From Wikitech
Jump to navigation Jump to search

Helm[1] is the package manager for Kubernetes.

It is used to build Helm charts, which are packages of Kubernetes resources that are used to deploy apps to a cluster.

For deployment it is called via helmfile[2] in combination with helm-diff[3] to present the to be applied changes to the user. For instructions on how to deploy services and configuration changes with helmfile, see Deployments on kubernetes.


We're providing separate packages for operations/debs/helm (helm 2.x) and operations/debs/helm3, both may be installed at the same time.

The packages operations/debs/helmfile and operations/debs/helm-diff follow the same packaging workflow, so we document that here together.

Importing a new version

The packages are build using Git-buildpackage. The imported upstream tarballs should include the complete vendor directory.

  • Check out the version (git tag) to import
    ./debian/repack "vX.Y.Z"
  • This drops you into a shell with the git tag checked out. Do necessary changes here and commit
    glide install --strip-vendor
    # or
    go mod vendor
    git add -f vendor
    # git diff --name-status --cached | grep -v 'vendor/' # to make sure you only changed vendor
    git commit -m "added vendor"
  • Exiting the shell will build a tarball to import
    gbp import-orig /path/to/tarball.tar.xz
  • Push changes (including the tag crated by gpb) to gerrit
    git push gerrit --all
    git push gerrit --tags
  • Add a debian/changelog entry (as CR)
    gbp dch # Edit debian/changelog
    git commit
    git review

Building a new version

  • Check out the git repo on the build host
  • Build the package
    BACKPORTS=yes gbp buildpackage --git-pbuilder --git-no-pbuilder-autoconf --git-dist=buster -sa -uc -us

Publish a new version

# on apt1001
rsync -vaz deneb.codfw.wmnet::pbuilder-result/buster-amd64/*<PACKAGE VERSION>* .
sudo -i reprepro -C main include buster-wikimedia /path/to/<PACKAGE>.changes

# Copy the package over to other distros (this is possible because they only contain static binaries)
sudo -i reprepro copy stretch-wikimedia buster-wikimedia <PACKAGE>
sudo -i reprepro copy jessie-wikimedia buster-wikimedia <PACKAGE>

Update CI image

We're using helm/helmfile in operations/deployment-charts to lint and verify charts.

To update the envoy version used there, bump the changelog at dockerfiles/helm-linter/changelog:

dch -D wikimedia --force-distribution -c changelog

And add the new version to jjb/operations-misc.yaml in a second patch (example)

When this is merged and build, run CI (maybe just rebuild last at https://integration.wikimedia.org/ci/job/helm-lint/ ?) to verify the new version against our charts/deployments.


  1. https://github.com/helm/helm
  2. https://github.com/roboll/helmfile
  3. https://github.com/databus23/helm-diff