Distribute an official Pinniped Helm chart

[cwrau]

Is your feature request related to a problem? Please describe. I'd like to have a helm chart, so I can easily install and manage pinniped, especially using gitops

Describe the solution you'd like Create a helm chart

Describe alternatives you've considered Write my own, but an official chart would be better, and more stable

Are you considering submitting a PR for this feature?

Sure

• How will this project improvement be tested?
  • Helm lint
• How does this change the current architecture?
  • It probably doesn't
• How will this change be backwards compatible?
  • It doesn't change anything in that way
• How will this feature be documented?
  • I don't understand this question

Additional context

[mattmoyer]

Hi @cwrau, thanks for the suggestion! I'm happy to consider supporting a Helm chart alongside ytt (and maybe a Kustomize-friendly base as well?).

I want to make sure that if we do anything official, we take it seriously. At a minimum, I think we'd want to make sure we have integration test coverage which installs the components using Helm in addition to the current ytt flow. Perhaps we could reduce test overhead by simply rendering with Helm and ytt and asserting that the YAML is the same?

Let me know if you'd be interested in working on this.

[enj]

I think we should also try to offload as much logic into our Go code as possible to minimize the maintenance burden of ~3 different templating libraries.

[cwrau]

@mattmoyer Sure, I can create a Helm Chart, although I don't know how to write those tests 😅

@enj I can understand that, although a Helm Chart would be the only chance for us to install this. Maybe your templating libraries can generate Helm Charts? I only used Helm Charts until now, as it's the only really packaged solution in my opinion.

[cwrau]

In my opinion, this is essential, as your documentation states;

Administrators will configure the Pinniped Supervisor to use IDPs via Kubernetes custom resources allowing Pinniped to be managed using GitOps and standard Kubernetes tools.

But without a Helm Chart, there is no way to manage Pinniped itself with GitOps

Did something change on your end? Otherwise, I'll try to find time to write the Helm Chart

[mattmoyer]

Unfortunately, it seems like we're not going to get to this in the immediate future. There are ways to do GitOps with ytt/kapp but they are a bit different and could certainly be a barrier to deployment if you're otherwise bought-in to Helm as a tool.

We're still open to a contribution for this issue but I'm going to close for now for the sake of cleaning up stale issues.

[merlindorin]

Hi,

just published a helm chart of pinniped for my homelab. No extra feature... very basic, very opinionated and made by a newcomer (literally not made for production).

Just for the reference: https://github.com/merlindorin/charts

thx guys for pinniped, nice and well design product :)

[enj]

Hi @merlindorin - thanks for sharing!

We discussed adding a more official helm chart in October (recording). https://github.com/bitnami/charts/issues/7741 is tracking that work by the Bitnami folks. There is no specific schedule around this, but we hope to have something in 2022.

cc @anjaltelang

[merlindorin]

Thanks for the feedback :) ... will watch this issue, community works is always welcome :D

[jvanzyl]

I think I finally have something that produces Helm charts for Concierge, Supervisor and the Local User Authenticator:

https://github.com/jvanzyl/pinniped-charts

[jvanzyl]

With the Helm charts I'm generating from the ytt manifests I now have parity with the local integration tests. I've made a PR for a simple change to the hack/prepare-for-integration-tests.sh that allow me to verify with Helm a deployment:

https://github.com/vmware-tanzu/pinniped/pull/1028

[jvanzyl]

Ok, so I think the process I have of generating the helm charts that will be maintainable. I have three levels of comparison. 1) Generating the yaml with helm and asserting that it’s canonically identical to the ytt emitted yaml. 2) Install the Helm generated yaml with kapp and run the local integration test. That this works is not a shocker as the yaml is the same but I just wanted to try this because it was easy to try. 3) Use Helm to install pinniped in the kind cluster and run the local integration test. This all works. I haven’t had to manually tweak anything, it’s all generated from the ytt manifests in the deploy directory. So even if the resources are radically changed it wouldn’t take long to adjust and test. But I assume they won't change radically so this it's unlikely to be onerous to keep the chart in sync with the ytt resources.

[jvanzyl]

I have published a GitHub pages site using the helm-chart-releaser action. I have run the local integration test with the published charts to verify they work, but they don't have much in the way of documentation.

I have tried to make it very clear at the chart site these are not officially part of the Pinniped project.

If you want to try the charts you can find them and minimal instructions here:

https://jvanzyl.github.io/pinniped-charts

[wolffberg]

As both Tanzu and Bitnami are owned by VMware and Bitnami developed a Helm chart for Pinniped, would it be possible for you guys to get together to work on a supported chart?

[jvanzyl]

Sure, I'm happy not to maintain a separate chart. I'll take a look when I can and see if I can replace what I have.

[wolffberg]

I completely missed https://github.com/vmware-tanzu/pinniped/issues/244#issuecomment-976662101 which addresses my comment. I was also asking for an official chart for our projects but if the Bitnami chart is seen as the official chart from VMWare I will raise my issues on the Bitnami end 🎉

[lknite]

You could always allocate someone to help out that vmware bitnami pinniped helm chart ... it could use some love and I'm not enough of a pinniped expert to fix it. Just trying to get things going for the first time. Doesn't seem that it is currently usable.

[lknite]

@jvanzyl did you end up using the bitnami chart? Or did you abandon it for the one you put together?

[jvanzyl]

I have not tried the bitnami one yet. I'm hoping it works well as converting ytt into helm charts is onerous.

[vvarga007]

So, what is the verdict on this? Should we use the Bitnami helm chart, or will there be an "official" one?

[cfryanr]

Hi @vvarga007, the Bitnami helm chart for Pinniped has been used fairly widely, and is updated often to keep up with upstream Pinniped. It is maintained by another team at VMware/Broadcom. The Pinniped maintainers don't have any immediate plan to make a different helm chart.