Understanding Ansible: Helm diff plugin

Helm is one of the important tools for managing resources for Kubernetes. When we talk about large-scale helm manageability, there is a requirement for another tool through which we can manage helm deployments. There can be multiple options through which we can manage Helm but Ansible gives more flexibility to manage Helm deployments. Not only flexibility, but Ansible consists of many features and core Kubernetes modules through which we can manage Helm deployments.

Having a large variety of Kubernetes core modules, Ansible is not only for Helm deployments but also helps to manage Kubernetes and can be used to manipulate other kinds of commands.

This Blog is not about the basics of helm & Ansible management but about one of the important features which is the validate & dry-run option in Ansible for Helm deployments.

When we talk about dry runs or validations, Ansible helps users to get the dry run & validation but the only issue is that it only prints ok & changed status which is not enough information about the deployments. The important thing about multiple helm deployments at once is that the user requires what are the things that are going to change for specific helm deployments. This will help the user to validate and check whether things are changing accordingly or not.

To set up this, we need to install the Helm plugin which will work with Ansible dry-run and check options and provide output.

You can get Ansible role code in my GitHub account which will consist of the code and command that this blog includes.

GitHub Link: https://github.com/b44rawat/ansible-helm-diff

YAML INFORMATION

Below is the main.yaml which consists of information like

  • Helm diff plugin installation
  • Add Helm chart repository
  • Nginx controller setup

Save the below block content inside the main.yamlfile

– name: Setup
hosts: all
become: true
tasks:
– name: Install Helm Diff
kubernetes.core.helm_plugin:
plugin_path: "https://github.com/databus23/helm-diff"
state: present
– name: Add Chart repo for kubernetes
kubernetes.core.helm_repository:
repo_name: "nginx-stable"
repo_url: "https://helm.nginx.com/stable"
repo_state: present
– name: Create Nginx Ingress Controller deployment
kubernetes.core.helm:
release_name: nginx-ingress
chart_ref: "nginx-stable/nginx-ingress"
chart_version: "0.14.0"
release_namespace: nginx-ingress
create_namespace: yes
release_state: present
values:
controller:
service:
create: true
type: NodePort
view raw main.yaml hosted with ❤ by GitHub

The screenshot mentioned the values of any specific deployment things inside main.yaml .

Once you create the YAML file, you need to use the below command to set up the initial state for the resources. Just make sure this is not a dry-run command. It will install the initial draft which will later use for idempotent and changes.

ansible-playbook -i /location/to/inventory main.yaml

OUTPUT:

NOTE: This is not a dry run or a simple check. This will install resources in your Kubernetes cluster.

DRY RUN DEMONSTRATE

As we created the initial part of the resources using Ansible. Now, we will dry-run the command to check what things are going to change using Ansible. As Ansible supports idempotent, it will print only ok once there are no changes occur.

The below command will not show anything that is going to change as we didn’t modify or add anything.

ansible-playbook -i /location/to/inventory main.yaml --check --diff

OUTPUT:

NOTE: kubernetes.core.helm_plugin is not an idempotent as it will show changed status

DRY RUN VALIDATION

The Dry-run demonstration didn’t show anything changed as there were no changes done by the user.

Let’s modify some changes, you can use the below main.yaml file with modified values

– name: Setup
hosts: all
become: true
tasks:
– name: Install Helm Diff
kubernetes.core.helm_plugin:
plugin_path: "https://github.com/databus23/helm-diff"
state: present
become: false
– name: Add Chart repo for kubernetes
kubernetes.core.helm_repository:
repo_name: "nginx-stable"
repo_url: "https://helm.nginx.com/stable"
repo_state: present
become: false
– name: Create Nginx Ingress Controller deployment
kubernetes.core.helm:
release_name: nginx-ingress
chart_ref: "nginx-stable/nginx-ingress"
chart_version: "0.14.0"
release_namespace: nginx-ingress
create_namespace: yes
release_state: present
values:
controller:
pod:
extraLabels:
key1: value1
service:
create: true
type: NodePort
become: false
view raw main.yaml hosted with ❤ by GitHub

Below are the values added to check for any changes

Now, once you use ansible-playbook command with dry-run options

ansible-playbook -i /location/to/inventory main.yaml --check --diff

Once you run that command, you will get the changes that were added in your values.yaml file.

OUTPUT:

It will show + & - at the beginning of the line.

  • + : it will add that functionally from the deployment
  • - : It will remove that functionality from the deployment

VALIDATION

Once you validate and checked all the required changes, you can use the below command to configure those changes.

ansible-playbook -i /location/to/inventory main.yaml

Once, you run that command, you can check the below command to ensure whether the values are modified or not.

kubectl describe pods nginx-ingress-nginx-ingress-XXXXXXXXXX-XXXXX -n nginx-ingress

OUTPUT:

NOTE: For different helm deployments, you need to check different resources. So, the validation method of the changes can be very different.

SUMMARY

The Ansible helm diff will give users a glimpse of changes that will occur when any changes are applied. This will help to check exactly the modification part rather than having all information or no information.

One demerit of using helm diff is showing complete manifest information like deployment, service, CRDs, etc. This can be hectic for a user to visualize the changes.

REFERENCES

Blog Pundits: Sanjeev Pandey and Sandeep Rawat

OpsTree is an End-to-End DevOps Solution Provider.

Contact Us

Connect with Us

Leave a Reply