Using Helm Charts Tools to Manage Kubernetes Deployments at Delivery Hero
Delivery Hero’s (DH) engineering team wrote about their use of Helm and related tools to simplify management of multiple Kubernetes environments, sensitive data, and configuration. The other tools are helmfile, helm-diff, and helm-secrets. InfoQ reached out to Max Williams, Principal System Engineer at Delivery Hero AG, to gain more insights.
Multiple teams at DH use Helm charts to package applications and cluster level tools. Helmfile maintains information about which clusters have which charts installed, analogous to Ansible playbooks. Since they are stored in Git, it is easy to track and push changes to non-production clusters first. DH’s cluster consists of 100s of nodes and 1000s of pods, according to Williams.
Helm – the Kubernetes package manager – is a CNCF-hosted project widely used to install applications (as “charts” in Helm parlance) on Kubernetes clusters. Most teams start out using YAML files to declare the state of their clusters. This can quickly become unmanageable as the number of files increases. Helm simplifies this by grouping together all the resources needed to install an application into a chart. helmfile in turn helps to track different versions of charts across different environments (staging, production) by maintaining helm values files, chart versions and Kubernetes cluster contexts together.
The third tool that DH uses is helm-diff, which shows a color-coded diff of changes between versions. Even if the diffs look ok, things can still go wrong once deployed. Williams notes that they have not faced such instances yet, except for “issues that don’t already exist in Helm itself”.
helm-secrets is a Helm plugin that can encrypt, decrypt and view secrets files and uses the Mozilla sops tool as the underlying encrypted file editor. sops provides a “a wrapper around a text editor that takes care of the encryption and decryption transparently”. This integrates with both GCP and AWS Key Management Systems (KMS). DH’s Kubernetes is hosted “mostly on EKS and GKE, and some teams are still using kops clusters on AWS but not for much longer,” says Williams.
DH also uses Terraform for infrastructure automation and Sysdig and Prometheus for monitoring.