[helm-charts]: testing and validating Helm Charts

[shanduur]

Context and Problem Statement

Helm is often described as the PHP of the Kubernetes world. It relies heavily on templating, making Helm charts challenging to read and maintain, especially as they grow in complexity. Additionally, Helm does not fully leverage the features of the underlying YAML, leading to suboptimal configurations and potential compatibility issues.

Despite its popularity, maintaining Helm charts can be a daunting task. A significant portion of pull requests (PRs) to helm-charts repositories are dedicated to bug fixes, highlighting the prevalence of issues and the need for robust testing and validation processes.

Ensuring the correctness and reliability of Helm charts is crucial for maintaining the stability of Kubernetes deployments. Hence, there is a pressing need to implement effective testing and validation tools to address these challenges and streamline the Helm chart development process.

Considered Options

• helm-unittest

  • Description: Helm-unittest is a Helm plugin that provides a testing framework for Helm charts, allowing developers to define and run tests to verify the correctness of their charts.
  • Pros: Simplifies testing process, Supports various types of tests (unit, integration, etc.), Integrates seamlessly with Helm workflows.
  • Cons: Limited documentation, May require additional setup for complex tests.

• kubeconform

  • Description: Kubeconform is a tool for validating Kubernetes resource YAML files against Kubernetes schemas, ensuring compatibility and adherence to best practices.
  • Pros: Comprehensive validation, Supports custom schemas, Integrates with CI/CD pipelines.
  • Cons: Lack of Helm-specific validation, Limited support for Helm template validation.

• kube-linter

  • Description: Kube-linter is a static analysis tool for Kubernetes YAML files, offering a wide range of checks to identify potential issues and security vulnerabilities.
  • Pros: Extensive set of built-in checks, Customizable through configuration files, Integrates with GitOps workflows.
  • Cons: Requires learning curve for configuring checks, Some checks may produce false positives in certain scenarios.

[malgorzatadutka]

KubeLinter helps identify security vulnerabilities and misconfigurations in Kubernetes manifests - I think it is quite good approach. Moreover it can be configured for automated checks of Kubernetes configurations as part of the deployment process (Github Actions).