[Feature] Helm integration

[etenzy]

Integrate Helm to bootstrap

Benefits of Adding a Helm:

• easier customization at an early stage of the cluster (cni, extraManifests)
• easier way to create and maintain presets (cni) -> no more go logic, just trigger Helm with “some” values
• no more need for hosted (pre-rendered) manifests

Downsides of Adding a Helm:

• may appear clunky at first
• one more dependency to maintain

Example of usage in patch.yaml:

Instead of:

cluster:
  network:
    cni:
      name: custom
      urls:
        - http://10.10.0.81/cilium.yaml
  extraManifests:
    - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

You could do:

cluster:
  network:
    cni:
      name: custom
      helmChart:
        name: cilium
        namespace: kube-system
        repository: https://helm.cilium.io
        chart: cilium
        version: 1.14.0  
        values:
          ipam:
            mode: kubernetes
          kubeProxyReplacement: true
          securityContext:
            capabilities:
              ciliumAgent:
                - CHOWN
                - KILL
                - NET_ADMIN
                - NET_RAW
                - IPC_LOCK
                - SYS_ADMIN
                - SYS_RESOURCE
                - DAC_OVERRIDE
                - FOWNER
                - SETGID
                - SETUID
              cleanCiliumState:
                - NET_ADMIN
                - SYS_ADMIN
                - SYS_RESOURCE
          cgroup:
            autoMount:
              enabled: false
            hostRoot: /sys/fs/cgroup 
          k8sServiceHost: localhost
          k8sServicePort: 7445
  extraHelmCharts:
    - name: metrics-server
      namespace: kube-system
      repository: https://kubernetes-sigs.github.io/metrics-server
      chart: metrics-server
      version: 3.11.0

[smira]

we considered that, but most probably not in Talos itself.

I know it would simplify some flows, but Helm is too big to be part of the core OS.

Using Helm externally is perfect fine of course.

[etenzy]

how about integrating the binary as it is and execute it with parameters from configuration?

[smira]

This is even less Talos way. If you want to, you can put it that as a static pod to your cluster, but it won't be what Talos offers by default.