Skip to content

Standardised tooling for Helm Charts

(This issue should probably reside elsewhere: please suggest a better repository and I'm happy to move it)

Background

Multiple teams across the organization are currently putting together helm charts.

In some cases, Runway can be helpful in generating a Helm Chart in a standardized manner. However, not all components will be defined in Runway, making this approach only a partial solution.

This leads to situations where development teams are putting together their own, but may not necessarily have the expertise to define charts according to GitLab's internal policies and standards.

Proposal

Define a set of documentation, project templates, CI templates and processes for assisting teams developing their own Helm Charts to "do the right thing".

Details

  1. A Copier Project Template for a Helm Chart could be developed, or the existing Copier Template in https://gitlab.com/gitlab-com/gl-infra/common-template-copier might be reused.

  2. common-ci-tasks might be a good place to add a new standard CI template, the following definition could be included in .gitlab-ci.yml to declare the project as a Helm project:

    include:
  - project: "gitlab-com/gl-infra/common-ci-tasks" 
    ref: v2.75.0  # renovate:managed
    file: templates/helm.yml

  3. This would infer the following behaviours: semantic-release for releases, publishing of the Helm Chart to the Generic Artifact Registry, Renovate updates to reference updated application versions, Checkov for validation plus all the standard.yml features such a YAML Lint, EditorConfig, etc etc.

  4. Over time, additional tooling and validation could be included in the Helm Template, for instance testing (via local render) and validation of policies (for instance for ensuring GitLab policies around labelling, resource allocation, etc).

Standard Packaged CI Components

The helm build CI Component could include standard ways of running the following tools:

  1. helm lint done in common-ci-tasks!1047 (merged)
  2. Checkov done in common-ci-tasks!1047 (merged)
  3. kubeconform https://github.com/yannh/kubeconform and/or kubectl-validate https://github.com/kubernetes-sigs/kubectl-validate ? ensure that the Helm Chart generates manifests that conform to all versions of Kubernetes that GitLab supports
  4. helm unittest https://github.com/helm-unittest/helm-unittest Encourage testing for helm charts
  5. helm publish: publish the helm chart to the local generic package registry on tag builds

cc @WarheadsSE @mbursi @mbruemmer @swiskow

Edited by Andrew Newdigate
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information