Using Helm charts to update a Kubernetes cluster (Alpha)

Introduced in GitLab 15.4.

You can deploy Helm charts to your Kubernetes cluster and keep the resources in your cluster in sync with your charts and values. To do this, you use the pull-based GitOps features of the agent for Kubernetes.

This feature is in Alpha and an epic exists to track future work. Please tell us about your use cases by leaving comments in the epic.

note
This feature is Alpha. In future releases, to accommodate new features, the configuration format might change without notice.

GitOps workflow steps

To update a Kubernetes cluster by using GitOps with charts, complete the following steps.

  1. Ensure you have a working Kubernetes cluster, and that the chart is in a GitLab project.
  2. In the same project, register and install the GitLab agent.
  3. Configure the agent configuration file so that the agent monitors the project for changes to the chart. Use the GitOps configuration reference for guidance.

Helm chart with GitOps workflow

To update a Kubernetes cluster by using Helm charts:

  1. Ensure you have a working Kubernetes cluster.
  2. In a GitLab project:
  3. Update the agent configuration file so that the agent monitors the project for changes to the chart. Use the configuration reference for guidance.

Any time you commit updates to your chart repository, the agent applies the chart in the cluster.

Helm configuration reference

The following snippet shows an example of the possible keys and values for the GitOps section of an agent configuration file (config.yaml).

gitops:
  charts:
  - release_name: my-application-release
    source:
      project:
        id: my-group/my-project-with-chart
        path: dir-in-project/with/charts
    namespace: my-ns
    max_history: 1
KeywordDescription
chartsList of charts you want to be applied in your cluster. Charts are applied concurrently.
release_nameRequired. Name of the release to use when applying the chart.
idRequired. ID of the project where Helm chart is committed. No authentication mechanisms are currently supported.
pathOptional. Path of the chart in the project repository. Root of the repository is used by default. This is the directory with the Chart.yaml file.
namespaceOptional. Namespace to use when applying the chart. Defaults to default.
max_historyOptional. Maximum number of release revisions to store in the cluster.

Automatic drift remediation

Drift happens when the current configuration of an infrastructure resource differs from its desired configuration. Typically, drift is caused by manually editing resources directly, rather than by editing the code that describes the desired state. Minimizing the risk of drift helps to ensure configuration consistency and successful operations.

In GitLab, the agent for Kubernetes regularly compares the desired state from the chart source with the actual state from the Kubernetes cluster. Deviations from the desired state are fixed at every check. These checks happen automatically every 5 minutes. They are not configurable.

Example repository layout

/my-chart
 ├── templates
 |   └── ...
 ├── charts
 |   └── ...
 ├── Chart.yaml
 ├── Chart.lock
 ├── values.yaml
 ├── values.schema.json
 └── some-file-used-in-chart.txt

Known issues

The following are known issues:

  • Your chart must be in a GitLab project. The project must be an agent configuration project or a public project. This known issue also exists for manifest-based GitOps and is tracked in this epic.
  • Values for the chart must be in a values.yaml file. This file must be with the chart, in the same project and path.
  • Because of drift detection and remediation, release history, stored in the cluster, is not useful. A new release is created every five minutes and the oldest release is discarded. Eventually history consists only of the same information. View this issue for details.

Troubleshooting

Agent cannot find values for the chart

Make sure values are in values.yaml and in the same directory as the Chart.yaml file. The filename must be lowercase, with .yaml extension (not .yml).