Not trying to impose anything, just wanted to share some findings:
We're evaluating a limited migration of Concourse on BOSH to Concourse on helm at work... As well as migrating other deployments, like spinnaker, prometheus, grafana, etc.
I've become frustrated with leveraging "raw helm" and Makefiles and bash scripts, finding them too imperative and machine-specific. Handling a few deployments on one cluster is a bit tricky, but then handling multiple deployments on multiple clusters on multiple IaaSes is ... a bit bonkers.
Over the past few months I've used helmfile, which is a wrapper over helm and a way to declaratively configure deployments on a cluster. I wanted to share a (trimmed down) version of what we're cooking up at work, in case there's any value to be shared.
We leverage something like this for larger clusters. If you look at the root of the repo you might envision how this could be used for multiple clusters on multiple clouds, etc.
Uses helmfile to declaratively configure helm deployments on a given cluster
Leverages helm secrets, a wrapper around mozilla/sops, to store encrypted credentials in git by leveraging gpg keys (may not be any better than, or worse than, lastpass cli).
Problems not worked out quite yet / this doesn't scope in:
CI/CD + promoting changes from env. to env.
Anything "external" to helm itself, e.g. terraform-ing things (outside scope of helm) and cert generation (leveraging let's-encrypt)
Feel free to close this whenever. Just sharing. Thanks!
Not trying to impose anything, just wanted to share some findings:
We're evaluating a limited migration of Concourse on BOSH to Concourse on helm at work... As well as migrating other deployments, like
spinnaker,prometheus,grafana, etc.I've become frustrated with leveraging "raw helm" and Makefiles and bash scripts, finding them too imperative and machine-specific. Handling a few deployments on one cluster is a bit tricky, but then handling multiple deployments on multiple clusters on multiple IaaSes is ... a bit bonkers.
Over the past few months I've used
helmfile, which is a wrapper overhelmand a way to declaratively configure deployments on a cluster. I wanted to share a (trimmed down) version of what we're cooking up at work, in case there's any value to be shared.Here's a demo of using helmfile,
nip.io, && docker-for-desktop to stand up various deployments on a local workstation.We leverage something like this for larger clusters. If you look at the root of the repo you might envision how this could be used for multiple clusters on multiple clouds, etc.
helmfileto declaratively configure helm deployments on a given clusterhelm secrets, a wrapper aroundmozilla/sops, to store encrypted credentials in git by leveraging gpg keys (may not be any better than, or worse than,lastpasscli).Problems not worked out quite yet / this doesn't scope in:
helmitself, e.g.terraform-ing things (outside scope ofhelm) and cert generation (leveraging let's-encrypt)Feel free to close this whenever. Just sharing. Thanks!