @jldeen
• Must be ready for mainstream majority
• Prove stability, security, healthy
governance, and strong community
• Scored 198% on the certification test
• CNCF TOC voted by supermajority to
make Helm a top-level project
Graduation Requirements
7. @jldeen
• Based on community best practices
• Dramatic simplification
• Architectural changes(security as
priority)
v3 overview
9. @jldeen
• Helm is almost as old as Kubernetes
• Predates CRDs and K8s RBAC
• Simpler, more secure: focus on
production use-cases
Major Refactor
10. @jldeen
• Inheriting security controls from
kubeconfig
• Using K8s RBAC to limit access &
resources
• Replacing custom APIs for charts and
deployments with secrets
Making Helm more K8s Native
11. @jldeen
• Simpler & more flexible architecture,
security, & upgrades
• Now uses Kubernetes API directly
• Renders charts client-side; storing in
release
• Lowering the barrier of entry for
contributors
Farewell, Tiller
14. @jldeen
Don’t worry!
• We intend to support Helm 2 charts
• You *should* be able to replace the
Helm 2 binary with the Helm 3 binary IF
you take the following considerations
into account
16. @jldeen
Namespace Changes
• Release metadata is stored in the same
namespace as the release
• Templated resources with namespace
set will be installed into said
namespace prior to the application of
`--namespace` flag
17. @jldeen
CRD Installation
• `crd-install` ignored in Helm 3
• Useful warning message if CRDs are
present in templates directory
• Replaced with CRDs directory at chart
root
19. @jldeen
Chart Dependency
Management
• Old style: requirements.yaml &
requirements.lock
• New style: Chart.yaml and Chart.lock
(breaking change if you use helm
dependency subcommands)
20. @jldeen
Release Metadata
• No longer stored in Tiller namespace
• Stored as secret in release namespace
• Double base64 encoded JSON blob
Not backwards compatible with Helm 2
release metadata
https://github.com/helm/helm-2to3
24. @jldeen
Get involved!
• Upgrade to Helm 3
• https://v3.helm.sh/docs/faq
• helm.sh for community calls
• Feedback on new use cases &
workflows
• Test for backwards-compat with
existing charts!
25. @jldeen
- Senior Cloud Advocate | Azure
- DevOps, Containers, Open Source
- CNCF Ambassador | K8s & Helm
Who am I?