Technical Theory

Deploying with Helm and Kustomize

Introduction

This tutorial guides you through deploying applications to Kubernetes using a combination of tools: Artifact Hub, Helm, and Kustomize. We’ll use Artifact Hub to discover and install Helm charts stored as OCI artifacts. We will then leverage Kustomize to customize these charts to fit our specific deployment needs. This approach provides a flexible and manageable way to deploy and configure applications in your Kubernetes cluster.

Prerequisites:

  • A Kubernetes cluster (e.g., Minikube, Kind, or a cloud provider cluster).
  • kubectl installed and configured to connect to your cluster.
  • Helm v3.8+ installed.
  • kustomize installed (usually available via kubectl apply -k . if not installed separately).
  • Docker installed and configured (required for OCI artifact interaction).

Task 1. Installing Helm and verifying installation

  1. Download the appropriate Helm binary for your system from the official Helm releases page: https://github.com/helm/helm/releases.

  2. Extract the binary and add it to your PATH.

  3. Verify the installation:

    NODE_TYPE // bash 
    helm version
    NODE_TYPE // output 
    version.BuildInfo{Version:"v3.12.0", GitCommit:"...", GitTreeState:"clean", GoVersion:"go1.20.3"}

Task 2. Setting up Artifact Hub

Artifact Hub is a central repository for finding and publishing Kubernetes packages, configurations, and tools. While you don’t install Artifact Hub itself locally, you’ll be interacting with its registry to discover and retrieve Helm charts.

  1. Navigate to the Artifact Hub website: https://artifacthub.io/

  2. Search for a Helm chart you want to deploy. For example, search for “nginx-ingress-controller”.

  3. Note the repository URL, which will look something like oci://ghcr.io/kubernetes-ingress/ingress-nginx.

Task 3. Pulling Helm Chart as OCI Artifact

Helm now supports storing charts in OCI registries. This allows us to treat Helm charts like container images, pulling and managing them using familiar tools.

  1. Log in to the container registry that hosts the chart (e.g., Docker Hub, GitHub Container Registry, etc.) using docker login. Replace the below registry URL with the registry hosting the chart:

    NODE_TYPE // bash 
    docker login ghcr.io
    You may need to create an account if you don’t already have one and generate a personal access token for authentication.

  2. Pull the Helm chart as an OCI artifact. Replace ghcr.io/kubernetes-ingress/ingress-nginx/ingress-nginx with the actual chart name and desired version from Artifact Hub (e.g., ghcr.io/kubernetes-ingress/ingress-nginx/ingress-nginx:4.8.3):

    NODE_TYPE // bash 
    helm pull oci://ghcr.io/kubernetes-ingress/ingress-nginx/ingress-nginx --version 4.8.3

    This command downloads the specified version of the Helm chart to your current directory as a .tgz file.

  3. Extract the downloaded chart:

    NODE_TYPE // bash 
    tar -zxvf ingress-nginx-4.8.3.tgz

Task 4. Customizing the Helm Chart with Kustomize

Now, let’s customize the Helm chart using Kustomize. This allows us to modify the chart’s default configuration without directly editing the chart files.

  1. Create a kustomization.yaml file in a directory named kustomize:

    NODE_TYPE // bash 
    mkdir kustomize && cd kustomize
touch kustomization.yaml

  2. Edit kustomization.yaml and add the following content. Adjust the path value to point to the location of the extracted Helm chart.

    NODE_TYPE // yaml 
    # kustomize/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - ../ingress-nginx
patches:
  - patch: |
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: ingress-nginx-controller
      spec:
        template:
          spec:
            containers:
              - name: controller
                args:
                  - --default-ssl-certificate=namespace/certificate

    This example adds a patch that modifies the ingress-nginx-controller deployment to include a custom argument --default-ssl-certificate.

  3. Apply the Kustomize configuration to generate the Kubernetes manifests:

    NODE_TYPE // bash 
    kubectl apply -k .

    This command applies the base Helm chart from the specified path and then overlays the modifications defined in the patches section.

Task 5. Deploying the Customized Chart

  1. Use Helm to install the chart, referencing the directory containing the extracted chart and kustomization.yaml:

    NODE_TYPE // bash 
    helm install my-ingress ../ingress-nginx

    Alternatively, you can pipe the Kustomize output directly to kubectl:

    NODE_TYPE // bash 
    kustomize build . | kubectl apply -f -
    Replace my-ingress with a unique release name for your deployment.

  2. Verify the deployment:

    NODE_TYPE // bash 
    kubectl get pods -n ingress-nginx

    This command should show the ingress-nginx-controller pod running in the ingress-nginx namespace.

Task 6. Uninstalling the Deployment

  1. To uninstall the deployment, use Helm:

    NODE_TYPE // bash 
    helm uninstall my-ingress

    Or, if you deployed using kubectl apply -k . or kustomize build | kubectl apply -f -:

    NODE_TYPE // bash 
    kubectl delete -k .

Conclusion

In this tutorial, you’ve learned how to leverage Artifact Hub to find and pull Helm charts as OCI artifacts, customize them using Kustomize, and deploy them to your Kubernetes cluster. This workflow promotes a modular and manageable approach to application deployment, enabling you to tailor existing charts to your specific needs while benefiting from the centralized discovery and versioning provided by Artifact Hub.

Next Topic

Theory

Creating Kubernetes Clusters with Kubeadm
Theory

Highly Available Kubernetes Control Plane
Theory

Kubernetes CustomResourceDefinitions and Operators