Increasing Reliability via Helm Pre-Release Checks (Helm Summit 2019)

Description
Ever had to clean up from a failed Helm release because you didn’t have the right RBAC? Let’s take an in-depth look at how you can effectively detect and mitigate release failures using a variety of methods including checking resource schema validity with kubeval, ensuring conformance to policy with conftest, and verifying role-based access control with kubectl can-i. We’ll increase our release confidence with better guarantees against the unexpected!
Collaboration with Lachlan Evenson

Slides

Increasing Reliability via Helm Pre-Release Checks (Helm Summit 2019) from bridgetkromhout

Video

Tweets

And now @bridgetkromhout kicks off a #HelmSummit talk about Helm pre-release checks in @HelmPack 3. #whereIsLachie @LachlanEvenson pic.twitter.com/BSsRLm6YeS
— M Butcher (@technosophos) September 12, 2019

This is the Vasa, if you're Swedish [or @petecheslock] you'll understand this slide. #helmsummit pic.twitter.com/wwYYbLvB3U
— Czarknado 🦈🌪️ (@pczarkowski) September 12, 2019

#helmsummit @bridgetkromhout on getting your Helm releases reliable. pic.twitter.com/qCqQQNPbgN
— Ivan Towlson (@ppog_penguin) September 12, 2019

Wow. Turns out people have been having issues w Helm since the 1600s @bridgetkromhout #HelmSummit pic.twitter.com/T16NOrjVVv
— Josh Dolitsky (@jdolitsky) September 12, 2019

.@bridgetkromhout showing the room how to improve reliability for @HelmPack charts with #kubeval, #conftest and kubectl auth can-i.#HelmSummit
— Daniel | 🥑 (@dpnl87) September 12, 2019

Increasing #reliability via #Helm pre-release #checks by @bridgetkromhout #HelmSummit pic.twitter.com/0GNZmlbfjA
— Pieter in Seattle (@pieter_de_bruin) September 12, 2019

Kubernetes errors aren't particularly easy to read - @bridgetkromhout #helmsummit pic.twitter.com/wNdMK5XP17
— Czarknado 🦈🌪️ (@pczarkowski) September 12, 2019

Since teleportation is unreliable still, @LachlanEvenson is staying close to #HashiConf and Bridget here :-) pic.twitter.com/pxc7UAizkY
— Pieter in Seattle (@pieter_de_bruin) September 12, 2019

We’re going to be seeing a lot more of this kind of error with k8s 1.16. ⁦@bridgetkromhout⁩ is a ray of sunshine! #helmsummit pic.twitter.com/lLnomhhynM
— Ivan Towlson (@ppog_penguin) September 12, 2019

Kubeval from @garethr provides validation and useful error messages for kubernetes manifests. - @bridgetkromhout #helmsummit pic.twitter.com/w1PIMQ70DK
— Czarknado 🦈🌪️ (@pczarkowski) September 12, 2019

Contest (also by @garethr) provides local testing of policies against kubernetes manifests before you try to apply them. - @bridgetkromhout #helmsummit pic.twitter.com/AvWYsV7ml4
— Czarknado 🦈🌪️ (@pczarkowski) September 12, 2019

Apparently the cloud isn't infinite! - @bridgetkromhout #helmsummit pic.twitter.com/IcYAX122Yk
— Czarknado 🦈🌪️ (@pczarkowski) September 12, 2019

How Open Policy Agent (OPA) helps manage your cluster. By @bridgetkromhout at #HelmSummit. #whereIsLachie pic.twitter.com/T0ZewyOMHH
— M Butcher (@technosophos) September 12, 2019

You can't just YOLO stuff at tiller anymore - @bridgetkromhout #helmsummit pic.twitter.com/LrtvNAooqM
— Czarknado 🦈🌪️ (@pczarkowski) September 12, 2019

#kubeval, #conftest and #cani will help you + shoutouts to @garethr. Especially rbac is going to be more interesting with Helm3 because tiller clusteradmin is gone pic.twitter.com/p0OpY2PYSp
— Pieter in Seattle (@pieter_de_bruin) September 12, 2019

You can write some whacky bash for loops to verify you have permission to install everything in a helm chart - @bridgetkromhout #helmsummit pic.twitter.com/7DV4clQi6w
— Czarknado 🦈🌪️ (@pczarkowski) September 12, 2019

@bridgetkromhout with the call-to-action on improving API errors. "What would you like to see?"#HelmSummit pic.twitter.com/q5IuguoJxP
— Matt Fisher 🥓🦃 (@bacongobbler) September 12, 2019

"you don't have to live that broken release life anymore" - @bridgetkromhout #helmsummit pic.twitter.com/9dIwYVtIbT
— Czarknado 🦈🌪️ (@pczarkowski) September 12, 2019

"Let me tell you the saga of that system" Love this image in @bridgetkromhout's talk at #helmsummit pic.twitter.com/C3x4lAwarF
— M Butcher (@technosophos) September 12, 2019

To learn more + shoutout to @jpetazzo :-) pic.twitter.com/hcphthvG0w
— Pieter in Seattle (@pieter_de_bruin) September 12, 2019

I love slides by @bridgetkromhout https://t.co/TaOrA3GlpA
— jeremy rickard (@jrrickard) September 12, 2019

.@bridgetkromhout refering to the Swedish warship Vasa - the one that foundered after sailing about 1,300 m into its maiden voyage - in the context of increasing reliability via @HelmPack pre-release checks, at #HelmSummit AND I HAD TO THINK OF YOU @diggthedrazen pic.twitter.com/YRXA9PmJAF
— Floor Drees (@FloorDrees) September 12, 2019